| |
| |||||||
Log-Analyse und Auswertung: Windows 10: Infektion mit Wurm Mofksys - System nun sauber?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
11.07.2021, 20:36
| #1 |
 |  Windows 10: Infektion mit Wurm Mofksys - System nun sauber? Hallo Zusammen, ich habe mir durch eigene Blödheit (Android Tablet kaputt -> Möglichkeit zum neu flashen der Firmware -> Vielversprechendes, selbst erstelltes Tool eines Youtubers mit massig How-To-Videos) den Wurm Win32/Mofksys.R!MTB eingefangen. Schritte, die ich bisher unternommen habe: Windows Defender (der arge Probleme beim Bereinigen hatte), Scan mit ESET Online, Scan mit RogueKiller und eine Systemwiederherstellung auf 2 Tage vor der Infektion. Da ich nun im Netz zu diesem Schädling gelesen habe, dass dieser wohl einige Registry-Einträge ändert, eine Aufgabe im Task-Scheduler anlegt und sich wohl selbst äußerst gut verstecken und sogar reproduzieren kann, bin ich mir nun unsicher, ob mein System tatsächlich sauber ist. RogueKiller und Eset finden zumindest keine schädlichen Einträge mehr. Und für die Neugierigen habe ich via Hybrid Analysis die Installationsdatei des verseuchten Tools auswerten lassen: h**ps://www.hybrid-analysis.com/sample/6e8b6fc8823f25560bcd1005ad183c36c9e5836d582bc366967c1aa264e686a6/60e8a5bdfce5914bc55664f3 Vielen lieben Dank euch schon mal  Anbei die Logfiles von FRST: FRST.txt: FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 11-07-2021
durchgeführt von Cybot (Administrator) auf DESKTOP-LUNARIS (ASUSTeK COMPUTER INC. GL502VS) (11-07-2021 21:10:20)
Gestartet von C:\Users\Cybot\OneDrive\Desktop\Analysetools\FRST
Geladene Profile: Cybot
Platform: Windows 10 Home Version 21H1 19043.1083 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(ASUSTek Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <13>
(ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation-Wireless Connectivity Solutions -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel(R) Software -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileCoAuth.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2106.14307.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbwe\GamingServices.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingServices_2.53.17003.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21061.10121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\SysWOW64\UMonit64.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareAccessibilityHelper.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe
(Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_e1c005a6713cc50a\Display.NvContainer\NVDisplay.Container.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [UMonit] => C:\Windows\SysWOW64\UMonit64.exe [53832 2015-07-15] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM-x32\...\Run: [Jabra Direct] => C:\Program Files (x86)\Jabra\Direct4\jabra-direct.exe [106801552 2021-06-09] (GN AUDIO A/S -> GN Audio A/S)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [279240 2016-12-09] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (Canon Inc. -> CANON INC.)
HKU\S-1-5-21-1925304147-3306375938-1739808556-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2112888 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1925304147-3306375938-1739808556-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4109032 2021-06-09] (Valve -> Valve Corporation)
HKU\S-1-5-21-1925304147-3306375938-1739808556-1001\...\Run: [Samsung DeX] => C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe [10517160 2021-03-03] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-1925304147-3306375938-1739808556-1001\...\MountPoints2: {8304a6c2-e0e3-11eb-9bc2-704d7b349f1f} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1925304147-3306375938-1739808556-1002\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2112888 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1925304147-3306375938-1739808556-1002\...\Run: [EpicGamesLauncher] => "D:\Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
HKLM\...\Windows x64\Print Processors\Canon TS6100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDDP.DLL [482816 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS6100 series: C:\Windows\system32\CNMLMDP.DLL [1302016 2017-12-18] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.124\Installer\chrmstp.exe [2021-07-11] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NIHardwareAccessibilityHelper.exe.lnk [2021-07-02]
ShortcutTarget: NIHardwareAccessibilityHelper.exe.lnk -> C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareAccessibilityHelper.exe (Native Instruments GmbH -> Native Instruments GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NTKDaemon.lnk [2021-07-02]
ShortcutTarget: NTKDaemon.lnk -> C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe (Native Instruments GmbH -> Native Instruments GmbH)
Startup: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2021-06-01]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RtkNGUI64.exe - Verknüpfung.lnk [2021-07-02]
ShortcutTarget: RtkNGUI64.exe - Verknüpfung.lnk -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {16AEF536-C229-4F70-97CA-719B3FF22A5C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23180168 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {1E5ED51D-707C-4752-934B-FB390AE20CEF} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {21225F15-6965-4943-B46B-CAF3745A80D4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {21976632-41F4-4EC1-8569-DEE9420AFD4A} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {22BE28CB-675F-4753-BD44-D0050931135E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2021-07-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {2F588765-D0AB-4B3D-9A0E-5379E1A62BBF} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3B14F34C-3E7A-4999-B289-9E8F18EDE64F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NoUACCheck
Task: {50794732-B8DB-44A5-9181-0056F9E4CF04} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {50BE518E-81A2-45FA-9077-795E1C532F1F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-20] (Google LLC -> Google LLC)
Task: {649C098A-9624-4B81-A5B7-22A936376A13} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {7AAA11DA-2FE9-44F6-892E-4C8CBA693E19} - System32\Tasks\CorelUpdateHelperTask-43438B5BEAE9E2596F0A6173C06AA38D => C:\Program Files (x86)\Corel\CUH\v2\CUH.exe
Task: {9D98D68F-BE97-4D21-AA11-33FF4409193B} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [124304 2017-11-23] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {A106B641-8C39-4413-B517-07914927C4D5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A737FE48-2B68-4B22-B72B-209BC8142974} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A9480904-5852-4B2D-94A5-1DB4EE765329} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4535672 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {A984C5BE-8A18-405B-89FC-D0E8B97ABADA} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [124304 2017-11-23] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {AEDA07B2-C160-4780-A575-F86ABB4F6ABC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23180168 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {B9417B8F-8D26-4AE1-90CF-B15BA0ACED41} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154456 2021-05-20] (Google LLC -> Google LLC)
Task: {C1839A9F-C826-44BE-A746-4BA7D889E554} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C5B1EB1E-7C58-40BF-B48B-891409CA38D2} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {D555B319-FB03-4BFD-8B59-EA2360059994} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147304 2021-07-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {E4D07519-34EB-4DB3-917F-751DDFC1B642} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E6F7F131-1371-4444-BD54-CB5AE5BCA0FA} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [146424 2021-03-03] (ASUSTek Computer Inc. -> ASUSTek Computer Inc.)
Task: {EA184087-3410-49D6-8A12-2F253C3B088E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F73266F1-33C5-416A-8AE3-47723FC6302B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FEEC9B92-7F33-40AB-B255-1BF3C3A571DD} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MpCmdRun.exe [644888 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{9921c1ee-7923-4199-9112-8c82f4876364}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{b8bb32e6-2824-4a4c-aebe-e46e7c5cc2d2}: [DhcpNameServer] 192.168.2.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Cybot\AppData\Local\Microsoft\Edge\User Data\Default [2021-07-11]
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-06-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2019-07-02] (CANON INC.) [Datei ist nicht signiert]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-06-01] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Cybot\AppData\Local\Google\Chrome\User Data\Default [2021-07-11]
CHR DownloadDir: C:\Users\Cybot\Downloads
CHR HomePage: Default -> hxxp://youandme.telekom.de/
CHR StartupUrls: Default -> "hxxp://youandme.telekom.de/"
CHR Session Restore: Default -> ist aktiviert.
