| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: openoffice.de mögliche InfektionWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.04.2021, 13:20
| #1 |
 |  openoffice.de mögliche Infektion Guten Tag, ich war gerade irgendwie nicht bei der Sache und hab mir OpenOffice über OpenOffice.de heruntergeladen und gestartet. Habe die Installation nicht abgeschlossen, bin mir aber jetzt nicht mehr sicher ob ich mir irgendwas eingefangen habe. Im Editor habe ich jetzt zB "Suche mit Bing", glaube das war vorher nicht da  Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
durchgeführt von *** (Administrator) auf DESKTOP-M7O72O5 (LENOVO 81Y8) (18-04-2021 14:10:36)
Gestartet von C:\Users\***\Desktop
Geladene Profile: *** & ***
Platform: Windows 10 Pro Version 1909 18363.1440 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dolby Laboratories, Inc. -> ) C:\ProgramData\Dolby\DAX3\RADARHOST\DSRHost.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~2.INF\DAX3API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_8a4ddeba3102f3a4\DAX3API.exe
(geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_553b9a82ff9cf770\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e75e15bdee999808\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e75e15bdee999808\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_48973fc6c96c696a\RstMwService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.1430_none_16f0726f2a33ac55\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Users\***\AppData\Local\Mozilla Firefox\firefox.exe <8>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_6fdb2f2a4eb90886\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21022.202.0_x64__8wekyb3d8bbwe\YourPhone.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1084704 2020-05-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [557760 2021-02-08] (geek software GmbH -> geek software GmbH)
HKU\S-1-5-21-2797691131-4137483123-2831801241-1001\...\Run: [Steam] => E:\Programme\Steam\steam.exe [4087528 2021-04-12] (Valve -> Valve Corporation)
HKU\S-1-5-21-2797691131-4137483123-2831801241-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\***\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2797691131-4137483123-2831801241-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\***\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2797691131-4137483123-2831801241-1001\...\RunOnce: [Uninstall 20.124.0621.0006\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\***\AppData\Local\Microsoft\OneDrive\20.124.0621.0006\amd64"
HKU\S-1-5-21-2797691131-4137483123-2831801241-1001\...\RunOnce: [Uninstall 20.124.0621.0006] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\***\AppData\Local\Microsoft\OneDrive\20.124.0621.0006"
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Run: [Discord] => C:\Users\***\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Run: [Spotify] => C:\Users\***\AppData\Roaming\Spotify\Spotify.exe [24261704 2021-04-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Run: [5EC4A06B78D967CCF251E8972A3BD5F5F778BD86._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\***\AppData\Local\Microsoft\Teams\Update.exe [2453720 2021-03-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.128\Installer\chrmstp.exe [2021-04-14] (Google LLC -> Google LLC)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0920D19B-1A04-473A-8D18-303F1FDFF1EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-15] (Google LLC -> Google LLC)
Task: {1683CC2B-A847-4FFC-9824-0F2EECEFC58D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-15] (Google LLC -> Google LLC)
Task: {16895635-0D65-4755-B397-4EA1302C80BD} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2C01A401-164D-4437-9A05-876E1C611DD1} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-06] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {38CF5313-A5D9-4FA7-BB77-EE355EBE7C76} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141160 2021-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {4A4D6A09-9026-4F85-BCD0-FAEB947C36D4} - System32\Tasks\G2MUploadTask-S-1-5-21-2797691131-4137483123-2831801241-1002 => C:\Users\***\AppData\Local\GoToMeeting\19598\g2mupload.exe [31320 2021-04-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {54B40097-352C-4520-9626-7B19C8D08CDE} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {666D13F9-25E9-415E-AC6F-6C9982FD06F8} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {78D83BAF-35A6-487C-A32F-EFDFBF1F197C} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {805BF278-FD29-45C5-8C13-4F949D70BFA9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248792 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {88BB3BF8-DC33-40B3-B7B7-DD40D0CA5E66} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8A53E4FF-D368-4810-9D40-0595E8B28914} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8E012B68-5B8A-41B2-9A1A-D59F7E7050CF} - System32\Tasks\G2MUpdateTask-S-1-5-21-2797691131-4137483123-2831801241-1002 => C:\Users\***\AppData\Local\GoToMeeting\19598\g2mupdate.exe [31320 2021-04-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {940F8569-A8B6-4AA2-A081-DE7813D8B061} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9FB8950A-7C51-47E8-AC1E-294E2DAC6176} - System32\Tasks\Mozilla\Firefox Default Browser Agent 35973C5F6F9CA8F4 => C:\Users\***\AppData\Local\Mozilla Firefox\default-browser-agent.exe [667856 2020-11-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {A74403A9-F782-43FD-AE29-A2210DB18F98} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BF2FBF1E-12FF-4C7A-B65D-1BE17C46348F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141160 2021-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {D341A428-9D93-42B9-9CC6-A257F8BB51D9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498000 2021-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {DC41E1AC-9717-4B46-83B9-81732E7F46DC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-06] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {DD1F6C97-FE40-43F0-B822-6845D9FDD70B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248792 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFB9179B-DCE0-45B5-9280-1E603B3C618C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E3AD5E44-F50C-40FC-8A3F-0D8B06A17998} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E62E07C1-61E4-4994-87B9-0578653D2C0A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {F2641D20-1BEF-49D6-97B9-68D3A7779548} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FEE94522-E805-411A-A6CE-36CD998B3959} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2797691131-4137483123-2831801241-1002.job => C:\Users\***\AppData\Local\GoToMeeting\19598\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2797691131-4137483123-2831801241-1002.job => C:\Users\***\AppData\Local\GoToMeeting\19598\g2mupload.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3f3ccafd-659e-4f10-ac3c-a25096ca9da7}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{529764a4-5260-4a67-be3d-39780d39f194}: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF DefaultProfile: 7sc8d549.default
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7sc8d549.default [2020-08-11]
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\31287jov.default-release [2020-08-11]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-14] (Adobe Inc. -> Adobe Systems Inc.)
StartMenuInternet: Firefox-35973C5F6F9CA8F4 - C:\Users\***\AppData\Local\Mozilla Firefox\firefox.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788392 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_8a4ddeba3102f3a4\DAX3API.exe [1932960 2020-03-02] (Dolby Laboratories, Inc. -> Dolby Laboratories)
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [1113864 2020-06-03] (Bayerisches Landesamt fuer Steuern -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [390400 2020-05-22] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [557760 2021-02-08] (geek software GmbH -> geek software GmbH)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6477936 2021-03-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182328 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_6fdb2f2a4eb90886\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_6fdb2f2a4eb90886\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [26880 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.)
S3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [32544 2017-03-29] (WDKTestCert primax,131147703563436555 -> )
S3 pelvendr; C:\WINDOWS\system32\DRIVERS\pelvendr.sys [15032 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43368 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-04-18 14:10 - 2021-04-18 14:10 - 000019324 _____ C:\Users\***\Desktop\FRST.txt
2021-04-18 14:08 - 2021-04-18 14:10 - 000000000 ____D C:\FRST
2021-04-18 14:06 - 2021-04-18 14:05 - 002298368 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2021-04-18 13:09 - 2021-04-18 13:09 - 000000000 ___SD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.9
2021-04-18 13:08 - 2021-04-18 13:08 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
2021-04-18 13:06 - 2021-04-18 13:06 - 000000000 ____D C:\Users\***\Desktop\OpenOffice 4.1.9 (de) Installation Files
2021-04-15 00:53 - 2021-04-15 00:54 - 000000000 ____D C:\Users\***\Desktop\Impfung
2021-04-13 20:41 - 2021-04-13 20:41 - 000544707 _____ C:\Users\***\Desktop\T8KFQ1I766.pdf
2021-04-11 13:46 - 2021-04-11 13:46 - 000000000 ____D C:\Users\***\Documents\ANNO 1404 Venice
2021-04-11 13:13 - 2021-04-11 13:16 - 000000000 ____D C:\Users\***\AppData\Roaming\Ubisoft
2021-04-09 20:27 - 2021-04-09 20:45 - 000000000 ____D C:\Users\***\Documents\Anno 1602 History Edition
2021-04-09 19:21 - 2021-04-11 13:07 - 000000000 ____D C:\Users\***\AppData\Local\Ubisoft Game Launcher
2021-04-09 19:21 - 2021-04-09 19:21 - 000000000 ____D C:\ProgramData\Ubisoft
2021-04-09 19:18 - 2021-04-09 19:18 - 000000804 _____ C:\Users\***\Desktop\Ubisoft Connect.lnk
2021-04-09 19:18 - 2021-04-09 19:18 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2021-04-09 19:18 - 2021-04-09 19:18 - 000000000 ____D C:\Users\***\AppData\Local\Ubisoft Game Launcher
2021-04-07 21:43 - 2021-04-07 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Classic PTR
2021-04-04 14:27 - 2021-04-04 14:27 - 003122981 _____ C:\Users\***\Desktop\Lybstes_Pumphose2_E-Book_komplett.pdf
2021-03-28 12:25 - 2021-03-28 12:25 - 000084439 _____ C:\Users\***\Downloads\EveryQuest_QuestGivers-r29 (1).zip
2021-03-28 12:19 - 2021-03-28 12:19 - 000084439 _____ C:\Users\***\Downloads\EveryQuest_QuestGivers-r29.zip
2021-03-28 12:18 - 2021-03-28 12:19 - 000498790 _____ C:\Users\***\Downloads\EveryQuest-r162.zip
2021-03-27 11:45 - 2021-03-27 12:02 - 000000211 _____ C:\Users\***\Desktop\Warmane.txt
2021-03-26 08:52 - 2021-03-26 08:52 - 000000000 ____D C:\Users\***\AppData\Roaming\TradeSkillMaster
2021-03-26 08:51 - 2021-03-26 08:51 - 000000933 _____ C:\Users\Public\Desktop\TSMApplication.lnk
2021-03-26 08:51 - 2021-03-26 08:51 - 000000933 _____ C:\ProgramData\Desktop\TSMApplication.lnk
2021-03-26 08:51 - 2021-03-26 08:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeSkillMaster Application
2021-03-26 08:49 - 2021-03-26 08:49 - 000002519 _____ C:\Users\***\Downloads\TradeSkillMaster_AppHelper-Classic.zip
2021-03-26 08:48 - 2021-03-26 08:48 - 001914518 _____ C:\Users\***\Downloads\TradeSkillMaster-Classic.zip
2021-03-25 17:09 - 2021-03-25 17:09 - 000010228 _____ C:\Users\***\Desktop\TBC Prep.xlsx
2021-03-24 16:55 - 2021-04-07 19:05 - 000001231 _____ C:\Users\***\Desktop\Naxx.txt
2021-03-24 16:54 - 2021-03-24 16:54 - 000000000 _____ C:\Users\***\Desktop\Neues Textdokument (4).txt
2021-03-24 13:40 - 2021-03-24 13:40 - 000056336 _____ C:\Users\***\Desktop\2000_SchmuckKasserRyan_SIR.pdf
2021-03-24 10:08 - 2021-03-24 10:08 - 000000000 ___HD C:\$WinREAgent
2021-03-22 13:51 - 2021-03-22 13:51 - 000090456 _____ C:\Users\***\Desktop\Haushaltsplan.pdf
2021-03-22 08:19 - 2021-03-23 17:41 - 000000152 _____ C:\Users\***\Desktop\Neues Textdokument (3).txt
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-04-18 14:08 - 2020-08-13 10:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-18 14:08 - 2020-08-12 10:42 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-18 14:08 - 2020-08-11 22:22 - 000000000 ____D C:\Users\***\AppData\LocalLow\Mozilla
2021-04-18 14:08 - 2020-08-11 21:30 - 000000000 __SHD C:\Users\***\IntelGraphicsProfiles
2021-04-18 14:08 - 2020-08-11 21:00 - 000000000 ____D C:\Intel
2021-04-18 14:08 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-18 14:07 - 2019-03-19 06:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2021-04-18 14:00 - 2020-08-13 11:29 - 000544400 _____ C:\WINDOWS\system32\perfh008.dat
2021-04-18 14:00 - 2020-08-13 11:29 - 000089530 _____ C:\WINDOWS\system32\perfc008.dat
2021-04-18 14:00 - 2020-08-13 10:44 - 002352488 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-18 14:00 - 2019-03-19 14:16 - 000746852 _____ C:\WINDOWS\system32\perfh007.dat
2021-04-18 14:00 - 2019-03-19 14:16 - 000151124 _____ C:\WINDOWS\system32\perfc007.dat
2021-04-18 14:00 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2021-04-18 13:55 - 2020-08-13 10:37 - 000471208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-18 13:54 - 2020-08-13 10:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-18 11:09 - 2020-08-12 15:48 - 000000000 ____D C:\Users\***\AppData\Local\Spotify
2021-04-18 10:47 - 2020-08-12 15:48 - 000000000 ____D C:\Users\***\AppData\Roaming\Spotify
2021-04-18 09:03 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-18 09:01 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-17 15:10 - 2020-08-12 11:45 - 000000000 ____D C:\Users\***\AppData\Roaming\discord
2021-04-17 14:49 - 2020-08-11 22:34 - 000000000 ____D C:\Users\***\AppData\Local\Battle.net
2021-04-17 09:02 - 2020-08-16 16:37 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-16 20:36 - 2020-09-20 22:28 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-16 00:52 - 2020-11-18 19:07 - 000000000 ____D C:\Program Files\Microsoft Office
2021-04-14 20:50 - 2020-08-12 10:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-14 20:49 - 2020-08-12 10:24 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-14 19:06 - 2020-09-15 16:14 - 000002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-13 14:06 - 2020-08-11 22:01 - 000000000 ____D C:\Users\***\AppData\Roaming\vlc
2021-04-13 13:02 - 2021-02-04 20:38 - 000000678 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2797691131-4137483123-2831801241-1002.job
2021-04-13 13:02 - 2021-02-04 20:38 - 000000582 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2797691131-4137483123-2831801241-1002.job
2021-04-13 09:46 - 2020-09-20 22:28 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-13 09:46 - 2020-09-20 22:28 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-12 20:18 - 2020-08-13 10:41 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2797691131-4137483123-2831801241-1002
2021-04-12 20:18 - 2020-08-13 10:38 - 000002389 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-12 20:18 - 2020-08-11 21:31 - 000000000 ___RD C:\Users\***\OneDrive
2021-04-11 20:35 - 2020-08-11 18:17 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-09 20:27 - 2020-08-13 08:37 - 000000000 ____D C:\Users\***\AppData\Local\D3DSCache
2021-04-04 20:21 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-04 15:12 - 2021-02-04 20:38 - 000003852 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-2797691131-4137483123-2831801241-1002
2021-04-04 15:12 - 2021-02-04 20:38 - 000003756 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-2797691131-4137483123-2831801241-1002
2021-04-04 15:12 - 2021-02-04 20:38 - 000000000 ____D C:\Users\***\AppData\Local\GoToMeeting
2021-03-25 12:17 - 2021-03-04 00:27 - 000001348 _____ C:\Users\***\Desktop\T3.txt
2021-03-25 08:55 - 2021-03-16 11:14 - 000000000 ____D C:\Users\***\AppData\Local\D2B134.tmpd
2021-03-25 08:55 - 2021-03-15 12:54 - 000000000 ____D C:\Users\***\AppData\Local\D2EDA0.tmpd
2021-03-24 11:46 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-24 11:45 - 2020-08-12 10:18 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-22 19:46 - 2020-11-07 09:45 - 000002378 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-03-19 23:28 - 2020-08-11 21:30 - 000000000 ____D C:\Users\***\AppData\Local\Packages
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2021-03-16 11:14 - 2021-03-16 11:14 - 000000000 _____ () C:\Users\***\AppData\Local\D2B134.tmp
2021-03-15 12:54 - 2021-03-15 12:54 - 000000000 _____ () C:\Users\***\AppData\Local\D2EDA0.tmp
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 17-04-2021
durchgeführt von *** (18-04-2021 14:11:26)
Gestartet von C:\Users\***\Desktop
Windows 10 Pro Version 1909 18363.1440 (X64) (2020-08-13 08:42:04)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2797691131-4137483123-2831801241-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2797691131-4137483123-2831801241-503 - Limited - Disabled)
Gast (S-1-5-21-2797691131-4137483123-2831801241-501 - Limited - Disabled)
*** (S-1-5-21-2797691131-4137483123-2831801241-1002 - Limited - Enabled) => C:\Users\***
*** (S-1-5-21-2797691131-4137483123-2831801241-1001 - Administrator - Enabled) => C:\Users\***
WDAGUtilityAccount (S-1-5-21-2797691131-4137483123-2831801241-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.001.20149 - Adobe Systems Incorporated)
Anno 1404 - History Edition (HKLM-x32\...\Uplay Install 16232) (Version: - Ubisoft)
Anno 1602 - History Edition (HKLM-x32\...\Uplay Install 16236) (Version: - Ubisoft)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Discord) (Version: 0.0.309 - Discord Inc.)