CHR Extension: (Google Übersetzer) - C:\Users\Cybot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2021-05-20]
CHR Extension: (Präsentationen) - C:\Users\Cybot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-05-20]
CHR Extension: (Docs) - C:\Users\Cybot\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-05-20]
CHR Extension: (Google Drive) - C:\Users\Cybot\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-05-20]
CHR Extension: (YouTube) - C:\Users\Cybot\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-05-20]
CHR Extension: (uBlock Origin) - C:\Users\Cybot\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2021-07-09]
CHR Extension: (Tabellen) - C:\Users\Cybot\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-05-20]
CHR Extension: (Google Docs Offline) - C:\Users\Cybot\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-06-26]
CHR Extension: (DarkCloud) - C:\Users\Cybot\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjicdmidmifkppilbbcanmnljpffmfmh [2021-05-20]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Cybot\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-05-20]
CHR Extension: (Google Mail) - C:\Users\Cybot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-05-20]
CHR Extension: (Chrome Media Router) - C:\Users\Cybot\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-05-27]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [127864 2017-07-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9056656 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [326032 2018-06-05] (ASUSTeK Computer Inc. -> )
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [810928 2021-05-29] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [926176 2021-03-16] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncHelper.exe [3091832 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [443344 2020-05-25] (Canon Inc. -> )
R2 NIHostIntegrationAgent; C:\Program Files\Common Files\Native Instruments\Hardware\NIHostIntegrationAgent.exe [18849168 2021-06-21] (Native Instruments GmbH -> Native Instruments GmbH)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\21.119.0613.0001\OneDriveUpdaterService.exe [3695480 2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
S3 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13921616 2021-07-09] (Adlice -> )
S3 ss_conn_launcher_service; C:\Windows\System32\Samsung\EasySetup\ss_conn_launcher.exe [183816 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\NisSrv.exe [2665432 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2106.6-0\MsMpEng.exe [136640 2021-07-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_e1c005a6713cc50a\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_e1c005a6713cc50a\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AsusPTPDrv; C:\Windows\System32\drivers\AsusPTPFilter.sys [107008 2016-08-31] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R3 bomebus; C:\Windows\System32\drivers\bomebus.sys [56376 2018-05-16] (Bome Software GmbH & Co.KG -> Bome Software GmbH & Co. KG)
S3 bsitf; C:\Windows\system32\DRIVERS\bsitf.sys [37208 2021-06-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [161288 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 GeneStor; C:\Windows\system32\DRIVERS\GeneStor.sys [115704 2015-07-15] (GENESYS LOGIC, INC. -> GenesysLogic)
R3 HIDSwitch; C:\Windows\System32\drivers\AsRadioControl.sys [32696 2020-11-19] (ASUSTek Computer Inc. -> ASUS)
S3 nimc3audio; C:\Windows\System32\Drivers\nimc3audio.sys [374296 2017-08-16] (Native Instruments GmbH -> Native Instruments GmbH)
S3 nimc3usb; C:\Windows\System32\drivers\nimc3usb.sys [91088 2017-08-16] (Native Instruments GmbH -> Native Instruments GmbH)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [168968 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [45064 2020-12-09] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49560 2021-07-09] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [425192 2021-07-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [76008 2021-07-09] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-07-11 20:01 - 2021-07-11 20:01 - 000004122 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{35A16696-CE91-41DD-B6E1-09399B34844E}
2021-07-11 17:10 - 2021-07-11 17:10 - 000011351 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-07-11 16:43 - 2021-07-11 16:43 - 000002274 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-07-11 15:51 - 2021-07-11 16:01 - 000000000 ____D C:\ProgramData\RogueKiller
2021-07-11 15:51 - 2021-07-11 15:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-07-11 15:51 - 2021-07-11 15:51 - 000000000 ____D C:\Program Files\RogueKiller
2021-07-10 00:08 - 2021-07-10 00:08 - 000000000 ____D C:\Users\Cybot\AppData\Local\ESET
2021-07-09 22:54 - 2015-07-15 12:54 - 005632512 _____ (Genesys) C:\Windows\system32\GeneIcon.dll
2021-07-09 22:54 - 2015-07-15 12:54 - 000053832 _____ () C:\Windows\SysWOW64\UMonit64.exe
2021-07-09 22:02 - 2021-07-09 23:08 - 000000000 ____D C:\Users\Cybot\OneDrive\Dokumente\SigmaKey
2021-07-09 20:09 - 2021-07-11 21:03 - 150732800 _____ C:\Windows\system32\config\SOFTWARE
2021-07-09 20:05 - 2021-07-09 20:09 - 000000000 ____D C:\Windows\Microsoft Antimalware
2021-07-09 18:16 - 2021-07-09 18:16 - 000000000 ____D C:\Users\Cybot\OneDrive\Dokumente\HiSuite
2021-07-09 07:32 - 2021-07-09 07:34 - 4200647964 _____ C:\Users\Cybot\Downloads\Huawei MediaPad M5 SHT-AL09 hw ru Schubert-AL09A 9.1.0.325(C10E5R1P5T8) Firmware 9.0.0 r3 EMUI9.0.0 05014YQA.zip
2021-07-09 07:00 - 2021-07-09 07:00 - 000000000 ____D C:\Users\Cybot\.gradle
2021-07-09 06:54 - 2021-07-09 06:54 - 000000000 ____D C:\Users\Cybot\AppData\Local\Android
2021-07-09 06:32 - 2021-07-09 06:34 - 000000000 ____D C:\Users\Cybot\AppData\Roaming\Code
2021-07-09 06:32 - 2021-07-09 06:32 - 000000000 ____D C:\Users\Cybot\.vscode
2021-07-09 05:51 - 2021-07-09 05:51 - 438245444 _____ C:\Users\Cybot\Downloads\OS_Acer_AV051.B1-710.1.098.00.WW.GEN1_A41J_A.zip
2021-07-08 21:54 - 2021-07-08 21:55 - 3383171552 _____ C:\Users\Cybot\Downloads\CMR-AL19 8.0.0.151(C432)_ministryofsolutions.com.zip
2021-07-08 21:21 - 2021-07-08 21:21 - 000000000 ____D C:\Windows\SysWOW64\sda
2021-07-08 20:34 - 2021-07-08 20:34 - 000013183 _____ C:\Users\nikew\Downloads\NicoHolz_elster_08.07.2021_20.33.pfx
2021-07-08 20:23 - 2021-07-09 19:34 - 000000000 ____D C:\Users\nikew\AppData\Roaming\vlc
2021-07-08 20:22 - 2021-07-08 20:22 - 000000000 ____D C:\Users\nikew\AppData\Roaming\Intel
2021-07-07 22:54 - 2021-07-07 22:54 - 000000000 ____D C:\Users\Cybot\OneDrive\Dokumente\Elder Scrolls Online
2021-07-07 22:54 - 2021-07-07 22:54 - 000000000 ____D C:\ProgramData\Elder Scrolls Online
2021-07-07 22:35 - 2021-07-07 22:36 - 000000000 ___HD C:\Program Files (x86)\Zero G Registry
2021-07-07 22:34 - 2021-07-07 22:34 - 000000000 ____D C:\Users\Cybot\.InstallAnywhere
2021-07-07 22:34 - 2021-07-07 22:34 - 000000000 ____D C:\ProgramData\Oracle
2021-07-05 16:54 - 2021-07-05 16:54 - 000782959 _____ C:\Users\Cybot\Downloads\selftix.pdf
2021-07-02 20:16 - 2021-07-02 20:16 - 000000000 ____D C:\Users\Cybot\AppData\Local\WhyNotWin11
2021-07-02 17:49 - 2021-07-02 17:49 - 000000000 __HDC C:\ProgramData\{DFA03E80-206A-47CA-85A8-C8A8AA63A778}
2021-07-02 17:48 - 2021-07-02 17:48 - 000000000 __HDC C:\ProgramData\{E07620DE-8970-4567-9242-0C4C6ADE146F}
2021-07-02 17:48 - 2021-07-02 17:48 - 000000000 __HDC C:\ProgramData\{6945C421-BC7D-4621-AED5-084E11AE3726}
2021-07-02 17:48 - 2021-07-02 17:48 - 000000000 ____D C:\Program Files\Common Files\Steinberg
2021-07-02 17:47 - 2021-07-02 17:47 - 000000000 __HDC C:\ProgramData\{4938857D-54DB-4BDA-8E99-5E6238E20FC7}
2021-07-02 17:46 - 2021-07-02 17:46 - 000000000 __HDC C:\ProgramData\{1A8DFBC8-5979-44D5-AA1E-3C9289A90407}
2021-07-01 21:16 - 2021-07-11 17:18 - 000001575 _____ C:\Windows\system32\config\VSMIDK
2021-07-01 20:23 - 2021-07-01 20:23 - 000003656 _____ C:\Windows\system32\Tasks\CreateExplorerShellUnelevatedTask
2021-07-01 20:22 - 2021-07-01 20:22 - 000000189 _____ C:\Users\Cybot\iconcache.bat
2021-07-01 19:22 - 2021-07-01 19:22 - 000000000 ____D C:\Users\Cybot\OneDrive\Dokumente\SideSync
2021-07-01 19:22 - 2021-07-01 19:22 - 000000000 ____D C:\Users\Cybot\AppData\Roaming\Samsung
2021-07-01 19:20 - 2021-07-01 19:20 - 000001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung DeX.lnk
2021-07-01 19:20 - 2021-07-01 19:20 - 000001163 _____ C:\Users\Public\Desktop\Samsung DeX.lnk
2021-07-01 19:20 - 2021-07-01 19:20 - 000000000 ____D C:\Program Files\Samsung
2021-07-01 19:20 - 2021-07-01 19:20 - 000000000 ____D C:\Program Files (x86)\Samsung
2021-07-01 19:20 - 2020-12-09 10:06 - 000168968 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudmdm.sys
2021-07-01 19:20 - 2020-12-09 10:06 - 000161288 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ssudbus2.sys
2021-07-01 19:20 - 2020-12-09 10:06 - 000045064 _____ (Samsung Electronics Co., Ltd.) C:\Windows\system32\Drivers\ss_conn_usb_driver2.sys
2021-07-01 19:05 - 2021-07-01 19:20 - 000000000 ____D C:\ProgramData\Samsung
2021-07-01 19:05 - 2021-07-01 19:05 - 000000000 ____D C:\Windows\system32\Samsung
2021-07-01 18:36 - 2021-07-01 18:36 - 000000000 __HDC C:\ProgramData\{EAD96DF2-4553-4D47-A0E7-87DC4641E5C8}
2021-07-01 18:36 - 2021-07-01 18:36 - 000000000 __HDC C:\ProgramData\{D55C37DA-371C-462E-A490-FC7B49AD6DCD}
2021-07-01 18:35 - 2021-07-01 18:35 - 000000000 __HDC C:\ProgramData\{9AC37FA8-2DC7-42DA-BC53-92E47D40C9E4}
2021-07-01 18:33 - 2021-07-01 18:33 - 000000000 __HDC C:\ProgramData\{515580D0-E05A-4796-B6FE-8EC092FD8630}
2021-07-01 18:31 - 2021-07-01 18:31 - 000000000 __HDC C:\ProgramData\{270C8424-1755-40B9-B7B4-E3E9E48C33D1}
2021-07-01 18:21 - 2021-07-01 18:21 - 000000000 __HDC C:\ProgramData\{BF222329-BBFD-430B-9402-6FC51D7DC5DD}
2021-07-01 18:20 - 2021-07-01 18:20 - 000000000 __HDC C:\ProgramData\{24A58BFA-EF91-4F9C-8251-FDF65479CEDF}
2021-07-01 18:19 - 2021-07-01 18:19 - 000000000 __HDC C:\ProgramData\{962E5B55-7B86-4D4C-9DD6-EE05AF99C815}
2021-06-29 11:52 - 2021-06-29 11:52 - 000617011 _____ C:\Users\Cybot\Downloads\RWE_IUB_Ballerine.pdf
2021-06-28 22:57 - 2021-06-28 22:57 - 000037208 _____ (ASUSTek Computer Inc.) C:\Windows\system32\Drivers\bsitf.sys
2021-06-28 22:51 - 2021-07-02 00:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2021-06-28 22:48 - 2021-07-09 19:34 - 000000000 ___HD C:\Windows\system32\WLANProfiles
2021-06-28 22:48 - 2021-06-28 22:48 - 000000000 ____D C:\Users\Cybot\AppData\Roaming\Intel
2021-06-28 22:48 - 2021-06-28 22:48 - 000000000 ____D C:\Program Files\Common Files\Intel
2021-06-28 22:48 - 2021-06-28 22:48 - 000000000 ____D C:\Program Files (x86)\Cisco
2021-06-28 22:45 - 2021-06-28 22:45 - 000000000 ____D C:\Program Files (x86)\Genesyslogic
2021-06-28 22:45 - 2015-07-16 09:49 - 000000771 _____ C:\Windows\SysWOW64\ProductName.ini
2021-06-28 22:45 - 2015-07-15 12:54 - 000128016 _____ (Genesys Logic) C:\Windows\system32\GSCoinst.dll
2021-06-28 22:45 - 2015-07-15 12:54 - 000115704 _____ (GenesysLogic) C:\Windows\system32\Drivers\GeneStor.sys
2021-06-28 22:45 - 2014-04-14 13:43 - 000172097 _____ C:\Windows\SysWOW64\NoMSGuninstall.exe
2021-06-28 22:44 - 2021-06-28 22:44 - 000000000 ____D C:\Program Files (x86)\Realtek
2021-06-28 22:40 - 2021-06-28 22:40 - 000000000 ____D C:\Windows\Log
2021-06-28 22:31 - 2021-06-28 22:31 - 000000451 _____ C:\Users\Cybot\Downloads\processor_performance_boost_mode.zip
2021-06-28 22:24 - 2021-06-28 22:26 - 4200321057 _____ C:\Users\Cybot\Downloads\GL502VS_WIN10_64_V2.00.zip
2021-06-28 22:20 - 2021-06-28 22:34 - 000000000 ____D C:\eSupport
2021-06-28 21:03 - 2021-06-28 21:37 - 000001349 _____ C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-06-28 21:03 - 2021-06-28 21:37 - 000000000 ____D C:\Users\Cybot\AppData\Local\PCHealthCheck
2021-06-26 21:13 - 2021-06-26 21:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2021-06-26 21:13 - 2021-06-26 21:13 - 000000000 ____D C:\Program Files\CPUID
2021-06-26 00:15 - 2015-11-09 16:10 - 001392792 _____ (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
2021-06-25 23:37 - 2021-06-25 23:37 - 002371072 _____ C:\Windows\system32\rdpnano.dll
2021-06-25 23:37 - 2021-06-25 23:37 - 002260992 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-06-25 23:37 - 2021-06-25 23:37 - 001823304 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2021-06-25 23:37 - 2021-06-25 23:37 - 001393504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2021-06-25 23:37 - 2021-06-25 23:37 - 001314128 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-06-25 23:37 - 2021-06-25 23:37 - 000570880 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2021-06-25 23:37 - 2021-06-25 23:37 - 000452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2021-06-25 23:37 - 2021-06-25 23:37 - 000097792 _____ C:\Windows\system32\Drivers\cimfs.sys
2021-06-25 23:37 - 2021-06-25 23:37 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-06-25 23:37 - 2021-06-25 23:37 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-06-25 23:37 - 2021-06-25 23:37 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-06-25 20:53 - 2021-06-25 20:53 - 000922031 _____ C:\Users\Cybot\Downloads\MAG321CURV_322CQRVv1.0_German.pdf
2021-06-25 19:16 - 2021-06-25 19:16 - 000000039 _____ C:\Users\Cybot\AppData\Local\kritadisplayrc
2021-06-25 19:14 - 2021-06-25 19:09 - 000848270 _____ C:\Users\Cybot\OneDrive\Dokumente\gutschein.jpg~
2021-06-25 18:52 - 2021-06-25 18:52 - 000000353 _____ C:\Users\Cybot\AppData\Local\karboncalligraphyrc
2021-06-25 18:37 - 2021-06-25 19:16 - 000000000 ____D C:\Users\Cybot\AppData\Roaming\easy_photoprint_editor
2021-06-25 18:27 - 2021-06-25 18:33 - 000000000 ___HD C:\ProgramData\CanonIJMIG
2021-06-25 18:25 - 2021-06-25 18:25 - 000000000 ___HD C:\ProgramData\CanonIJQuickMenu
2021-06-25 18:19 - 2021-06-25 18:19 - 000000000 ____D C:\Users\Cybot\AppData\LocalLow\Canon Easy-WebPrint EX2
2021-06-25 18:19 - 2021-06-25 18:19 - 000000000 ____D C:\Users\Cybot\AppData\LocalLow\Canon Easy-WebPrint EX
2021-06-25 18:19 - 2021-06-25 18:19 - 000000000 ____D C:\ProgramData\CanonIJWSpt
2021-06-25 18:18 - 2021-06-25 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon TS6100 series On-Screen-Handbuch
2021-06-25 18:13 - 2021-06-25 18:37 - 000000000 ____D C:\Users\Cybot\AppData\Roaming\Canon
2021-06-25 18:13 - 2021-06-25 18:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2021-06-25 18:13 - 2021-06-25 18:19 - 000000000 ____D C:\Program Files\Canon
2021-06-25 18:13 - 2017-02-27 09:14 - 000347136 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_DPL.dll
2021-06-25 18:13 - 2016-11-17 16:55 - 000097280 _____ C:\Windows\SysWOW64\CNC1822D.TBL
2021-06-25 18:13 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2021-06-25 18:12 - 2021-06-25 18:12 - 000000000 ___HD C:\ProgramData\CanonBJ
2021-06-25 18:12 - 2017-12-18 05:00 - 001302016 _____ (CANON INC.) C:\Windows\system32\CNMLMDP.DLL
2021-06-25 18:11 - 2021-06-25 18:12 - 000000000 ___HD C:\Program Files\CanonBJ