ElsterFormular (HKLM-x32\...\{8A261933-AEA6-4C5E-B6D0-B88A478BF56C}) (Version: 21.3.0 - Thüringer Landesamt für Finanzen)
Epic Games Launcher (HKLM-x32\...\{2D833785-910B-4E02-9A6B-51BD3D2F2FCE}) (Version: 1.1.279.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
FreeFileSync 11.1 (HKLM-x32\...\FreeFileSync_is1) (Version: 11.1 - FreeFileSync.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.128 - Google LLC)
GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 - LogMeIn, Inc.)
GoToMeeting 10.16.0.19598 (HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\GoToMeeting) (Version: 10.16.0.19598 - LogMeIn, Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.13901.20400 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.77 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 89.0.774.77 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2797691131-4137483123-2831801241-1001\...\OneDriveSetup.exe) (Version: 20.134.0705.0008 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\OneDriveSetup.exe) (Version: 21.052.0314.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Teams) (Version: 1.4.00.4167 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.4 (x86) (HKLM-x32\...\{a83b07f3-e0e5-4402-87d4-3d1acf79c42a}) (Version: 5.0.4.29817 - Microsoft Corporation)
Mozilla Firefox 82.0.3 (x64 de) (HKLM\...\Mozilla Firefox 82.0.3 (x64 de)) (Version: 82.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0.3 - Mozilla)
Mozilla Thunderbird 78.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 78.1.1 (x86 de)) (Version: 78.1.1 - Mozilla)
Mozilla Thunderbird 78.9.1 (x86 de) (HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Mozilla Thunderbird 78.9.1 (x86 de)) (Version: 78.9.1 - Mozilla)
NVIDIA GeForce Experience 3.20.2.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.2.34 - NVIDIA Corporation)
NVIDIA Grafiktreiber 452.56 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 452.56 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20400 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20400 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
OpenOffice 4.1.9 (HKLM-x32\...\{2847E8B7-AB29-48EE-ADAF-513EC769E8A9}) (Version: 4.19.9805 - Apache Software Foundation)
PDF24 Creator 10.0.9 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 10.0.9 - PDF24.org)
Spotify (HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Spotify) (Version: 1.1.56.595.g2d2da0de - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 119.0.10382 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WinRAR 5.91 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
World of Warcraft Classic (HKLM-x32\...\World of Warcraft Classic) (Version: - Blizzard Entertainment)
World of Warcraft Classic PTR (HKLM-x32\...\World of Warcraft Classic PTR) (Version: - Blizzard Entertainment)
Zoom (HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\ZoomUMX) (Version: 5.2.3 (45120.0906) - Zoom Video Communications, Inc.)
Packages:
=========
Dolby Atmos for Gaming -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosforGaming_3.20602.609.0_x64__rz1tebttyb220 [2020-08-12] (Dolby Laboratories)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-08-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-08-11] (Microsoft Corporation) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.12.219.0_x64__dt26b99r8h8gj [2020-08-13] (Realtek Semiconductor Corp)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2797691131-4137483123-2831801241-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [Datei ist nicht signiert]
CustomCLSID: HKU\S-1-5-21-2797691131-4137483123-2831801241-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [Datei ist nicht signiert]
CustomCLSID: HKU\S-1-5-21-2797691131-4137483123-2831801241-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [Datei ist nicht signiert]
CustomCLSID: HKU\S-1-5-21-2797691131-4137483123-2831801241-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) [Datei ist nicht signiert]
CustomCLSID: HKU\S-1-5-21-2797691131-4137483123-2831801241-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) [Datei ist nicht signiert]
CustomCLSID: HKU\S-1-5-21-2797691131-4137483123-2831801241-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [Datei ist nicht signiert]
CustomCLSID: HKU\S-1-5-21-2797691131-4137483123-2831801241-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\***\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2797691131-4137483123-2831801241-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\***\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-2797691131-4137483123-2831801241-1002_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\***\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => Keine Datei
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Programme\WinRar\rarext.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\Programme\WinRar\rarext32.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_6fdb2f2a4eb90886\nvshext.dll [2020-11-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Programme\WinRar\rarext.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\Programme\WinRar\rarext32.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2017-03-02 15:19 - 2017-03-02 15:19 - 000310272 ____N (easyhook.codeplex.com) [Datei ist nicht signiert] C:\ProgramData\Dolby\DAX3\RADARHOST\EasyHook64.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2018-04-12 01:38 - 2018-04-12 01:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-2797691131-4137483123-2831801241-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\StartupApproved\Run: => "Spotify"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{4CF92A01-DA53-4501-97B1-200597C94E8C}C:\users\***\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\***\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{71975C77-E209-4F2E-804B-5193605C8C07}C:\users\***\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\***\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FCE4BE62-7B5C-4D6B-AE70-BC2925A75A0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{73F88DFA-E207-451C-AC39-4C20C1122238}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E5AC8874-265C-467F-8FB5-D29D3475AC1E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5CE585F1-CCD8-4B80-B8FA-E4066A83F5C0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0B8CB3DF-5912-49CF-8183-45CB634837EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{DB68D14D-2D62-4CCB-8014-E08ADDBBAF47}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{37105C94-BDF8-4A3A-8B38-F1D55BC0FFA5}] => (Allow) E:\Programme\Steam\bin\cef\cef.win7\steamwebhelper.exe => Keine Datei
FirewallRules: [{C5249556-8E59-43D9-B580-B05BCDB743B0}] => (Allow) E:\Programme\Steam\bin\cef\cef.win7\steamwebhelper.exe => Keine Datei
FirewallRules: [{44AD4204-16B1-4FF1-8C48-B78986A2301C}] => (Allow) E:\Programme\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{8F1EF818-1EC4-4B90-8DC2-8ADE3217F650}] => (Allow) E:\Programme\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{2C7620F1-6256-498A-93C0-F65648C26F80}] => (Allow) C:\Users\***\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A676DDC9-459F-4FE7-8706-2B5369731525}] => (Allow) C:\Users\***\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A69482E9-28C6-40B4-A1BC-7A739FD32B9F}] => (Allow) E:\Programme\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe (NAMCO BANDAI Games Inc.) [Datei ist nicht signiert]
FirewallRules: [{A056F110-E44A-4E51-AF3D-2954B4CF76FF}] => (Allow) E:\Programme\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe (NAMCO BANDAI Games Inc.) [Datei ist nicht signiert]
FirewallRules: [{A461F31C-2918-4F09-A104-0A925F218EB8}] => (Allow) E:\Programme\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games)
FirewallRules: [{F3AEA0F4-3212-4FF9-97DF-336694762CBE}] => (Allow) E:\Programme\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games)
FirewallRules: [{5B45ABA2-4BBA-4A86-A68A-6731ED8F6EC2}] => (Allow) E:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{52C8E369-D7CA-4222-A499-777D7FC88B47}] => (Allow) E:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{80843DC2-18ED-49C2-8A05-13DC785DBEE2}] => (Allow) E:\Programme\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe (CD Projekt Red) [Datei ist nicht signiert]
FirewallRules: [{34684CD5-BF01-48C0-A46D-63ABF3069DEE}] => (Allow) E:\Programme\Steam\steamapps\common\The Witcher Enhanced Edition\System\witcher.exe (CD Projekt Red) [Datei ist nicht signiert]
FirewallRules: [{8AE9C997-2F29-4184-A74C-13662BA273AF}] => (Allow) E:\Programme\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe (CD Projekt RED Sp. z o.o. -> CD Projekt Red)
FirewallRules: [{2157BFD8-7DF2-4B7D-964D-3891447B3904}] => (Allow) E:\Programme\Steam\steamapps\common\The Witcher Enhanced Edition\System\djinni!.exe (CD Projekt RED Sp. z o.o. -> CD Projekt Red)
FirewallRules: [{37D1C6A4-E1DA-4AE1-90E4-E2909632F4CC}] => (Allow) E:\Programme\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe () [Datei ist nicht signiert]
FirewallRules: [{365BA2CD-CF3F-41C2-8CF7-65AE35DCA9D6}] => (Allow) E:\Programme\Steam\steamapps\common\The Witcher Enhanced Edition\Digital Comic\DigitalComic.exe () [Datei ist nicht signiert]
FirewallRules: [{4F6A5ADD-5584-4555-A943-7791F0B30E94}] => (Allow) E:\Programme\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [Datei ist nicht signiert]
FirewallRules: [{75FD37D6-9E52-41E9-9D91-FD8AAF8F3619}] => (Allow) E:\Programme\Steam\steamapps\common\The Witcher 3\bin\x64\witcher3.exe (CD Projekt Red) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{8AF9AC9B-A0EA-43F0-848C-7FAB75C25420}E:\games\diablo iii\x64\diablo iii64.exe] => (Allow) E:\games\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{F676301D-D817-49C1-89C8-F117F974AF1A}E:\games\diablo iii\x64\diablo iii64.exe] => (Allow) E:\games\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{A20285FE-1580-433F-ADCE-FCBCD0FACADD}C:\users\***\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\***\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{FACBA26B-17C4-4345-9748-ED9B5C716BD6}C:\users\***\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\***\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{253DAB7F-CC03-4064-BAF4-18238A8AE90D}E:\games\tony hawk pro skater remake\tonyhawksproskater\base\binaries\win64\thps12.exe] => (Allow) E:\games\tony hawk pro skater remake\tonyhawksproskater\base\binaries\win64\thps12.exe (Activision Publishing Inc -> Activision Publishing Inc.)
FirewallRules: [UDP Query User{6DA72044-719A-4BF2-9418-51AA45145E61}E:\games\tony hawk pro skater remake\tonyhawksproskater\base\binaries\win64\thps12.exe] => (Allow) E:\games\tony hawk pro skater remake\tonyhawksproskater\base\binaries\win64\thps12.exe (Activision Publishing Inc -> Activision Publishing Inc.)