2021-06-25 18:10 - 2021-07-05 16:56 - 000000000 ____D C:\ProgramData\CanonIJPLM
2021-06-25 18:10 - 2021-06-25 18:34 - 000000000 ____D C:\Program Files (x86)\Canon
2021-06-25 18:10 - 2021-06-25 18:10 - 000000000 ____D C:\ProgramData\Canon
2021-06-24 07:45 - 2021-06-22 03:25 - 001858680 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2021-06-24 07:45 - 2021-06-22 03:25 - 001858680 _____ C:\Windows\system32\vulkaninfo.exe
2021-06-24 07:45 - 2021-06-22 03:25 - 001474336 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2021-06-24 07:45 - 2021-06-22 03:25 - 001438824 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2021-06-24 07:45 - 2021-06-22 03:25 - 001438824 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2021-06-24 07:45 - 2021-06-22 03:25 - 001212192 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2021-06-24 07:45 - 2021-06-22 03:25 - 001097832 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2021-06-24 07:45 - 2021-06-22 03:25 - 001097832 _____ C:\Windows\system32\vulkan-1.dll
2021-06-24 07:45 - 2021-06-22 03:25 - 000951912 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2021-06-24 07:45 - 2021-06-22 03:25 - 000951912 _____ C:\Windows\SysWOW64\vulkan-1.dll
2021-06-24 07:45 - 2021-06-22 03:21 - 001519384 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2021-06-24 07:45 - 2021-06-22 03:21 - 001170224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2021-06-24 07:45 - 2021-06-22 03:21 - 000715568 _____ C:\Windows\system32\nvofapi64.dll
2021-06-24 07:45 - 2021-06-22 03:21 - 000675088 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2021-06-24 07:45 - 2021-06-22 03:21 - 000641328 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2021-06-24 07:45 - 2021-06-22 03:21 - 000575792 _____ C:\Windows\SysWOW64\nvofapi.dll
2021-06-24 07:45 - 2021-06-22 03:21 - 000563992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2021-06-24 07:45 - 2021-06-22 03:20 - 002111264 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2021-06-24 07:45 - 2021-06-22 03:20 - 001594656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2021-06-24 07:45 - 2021-06-22 03:20 - 000917280 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2021-06-24 07:45 - 2021-06-22 03:20 - 000748832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2021-06-24 07:45 - 2021-06-22 03:20 - 000704792 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2021-06-24 07:45 - 2021-06-22 03:19 - 008852760 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2021-06-24 07:45 - 2021-06-22 03:19 - 007918872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2021-06-24 07:45 - 2021-06-22 03:19 - 004986648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2021-06-24 07:45 - 2021-06-22 03:19 - 002924304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2021-06-24 07:45 - 2021-06-22 03:19 - 000446744 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2021-06-24 07:45 - 2021-06-22 03:18 - 000848672 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2021-06-24 07:45 - 2021-06-22 03:17 - 006215312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2021-06-24 07:45 - 2021-06-21 10:43 - 000082968 _____ C:\Windows\system32\nvinfo.pb
2021-06-23 20:13 - 2021-06-23 20:13 - 000000000 ____D C:\Program Files (x86)\FFmpeg for Audacity
2021-06-21 14:07 - 2021-06-21 14:07 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-06-18 22:56 - 2021-06-18 22:56 - 000000000 ____D C:\Users\Cybot\AppData\Local\DBG
2021-06-18 22:56 - 2021-06-18 22:56 - 000000000 ____D C:\Users\Cybot\AppData\Local\CrashReportClient
2021-06-18 17:20 - 2021-07-01 21:53 - 000000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2021-06-18 17:20 - 2021-07-01 21:53 - 000000000 ____D C:\Program Files (x86)\SpeedFan
2021-06-18 17:20 - 2021-06-18 17:20 - 000000000 ____D C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2021-06-18 07:34 - 2021-06-18 07:34 - 000000000 ____D C:\Windows\system32\Tasks\Agent Activation Runtime
2021-06-18 07:34 - 2021-06-18 07:34 - 000000000 ____D C:\Users\Cybot\AppData\Local\AAR
2021-06-18 05:48 - 2021-07-10 00:20 - 000007664 _____ C:\Users\Cybot\AppData\Local\resmon.resmoncfg
2021-06-18 05:21 - 2021-06-23 20:14 - 000000000 ____D C:\Users\Cybot\AppData\Roaming\audacity
2021-06-18 05:21 - 2021-06-18 05:21 - 000001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2021-06-18 05:21 - 2021-06-18 05:21 - 000001080 _____ C:\Users\Public\Desktop\Audacity.lnk
2021-06-18 05:21 - 2021-06-18 05:21 - 000000000 ____D C:\Users\Cybot\AppData\Local\Audacity
2021-06-18 05:21 - 2021-06-18 05:21 - 000000000 ____D C:\Program Files (x86)\Audacity
2021-06-18 04:50 - 2021-06-18 04:50 - 000000000 ____D C:\Users\Cybot\AppData\Local\VC 76
2021-06-18 04:50 - 2021-06-18 04:50 - 000000000 ____D C:\Users\Cybot\AppData\Local\VC 2A
2021-06-18 04:50 - 2021-06-18 04:50 - 000000000 ____D C:\Users\Cybot\AppData\Local\VC 160
2021-06-18 04:50 - 2021-06-18 04:50 - 000000000 ____D C:\Users\Cybot\AppData\Local\Vari Comp
2021-06-18 04:50 - 2021-06-18 04:50 - 000000000 ____D C:\Users\Cybot\AppData\Local\Transient Master
2021-06-18 04:50 - 2021-06-18 04:50 - 000000000 ____D C:\Users\Cybot\AppData\Local\Supercharger GT
2021-06-18 04:50 - 2021-06-18 04:50 - 000000000 ____D C:\Users\Cybot\AppData\Local\Supercharger
2021-06-18 04:50 - 2021-06-18 04:50 - 000000000 ____D C:\Users\Cybot\AppData\Local\Solid EQ
2021-06-18 04:50 - 2021-06-18 04:50 - 000000000 ____D C:\Users\Cybot\AppData\Local\Solid Dynamics
2021-06-18 04:50 - 2021-06-18 04:50 - 000000000 ____D C:\Users\Cybot\AppData\Local\Solid Bus Comp
2021-06-18 04:50 - 2021-06-18 04:50 - 000000000 ____D C:\Users\Cybot\AppData\Local\RC 48
2021-06-18 04:50 - 2021-06-18 04:50 - 000000000 ____D C:\Users\Cybot\AppData\Local\RC 24
2021-06-18 04:50 - 2021-06-18 04:50 - 000000000 ____D C:\Users\Cybot\AppData\Local\Passive EQ
2021-06-18 04:50 - 2021-06-18 04:50 - 000000000 ____D C:\Users\Cybot\AppData\Local\Enhanced EQ
2021-06-18 04:49 - 2021-06-18 04:49 - 000000000 ____D C:\Users\Cybot\AppData\Local\Driver
2021-06-18 04:46 - 2021-06-18 04:46 - 000000000 __HDC C:\ProgramData\{1214B4CE-8C85-4681-AE47-ED00025B8101}
2021-06-18 04:45 - 2021-06-18 04:45 - 000000000 __HDC C:\ProgramData\{EC728313-79BE-49FA-A207-1F4A9F6EEA35}
2021-06-18 04:45 - 2021-06-18 04:45 - 000000000 __HDC C:\ProgramData\{25C0288B-72FD-4676-BA88-E536580BA182}
2021-06-18 04:45 - 2021-06-18 04:45 - 000000000 __HDC C:\ProgramData\{171A9DCD-B60F-41FE-B062-B9A0CB7A294E}
2021-06-18 04:44 - 2021-06-18 04:44 - 000000000 __HDC C:\ProgramData\{E2A6D848-909C-4699-9060-DB387A1A1C8E}
2021-06-18 04:44 - 2021-06-18 04:44 - 000000000 __HDC C:\ProgramData\{5984682A-6801-493C-AE8E-BA179880D6C4}
2021-06-18 04:44 - 2021-06-18 04:44 - 000000000 __HDC C:\ProgramData\{529CCDB2-B7A5-45FD-8225-FD139995DB68}
2021-06-18 04:43 - 2021-06-18 04:43 - 000000000 __HDC C:\ProgramData\{F6163904-56FE-4C32-883E-511A630BB208}
2021-06-18 04:43 - 2021-06-18 04:43 - 000000000 __HDC C:\ProgramData\{E9325788-FB8D-4922-9021-1D3AB002E203}
2021-06-18 04:43 - 2021-06-18 04:43 - 000000000 __HDC C:\ProgramData\{A5D15E37-A244-4BED-9E32-7E918C60A4FE}
2021-06-18 04:43 - 2021-06-18 04:43 - 000000000 __HDC C:\ProgramData\{4F5A8AF7-548F-455D-8324-4BF6E080EFE3}
2021-06-18 04:42 - 2021-06-18 04:42 - 000000000 __HDC C:\ProgramData\{C6F564B8-5993-42AE-A667-9768D54DB90C}
2021-06-18 04:42 - 2021-06-18 04:42 - 000000000 __HDC C:\ProgramData\{735EE903-03A1-451A-8FFF-9A380D359262}
2021-06-18 04:42 - 2021-06-18 04:42 - 000000000 __HDC C:\ProgramData\{5F02322B-7C5D-42DD-ADA4-6714023586FD}