FirewallRules: [{9C2655D0-9DC9-441A-9F1C-410F39519E96}] => (Allow) E:\Programme\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [Datei ist nicht signiert]
FirewallRules: [{5415F4AD-5E5F-4F05-97C8-3ED1ACA1DA41}] => (Allow) E:\Programme\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{7C3AA47C-6A8F-462E-B467-B554BCF828D6}C:\users\***\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\***\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{B24817D7-F211-48FB-A324-3B991BBFA870}C:\users\***\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\***\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{41C36B56-E915-47ED-B72E-BF75A778DBF3}] => (Allow) E:\Programme\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{C96BB3D4-4E52-46F4-A31F-BAA7C04C4F03}] => (Allow) E:\Programme\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [TCP Query User{94F80827-A17B-41A3-A02E-FAE3895C999C}C:\users\***\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\***\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{D43C3781-58D2-4750-BC4A-4645A4FE7535}C:\users\***\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\***\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{22907B25-31C8-45B4-A533-761C163E7A48}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5C3CC15C-6E01-4D55-BFEC-5E8FABCAD7AE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{00D7DF4A-B13F-4611-B67C-D627E9FF0C90}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{297D9B09-0D8E-45BB-9D79-9B1BF6C89E51}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{58932D10-4FB6-4319-9111-7B765D38F49C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{AEB324D6-C2B2-4785-B764-85E2FC9D0C2E}C:\users\***\downloads\downloader_diablo2_dede (1).exe] => (Allow) C:\users\***\downloads\downloader_diablo2_dede (1).exe (Blizzard Entertainment) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{FC8F1753-FCAE-401E-BD51-4D763E1EE4F4}C:\users\***\downloads\downloader_diablo2_dede (1).exe] => (Allow) C:\users\***\downloads\downloader_diablo2_dede (1).exe (Blizzard Entertainment) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{6C6F5A1F-65BE-4247-8351-0A1BB4419060}C:\users\***\downloads\downloader_diablo2_lord_of_destruction_dede.exe] => (Allow) C:\users\***\downloads\downloader_diablo2_lord_of_destruction_dede.exe (Blizzard Entertainment) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{472D79D5-AC44-4C3B-8664-06E265881A27}C:\users\***\downloads\downloader_diablo2_lord_of_destruction_dede.exe] => (Allow) C:\users\***\downloads\downloader_diablo2_lord_of_destruction_dede.exe (Blizzard Entertainment) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{6E5F83B5-985E-4578-A548-A231BE58AC0C}E:\programme\battle.net\battle.net.exe] => (Allow) E:\programme\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{2145D106-C327-4EEF-9C3C-FE466BE9E468}E:\programme\battle.net\battle.net.exe] => (Allow) E:\programme\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{2B09D258-C25A-43C9-BE65-7AFD32872E16}E:\games\anno 1602 - history edition\anno1602.exe] => (Allow) E:\games\anno 1602 - history edition\anno1602.exe (Ubisoft Blue Byte GmbH -> Ubisoft)
FirewallRules: [UDP Query User{62B922D2-7073-4B66-B7DB-5DF91ADF62A3}E:\games\anno 1602 - history edition\anno1602.exe] => (Allow) E:\games\anno 1602 - history edition\anno1602.exe (Ubisoft Blue Byte GmbH -> Ubisoft)
FirewallRules: [TCP Query User{F4CC2ED3-5E71-4242-BC28-34221CD682E1}E:\games\anno 1404 - history edition\anno1404addon.exe] => (Allow) E:\games\anno 1404 - history edition\anno1404addon.exe (Ubisoft Blue Byte GmbH -> Ubisoft)
FirewallRules: [UDP Query User{3AE7B07A-E453-436C-BD74-5D90E6E1DF22}E:\games\anno 1404 - history edition\anno1404addon.exe] => (Allow) E:\games\anno 1404 - history edition\anno1404addon.exe (Ubisoft Blue Byte GmbH -> Ubisoft)
FirewallRules: [{FADA39C4-7D6F-42D4-AF2B-7F02A4B2D012}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{52675795-544D-44FD-8459-E6C92354C481}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\89.0.774.77\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert (Total:73.52 GB) (Free:2.53 GB) (3%)
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (04/18/2021 02:04:12 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (4028,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/18/2021 01:54:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Error: (04/18/2021 01:54:37 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (04/18/2021 01:02:06 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (14196,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/18/2021 12:55:35 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (13144,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/18/2021 11:55:35 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (11420,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/18/2021 11:27:16 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (6792,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (04/18/2021 11:21:50 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8596,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Systemfehler:
=============
Error: (04/18/2021 02:08:56 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M7O72O5)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (04/18/2021 02:08:21 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M7O72O5)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (04/18/2021 02:08:00 PM) (Source: TPM) (EventID: 15) (User: NT-AUTORITÄT)
Description: Beim Gerätetreiber für das Trusted Platform Module (TPM) ist ein nicht behebbarer Fehler in der TPM-Hardware aufgetreten, der die Verwendung der TPM-Dienste (z. B. Datenverschlüsselung) verhindert. Wenden Sie sich an den Computerhersteller, um weitere Hilfe zu erhalten.
Error: (04/18/2021 01:59:12 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M7O72O5)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (04/18/2021 01:55:20 PM) (Source: TPM) (EventID: 15) (User: NT-AUTORITÄT)
Description: Beim Gerätetreiber für das Trusted Platform Module (TPM) ist ein nicht behebbarer Fehler in der TPM-Hardware aufgetreten, der die Verwendung der TPM-Dienste (z. B. Datenverschlüsselung) verhindert. Wenden Sie sich an den Computerhersteller, um weitere Hilfe zu erhalten.
Error: (04/18/2021 11:12:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (04/18/2021 11:12:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (04/18/2021 09:48:55 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M7O72O5)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Windows Defender:
================
Date: 2021-04-18 11:22:16.908
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {09527A96-2BB4-4CD1-8D5E-CBA212BD0A3F}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-04-17 09:03:00.037
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {1EB440F1-7067-4053-A7B7-6A38B20E2567}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-04-14 23:58:22.300
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {18F4CDAA-DE1C-4EFD-A687-96EFA0C3BA2C}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-04-09 10:27:13.819
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {719661A6-8339-4343-84FB-00DE3BD6A8CA}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-04-06 21:12:31.305
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {E4014ADC-0E89-47C2-9C90-981FEEDA2582}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
==================== Speicherinformationen ===========================
BIOS: LENOVO EFCN32WW 05/11/2020
Hauptplatine: LENOVO LNVNB161216
Prozessor: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 16251.79 MB
Verfügbarer physikalischer RAM: 11989.47 MB
Summe virtueller Speicher: 18683.79 MB
Verfügbarer virtueller Speicher: 13293.95 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:73.52 GB) (Free:2.53 GB) NTFS
Drive e: () (Fixed) (Total:401.74 GB) (Free:85.74 GB) NTFS
\\?\Volume{d9fa2484-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.97 GB) (Free:0.95 GB) FAT32
\\?\Volume{d9fa2484-0000-0000-0000-b09f12000000}\ () (Fixed) (Total:0.7 GB) (Free:0.08 GB) NTFS
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=1000 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=73.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=717 MB) - (Type=27)
Partition 4: (Not Active) - (Size=401.7 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt =======================
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
durchgeführt von *** (Administrator) auf DESKTOP-M7O72O5 (LENOVO 81Y8) (18-04-2021 14:10:36)
Gestartet von C:\Users\***\Desktop
Geladene Profile: *** & ***
Platform: Windows 10 Pro Version 1909 18363.1440 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dolby Laboratories, Inc. -> ) C:\ProgramData\Dolby\DAX3\RADARHOST\DSRHost.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~2.INF\DAX3API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_8a4ddeba3102f3a4\DAX3API.exe
(geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_553b9a82ff9cf770\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e75e15bdee999808\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e75e15bdee999808\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_48973fc6c96c696a\RstMwService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\usocoreworker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.1430_none_16f0726f2a33ac55\TiWorker.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Users\***\AppData\Local\Mozilla Firefox\firefox.exe <8>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_6fdb2f2a4eb90886\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
0 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21022.202.0_x64__8wekyb3d8bbwe\YourPhone.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1084704 2020-05-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [557760 2021-02-08] (geek software GmbH -> geek software GmbH)
HKU\S-1-5-21-2797691131-4137483123-2831801241-1001\...\Run: [Steam] => E:\Programme\Steam\steam.exe [4087528 2021-04-12] (Valve -> Valve Corporation)
HKU\S-1-5-21-2797691131-4137483123-2831801241-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\***\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2797691131-4137483123-2831801241-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\***\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2797691131-4137483123-2831801241-1001\...\RunOnce: [Uninstall 20.124.0621.0006\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\***\AppData\Local\Microsoft\OneDrive\20.124.0621.0006\amd64"
HKU\S-1-5-21-2797691131-4137483123-2831801241-1001\...\RunOnce: [Uninstall 20.124.0621.0006] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\***\AppData\Local\Microsoft\OneDrive\20.124.0621.0006"
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Run: [Discord] => C:\Users\***\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Run: [Spotify] => C:\Users\***\AppData\Roaming\Spotify\Spotify.exe [24261704 2021-04-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Run: [5EC4A06B78D967CCF251E8972A3BD5F5F778BD86._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\***\AppData\Local\Microsoft\Teams\Update.exe [2453720 2021-03-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.128\Installer\chrmstp.exe [2021-04-14] (Google LLC -> Google LLC)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0920D19B-1A04-473A-8D18-303F1FDFF1EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-15] (Google LLC -> Google LLC)
Task: {1683CC2B-A847-4FFC-9824-0F2EECEFC58D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-15] (Google LLC -> Google LLC)
Task: {16895635-0D65-4755-B397-4EA1302C80BD} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2C01A401-164D-4437-9A05-876E1C611DD1} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-06] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {38CF5313-A5D9-4FA7-BB77-EE355EBE7C76} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141160 2021-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {4A4D6A09-9026-4F85-BCD0-FAEB947C36D4} - System32\Tasks\G2MUploadTask-S-1-5-21-2797691131-4137483123-2831801241-1002 => C:\Users\***\AppData\Local\GoToMeeting\19598\g2mupload.exe [31320 2021-04-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {54B40097-352C-4520-9626-7B19C8D08CDE} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {666D13F9-25E9-415E-AC6F-6C9982FD06F8} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {78D83BAF-35A6-487C-A32F-EFDFBF1F197C} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {805BF278-FD29-45C5-8C13-4F949D70BFA9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248792 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {88BB3BF8-DC33-40B3-B7B7-DD40D0CA5E66} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8A53E4FF-D368-4810-9D40-0595E8B28914} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8E012B68-5B8A-41B2-9A1A-D59F7E7050CF} - System32\Tasks\G2MUpdateTask-S-1-5-21-2797691131-4137483123-2831801241-1002 => C:\Users\***\AppData\Local\GoToMeeting\19598\g2mupdate.exe [31320 2021-04-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {940F8569-A8B6-4AA2-A081-DE7813D8B061} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9FB8950A-7C51-47E8-AC1E-294E2DAC6176} - System32\Tasks\Mozilla\Firefox Default Browser Agent 35973C5F6F9CA8F4 => C:\Users\***\AppData\Local\Mozilla Firefox\default-browser-agent.exe [667856 2020-11-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {A74403A9-F782-43FD-AE29-A2210DB18F98} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BF2FBF1E-12FF-4C7A-B65D-1BE17C46348F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141160 2021-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {D341A428-9D93-42B9-9CC6-A257F8BB51D9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498000 2021-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {DC41E1AC-9717-4B46-83B9-81732E7F46DC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-06] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {DD1F6C97-FE40-43F0-B822-6845D9FDD70B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248792 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFB9179B-DCE0-45B5-9280-1E603B3C618C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E3AD5E44-F50C-40FC-8A3F-0D8B06A17998} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E62E07C1-61E4-4994-87B9-0578653D2C0A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {F2641D20-1BEF-49D6-97B9-68D3A7779548} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FEE94522-E805-411A-A6CE-36CD998B3959} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2797691131-4137483123-2831801241-1002.job => C:\Users\***\AppData\Local\GoToMeeting\19598\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2797691131-4137483123-2831801241-1002.job => C:\Users\***\AppData\Local\GoToMeeting\19598\g2mupload.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3f3ccafd-659e-4f10-ac3c-a25096ca9da7}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{529764a4-5260-4a67-be3d-39780d39f194}: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF DefaultProfile: 7sc8d549.default
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7sc8d549.default [2020-08-11]
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\31287jov.default-release [2020-08-11]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-14] (Adobe Inc. -> Adobe Systems Inc.)
StartMenuInternet: Firefox-35973C5F6F9CA8F4 - C:\Users\***\AppData\Local\Mozilla Firefox\firefox.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788392 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_8a4ddeba3102f3a4\DAX3API.exe [1932960 2020-03-02] (Dolby Laboratories, Inc. -> Dolby Laboratories)
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [1113864 2020-06-03] (Bayerisches Landesamt fuer Steuern -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [390400 2020-05-22] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [557760 2021-02-08] (geek software GmbH -> geek software GmbH)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6477936 2021-03-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182328 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_6fdb2f2a4eb90886\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_6fdb2f2a4eb90886\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 pelmouse; C:\WINDOWS\system32\DRIVERS\pelmouse.sys [26880 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.)
S3 pelusblf; C:\WINDOWS\system32\DRIVERS\pelusblf.sys [32544 2017-03-29] (WDKTestCert primax,131147703563436555 -> )
S3 pelvendr; C:\WINDOWS\system32\DRIVERS\pelvendr.sys [15032 2016-07-11] (WDKTestCert idd,131110062695071623 -> TPMX Electronics Ltd.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166760 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43368 2020-04-24] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-04-18 14:10 - 2021-04-18 14:10 - 000019324 _____ C:\Users\***\Desktop\FRST.txt
2021-04-18 14:08 - 2021-04-18 14:10 - 000000000 ____D C:\FRST
2021-04-18 14:06 - 2021-04-18 14:05 - 002298368 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2021-04-18 13:09 - 2021-04-18 13:09 - 000000000 ___SD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.9
2021-04-18 13:08 - 2021-04-18 13:08 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
2021-04-18 13:06 - 2021-04-18 13:06 - 000000000 ____D C:\Users\***\Desktop\OpenOffice 4.1.9 (de) Installation Files
2021-04-15 00:53 - 2021-04-15 00:54 - 000000000 ____D C:\Users\***\Desktop\Impfung
2021-04-13 20:41 - 2021-04-13 20:41 - 000544707 _____ C:\Users\***\Desktop\T8KFQ1I766.pdf
2021-04-11 13:46 - 2021-04-11 13:46 - 000000000 ____D C:\Users\***\Documents\ANNO 1404 Venice
2021-04-11 13:13 - 2021-04-11 13:16 - 000000000 ____D C:\Users\***\AppData\Roaming\Ubisoft
2021-04-09 20:27 - 2021-04-09 20:45 - 000000000 ____D C:\Users\***\Documents\Anno 1602 History Edition
2021-04-09 19:21 - 2021-04-11 13:07 - 000000000 ____D C:\Users\***\AppData\Local\Ubisoft Game Launcher
2021-04-09 19:21 - 2021-04-09 19:21 - 000000000 ____D C:\ProgramData\Ubisoft
2021-04-09 19:18 - 2021-04-09 19:18 - 000000804 _____ C:\Users\***\Desktop\Ubisoft Connect.lnk
2021-04-09 19:18 - 2021-04-09 19:18 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2021-04-09 19:18 - 2021-04-09 19:18 - 000000000 ____D C:\Users\***\AppData\Local\Ubisoft Game Launcher
2021-04-07 21:43 - 2021-04-07 21:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Classic PTR
2021-04-04 14:27 - 2021-04-04 14:27 - 003122981 _____ C:\Users\***\Desktop\Lybstes_Pumphose2_E-Book_komplett.pdf
2021-03-28 12:25 - 2021-03-28 12:25 - 000084439 _____ C:\Users\***\Downloads\EveryQuest_QuestGivers-r29 (1).zip
2021-03-28 12:19 - 2021-03-28 12:19 - 000084439 _____ C:\Users\***\Downloads\EveryQuest_QuestGivers-r29.zip
2021-03-28 12:18 - 2021-03-28 12:19 - 000498790 _____ C:\Users\***\Downloads\EveryQuest-r162.zip
2021-03-27 11:45 - 2021-03-27 12:02 - 000000211 _____ C:\Users\***\Desktop\Warmane.txt
2021-03-26 08:52 - 2021-03-26 08:52 - 000000000 ____D C:\Users\***\AppData\Roaming\TradeSkillMaster
2021-03-26 08:51 - 2021-03-26 08:51 - 000000933 _____ C:\Users\Public\Desktop\TSMApplication.lnk
2021-03-26 08:51 - 2021-03-26 08:51 - 000000933 _____ C:\ProgramData\Desktop\TSMApplication.lnk
2021-03-26 08:51 - 2021-03-26 08:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeSkillMaster Application
2021-03-26 08:49 - 2021-03-26 08:49 - 000002519 _____ C:\Users\***\Downloads\TradeSkillMaster_AppHelper-Classic.zip
2021-03-26 08:48 - 2021-03-26 08:48 - 001914518 _____ C:\Users\***\Downloads\TradeSkillMaster-Classic.zip
2021-03-25 17:09 - 2021-03-25 17:09 - 000010228 _____ C:\Users\***\Desktop\TBC Prep.xlsx
2021-03-24 16:55 - 2021-04-07 19:05 - 000001231 _____ C:\Users\***\Desktop\Naxx.txt
2021-03-24 16:54 - 2021-03-24 16:54 - 000000000 _____ C:\Users\***\Desktop\Neues Textdokument (4).txt
2021-03-24 13:40 - 2021-03-24 13:40 - 000056336 _____ C:\Users\***\Desktop\2000_SchmuckKasserRyan_SIR.pdf
2021-03-24 10:08 - 2021-03-24 10:08 - 000000000 ___HD C:\$WinREAgent
2021-03-22 13:51 - 2021-03-22 13:51 - 000090456 _____ C:\Users\***\Desktop\Haushaltsplan.pdf
2021-03-22 08:19 - 2021-03-23 17:41 - 000000152 _____ C:\Users\***\Desktop\Neues Textdokument (3).txt
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-04-18 14:08 - 2020-08-13 10:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-18 14:08 - 2020-08-12 10:42 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-18 14:08 - 2020-08-11 22:22 - 000000000 ____D C:\Users\***\AppData\LocalLow\Mozilla
2021-04-18 14:08 - 2020-08-11 21:30 - 000000000 __SHD C:\Users\***\IntelGraphicsProfiles
2021-04-18 14:08 - 2020-08-11 21:00 - 000000000 ____D C:\Intel
2021-04-18 14:08 - 2019-03-19 06:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-18 14:07 - 2019-03-19 06:37 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2021-04-18 14:00 - 2020-08-13 11:29 - 000544400 _____ C:\WINDOWS\system32\perfh008.dat
2021-04-18 14:00 - 2020-08-13 11:29 - 000089530 _____ C:\WINDOWS\system32\perfc008.dat
2021-04-18 14:00 - 2020-08-13 10:44 - 002352488 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-18 14:00 - 2019-03-19 14:16 - 000746852 _____ C:\WINDOWS\system32\perfh007.dat
2021-04-18 14:00 - 2019-03-19 14:16 - 000151124 _____ C:\WINDOWS\system32\perfc007.dat
2021-04-18 14:00 - 2019-03-19 06:50 - 000000000 ____D C:\WINDOWS\INF
2021-04-18 13:55 - 2020-08-13 10:37 - 000471208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-18 13:54 - 2020-08-13 10:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-18 11:09 - 2020-08-12 15:48 - 000000000 ____D C:\Users\***\AppData\Local\Spotify
2021-04-18 10:47 - 2020-08-12 15:48 - 000000000 ____D C:\Users\***\AppData\Roaming\Spotify
2021-04-18 09:03 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-18 09:01 - 2019-03-19 06:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-17 15:10 - 2020-08-12 11:45 - 000000000 ____D C:\Users\***\AppData\Roaming\discord
2021-04-17 14:49 - 2020-08-11 22:34 - 000000000 ____D C:\Users\***\AppData\Local\Battle.net
2021-04-17 09:02 - 2020-08-16 16:37 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-16 20:36 - 2020-09-20 22:28 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-16 00:52 - 2020-11-18 19:07 - 000000000 ____D C:\Program Files\Microsoft Office
2021-04-14 20:50 - 2020-08-12 10:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-14 20:49 - 2020-08-12 10:24 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-14 19:06 - 2020-09-15 16:14 - 000002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-13 14:06 - 2020-08-11 22:01 - 000000000 ____D C:\Users\***\AppData\Roaming\vlc
2021-04-13 13:02 - 2021-02-04 20:38 - 000000678 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2797691131-4137483123-2831801241-1002.job
2021-04-13 13:02 - 2021-02-04 20:38 - 000000582 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2797691131-4137483123-2831801241-1002.job
2021-04-13 09:46 - 2020-09-20 22:28 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-13 09:46 - 2020-09-20 22:28 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-12 20:18 - 2020-08-13 10:41 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2797691131-4137483123-2831801241-1002
2021-04-12 20:18 - 2020-08-13 10:38 - 000002389 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-12 20:18 - 2020-08-11 21:31 - 000000000 ___RD C:\Users\***\OneDrive
2021-04-11 20:35 - 2020-08-11 18:17 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-09 20:27 - 2020-08-13 08:37 - 000000000 ____D C:\Users\***\AppData\Local\D3DSCache
2021-04-04 20:21 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-04 15:12 - 2021-02-04 20:38 - 000003852 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-2797691131-4137483123-2831801241-1002
2021-04-04 15:12 - 2021-02-04 20:38 - 000003756 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-2797691131-4137483123-2831801241-1002
2021-04-04 15:12 - 2021-02-04 20:38 - 000000000 ____D C:\Users\***\AppData\Local\GoToMeeting
2021-03-25 12:17 - 2021-03-04 00:27 - 000001348 _____ C:\Users\***\Desktop\T3.txt
2021-03-25 08:55 - 2021-03-16 11:14 - 000000000 ____D C:\Users\***\AppData\Local\D2B134.tmpd
2021-03-25 08:55 - 2021-03-15 12:54 - 000000000 ____D C:\Users\***\AppData\Local\D2EDA0.tmpd
2021-03-24 11:46 - 2019-03-19 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-03-24 11:45 - 2020-08-12 10:18 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-22 19:46 - 2020-11-07 09:45 - 000002378 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-03-19 23:28 - 2020-08-11 21:30 - 000000000 ____D C:\Users\***\AppData\Local\Packages
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2021-03-16 11:14 - 2021-03-16 11:14 - 000000000 _____ () C:\Users\***\AppData\Local\D2B134.tmp
2021-03-15 12:54 - 2021-03-15 12:54 - 000000000 _____ () C:\Users\***\AppData\Local\D2EDA0.tmp
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
 |
|
18.04.2021, 17:11
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | openoffice.de mögliche Infektion Leute! Was habt ihr alle immer nur mit diesem OpenOffice!
__________________ Diese Software ist de facto tot nachdem Sun von Oracle übernommen wurde. Ich versteh das einfach nicht, dass das kaum einer mal wahrnehmen will! Ebenso unverständlich, dass immer noch munter und fröhlich von Schrottseiten wie openoffice.de, vlc.de oder audacity.de geladen wird. Warum lädt man ungeprüft Schrott runter? Es muss doch klar sein, dass man mit diesen naiven Handlungen sein System selbst verhunzt. Zitat:
 Zitat:
//edit: typo
__________________ Geändert von cosinus (18.04.2021 um 17:50 Uhr) |
|
18.04.2021, 18:42
| #3 |
| | openoffice.de mögliche Infektion Erhalte sehr oft OpenOffice Dokumente zur weiterbearbeitung, Office hat da meistens Probleme mit dem Format.
__________________Wie gesagt, drei Sachen gleichzeitig gemacht. |
|
18.04.2021, 19:07
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | openoffice.de mögliche Infektion Es nicht geschrieben, dass du zukünftig solche Dateien nicht mehr öffnen sollst. Aber auch von Laien darf und muss man mal erwarten, sich über derartige Standardsoftware mal besser zu informieren. Seit locker 10 Jahre lautet die Empfehlung LibreOffice zu verwenden und kein OpenOffice mehr. Was ist mit meiner Frage nach der Festplatte und dem wenigen freien Speicherplatz? Ein System in diesem Zustand ist sinnfrei.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.04.2021, 19:59
| #5 | |
| /// Helfer-Team   | openoffice.de mögliche InfektionZitat:
Openoffice ist veraltet, aktuell ist Libreoffice. Dein Problem liegt ganz wo anders und ohne die Klärung macht eine Bereinigung keinen Sinn: Drive c: () (Fixed) (Total:73.52 GB) (Free:2.53 GB) NTFS Das System ist von Haus aus falsch eingerichtet worden. Mit dieser Konstellation bekommst Du das nächste Problem schwer in den Griff: Windows 10 Pro Version 1909 18363.1440 (X64) (2020-08-13 08:42:04) Da fehlen zwei wichtige Updates. Hier gibt es für Dich zwei Ansätze: 1. Sicherung der Daten und eine saubere Neuinstallation entsprechend der Anleitung des Forums 2. Professionelle Hilfe vor Ort, um die Speicherverhältnisse auf der Platte in ein vernünftiges Verhältnis zu bringen.
__________________ LG Der Felix Keine Hilfe per PN und E-Mail |
|
18.04.2021, 21:11
| #6 |
| | openoffice.de mögliche Infektion Habe 50gb auf c umverteilt und geupdatet, wie soll ich weiter verfahren? |
|
18.04.2021, 21:28
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | openoffice.de mögliche Infektion Wie hast du bitte umverteilt? Das macht man nicht mal eben so. Das ist nur dann kein großer Zeitaufwand wenn rechts von der C-Partition noch genügen unzugeordneter Speicher ist. Wurde OpenOffice deinstalliert? Wenn nicht nachholen. Und am besten auch AdobeReader und Google Chrome deinstallieren.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.04.2021, 06:10
| #8 |
| | openoffice.de mögliche Infektion Datenträgerverwaltung und MiniTool OpenOffice ist runter LibreOffice drauf, passt gut mit der Formatierung von Openoffice-Dateien, danke Welche Alternative für den AdobeReader würdet ihr empfehlen? Chrome und Mozilla brauch ich weiterhin parallel, benutze bei beiden uBlock / noscript / etc, ersteres hauptsache für schnellzugriff bestimmter weniger wichtiger Seiten, passt schon Geändert von Sw0rD (19.04.2021 um 06:20 Uhr) |
|
19.04.2021, 08:00
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | openoffice.de mögliche Infektion adwCleaner Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags. adwcleaner bitte wiederholen falls es Funde gab.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.04.2021, 09:00
| #10 |
| | openoffice.de mögliche InfektionCode:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build: 03-22-2021
# Database: 2021-04-08.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-19-2021
# Duration: 00:00:05
# OS: Windows 10 Pro
# Scanned: 31970
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
|
|
19.04.2021, 09:16
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | openoffice.de mögliche Infektion Dann jetzt neue FRST-Logs-
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.04.2021, 09:45
| #12 |
| | openoffice.de mögliche InfektionFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by *** (administrator) on DESKTOP-M7O72O5 (LENOVO 81Y8) (19-04-2021 10:37:38)
Running from C:\Users\***\Desktop
Loaded Profiles: *** & ***
Platform: Windows 10 Pro Version 20H2 19042.928 (X64) Language: Deutsch (Deutschland) -> Deutsch (Deutschland)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(0) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21022.202.0_x64__8wekyb3d8bbwe\YourPhone.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Dolby Laboratories, Inc. -> ) C:\ProgramData\Dolby\DAX3\RADARHOST\DSRHost.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~4.INF\DAX3API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_925ded1d9428eaee\DAX3API.exe
(geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxEM.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_553b9a82ff9cf770\OneApp.IGCC.WinService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e75e15bdee999808\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e75e15bdee999808\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_c98d5e0dfc88ac2f\RstMwService.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12101.1001.14.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.3093.0_x64__8wekyb3d8bbwe\GameBar.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.521.3093.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\NisSrv.exe
(MiniTool Software Limited -> ) C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlt.inf_amd64_6fdb2f2a4eb90886\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1084704 2020-05-28] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [557760 2021-02-08] (geek software GmbH -> geek software GmbH)
HKLM\...\Run: [MTPW] => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
HKU\S-1-5-21-2797691131-4137483123-2831801241-1001\...\Run: [Steam] => E:\Programme\Steam\steam.exe [4087528 2021-04-12] (Valve -> Valve Corporation)
HKU\S-1-5-21-2797691131-4137483123-2831801241-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --auto-launch-onlogon --start-maximized --restore-last-session
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Run: [Discord] => C:\Users\***\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Run: [Spotify] => C:\Users\***\AppData\Roaming\Spotify\Spotify.exe [24261704 2021-04-13] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Run: [5EC4A06B78D967CCF251E8972A3BD5F5F778BD86._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Run: [com.squirrel.Teams.Teams] => C:\Users\***\AppData\Local\Microsoft\Teams\Update.exe [2453720 2021-03-22] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\89.0.4389.128\Installer\chrmstp.exe [2021-04-14] (Google LLC -> Google LLC)
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0920D19B-1A04-473A-8D18-303F1FDFF1EE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-15] (Google LLC -> Google LLC)
Task: {1683CC2B-A847-4FFC-9824-0F2EECEFC58D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-09-15] (Google LLC -> Google LLC)
Task: {16895635-0D65-4755-B397-4EA1302C80BD} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2C01A401-164D-4437-9A05-876E1C611DD1} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-06] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {38CF5313-A5D9-4FA7-BB77-EE355EBE7C76} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141160 2021-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {424108CE-24ED-4360-87EC-CA6C4EE3BB0E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4A4D6A09-9026-4F85-BCD0-FAEB947C36D4} - System32\Tasks\G2MUploadTask-S-1-5-21-2797691131-4137483123-2831801241-1002 => C:\Users\***\AppData\Local\GoToMeeting\19598\g2mupload.exe [31320 2021-04-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {51FF46B3-2197-4EC5-9FB2-A127B354DBC9} - System32\Tasks\MiniToolPartitionWizard => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
Task: {54B40097-352C-4520-9626-7B19C8D08CDE} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {666D13F9-25E9-415E-AC6F-6C9982FD06F8} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6FF129AB-3046-4E64-B966-360ABE40881B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {78D83BAF-35A6-487C-A32F-EFDFBF1F197C} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {805BF278-FD29-45C5-8C13-4F949D70BFA9} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248792 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {88BB3BF8-DC33-40B3-B7B7-DD40D0CA5E66} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8E012B68-5B8A-41B2-9A1A-D59F7E7050CF} - System32\Tasks\G2MUpdateTask-S-1-5-21-2797691131-4137483123-2831801241-1002 => C:\Users\***\AppData\Local\GoToMeeting\19598\g2mupdate.exe [31320 2021-04-04] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {905F3A97-5FE8-4359-828C-1CDC23B9CB3E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {940F8569-A8B6-4AA2-A081-DE7813D8B061} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9618488E-2FDA-4A21-B539-FA7435BC6AF6} - System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\RemoteFXWarningTask => C:\WINDOWS\System32\RemoteFXvGPUDisablement.exe
Task: {9A09380F-CF3A-45CB-BD07-A9475F1AB213} - System32\Tasks\Microsoft\Windows\termsrv\RemoteFX\RemoteFXvGPUDisableTask => C:\WINDOWS\System32\RemoteFXvGPUDisablement.exe
Task: {9FB8950A-7C51-47E8-AC1E-294E2DAC6176} - System32\Tasks\Mozilla\Firefox Default Browser Agent 35973C5F6F9CA8F4 => C:\Users\***\AppData\Local\Mozilla Firefox\default-browser-agent.exe [667856 2020-11-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {A74403A9-F782-43FD-AE29-A2210DB18F98} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {BF2FBF1E-12FF-4C7A-B65D-1BE17C46348F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141160 2021-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8370D28-F48C-4B63-8355-5CAFAE74361B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2103.7-0\MpCmdRun.exe [566368 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D341A428-9D93-42B9-9CC6-A257F8BB51D9} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1498000 2021-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {DC41E1AC-9717-4B46-83B9-81732E7F46DC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-06] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {DD1F6C97-FE40-43F0-B822-6845D9FDD70B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23248792 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3AD5E44-F50C-40FC-8A3F-0D8B06A17998} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E62E07C1-61E4-4994-87B9-0578653D2C0A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2797691131-4137483123-2831801241-1002.job => C:\Users\***\AppData\Local\GoToMeeting\19598\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2797691131-4137483123-2831801241-1002.job => C:\Users\***\AppData\Local\GoToMeeting\19598\g2mupload.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3f3ccafd-659e-4f10-ac3c-a25096ca9da7}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{529764a4-5260-4a67-be3d-39780d39f194}: [DhcpNameServer] 192.168.178.1
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\***\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-18]
FireFox:
========
FF DefaultProfile: 7sc8d549.default
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\7sc8d549.default [2020-08-11]
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\31287jov.default-release [2021-04-18]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-04-14] (Adobe Inc. -> Adobe Systems Inc.)