2021-06-18 04:41 - 2021-06-18 04:41 - 000000000 __HDC C:\ProgramData\{415AFD15-76E3-4CE7-A07C-FBD191A08472}
2021-06-18 03:42 - 2021-06-18 03:42 - 000000000 ____D C:\Users\Cybot\OneDrive\Dokumente\Benutzerdefinierte Office-Vorlagen
2021-06-18 00:57 - 2021-06-18 00:57 - 000000000 ____D C:\Users\Cybot\OneDrive\Dokumente\Scans
2021-06-18 00:57 - 2021-04-22 11:29 - 003549478 _____ C:\Users\Cybot\OneDrive\Dokumente\Frauenarzt Dokumente.pdf
2021-06-18 00:57 - 2021-04-22 11:25 - 000695905 _____ C:\Users\Cybot\OneDrive\Dokumente\Frauenärztin Dokumente.pdf
2021-06-17 17:28 - 2021-06-28 21:07 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2021-06-15 10:48 - 2021-06-15 10:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jabra
2021-06-11 16:22 - 2021-06-09 05:58 - 000136472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2021-06-11 16:22 - 2021-06-09 05:58 - 000037664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2021-06-11 07:55 - 2021-06-11 07:55 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-07-11 21:11 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF
2021-07-11 21:10 - 2021-06-10 21:17 - 000000000 ____D C:\FRST
2021-07-11 21:04 - 2021-06-04 21:06 - 000000000 ____D C:\ProgramData\NVIDIA
2021-07-11 21:04 - 2021-05-20 18:56 - 000000000 ____D C:\Program Files (x86)\Steam
2021-07-11 21:04 - 2021-05-20 17:39 - 000000000 ___RD C:\Users\Cybot\OneDrive
2021-07-11 21:03 - 2021-06-02 16:36 - 000000000 ____D C:\Users\Cybot\AppData\Roaming\WTablet
2021-07-11 21:03 - 2021-05-20 17:28 - 000008192 ___SH C:\DumpStack.log.tmp
2021-07-11 21:03 - 2021-05-20 17:28 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-07-11 21:03 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState
2021-07-11 21:03 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-07-11 21:03 - 2019-12-07 11:03 - 001048576 _____ C:\Windows\system32\config\BBI
2021-07-11 20:13 - 2021-05-20 17:35 - 001632020 _____ C:\Windows\system32\PerfStringBackup.INI
2021-07-11 20:13 - 2019-12-07 16:50 - 000708572 _____ C:\Windows\system32\perfh007.dat
2021-07-11 20:13 - 2019-12-07 16:50 - 000142814 _____ C:\Windows\system32\perfc007.dat
2021-07-11 20:12 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp
2021-07-11 20:02 - 2021-05-20 17:38 - 000000000 ____D C:\Users\Cybot\AppData\Local\D3DSCache
2021-07-11 20:01 - 2021-06-02 16:55 - 000000000 ____D C:\ProgramData\Corel
2021-07-11 19:46 - 2021-05-30 09:27 - 000000000 ____D C:\Users\Cybot\AppData\Local\CrashDumps
2021-07-11 19:45 - 2021-05-20 17:28 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-07-11 18:10 - 2021-06-02 18:48 - 000003336 _____ C:\Windows\system32\Tasks\CorelUpdateHelperTask-43438B5BEAE9E2596F0A6173C06AA38D
2021-07-11 17:17 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr
2021-07-11 16:48 - 2021-05-22 11:13 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk
2021-07-11 16:48 - 2021-05-22 11:13 - 000000865 _____ C:\Users\Public\Desktop\Notepad++.lnk
2021-07-11 16:48 - 2021-05-22 11:13 - 000000000 ____D C:\Users\Cybot\AppData\Roaming\Notepad++
2021-07-11 16:48 - 2021-05-22 11:13 - 000000000 ____D C:\Program Files\Notepad++
2021-07-11 16:43 - 2021-05-20 18:13 - 000002315 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-07-11 15:45 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness
2021-07-09 23:35 - 2021-05-20 17:28 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-07-09 23:25 - 2021-05-20 17:40 - 000000000 ____D C:\Users\Cybot\AppData\Local\PlaceholderTileLogoFolder
2021-07-09 21:45 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\NDF
2021-07-09 19:47 - 2021-06-01 19:09 - 000000000 ____D C:\Users\Cybot\OneDrive\Dokumente\Outlook-Dateien
2021-07-09 19:41 - 2021-05-20 17:28 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-07-09 19:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-07-09 19:36 - 2021-05-20 17:36 - 000000000 ____D C:\Users\Cybot
2021-07-09 19:35 - 2021-05-23 12:59 - 000000000 ____D C:\Users\nikew
2021-07-09 19:35 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Portable Devices
2021-07-09 19:35 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-07-09 19:35 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2021-07-09 19:35 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2021-07-09 19:35 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-07-09 19:35 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2021-07-09 19:35 - 2019-12-07 16:51 - 000000000 ____D C:\Windows\system32\OpenSSH
2021-07-09 19:35 - 2019-12-07 16:50 - 000000000 ____D C:\Windows\SysWOW64\de
2021-07-09 19:35 - 2019-12-07 16:50 - 000000000 ____D C:\Windows\system32\de
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\UNP
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\F12
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\dsc
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\oobe
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\migwiz
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\InstallShield
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\downlevel
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Sysprep
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\ShellExperiences
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Keywords
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\downlevel
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Dism
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\Com
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellComponents
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\IME
2021-07-09 19:35 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-07-09 19:35 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing
2021-07-09 19:34 - 2021-06-02 16:56 - 000000000 ____D C:\ProgramData\Protexis64
2021-07-09 19:34 - 2021-05-20 18:19 - 000000000 ____D C:\Users\Cybot\AppData\Roaming\vlc
2021-07-09 19:34 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Containers
2021-07-09 19:24 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\registration
2021-07-09 19:23 - 2021-06-07 04:17 - 000000000 ____D C:\Users\nikew\AppData\Local\NVIDIA
2021-07-09 19:23 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Resources
2021-07-09 19:18 - 2021-05-21 13:52 - 000000000 ____D C:\Users\Cybot\AppData\LocalLow\Mozilla
2021-07-09 18:01 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-07-09 06:59 - 2021-06-03 22:14 - 000000000 ____D C:\Users\Cybot\IdeaProjects
2021-07-08 21:14 - 2021-05-23 13:00 - 000000000 ____D C:\Users\nikew\AppData\Local\D3DSCache
2021-07-08 21:13 - 2021-06-07 04:17 - 000000000 ____D C:\Users\nikew\AppData\Roaming\WTablet
2021-07-08 20:41 - 2021-05-23 15:00 - 000000000 ____D C:\Users\nikew\AppData\Local\PlaceholderTileLogoFolder
2021-07-08 20:41 - 2021-05-23 13:00 - 000000000 ____D C:\Users\nikew\AppData\Local\Packages
2021-07-08 20:39 - 2021-05-23 13:17 - 000000000 ____D C:\Users\nikew\AppData\Local\Comms
2021-07-08 20:23 - 2021-05-23 13:02 - 000000000 ___RD C:\Users\nikew\OneDrive
2021-07-08 20:23 - 2021-05-23 13:02 - 000000000 ____D C:\Users\nikew\AppData\Local\CrashDumps
2021-07-07 10:58 - 2021-06-01 09:05 - 000000000 ____D C:\Program Files\Microsoft Office
2021-07-02 17:49 - 2021-05-21 15:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2021-07-02 17:49 - 2021-05-21 15:42 - 000000000 ____D C:\Program Files\Native Instruments
2021-07-02 17:49 - 2021-05-20 20:13 - 000000000 ____D C:\Program Files\Common Files\Native Instruments