StartMenuInternet: Firefox-35973C5F6F9CA8F4 - C:\Users\***\AppData\Local\Mozilla Firefox\firefox.exe
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8788392 2021-04-07] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_925ded1d9428eaee\DAX3API.exe [2205144 2020-12-22] (Dolby Laboratories, Inc. -> Dolby Laboratories)
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [1113864 2020-06-03] (Bayerisches Landesamt fuer Steuern -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [390400 2020-05-22] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [557760 2021-02-08] (geek software GmbH -> geek software GmbH)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-04-19] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\NisSrv.exe [2624104 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2103.7-0\MsMpEng.exe [128376 2021-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_6fdb2f2a4eb90886\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_6fdb2f2a4eb90886\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 MpKsla1b49763; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9DB3A7BD-9AEE-4469-873E-6AFF7FA5A03B}\MpKslDrv.sys [97528 2021-04-19] (Microsoft Windows -> Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2019-11-08] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49560 2021-04-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [421088 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72928 2021-04-11] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-19 10:37 - 2021-04-19 10:38 - 000019365 _____ C:\Users\***\Desktop\FRST.txt
2021-04-19 09:58 - 2021-04-19 09:59 - 000000000 ____D C:\AdwCleaner
2021-04-19 09:58 - 2021-04-19 09:58 - 000000020 ___SH C:\Users\***\ntuser.ini
2021-04-19 09:57 - 2021-04-19 09:57 - 008534696 _____ (Malwarebytes) C:\Users\***\Desktop\adwcleaner_8.2.exe
2021-04-19 08:56 - 2021-04-19 08:02 - 000000000 ____D C:\Windows.old
2021-04-19 08:55 - 2021-04-19 08:56 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2021-04-19 08:54 - 2021-04-19 08:55 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2021-04-19 08:54 - 2021-04-19 08:54 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2021-04-19 08:53 - 2021-04-19 08:53 - 000000000 ____D C:\ProgramData\ssh
2021-04-19 08:51 - 2021-04-19 08:51 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-04-19 08:51 - 2021-04-19 08:51 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-04-19 08:51 - 2021-04-19 08:51 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-04-19 08:51 - 2021-04-19 08:51 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-04-19 08:51 - 2021-04-19 08:51 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-04-19 08:51 - 2021-04-19 08:51 - 000480256 _____ C:\WINDOWS\system32\AssignedAccessCsp.dll
2021-04-19 08:51 - 2021-04-19 08:51 - 000469504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-04-19 08:51 - 2021-04-19 08:51 - 000304128 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-04-19 08:51 - 2021-04-19 08:51 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mpg2splt.ax
2021-04-19 08:51 - 2021-04-19 08:51 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-04-19 08:51 - 2021-04-19 08:51 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mpg2splt.ax
2021-04-19 08:51 - 2021-04-19 08:51 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-04-19 08:51 - 2021-04-19 08:51 - 000157184 _____ C:\WINDOWS\system32\uwfcsp.dll
2021-04-19 08:51 - 2021-04-19 08:51 - 000138056 _____ C:\WINDOWS\system32\HvsiManagementApi.dll
2021-04-19 08:51 - 2021-04-19 08:51 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-04-19 08:51 - 2021-04-19 08:51 - 000101704 _____ C:\WINDOWS\SysWOW64\HvsiManagementApi.dll
2021-04-19 08:51 - 2021-04-19 08:51 - 000095744 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-04-19 08:51 - 2021-04-19 08:51 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-04-19 08:51 - 2021-04-19 08:51 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-04-19 08:51 - 2021-04-19 08:51 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-04-19 08:51 - 2021-04-19 08:51 - 000053760 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-04-19 08:51 - 2021-04-19 08:51 - 000045880 _____ C:\WINDOWS\system32\HvSocket.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 004898144 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 004227116 _____ C:\WINDOWS\system32\DefaultHrtfs.bin
2021-04-19 08:50 - 2021-04-19 08:50 - 003860832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-19 08:50 - 2021-04-19 08:50 - 001394024 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-04-19 08:50 - 2021-04-19 08:50 - 001354080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 001314128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-04-19 08:50 - 2021-04-19 08:50 - 001163776 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-04-19 08:50 - 2021-04-19 08:50 - 001091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 001032544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000980320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000915296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000732000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-04-19 08:50 - 2021-04-19 08:50 - 000707016 _____ C:\WINDOWS\system32\TextShaping.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000643072 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000611952 _____ C:\WINDOWS\SysWOW64\TextShaping.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-04-19 08:50 - 2021-04-19 08:50 - 000562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-04-19 08:50 - 2021-04-19 08:50 - 000544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-04-19 08:50 - 2021-04-19 08:50 - 000455680 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000455168 _____ C:\WINDOWS\system32\ssdm.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000446976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-04-19 08:50 - 2021-04-19 08:50 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-04-19 08:50 - 2021-04-19 08:50 - 000363520 _____ C:\WINDOWS\system32\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000330752 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000306688 _____ C:\WINDOWS\system32\HeatCore.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2021-04-19 08:50 - 2021-04-19 08:50 - 000266240 _____ C:\WINDOWS\SysWOW64\Windows.Internal.UI.Shell.WindowTabManager.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-04-19 08:50 - 2021-04-19 08:50 - 000240640 _____ C:\WINDOWS\SysWOW64\CoreMas.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-04-19 08:50 - 2021-04-19 08:50 - 000235520 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2021-04-19 08:50 - 2021-04-19 08:50 - 000197632 _____ C:\WINDOWS\system32\IHDS.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000190976 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-04-19 08:50 - 2021-04-19 08:50 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-04-19 08:50 - 2021-04-19 08:50 - 000165888 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-04-19 08:50 - 2021-04-19 08:50 - 000152064 _____ C:\WINDOWS\system32\EoAExperiences.exe
2021-04-19 08:50 - 2021-04-19 08:50 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\activeds.tlb
2021-04-19 08:50 - 2021-04-19 08:50 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\activeds.tlb
2021-04-19 08:50 - 2021-04-19 08:50 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncpa.cpl
2021-04-19 08:50 - 2021-04-19 08:50 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncpa.cpl
2021-04-19 08:50 - 2021-04-19 08:50 - 000091136 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-04-19 08:50 - 2021-04-19 08:50 - 000089088 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.proxystub.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-04-19 08:50 - 2021-04-19 08:50 - 000074240 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000073216 _____ C:\WINDOWS\system32\windows.applicationmodel.conversationalagent.internal.proxystub.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000064552 _____ C:\WINDOWS\system32\umpdc.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-04-19 08:50 - 2021-04-19 08:50 - 000056672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000055376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000047472 _____ C:\WINDOWS\SysWOW64\umpdc.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.drv
2021-04-19 08:50 - 2021-04-19 08:50 - 000029696 _____ (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000025088 _____ (The ICU Project) C:\WINDOWS\system32\icuin.dll
2021-04-19 08:50 - 2021-04-19 08:50 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.drv
2021-04-19 08:50 - 2021-04-19 08:50 - 000013312 _____ C:\WINDOWS\system32\agentactivationruntimestarter.exe
2021-04-19 08:50 - 2021-04-19 08:50 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-19 08:50 - 2021-04-19 08:50 - 000010752 _____ C:\WINDOWS\SysWOW64\agentactivationruntimestarter.exe
2021-04-19 08:50 - 2021-04-19 08:50 - 000001370 _____ C:\WINDOWS\system32\ThirdPartyNoticesBySHS.txt
2021-04-19 08:45 - 2021-04-19 08:45 - 000377132 _____ C:\WINDOWS\system32\perfi008.dat
2021-04-19 08:45 - 2021-04-19 08:45 - 000047374 _____ C:\WINDOWS\system32\perfd008.dat
2021-04-19 08:45 - 2021-04-19 08:45 - 000000000 ____D C:\WINDOWS\SysWOW64\el
2021-04-19 08:45 - 2021-04-19 08:45 - 000000000 ____D C:\WINDOWS\system32\el
2021-04-19 08:45 - 2021-04-19 08:15 - 000544118 _____ C:\WINDOWS\system32\perfh008.dat
2021-04-19 08:45 - 2021-04-19 08:15 - 000089248 _____ C:\WINDOWS\system32\perfc008.dat
2021-04-19 08:42 - 2021-04-19 08:45 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2021-04-19 08:42 - 2021-04-19 08:42 - 000000000 ____D C:\Program Files\Reference Assemblies
2021-04-19 08:42 - 2021-04-19 08:42 - 000000000 ____D C:\Program Files\MSBuild
2021-04-19 08:42 - 2021-04-19 08:42 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2021-04-19 08:42 - 2021-04-19 08:42 - 000000000 ____D C:\Program Files (x86)\MSBuild
2021-04-19 08:04 - 2021-04-19 08:15 - 002350508 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-19 08:04 - 2021-04-19 08:04 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2021-04-19 08:02 - 2021-04-19 08:07 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-19 08:02 - 2021-04-19 08:02 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2021-04-19 08:02 - 2021-04-19 08:02 - 000011433 _____ C:\WINDOWS\diagerr.xml
2021-04-19 08:02 - 2021-04-19 08:02 - 000003628 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-04-19 08:02 - 2021-04-19 08:02 - 000003558 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-19 08:02 - 2021-04-19 08:02 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-04-19 08:02 - 2021-04-19 08:02 - 000003404 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-04-19 08:02 - 2021-04-19 08:02 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-19 08:02 - 2021-04-19 08:02 - 000003334 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-19 08:02 - 2021-04-19 08:02 - 000003276 _____ C:\WINDOWS\system32\Tasks\G2MUploadTask-S-1-5-21-2797691131-4137483123-2831801241-1002
2021-04-19 08:02 - 2021-04-19 08:02 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-19 08:02 - 2021-04-19 08:02 - 000003180 _____ C:\WINDOWS\system32\Tasks\G2MUpdateTask-S-1-5-21-2797691131-4137483123-2831801241-1002
2021-04-19 08:02 - 2021-04-19 08:02 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-19 08:02 - 2021-04-19 08:02 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-19 08:02 - 2021-04-19 08:02 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-19 08:02 - 2021-04-19 08:02 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-19 08:02 - 2021-04-19 08:02 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-19 08:02 - 2021-04-19 08:02 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-19 08:02 - 2021-04-19 08:02 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-19 08:02 - 2021-04-19 08:02 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2797691131-4137483123-2831801241-1002
2021-04-19 08:02 - 2021-04-19 08:02 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2797691131-4137483123-2831801241-1001
2021-04-19 08:02 - 2021-04-19 08:02 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-04-19 08:02 - 2021-04-19 08:02 - 000002464 _____ C:\WINDOWS\system32\Tasks\MiniToolPartitionWizard
2021-04-19 08:02 - 2021-04-19 08:02 - 000000020 ___SH C:\Users\***\ntuser.ini
2021-04-19 08:02 - 2021-04-19 08:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-04-19 08:02 - 2021-04-19 08:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2021-04-19 07:58 - 2021-04-19 09:58 - 000000000 ____D C:\Users\***
2021-04-19 07:58 - 2021-04-19 08:02 - 000000000 ____D C:\Users\***
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Vorlagen
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Startmenü
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Netzwerkumgebung
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Lokale Einstellungen
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Eigene Dateien
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Druckumgebung
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Documents\Eigene Videos
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Documents\Eigene Musik
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Documents\Eigene Bilder
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\AppData\Local\Verlauf
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\AppData\Local\Anwendungsdaten
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Anwendungsdaten
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Vorlagen
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Startmenü
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Netzwerkumgebung
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Lokale Einstellungen
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Eigene Dateien
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Druckumgebung
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Documents\Eigene Videos
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Documents\Eigene Musik
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Documents\Eigene Bilder
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\AppData\Local\Verlauf
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\AppData\Local\Anwendungsdaten
2021-04-19 07:58 - 2021-04-19 07:58 - 000000000 _SHDL C:\Users\***\Anwendungsdaten
2021-04-19 07:58 - 2019-12-07 11:10 - 000001105 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-19 07:58 - 2019-12-07 11:10 - 000001105 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-19 07:57 - 2021-04-19 08:07 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-19 07:57 - 2021-04-19 07:57 - 000598192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-04-19 07:57 - 2021-04-19 07:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-18 22:23 - 2021-04-19 08:02 - 000000000 ___DC C:\WINDOWS\Panther