2021-07-02 00:04 - 2021-06-04 21:20 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-07-01 22:40 - 2021-05-20 17:28 - 000003700 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-07-01 22:40 - 2021-05-20 17:28 - 000003576 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-07-01 22:14 - 2021-05-20 17:38 - 000000000 ____D C:\Users\Cybot\AppData\Local\Packages
2021-07-01 19:22 - 2021-05-20 17:38 - 000000000 ____D C:\Users\Cybot\AppData\Local\Publishers
2021-07-01 19:19 - 2021-05-20 20:13 - 000000000 ____D C:\ProgramData\Package Cache
2021-06-28 22:48 - 2021-06-04 21:29 - 000000000 ____D C:\Program Files\Intel
2021-06-28 22:48 - 2021-06-04 21:27 - 000000000 ____D C:\ProgramData\Intel
2021-06-28 22:48 - 2021-05-20 17:59 - 000000000 ____D C:\Program Files (x86)\Intel
2021-06-28 22:45 - 2021-05-21 15:34 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2021-06-28 21:01 - 2021-06-01 09:08 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-06-28 21:01 - 2021-06-01 09:08 - 000002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-25 23:41 - 2021-05-20 17:28 - 000439216 _____ C:\Windows\system32\FNTCACHE.DAT
2021-06-25 23:40 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\Provisioning
2021-06-25 22:51 - 2021-05-22 12:01 - 000000000 ____D C:\Users\Cybot\AppData\Roaming\Jabra Direct
2021-06-25 19:40 - 2021-05-20 18:18 - 000000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2021-06-25 19:16 - 2021-05-29 12:55 - 000023339 _____ C:\Users\Cybot\AppData\Local\kritarc
2021-06-25 19:04 - 2021-05-29 12:55 - 000000000 ____D C:\Users\Cybot\AppData\Roaming\krita
2021-06-25 18:13 - 2019-12-07 11:14 - 000000000 __RSD C:\Windows\Media
2021-06-25 17:46 - 2021-06-04 21:09 - 000000000 ____D C:\Users\Cybot\AppData\Local\NVIDIA
2021-06-24 07:46 - 2021-06-04 21:09 - 000000000 ____D C:\Users\Cybot\AppData\Local\NVIDIA Corporation
2021-06-24 07:44 - 2021-06-04 21:06 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2021-06-24 07:44 - 2021-05-21 08:40 - 000004308 _____ C:\Windows\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-24 07:44 - 2021-05-21 08:40 - 000004106 _____ C:\Windows\system32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-24 07:44 - 2021-05-21 08:40 - 000003976 _____ C:\Windows\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-24 07:44 - 2021-05-21 08:40 - 000003940 _____ C:\Windows\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-24 07:44 - 2021-05-21 08:40 - 000003894 _____ C:\Windows\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-24 07:44 - 2021-05-21 08:40 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-24 07:44 - 2021-05-21 08:40 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-24 07:44 - 2021-05-21 08:40 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-24 07:44 - 2021-05-21 08:40 - 000003858 _____ C:\Windows\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-24 07:44 - 2021-05-21 08:40 - 000003654 _____ C:\Windows\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-06-24 07:44 - 2021-05-20 17:35 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2021-06-24 07:44 - 2021-05-20 17:34 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2021-06-23 17:32 - 2021-05-22 11:07 - 000000000 ____D C:\Users\Cybot\AppData\Local\ElevatedDiagnostics
2021-06-22 03:17 - 2021-06-04 21:04 - 007279232 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2021-06-18 06:33 - 2021-05-22 15:21 - 000000000 ____D C:\Users\Cybot\AppData\Local\REDEngine
2021-06-18 05:15 - 2021-05-21 16:09 - 000000000 __HDC C:\ProgramData\{76B82259-F6E4-4B8E-A06B-9D5D5FEA4FE8}
2021-06-18 04:49 - 2021-05-22 10:54 - 000000000 ____D C:\ProgramData\boost_interprocess
2021-06-18 04:46 - 2021-05-20 20:13 - 000000000 ____D C:\Program Files\Common Files\VST3
2021-06-15 10:48 - 2021-05-22 11:59 - 000000000 ____D C:\Program Files (x86)\Jabra
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2021-07-01 20:22 - 2021-07-01 20:22 - 000000189 _____ () C:\Users\Cybot\iconcache.bat
2021-06-25 18:52 - 2021-06-25 18:52 - 000000353 _____ () C:\Users\Cybot\AppData\Local\karboncalligraphyrc
2021-05-29 12:55 - 2021-06-25 18:42 - 000002696 _____ () C:\Users\Cybot\AppData\Local\krita-sysinfo.log
2021-05-29 12:55 - 2021-06-25 19:16 - 000007764 _____ () C:\Users\Cybot\AppData\Local\krita.log
2021-06-25 19:16 - 2021-06-25 19:16 - 000000039 _____ () C:\Users\Cybot\AppData\Local\kritadisplayrc
2021-05-29 12:55 - 2021-06-25 19:16 - 000023339 _____ () C:\Users\Cybot\AppData\Local\kritarc
2021-05-22 11:34 - 2021-05-22 11:34 - 000000818 _____ () C:\Users\Cybot\AppData\Local\recently-used.xbel
2021-06-18 05:48 - 2021-07-10 00:20 - 000007664 _____ () C:\Users\Cybot\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Geändert von Silverdragon_w (11.07.2021 um 21:06 Uhr) |
|
11.07.2021, 20:37
| #2 |
| | Windows 10: Infektion mit Wurm Mofksys - System nun sauber? Addition.txt
__________________FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 11-07-2021
durchgeführt von Cybot (11-07-2021 21:12:22)
Gestartet von C:\Users\Cybot\OneDrive\Desktop\Analysetools\FRST
Windows 10 Home Version 21H1 19043.1083 (X64) (2021-05-20 15:30:36)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-1925304147-3306375938-1739808556-500 - Administrator - Disabled)
Cybot (S-1-5-21-1925304147-3306375938-1739808556-1001 - Administrator - Enabled) => C:\Users\Cybot
DefaultAccount (S-1-5-21-1925304147-3306375938-1739808556-503 - Limited - Disabled)
Gast (S-1-5-21-1925304147-3306375938-1739808556-501 - Limited - Disabled)
nikew (S-1-5-21-1925304147-3306375938-1739808556-1002 - Limited - Enabled) => C:\Users\nikew
WDAGUtilityAccount (S-1-5-21-1925304147-3306375938-1739808556-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
ASUS Device Activation (HKLM-x32\...\{9C4B0706-9F9A-47BF-B417-0A111FC52B04}) (Version: 1.0.4.0 - ASUSTeK COMPUTER INC.)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.6.12 - ASUSTeK COMPUTER INC.)
ASUS PTP Driver (HKLM-x32\...\{7618E419-9124-4E6C-9AF4-487A6DDEC1C5}) (Version: 11.0.13 - ASUS)
ATK Package (ASUS Keyboard Hotkeys) (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0061 - ASUSTeK COMPUTER INC.)
Audacity 3.0.2 (HKLM-x32\...\Audacity_is1) (Version: 3.0.2 - Audacity Team)
Bome Virtual MIDI 2.1.0.44 (HKLM\...\BMIDI_Driver1.0.0.11_is1) (Version: - Bome Software GmbH & Co. KG)
Canon Easy-PhotoPrint Editor (HKLM-x32\...\Canon Easy-PhotoPrint Editor) (Version: 1.5.5 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.5.3 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.00.1.51 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.4.0.16 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.3.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.4 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
Canon TS6100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS6100_series) (Version: 1.02 - Canon Inc.)
Canon TS6100 series On-Screen-Handbuch (HKLM-x32\...\Canon TS6100 series On-Screen-Handbuch) (Version: 1.1.0 - Canon Inc.)
CPUID HWMonitor 1.44 (HKLM\...\CPUID HWMonitor_is1) (Version: 1.44 - CPUID, Inc.)
DFUDriverSetupX64Setup (HKLM-x32\...\{D662C345-04FD-4F6C-AB68-B9BC6D6A5D2F}) (Version: 7.0.32822.0 - GN Netcom A/S) Hidden
Druckerregistrierung (HKLM-x32\...\Canon EISRegistration) (Version: 1.7.5 - Canon Inc.)
Epic Games Launcher (HKLM-x32\...\{2A27CA16-E158-4B0A-A502-3E6364B1F03E}) (Version: 1.2.17.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{0B736177-814A-4ADE-81D1-66A0FDD55BB4}) (Version: 1.1.11.0 - Epic Games, Inc.)
FFmpeg (Windows) for Audacity Version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FINAL FANTASY XIV ONLINE (HKLM-x32\...\{2B41E132-07DF-4925-A3D3-F2D1765CCDFE}) (Version: 1.0.0000 - SQUARE ENIX CO., LTD.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.5.0.6.1001 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.124 - Google LLC)
Inkscape (HKLM-x32\...\Inkscape) (Version: 1.0.2--2 - Inkscape)
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{fb610cea-ba50-4d4b-a717-cf025419035c}) (Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{498e3edb-cc7c-42dc-832e-11fdfed6d76e}) (Version: 18.40.3 - Intel Corporation)
IntelliJ IDEA Community Edition 2021.1.1 (HKLM-x32\...\IntelliJ IDEA Community Edition 2021.1.1) (Version: 211.7142.45 - JetBrains s.r.o.)
Jabra Direct (HKLM-x32\...\{999d698d-2e2a-4018-ac07-3e90c78e5327}) (Version: 5.5.37716 - GN Audio A/S)
Jabra Direct (HKLM-x32\...\{CB9B5476-F6A2-49BD-A87C-7B9B16729B69}) (Version: 5.5.37716 - GN Audio A/S) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.14131.20278 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.67 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.67 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 21.119.0613.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{E5A95BC5-81DF-4F0C-B910-B59DD012F037}) (Version: 2.81.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30037 (HKLM-x32\...\{4b2f3795-f407-415e-88d5-8c8ab322909d}) (Version: 14.29.30037.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual Studio Code (HKLM\...\{EA457B21-F73E-494C-ACAB-524FDE069978}_is1) (Version: 1.56.2 - Microsoft Corporation)
Native Instruments Abbey Road 50s Drummer (HKLM-x32\...\Native Instruments Abbey Road 50s Drummer) (Version: 1.2.0.11 - Native Instruments)
Native Instruments Abbey Road 60s Drummer (HKLM-x32\...\Native Instruments Abbey Road 60s Drummer) (Version: 1.3.0.12 - Native Instruments)
Native Instruments Abbey Road 70s Drummer (HKLM-x32\...\Native Instruments Abbey Road 70s Drummer) (Version: 1.3.0.8 - Native Instruments)
Native Instruments Abbey Road 80s Drummer (HKLM-x32\...\Native Instruments Abbey Road 80s Drummer) (Version: 1.3.0.5 - Native Instruments)
Native Instruments Abbey Road Modern Drummer (HKLM-x32\...\Native Instruments Abbey Road Modern Drummer) (Version: 1.3.0.3 - Native Instruments)
Native Instruments Abbey Road Vintage Drummer (HKLM-x32\...\Native Instruments Abbey Road Vintage Drummer) (Version: 1.3.0.11 - Native Instruments)
Native Instruments Absynth 5 (HKLM-x32\...\Native Instruments Absynth 5) (Version: 5.3.4.59 - Native Instruments)
Native Instruments Action Strikes (HKLM-x32\...\Native Instruments Action Strikes) (Version: 1.2.0.2 - Native Instruments)
Native Instruments Action Strings (HKLM-x32\...\Native Instruments Action Strings) (Version: 1.5.0.1 - Native Instruments)
Native Instruments Alicias Keys (HKLM-x32\...\Native Instruments Alicias Keys) (Version: 1.5.0.2 - Native Instruments)
Native Instruments Analog Dreams (HKLM-x32\...\Native Instruments Analog Dreams) (Version: 2.0.2.1 - Native Instruments)
Native Instruments Arcane Attic (HKLM-x32\...\Native Instruments Arcane Attic) (Version: 2.0.1.1 - Native Instruments)
Native Instruments Astral Flutter (HKLM-x32\...\Native Instruments Astral Flutter) (Version: 2.0.1.1 - Native Instruments)
Native Instruments Balinese Gamelan (HKLM-x32\...\Native Instruments Balinese Gamelan) (Version: 1.5.3.2 - Native Instruments)
Native Instruments Battery 4 (HKLM-x32\...\Native Instruments Battery 4) (Version: 4.1.6.27 - Native Instruments)
Native Instruments Battery 4 Factory Library (HKLM-x32\...\Native Instruments Battery 4 Factory Library) (Version: 1.1.0.2 - Native Instruments)
Native Instruments Bite (HKLM-x32\...\Native Instruments Bite) (Version: 1.1.0.47 - Native Instruments)
Native Instruments Blocks Base (HKLM-x32\...\Native Instruments Blocks Base) (Version: 1.0.1.1 - Native Instruments)
Native Instruments Blocks Primes (HKLM-x32\...\Native Instruments Blocks Primes) (Version: 1.0.1.1 - Native Instruments)
Native Instruments Byte Riot (HKLM-x32\...\Native Instruments Byte Riot) (Version: 2.0.0.4 - Native Instruments)
Native Instruments Caribbean Current (HKLM-x32\...\Native Instruments Caribbean Current) (Version: 2.0.0.1 - Native Instruments)
Native Instruments Cavern Floor (HKLM-x32\...\Native Instruments Cavern Floor) (Version: 2.0.1.2 - Native Instruments)
Native Instruments Choral (HKLM-x32\...\Native Instruments Choral) (Version: 1.1.0.47 - Native Instruments)
Native Instruments Chromatic Fire (HKLM-x32\...\Native Instruments Chromatic Fire) (Version: 1.0.1.1 - Native Instruments)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 2.6.2.547 - Native Instruments)
Native Instruments Creator Tools (HKLM-x32\...\Native Instruments Creator Tools) (Version: 1.3.0.0 - Native Instruments)
Native Instruments Cuba (HKLM-x32\...\Native Instruments Cuba) (Version: 1.2.1.4 - Native Instruments)
Native Instruments Damage (HKLM-x32\...\Native Instruments Damage) (Version: 1.5.0.2 - Native Instruments)
Native Instruments Decoded Forms (HKLM-x32\...\Native Instruments Decoded Forms) (Version: 2.0.2.2 - Native Instruments)
Native Instruments Deep Matter (HKLM-x32\...\Native Instruments Deep Matter) (Version: 2.0.1.1 - Native Instruments)
Native Instruments Dirt (HKLM-x32\...\Native Instruments Dirt) (Version: 1.1.0.47 - Native Instruments)
Native Instruments Driver (HKLM-x32\...\Native Instruments Driver) (Version: 1.4.0.73 - Native Instruments)
Native Instruments Drop Squad (HKLM-x32\...\Native Instruments Drop Squad) (Version: 2.0.1.1 - Native Instruments)
Native Instruments Drum Lab (HKLM-x32\...\Native Instruments Drum Lab) (Version: 1.2.0.6 - Native Instruments)
Native Instruments Elastic Thump (HKLM-x32\...\Native Instruments Elastic Thump) (Version: 2.0.1.4 - Native Instruments)
Native Instruments Emotive Strings (HKLM-x32\...\Native Instruments Emotive Strings) (Version: 1.0.0.15 - Native Instruments)
Native Instruments Enhanced EQ (HKLM-x32\...\Native Instruments Enhanced EQ) (Version: 1.4.0.73 - Native Instruments)
Native Instruments Ethereal Earth (HKLM-x32\...\Native Instruments Ethereal Earth) (Version: 2.0.1.1 - Native Instruments)
Native Instruments Evolve Mutations (HKLM-x32\...\Native Instruments Evolve Mutations) (Version: 1.2.0.1 - Native Instruments)
Native Instruments Evolve Mutations 2 (HKLM-x32\...\Native Instruments Evolve Mutations 2) (Version: 1.2.0.2 - Native Instruments)
Native Instruments Evolve R2 (HKLM-x32\...\Native Instruments Evolve R2) (Version: 1.7.0.3 - Native Instruments)
Native Instruments Expansions Selection (HKLM-x32\...\Native Instruments Expansions Selection) (Version: 1.0.0.10 - Native Instruments)
Native Instruments Flair (HKLM-x32\...\Native Instruments Flair) (Version: 1.1.0.47 - Native Instruments)
Native Instruments Flesh (HKLM-x32\...\Native Instruments Flesh) (Version: 1.0.0.2 - Native Instruments)
Native Instruments FM8 (HKLM-x32\...\Native Instruments FM8) (Version: 1.4.4.104 - Native Instruments)
Native Instruments Form (HKLM-x32\...\Native Instruments Form) (Version: 1.1.2.1 - Native Instruments)