2021-04-18 22:19 - 2021-04-18 22:19 - 000000000 ____D C:\Users\***\AppData\Roaming\NVIDIA
2021-04-18 22:19 - 2021-04-18 22:19 - 000000000 ____D C:\Users\***\AppData\Roaming\LibreOffice
2021-04-18 22:17 - 2021-04-19 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.0
2021-04-18 22:16 - 2021-04-18 22:16 - 000000000 ____D C:\Program Files\LibreOffice
2021-04-18 21:26 - 2021-04-18 21:26 - 000000000 ____D C:\Users\***\AppData\Roaming\QtProject
2021-04-18 21:25 - 2021-04-19 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12
2021-04-18 21:25 - 2021-04-18 21:25 - 000001028 _____ C:\Users\Public\Desktop\MiniTool Partition Wizard.lnk
2021-04-18 21:25 - 2021-04-18 21:25 - 000001028 _____ C:\ProgramData\Desktop\MiniTool Partition Wizard.lnk
2021-04-18 21:25 - 2021-04-18 21:25 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 12
2021-04-18 21:25 - 2019-11-08 10:15 - 003600896 _____ C:\WINDOWS\system32\pwNative.exe
2021-04-18 21:25 - 2019-11-08 10:15 - 000019152 _____ C:\WINDOWS\system32\pwdrvio.sys
2021-04-18 21:25 - 2019-11-08 10:15 - 000012504 _____ C:\WINDOWS\system32\pwdspio.sys
2021-04-18 17:27 - 2021-04-18 17:27 - 000002350 _____ C:\Users\***\Desktop\Microsoft Edge.lnk
2021-04-18 17:27 - 2021-04-18 17:27 - 000002274 _____ C:\Users\***\Desktop\Google Chrome.lnk
2021-04-18 17:27 - 2021-04-18 17:27 - 000000000 ____D C:\Users\***\AppData\Local\Google
2021-04-18 14:08 - 2021-04-19 10:37 - 000000000 ____D C:\FRST
2021-04-18 14:06 - 2021-04-18 14:05 - 002298368 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2021-04-18 13:09 - 2021-04-19 07:58 - 000000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.9
2021-04-18 13:06 - 2021-04-18 13:06 - 000000000 ____D C:\Users\***\Desktop\OpenOffice 4.1.9 (de) Installation Files
2021-04-15 00:53 - 2021-04-15 00:54 - 000000000 ____D C:\Users\***\Desktop\Impfung
2021-04-13 20:41 - 2021-04-13 20:41 - 000544707 _____ C:\Users\***\Desktop\T8KFQ1I766.pdf
2021-04-11 13:46 - 2021-04-11 13:46 - 000000000 ____D C:\Users\***\Documents\ANNO 1404 Venice
2021-04-11 13:13 - 2021-04-11 13:16 - 000000000 ____D C:\Users\***\AppData\Roaming\Ubisoft
2021-04-09 20:27 - 2021-04-09 20:45 - 000000000 ____D C:\Users\***\Documents\Anno 1602 History Edition
2021-04-09 19:21 - 2021-04-19 07:13 - 000000000 ____D C:\Users\***\AppData\Local\Ubisoft Game Launcher
2021-04-09 19:21 - 2021-04-09 19:21 - 000000000 ____D C:\ProgramData\Ubisoft
2021-04-09 19:18 - 2021-04-19 07:58 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2021-04-09 19:18 - 2021-04-19 07:07 - 000000000 ____D C:\Users\***\AppData\Local\Ubisoft Game Launcher
2021-04-09 19:18 - 2021-04-09 19:18 - 000000804 _____ C:\Users\***\Desktop\Ubisoft Connect.lnk
2021-04-07 21:43 - 2021-04-19 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Classic PTR
2021-04-04 14:27 - 2021-04-04 14:27 - 003122981 _____ C:\Users\***\Desktop\Lybstes_Pumphose2_E-Book_komplett.pdf
2021-03-27 11:45 - 2021-03-27 12:02 - 000000211 _____ C:\Users\***\Desktop\Warmane.txt
2021-03-26 08:52 - 2021-03-26 08:52 - 000000000 ____D C:\Users\***\AppData\Roaming\TradeSkillMaster
2021-03-26 08:51 - 2021-04-19 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeSkillMaster Application
2021-03-26 08:51 - 2021-03-26 08:51 - 000000933 _____ C:\Users\Public\Desktop\TSMApplication.lnk
2021-03-26 08:51 - 2021-03-26 08:51 - 000000933 _____ C:\ProgramData\Desktop\TSMApplication.lnk
2021-03-25 17:09 - 2021-03-25 17:09 - 000010228 _____ C:\Users\***\Desktop\TBC Prep.xlsx
2021-03-24 16:55 - 2021-04-07 19:05 - 000001231 _____ C:\Users\***\Desktop\Naxx.txt
2021-03-24 16:54 - 2021-03-24 16:54 - 000000000 _____ C:\Users\***\Desktop\Neues Textdokument (4).txt
2021-03-24 13:40 - 2021-03-24 13:40 - 000056336 _____ C:\Users\***\Desktop\2000_SchmuckKasserRyan_SIR.pdf
2021-03-24 10:08 - 2021-03-24 10:08 - 000000000 ___HD C:\$WinREAgent
2021-03-22 13:51 - 2021-03-22 13:51 - 000090456 _____ C:\Users\***\Desktop\Haushaltsplan.pdf
2021-03-22 08:19 - 2021-03-23 17:41 - 000000152 _____ C:\Users\***\Desktop\Neues Textdokument (3).txt
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2021-04-19 10:37 - 2020-08-11 22:22 - 000000000 ____D C:\Users\***\AppData\LocalLow\Mozilla
2021-04-19 10:37 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-19 10:37 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-19 10:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-19 10:07 - 2020-08-12 11:45 - 000000000 ____D C:\Users\***\AppData\Roaming\discord
2021-04-19 10:07 - 2020-08-11 22:34 - 000000000 ____D C:\Users\***\AppData\Local\Battle.net
2021-04-19 08:56 - 2021-03-15 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
2021-04-19 08:56 - 2021-02-09 09:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2021-04-19 08:56 - 2021-01-23 18:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Classic
2021-04-19 08:56 - 2020-12-06 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-04-19 08:56 - 2020-10-02 15:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-19 08:56 - 2020-10-02 15:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2021-04-19 08:56 - 2020-09-04 19:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2021-04-19 08:56 - 2020-08-12 10:43 - 000000000 ____D C:\Program Files\UNP
2021-04-19 08:56 - 2020-08-12 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2021-04-19 08:56 - 2020-08-11 22:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2021-04-19 08:56 - 2020-08-11 22:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2021-04-19 08:56 - 2020-08-11 22:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2021-04-19 08:56 - 2019-12-07 11:18 - 000000000 ____D C:\WINDOWS\Setup
2021-04-19 08:56 - 2019-12-07 11:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2021-04-19 08:56 - 2019-12-07 11:14 - 000000000 __RHD C:\Users\Public\Libraries
2021-04-19 08:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2021-04-19 08:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\spool
2021-04-19 08:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-04-19 08:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2021-04-19 08:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-04-19 08:56 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-04-19 08:56 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2021-04-19 08:56 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2021-04-19 08:55 - 2021-02-09 09:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2021-04-19 08:55 - 2020-08-13 10:38 - 000000000 ____D C:\WINDOWS\system32\cAVS
2021-04-19 08:55 - 2020-08-11 20:57 - 000000000 ____D C:\WINDOWS\system32\Samsung
2021-04-19 08:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-04-19 08:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Resources
2021-04-19 08:55 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Help
2021-04-19 08:53 - 2019-12-07 16:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-04-19 08:53 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-04-19 08:53 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-04-19 08:53 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Keywords
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Com
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\IME
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-04-19 08:53 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2021-04-19 08:53 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-04-19 08:52 - 2019-12-07 16:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-04-19 08:52 - 2019-12-07 16:54 - 000020908 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-04-19 08:47 - 2019-12-07 16:53 - 000000000 ____D C:\WINDOWS\OCR
2021-04-19 08:45 - 2019-12-07 16:51 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2021-04-19 08:45 - 2019-12-07 16:51 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2021-04-19 08:45 - 2019-12-07 16:51 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2021-04-19 08:45 - 2019-12-07 16:51 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2021-04-19 08:45 - 2019-12-07 16:51 - 000000000 ____D C:\WINDOWS\system32\winrm
2021-04-19 08:45 - 2019-12-07 16:51 - 000000000 ____D C:\WINDOWS\system32\WCN
2021-04-19 08:45 - 2019-12-07 16:51 - 000000000 ____D C:\WINDOWS\system32\slmgr
2021-04-19 08:45 - 2019-12-07 16:51 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2021-04-19 08:45 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\dsc
2021-04-19 08:45 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2021-04-19 08:45 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2021-04-19 08:15 - 2019-12-07 16:51 - 000746396 _____ C:\WINDOWS\system32\perfh007.dat
2021-04-19 08:15 - 2019-12-07 16:51 - 000150766 _____ C:\WINDOWS\system32\perfc007.dat
2021-04-19 08:09 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-19 08:08 - 2020-08-11 21:30 - 000000000 ____D C:\Users\***\AppData\Local\Packages
2021-04-19 08:08 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-04-19 08:07 - 2020-08-12 10:42 - 000000000 ____D C:\ProgramData\NVIDIA
2021-04-19 08:07 - 2020-08-11 21:30 - 000000000 __SHD C:\Users\***\IntelGraphicsProfiles
2021-04-19 08:07 - 2020-08-11 21:00 - 000000000 ____D C:\Intel
2021-04-19 08:07 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-04-19 08:06 - 2020-10-02 08:13 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-04-19 08:06 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-04-19 08:06 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-19 08:03 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2021-04-19 08:02 - 2020-08-12 11:34 - 000000000 ____D C:\ProgramData\Packages
2021-04-19 08:02 - 2020-08-11 21:30 - 000000000 ___RD C:\Users\***\3D Objects
2021-04-19 08:02 - 2020-08-11 18:23 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-04-19 08:02 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-04-19 08:02 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-19 08:02 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows NT
2021-04-19 08:02 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2021-04-19 08:02 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-04-19 08:01 - 2020-09-15 16:14 - 000002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-19 07:58 - 2020-11-16 20:00 - 000000000 ___RD C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.8
2021-04-19 07:58 - 2020-10-02 15:37 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2021-04-19 07:58 - 2020-09-10 15:35 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-04-19 07:58 - 2020-08-12 11:45 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2021-04-19 07:58 - 2020-08-12 10:30 - 000000000 ____D C:\WINDOWS\system32\dolbyaposvc
2021-04-19 07:58 - 2020-08-11 18:23 - 000000000 ____D C:\Users\***\AppData\Local\Packages
2021-04-19 07:57 - 2020-09-20 22:28 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-19 07:57 - 2020-08-11 20:59 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2021-04-19 07:57 - 2020-08-11 20:58 - 000000000 ____D C:\WINDOWS\system32\Intel
2021-04-19 07:57 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat
2021-04-18 21:38 - 2020-08-11 20:56 - 000000000 ____D C:\Users\***\AppData\Local\PlaceholderTileLogoFolder
2021-04-18 21:04 - 2020-08-11 21:04 - 000000000 ____D C:\Users\***\AppData\LocalLow\Mozilla
2021-04-18 17:27 - 2020-08-11 21:00 - 000000000 __SHD C:\Users\***\IntelGraphicsProfiles
2021-04-18 17:27 - 2020-08-11 18:25 - 000000000 ___RD C:\Users\***\OneDrive
2021-04-18 17:27 - 2020-08-11 18:23 - 000000000 ___RD C:\Users\***\3D Objects
2021-04-18 11:09 - 2020-08-12 15:48 - 000000000 ____D C:\Users\***\AppData\Local\Spotify
2021-04-18 10:47 - 2020-08-12 15:48 - 000000000 ____D C:\Users\***\AppData\Roaming\Spotify
2021-04-17 09:02 - 2020-08-16 16:37 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-04-16 00:52 - 2020-11-18 19:07 - 000000000 ____D C:\Program Files\Microsoft Office
2021-04-14 20:50 - 2020-08-12 10:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-14 20:49 - 2020-08-12 10:24 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-13 14:06 - 2020-08-11 22:01 - 000000000 ____D C:\Users\***\AppData\Roaming\vlc
2021-04-13 13:02 - 2021-02-04 20:38 - 000000678 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2797691131-4137483123-2831801241-1002.job
2021-04-13 13:02 - 2021-02-04 20:38 - 000000582 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2797691131-4137483123-2831801241-1002.job
2021-04-12 20:18 - 2020-08-11 21:31 - 000000000 ___RD C:\Users\***\OneDrive
2021-04-11 20:35 - 2020-08-11 18:17 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-04-09 20:27 - 2020-08-13 08:37 - 000000000 ____D C:\Users\***\AppData\Local\D3DSCache
2021-04-04 15:12 - 2021-02-04 20:38 - 000000000 ____D C:\Users\***\AppData\Local\GoToMeeting
2021-03-25 12:17 - 2021-03-04 00:27 - 000001348 _____ C:\Users\***\Desktop\T3.txt
2021-03-25 08:55 - 2021-03-16 11:14 - 000000000 ____D C:\Users\***\AppData\Local\D2B134.tmpd
2021-03-25 08:55 - 2021-03-15 12:54 - 000000000 ____D C:\Users\***\AppData\Local\D2EDA0.tmpd
2021-03-22 19:46 - 2020-11-07 09:45 - 000002378 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
==================== Files in the root of some directories ========
2021-03-16 11:14 - 2021-03-16 11:14 - 000000000 _____ () C:\Users\***\AppData\Local\D2B134.tmp
2021-03-15 12:54 - 2021-03-15 12:54 - 000000000 _____ () C:\Users\***\AppData\Local\D2EDA0.tmp
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
[CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by *** (19-04-2021 10:40:00)
Running from C:\Users\***\Desktop
Windows 10 Pro Version 20H2 19042.928 (X64) (2021-04-19 06:02:26)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2797691131-4137483123-2831801241-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2797691131-4137483123-2831801241-503 - Limited - Disabled)
Gast (S-1-5-21-2797691131-4137483123-2831801241-501 - Limited - Disabled)
*** (S-1-5-21-2797691131-4137483123-2831801241-1002 - Limited - Enabled) => C:\Users\***
*** (S-1-5-21-2797691131-4137483123-2831801241-1001 - Administrator - Enabled) => C:\Users\***
WDAGUtilityAccount (S-1-5-21-2797691131-4137483123-2831801241-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.001.20149 - Adobe Systems Incorporated)
Anno 1602 - History Edition (HKLM-x32\...\Uplay Install 16236) (Version: - Ubisoft)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Diablo II (HKLM-x32\...\Diablo II) (Version: 0.0.0.0 - Blizzard Entertainment)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Discord (HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Discord) (Version: 0.0.309 - Discord Inc.)
ElsterFormular (HKLM-x32\...\{8A261933-AEA6-4C5E-B6D0-B88A478BF56C}) (Version: 21.3.0 - Thüringer Landesamt für Finanzen)
Epic Games Launcher (HKLM-x32\...\{2D833785-910B-4E02-9A6B-51BD3D2F2FCE}) (Version: 1.1.279.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
FreeFileSync 11.1 (HKLM-x32\...\FreeFileSync_is1) (Version: 11.1 - FreeFileSync.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 89.0.4389.128 - Google LLC)
GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 - LogMeIn, Inc.)
GoToMeeting 10.16.0.19598 (HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\GoToMeeting) (Version: 10.16.0.19598 - LogMeIn, Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
LibreOffice 7.0.5.2 (HKLM\...\{726F4143-9BAA-4F54-A918-07C139D9C775}) (Version: 7.0.5.2 - The Document Foundation)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.13901.20400 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.77 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 89.0.774.77 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2797691131-4137483123-2831801241-1001\...\OneDriveSetup.exe) (Version: 21.052.0314.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\OneDriveSetup.exe) (Version: 21.052.0314.0001 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Teams) (Version: 1.4.00.4167 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.13.26020 (HKLM-x32\...\{7474cd6e-76cc-4257-837e-5b9261e526af}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.13.26020 (HKLM-x32\...\{5c045b7f-e561-4794-91f8-c6cda0893107}) (Version: 14.13.26020.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.4 (x86) (HKLM-x32\...\{a83b07f3-e0e5-4402-87d4-3d1acf79c42a}) (Version: 5.0.4.29817 - Microsoft Corporation)
MiniTool Partition Wizard Free 12 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Software Limited)
Mozilla Firefox 82.0.3 (x64 de) (HKLM\...\Mozilla Firefox 82.0.3 (x64 de)) (Version: 82.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 82.0.3 - Mozilla)
Mozilla Thunderbird 78.1.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 78.1.1 (x86 de)) (Version: 78.1.1 - Mozilla)
Mozilla Thunderbird 78.9.1 (x86 de) (HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Mozilla Thunderbird 78.9.1 (x86 de)) (Version: 78.9.1 - Mozilla)
NVIDIA GeForce Experience 3.20.2.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.2.34 - NVIDIA Corporation)
NVIDIA Grafiktreiber 452.56 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 452.56 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20400 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13901.20400 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13901.20336 - Microsoft Corporation) Hidden
PDF24 Creator 10.0.9 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 10.0.9 - PDF24.org)
Spotify (HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\Spotify) (Version: 1.1.56.595.g2d2da0de - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TradeSkillMaster Application version 1.0 (HKLM-x32\...\{c44da794-b956-4d50-8733-346d56ae63c7}_is1) (Version: 1.0 - TradeSkillMaster)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 119.0.10382 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden
Update for Windows 10 for x64-based Systems (KB4480730) (HKLM\...\{3BAE4496-6F6C-4330-A8AA-B93D3D346FA5}) (Version: 2.53.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM\...\{F339C545-24DC-4870-AA32-6EB6B0500B95}) (Version: 1.24.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
WinRAR 5.91 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.91.0 - win.rar GmbH)
World of Warcraft Classic (HKLM-x32\...\World of Warcraft Classic) (Version: - Blizzard Entertainment)
World of Warcraft Classic PTR (HKLM-x32\...\World of Warcraft Classic PTR) (Version: - Blizzard Entertainment)
Zoom (HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\ZoomUMX) (Version: 5.2.3 (45120.0906) - Zoom Video Communications, Inc.)
Packages:
=========
Dolby Atmos for Gaming -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosforGaming_3.20602.609.0_x64__rz1tebttyb220 [2020-08-12] (Dolby Laboratories)
Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3282.0_x64__8j3eq9eme6ctt [2021-04-19] (INTEL CORP) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-04-19] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-04-19] (Microsoft Corporation) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj [2021-04-19] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.12.219.0_x64__dt26b99r8h8gj [2020-08-13] (Realtek Semiconductor Corp)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2797691131-4137483123-2831801241-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\***\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2797691131-4137483123-2831801241-1002_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\***\AppData\Local\GoToMeeting\19228\G2MOutlookAddin64.dll (LogMeIn, Inc. -> LogMeIn, Inc.)
CustomCLSID: HKU\S-1-5-21-2797691131-4137483123-2831801241-1002_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\***\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Programme\WinRar\rarext.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\Programme\WinRar\rarext32.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvlt.inf_amd64_6fdb2f2a4eb90886\nvshext.dll [2020-11-13] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => E:\Programme\WinRar\rarext.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => E:\Programme\WinRar\rarext32.dll [2020-08-25] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2017-03-02 15:19 - 2017-03-02 15:19 - 000310272 ____N (easyhook.codeplex.com) [File not signed] C:\ProgramData\Dolby\DAX3\RADARHOST\EasyHook64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-03-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-04-01] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-12 01:38 - 2018-04-12 01:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2797691131-4137483123-2831801241-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2797691131-4137483123-2831801241-1002\...\StartupApproved\Run: => "Spotify"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{52675795-544D-44FD-8459-E6C92354C481}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\89.0.774.77\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FADA39C4-7D6F-42D4-AF2B-7F02A4B2D012}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{3AE7B07A-E453-436C-BD74-5D90E6E1DF22}E:\games\anno 1404 - history edition\anno1404addon.exe] => (Allow) E:\games\anno 1404 - history edition\anno1404addon.exe => No File
FirewallRules: [TCP Query User{F4CC2ED3-5E71-4242-BC28-34221CD682E1}E:\games\anno 1404 - history edition\anno1404addon.exe] => (Allow) E:\games\anno 1404 - history edition\anno1404addon.exe => No File
FirewallRules: [UDP Query User{62B922D2-7073-4B66-B7DB-5DF91ADF62A3}E:\games\anno 1602 - history edition\anno1602.exe] => (Allow) E:\games\anno 1602 - history edition\anno1602.exe (Ubisoft Blue Byte GmbH -> Ubisoft)
FirewallRules: [TCP Query User{2B09D258-C25A-43C9-BE65-7AFD32872E16}E:\games\anno 1602 - history edition\anno1602.exe] => (Allow) E:\games\anno 1602 - history edition\anno1602.exe (Ubisoft Blue Byte GmbH -> Ubisoft)
FirewallRules: [UDP Query User{2145D106-C327-4EEF-9C3C-FE466BE9E468}E:\programme\battle.net\battle.net.exe] => (Allow) E:\programme\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{6E5F83B5-985E-4578-A548-A231BE58AC0C}E:\programme\battle.net\battle.net.exe] => (Allow) E:\programme\battle.net\battle.net.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{472D79D5-AC44-4C3B-8664-06E265881A27}C:\users\***\downloads\downloader_diablo2_lord_of_destruction_dede.exe] => (Allow) C:\users\***\downloads\downloader_diablo2_lord_of_destruction_dede.exe => No File
FirewallRules: [TCP Query User{6C6F5A1F-65BE-4247-8351-0A1BB4419060}C:\users\***\downloads\downloader_diablo2_lord_of_destruction_dede.exe] => (Allow) C:\users\***\downloads\downloader_diablo2_lord_of_destruction_dede.exe => No File
FirewallRules: [UDP Query User{FC8F1753-FCAE-401E-BD51-4D763E1EE4F4}C:\users\***\downloads\downloader_diablo2_dede (1).exe] => (Allow) C:\users\***\downloads\downloader_diablo2_dede (1).exe => No File
FirewallRules: [TCP Query User{AEB324D6-C2B2-4785-B764-85E2FC9D0C2E}C:\users\***\downloads\downloader_diablo2_dede (1).exe] => (Allow) C:\users\***\downloads\downloader_diablo2_dede (1).exe => No File
FirewallRules: [{58932D10-4FB6-4319-9111-7B765D38F49C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{297D9B09-0D8E-45BB-9D79-9B1BF6C89E51}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{00D7DF4A-B13F-4611-B67C-D627E9FF0C90}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5C3CC15C-6E01-4D55-BFEC-5E8FABCAD7AE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{22907B25-31C8-45B4-A533-761C163E7A48}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{D43C3781-58D2-4750-BC4A-4645A4FE7535}C:\users\***\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\***\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{94F80827-A17B-41A3-A02E-FAE3895C999C}C:\users\***\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\***\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{C96BB3D4-4E52-46F4-A31F-BAA7C04C4F03}] => (Allow) E:\Programme\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [{41C36B56-E915-47ED-B72E-BF75A778DBF3}] => (Allow) E:\Programme\Steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe (Valve -> )
FirewallRules: [UDP Query User{B24817D7-F211-48FB-A324-3B991BBFA870}C:\users\***\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\***\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7C3AA47C-6A8F-462E-B467-B554BCF828D6}C:\users\***\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\***\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5415F4AD-5E5F-4F05-97C8-3ED1ACA1DA41}] => (Allow) E:\Programme\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [{9C2655D0-9DC9-441A-9F1C-410F39519E96}] => (Allow) E:\Programme\Steam\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [File not signed]
FirewallRules: [UDP Query User{6DA72044-719A-4BF2-9418-51AA45145E61}E:\games\tony hawk pro skater remake\tonyhawksproskater\base\binaries\win64\thps12.exe] => (Allow) E:\games\tony hawk pro skater remake\tonyhawksproskater\base\binaries\win64\thps12.exe (Activision Publishing Inc -> Activision Publishing Inc.)
FirewallRules: [TCP Query User{253DAB7F-CC03-4064-BAF4-18238A8AE90D}E:\games\tony hawk pro skater remake\tonyhawksproskater\base\binaries\win64\thps12.exe] => (Allow) E:\games\tony hawk pro skater remake\tonyhawksproskater\base\binaries\win64\thps12.exe (Activision Publishing Inc -> Activision Publishing Inc.)
FirewallRules: [UDP Query User{FACBA26B-17C4-4345-9748-ED9B5C716BD6}C:\users\***\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\***\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{A20285FE-1580-433F-ADCE-FCBCD0FACADD}C:\users\***\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\***\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{F676301D-D817-49C1-89C8-F117F974AF1A}E:\games\diablo iii\x64\diablo iii64.exe] => (Allow) E:\games\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [TCP Query User{8AF9AC9B-A0EA-43F0-848C-7FAB75C25420}E:\games\diablo iii\x64\diablo iii64.exe] => (Allow) E:\games\diablo iii\x64\diablo iii64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{52C8E369-D7CA-4222-A499-777D7FC88B47}] => (Allow) E:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{5B45ABA2-4BBA-4A86-A68A-6731ED8F6EC2}] => (Allow) E:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{F3AEA0F4-3212-4FF9-97DF-336694762CBE}] => (Allow) E:\Programme\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games)
FirewallRules: [{A461F31C-2918-4F09-A104-0A925F218EB8}] => (Allow) E:\Programme\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe (FromSoftware,Inc. -> NAMCO BANDAI Games)
FirewallRules: [{A056F110-E44A-4E51-AF3D-2954B4CF76FF}] => (Allow) E:\Programme\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe (NAMCO BANDAI Games Inc.) [File not signed]
FirewallRules: [{A69482E9-28C6-40B4-A1BC-7A739FD32B9F}] => (Allow) E:\Programme\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe (NAMCO BANDAI Games Inc.) [File not signed]
FirewallRules: [{A676DDC9-459F-4FE7-8706-2B5369731525}] => (Allow) C:\Users\***\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2C7620F1-6256-498A-93C0-F65648C26F80}] => (Allow) C:\Users\***\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{8F1EF818-1EC4-4B90-8DC2-8ADE3217F650}] => (Allow) E:\Programme\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{44AD4204-16B1-4FF1-8C48-B78986A2301C}] => (Allow) E:\Programme\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{C5249556-8E59-43D9-B580-B05BCDB743B0}] => (Allow) E:\Programme\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{37105C94-BDF8-4A3A-8B38-F1D55BC0FFA5}] => (Allow) E:\Programme\Steam\bin\cef\cef.win7\steamwebhelper.exe => No File
FirewallRules: [{DB68D14D-2D62-4CCB-8014-E08ADDBBAF47}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0B8CB3DF-5912-49CF-8183-45CB634837EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{5CE585F1-CCD8-4B80-B8FA-E4066A83F5C0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{E5AC8874-265C-467F-8FB5-D29D3475AC1E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{73F88DFA-E207-451C-AC39-4C20C1122238}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FCE4BE62-7B5C-4D6B-AE70-BC2925A75A0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{71975C77-E209-4F2E-804B-5193605C8C07}C:\users\***\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\***\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{4CF92A01-DA53-4501-97B1-200597C94E8C}C:\users\***\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\***\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
==================== Restore Points =========================
ATTENTION: System Restore is disabled (Total:122.28 GB) (Free:34.61 GB) (28%)
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (04/19/2021 08:06:45 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (04/19/2021 07:57:36 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -1409.
System errors:
=============
Error: (04/19/2021 09:53:14 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M7O72O5)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (04/19/2021 08:55:36 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M7O72O5)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (04/19/2021 08:08:31 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M7O72O5)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (04/19/2021 08:07:27 AM) (Source: TPM) (EventID: 15) (User: NT-AUTORITÄT)
Description: Beim Gerätetreiber für das Trusted Platform Module (TPM) ist ein nicht behebbarer Fehler in der TPM-Hardware aufgetreten, der die Verwendung der TPM-Dienste (z. B. Datenverschlüsselung) verhindert. Wenden Sie sich an den Computerhersteller, um weitere Hilfe zu erhalten.
Error: (04/19/2021 08:06:31 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M7O72O5)
Description: Der Server "{FD06603A-2BDF-4BB1-B7DF-5DC68F353601}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (04/19/2021 08:04:45 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-M7O72O5)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (04/19/2021 07:59:43 AM) (Source: TPM) (EventID: 15) (User: NT-AUTORITÄT)
Description: Beim Gerätetreiber für das Trusted Platform Module (TPM) ist ein nicht behebbarer Fehler in der TPM-Hardware aufgetreten, der die Verwendung der TPM-Dienste (z. B. Datenverschlüsselung) verhindert. Wenden Sie sich an den Computerhersteller, um weitere Hilfe zu erhalten.
Error: (04/19/2021 07:57:51 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Intel(R) Dynamic Application Loader Host Interface Service" ist vom Dienst "IP-Hilfsdienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
Der Vorgang wurde erfolgreich beendet.
==================== Memory info ===========================
BIOS: LENOVO EFCN32WW 05/11/2020
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i7-10750H CPU @ 2.60GHz
Percentage of memory in use: 29%
Total physical RAM: 16251.79 MB
Available physical RAM: 11479.27 MB
Total Virtual: 18683.79 MB
Available Virtual: 12741.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:122.28 GB) (Free:34.61 GB) NTFS
Drive e: () (Fixed) (Total:352.88 GB) (Free:112.26 GB) NTFS
\\?\Volume{d9fa2484-0000-0000-0000-100000000000}\ () (Fixed) (Total:0.97 GB) (Free:0.95 GB) FAT32
\\?\Volume{d9fa2484-0000-0000-0000-80d01e000000}\ () (Fixed) (Total:0.8 GB) (Free:0.08 GB) NTFS
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=1000 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=122.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=822 MB) - (Type=27)
Partition 4: (Not Active) - (Size=352.9 GB) - (Type=07 NTFS)
==================== End of Addition.txt =======================
|
|
19.04.2021, 09:46
| #13 |
| | openoffice.de mögliche InfektionCode:
ATTFilter Users shortcut scan result (x64) Version: 17-04-2021
Ran by *** (19-04-2021 10:40:44)
Running from C:\Users\***\Desktop
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk -> E:\Programme\Epic Games\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (Epic Games, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Users\***\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -> E:\Programme\FreeFIleSync\FreeFileSync.exe (FreeFileSync.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk -> E:\Programme\Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealTimeSync.lnk -> E:\Programme\FreeFIleSync\RealTimeSync.exe (FreeFileSync.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> E:\Programme\WinRar\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> E:\Programme\WinRar\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> E:\Programme\WinRar\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> E:\Programme\WinRar\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> E:\Programme\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> E:\Programme\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> E:\Programme\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> E:\Programme\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeSkillMaster Application\TSMApplication.lnk -> E:\Programme\TradeSkillMaster Application\app\TSMApplication.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> E:\Programme\Steam\steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24\PDF24.lnk -> C:\Program Files\PDF24\pdf24-Toolbox.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12\MiniTool Partition Wizard entfernen.lnk -> C:\Program Files\MiniTool Partition Wizard 12\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12\MiniTool Partition Wizard.lnk -> C:\Program Files\MiniTool Partition Wizard 12\partitionwizard.exe (MiniTool Software Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office Language Preferences.lnk -> C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.0\LibreOffice Base.lnk -> C:\Program Files\LibreOffice\program\sbase.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.0\LibreOffice Calc.lnk -> C:\Program Files\LibreOffice\program\scalc.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.0\LibreOffice Draw.lnk -> C:\Program Files\LibreOffice\program\sdraw.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.0\LibreOffice Impress.lnk -> C:\Program Files\LibreOffice\program\simpress.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.0\LibreOffice Math.lnk -> C:\Program Files\LibreOffice\program\smath.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.0\LibreOffice Writer.lnk -> C:\Program Files\LibreOffice\program\swriter.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.0\LibreOffice.lnk -> C:\Program Files\LibreOffice\program\soffice.exe (The Document Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Scan\EPSON Scan-Einstellungen.lnk -> C:\Windows\twain_32\escndv\escfg.exe (SEIKO EPSON CORP.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Scan\EPSON Scan.lnk -> C:\Windows\twain_32\escndv\escndv.exe (SEIKO EPSON CORP.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\ElsterFormular.lnk -> E:\Programme\Elster\bin\pica.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Infodatei - Support.lnk -> E:\Programme\Elster\bin\hotlinetool.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Lizenzvertrag.lnk -> E:\Programme\Elster\lizenzvertrag.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III\Diablo III.lnk -> E:\Games\Diablo III\Diablo III Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Diablo II - Deinstallation.lnk -> C:\Program Files (x86)\Common Files\Blizzard Entertainment\Diablo II\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II\Diablo II - Lord of Destruction.lnk -> E:\Games\Diablo II\Diablo II.exe (Blizzard North)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> E:\Programme\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\***\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\***\Links\Desktop.lnk -> C:\Users\***\Desktop ()
Shortcut: C:\Users\***\Links\Downloads.lnk -> C:\Users\***\Downloads ()
Shortcut: C:\Users\***\Desktop\CD 2 - Verknüpfung.lnk -> E:\Hörbücher\Die Chroniken von Narnia - Band 1 - 7\6 Die Chroniken von Narnia - Der silberne Sessel Band 6 CD 1-5\CD 2 ()
Shortcut: C:\Users\***\Desktop\Skripte Block II 2020 - Verknüpfung.lnk -> E:\Apotheke\Kammer-Seminare\Skripte Block II 2020 ()
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\***\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\***\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Zoom.lnk -> C:\Users\***\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc.)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Epic Games Launcher.lnk -> E:\Programme\Epic Games\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (Epic Games, Inc.)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Users\***\AppData\Local\Mozilla Firefox\firefox.exe (No File)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk -> E:\Programme\Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk -> C:\Users\***\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk -> E:\Programme\Steam\steam.exe (Valve Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ubisoft Connect.lnk -> E:\Programme\Ubisoft Game Launcher\upc.exe (Ubisoft)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VLC media player.lnk -> E:\Programme\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Zoom.lnk -> C:\Users\***\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc.)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7111c0ce965b7246\Battle.net.lnk -> E:\Programme\Battle.net\Battle.net.exe (Blizzard Entertainment)
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\***\Links\Desktop.lnk -> C:\Users\***\Desktop ()
Shortcut: C:\Users\***\Links\Downloads.lnk -> C:\Users\***\Downloads ()
Shortcut: C:\Users\***\Desktop\Firefox.lnk -> C:\Users\***\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\***\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\***\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\***\Desktop\Ubisoft Connect.lnk -> E:\Programme\Ubisoft Game Launcher\UbisoftConnect.exe (Ubisoft)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Users\***\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\***\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> E:\Programme\WinRar\Rar.txt ()
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> E:\Programme\WinRar\WinRAR.chm ()
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> E:\Programme\WinRar\WhatsNew.txt ()
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> E:\Programme\WinRar\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Ubisoft Connect\Ubisoft Connect.lnk -> E:\Programme\Ubisoft Game Launcher\UbisoftConnect.exe (Ubisoft)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Ubisoft Connect\Uninstall.lnk -> E:\Programme\Ubisoft Game Launcher\Uninstall.exe (Ubisoft)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Users\***\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk -> E:\Programme\Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Diablo II - Lord of Destruction.lnk -> E:\Games\Diablo II\Diablo II.exe (Blizzard North)
Shortcut: C:\Users\Public\Desktop\ElsterFormular.lnk -> E:\Programme\Elster\bin\pica.exe ()
Shortcut: C:\Users\Public\Desktop\EPSON Scan.lnk -> C:\Windows\twain_32\escndv\escndv.exe (SEIKO EPSON CORP.)
Shortcut: C:\Users\Public\Desktop\MiniTool Partition Wizard.lnk -> C:\Program Files\MiniTool Partition Wizard 12\partitionwizard.exe (MiniTool Software Limited)
Shortcut: C:\Users\Public\Desktop\PDF24.lnk -> C:\Program Files\PDF24\pdf24-Toolbox.exe ()
Shortcut: C:\Users\Public\Desktop\TSMApplication.lnk -> E:\Programme\TradeSkillMaster Application\app\TSMApplication.exe ()
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Classic PTR\World of Warcraft Classic PTR.lnk -> E:\Games\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment) -> --productcode=wow_classic_ptr
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Classic\World of Warcraft Classic.lnk -> E:\Games\World of Warcraft\World of Warcraft Launcher.exe (Blizzard Entertainment) -> --productcode=wow_classic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> E:\Programme\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> E:\Programme\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.0\LibreOffice (abgesicherter Modus).lnk -> C:\Program Files\LibreOffice\program\soffice.exe (The Document Foundation) -> --safe-mode
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Hilfe.lnk -> E:\Programme\Elster\bin\hilfepica.exe (Digia Plc and/or its subsidiary(-ies)) -> -collectionFile "E:\Programme\Elster\/hilfe/elfo.bedienung.qhc" -showUrl "qthelp://elfo.bedienung/hilfe/bed_kap01/910000.html"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Installationsverwaltung.lnk -> E:\Programme\Elster\bin\installationsverwaltung.exe () -> --zeigeDlg
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Integritätsprüfer.lnk -> E:\Programme\Elster\bin\integritaetspruefer.exe () -> -path "E:\Programme\Elster\
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular\Screenreadermodus.lnk -> E:\Programme\Elster\bin\pica.exe () -> --sehbehindertenmodus
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\***\Desktop\D2.lnk -> E:\Games\Diablo II\Diablo II.exe (Blizzard North) -> -w
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk -> C:\Users\***\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk -> C:\Users\***\AppData\Roaming\Zoom\uninstall\Installer.exe (Zoom Video Communications, Inc.) -> /uninstall
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc\Discord.lnk -> C:\Users\***\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Discord.lnk -> C:\Users\***\AppData\Local\Discord\Update.exe (GitHub) -> --processStart Discord.exe
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Teams.lnk -> C:\Users\***\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Normal - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Profile 3"
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\***\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TradeSkillMaster Application\TradeSkillMaster.com.url -> URL: hxxp://www.tradeskillmaster.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 12\MiniTool Partition Wizard im Internet.url -> URL: hxxp://www.partitionwizard.com
InternetURL: C:\Users\***\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\***\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
==================== End of Shortcut.txt =============================
|
|
19.04.2021, 10:10
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | openoffice.de mögliche Infektion Du solltest den Adobe Reader doch deinstallieren. Warum stürzt ihr euch alle immer auf Adobe, als wenn der Reader das einzige Programm wäre, mit dem man PDF betrachten kann. Aktuelle Browser können schon seit Jahren PDF anzeigen und normalerweise reicht das auch. Kontrollscans mit MBAM und RK Wir sind fast fertig. Jetzt ist es an der Zeit für Kontrollscans mit Poste nach Abschluss der beiden Scans die Logs in CODE-Tags.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.04.2021, 10:34
| #15 |
| | openoffice.de mögliche InfektionCode:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 19.04.21
Scan-Zeit: 11:19
Protokolldatei: 476d370e-a0f0-11eb-a5c2-002b67a93981.json
-Softwaredaten-
Version: 4.3.0.98
Komponentenversion: 1.0.1251
Version des Aktualisierungspakets: 1.0.39565
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 19042.928)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-M7O72O5\***
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 329394
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 1 Min., 34 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter RogueKiller Anti-Malware V14.8.6.0 (x64) [Mar 24 2021] (Free) von Adlice Software Mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Betriebssystem : Windows 10 (10.0.19042) 64 bits Gestartet in : Normaler Modus Benutzer : *** [Administrator] Gestartet von : C:\Users\***\Desktop\RogueKiller_portable64.exe Signaturen : 20210415_121741, Treiber : Geladen Modus : Standard-Scan, Scannen -- Datum : 2021/04/19 11:27:20 (Dauer : 00:03:53) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Prozesse ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Prozessmodule ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Dienste ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts-Datei ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Dateien ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Webbrowser ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Anti-Rootkit : 0 (Driver: Geladen) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ |
|
| Themen zu openoffice.de mögliche Infektion |
| administrator, adobe, computer, defender, downloader, explorer, firefox, firewall, google, installation, internet, internet explorer, monitor, mozilla, nvcontainer.exe, prozesse, realtek, registry, scan, software, svchost, system, udp, updates, windows, wmi |
Linear-Darstellung