Native Instruments Freak (HKLM-x32\...\Native Instruments Freak) (Version: 1.1.0.47 - Native Instruments)
Native Instruments George Duke Soul Treasures (HKLM-x32\...\Native Instruments George Duke Soul Treasures) (Version: 1.3.0.1 - Native Instruments)
Native Instruments Golden Kingdom (HKLM-x32\...\Native Instruments Golden Kingdom) (Version: 2.0.1.1 - Native Instruments)
Native Instruments Grey Forge (HKLM-x32\...\Native Instruments Grey Forge) (Version: 2.0.0.4 - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version: 5.2.2.8 - Native Instruments)
Native Instruments Halcyon Sky (HKLM-x32\...\Native Instruments Halcyon Sky) (Version: 2.0.2.1 - Native Instruments)
Native Instruments Hybrid Keys (HKLM-x32\...\Native Instruments Hybrid Keys) (Version: 2.0.1.1 - Native Instruments)
Native Instruments India (HKLM-x32\...\Native Instruments India) (Version: 1.1.1.2 - Native Instruments)
Native Instruments Kinetic Metal (HKLM-x32\...\Native Instruments Kinetic Metal) (Version: 1.1.0.2 - Native Instruments)
Native Instruments Kinetic Toys (HKLM-x32\...\Native Instruments Kinetic Toys) (Version: 1.0.0.39 - Native Instruments)
Native Instruments Kinetic Treats (HKLM-x32\...\Native Instruments Kinetic Treats) (Version: 1.1.0.4 - Native Instruments)
Native Instruments Komplete Kontrol (HKLM-x32\...\Native Instruments Komplete Kontrol) (Version: 2.6.2.211 - Native Instruments)
Native Instruments Komplete Kontrol Driver (HKLM-x32\...\Native Instruments Komplete Kontrol Driver) (Version: - Native Instruments)
Native Instruments Komplete Kontrol MK2 Driver (HKLM-x32\...\Native Instruments Komplete Kontrol MK2 Driver) (Version: - Native Instruments)
Native Instruments Kontakt (HKLM-x32\...\Native Instruments Kontakt) (Version: 6.5.3.125 - Native Instruments)
Native Instruments Kontakt Factory Library (HKLM-x32\...\Native Instruments Kontakt Factory Library) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Kontakt Factory Selection (HKLM-x32\...\Native Instruments Kontakt Factory Selection) (Version: 1.4.2.1 - Native Instruments)
Native Instruments Kontour (HKLM-x32\...\Native Instruments Kontour) (Version: 1.0.0.6 - Native Instruments)
Native Instruments Lazer Dice (HKLM-x32\...\Native Instruments Lazer Dice) (Version: 2.0.0.2 - Native Instruments)
Native Instruments London Grit (HKLM-x32\...\Native Instruments London Grit) (Version: 2.0.1.1 - Native Instruments)
Native Instruments Lucid Mission (HKLM-x32\...\Native Instruments Lucid Mission) (Version: 2.0.1.1 - Native Instruments)
Native Instruments Marble Rims (HKLM-x32\...\Native Instruments Marble Rims) (Version: 2.0.1.1 - Native Instruments)
Native Instruments Maschine 2 (HKLM-x32\...\Native Instruments Maschine 2) (Version: 2.14.1.891 - Native Instruments)
Native Instruments Maschine 2 Factory Library (HKLM-x32\...\Native Instruments Maschine 2 Factory Library) (Version: 1.3.8.3 - Native Instruments)
Native Instruments Maschine Controller MK2 Driver (HKLM-x32\...\Native Instruments Maschine Controller MK2 Driver) (Version: - Native Instruments)
Native Instruments Maschine Drum Selection (HKLM-x32\...\Native Instruments Maschine Drum Selection) (Version: 1.3.0.19 - Native Instruments)
Native Instruments Maschine Jam Driver (HKLM-x32\...\Native Instruments Maschine Jam Driver) (Version: - Native Instruments)
Native Instruments Maschine Mikro Driver (HKLM-x32\...\Native Instruments Maschine Mikro Driver) (Version: - Native Instruments)
Native Instruments Maschine Mikro MK2 Driver (HKLM-x32\...\Native Instruments Maschine Mikro MK2 Driver) (Version: - Native Instruments)
Native Instruments Maschine MK3 Driver (HKLM-x32\...\Native Instruments Maschine MK3 Driver) (Version: - Native Instruments)
Native Instruments Maschine Studio Driver (HKLM-x32\...\Native Instruments Maschine Studio Driver) (Version: - Native Instruments)
Native Instruments Massive (HKLM-x32\...\Native Instruments Massive) (Version: 1.5.8.64 - Native Instruments)
Native Instruments Massive X (HKLM-x32\...\Native Instruments Massive X) (Version: 1.3.2.218 - Native Instruments)
Native Instruments Massive X Factory Library (HKLM-x32\...\Native Instruments Massive X Factory Library) (Version: 1.3.0.1 - Native Instruments)
Native Instruments Meteoric Rise (HKLM-x32\...\Native Instruments Meteoric Rise) (Version: 1.0.2.1 - Native Instruments)
Native Instruments Middle East (HKLM-x32\...\Native Instruments Middle East) (Version: 1.1.1.2 - Native Instruments)
Native Instruments Mikro Prism (HKLM-x32\...\Native Instruments Mikro Prism) (Version: 1.1.0.14 - Native Instruments)
Native Instruments Molekular (HKLM-x32\...\Native Instruments Molekular) (Version: 1.0.0.3 - Native Instruments)
Native Instruments Molten Veil (HKLM-x32\...\Native Instruments Molten Veil) (Version: 2.0.2.1 - Native Instruments)
Native Instruments Monark (HKLM-x32\...\Native Instruments Monark) (Version: 1.3.1.4 - Native Instruments)
Native Instruments Native Access (HKLM-x32\...\Native Instruments Native Access) (Version: 1.13.3.136 - Native Instruments)
Native Instruments Native Browser Preview Library (HKLM-x32\...\Native Instruments Native Browser Preview Library) (Version: 1.1.0.28 - Native Instruments)
Native Instruments Neon Drive (HKLM-x32\...\Native Instruments Neon Drive) (Version: 2.0.1.4 - Native Instruments)
Native Instruments NIHostIntegrationAgent (HKLM-x32\...\Native Instruments NIHostIntegrationAgent) (Version: 1.10.4.222 - Native Instruments)
Native Instruments NTKDaemon (HKLM-x32\...\Native Instruments NTKDaemon) (Version: 1.1.0.96 - Native Instruments)
Native Instruments Our House (HKLM-x32\...\Native Instruments Our House) (Version: 1.0.0.13 - Native Instruments)
Native Instruments Passive EQ (HKLM-x32\...\Native Instruments Passive EQ) (Version: 1.4.0.73 - Native Instruments)
Native Instruments Phasis (HKLM-x32\...\Native Instruments Phasis) (Version: 1.1.0.47 - Native Instruments)
Native Instruments Platinum Bounce (HKLM-x32\...\Native Instruments Platinum Bounce) (Version: 2.0.1.2 - Native Instruments)
Native Instruments Play Series Selection (HKLM-x32\...\Native Instruments Play Series Selection) (Version: 1.0.0.6 - Native Instruments)
Native Instruments Polyplex (HKLM-x32\...\Native Instruments Polyplex) (Version: 1.1.0.3 - Native Instruments)
Native Instruments Queensbridge Story (HKLM-x32\...\Native Instruments Queensbridge Story) (Version: 2.0.1.1 - Native Instruments)
Native Instruments Rammfire (HKLM-x32\...\Native Instruments Rammfire) (Version: 2.0.0.5 - Native Instruments)
Native Instruments Raum (HKLM-x32\...\Native Instruments Raum) (Version: 1.0.0.29 - Native Instruments)
Native Instruments Razor (HKLM-x32\...\Native Instruments Razor) (Version: 1.7.0.4 - Native Instruments)
Native Instruments RC 24 (HKLM-x32\...\Native Instruments RC 24) (Version: 1.4.0.73 - Native Instruments)
Native Instruments RC 48 (HKLM-x32\...\Native Instruments RC 48) (Version: 1.4.0.73 - Native Instruments)
Native Instruments Reaktor 6 (HKLM-x32\...\Native Instruments Reaktor 6) (Version: 6.4.2.4 - Native Instruments)
Native Instruments Reaktor Blocks (HKLM-x32\...\Native Instruments Reaktor Blocks) (Version: 1.3.0.5 - Native Instruments)
Native Instruments Reaktor Blocks Wired (HKLM-x32\...\Native Instruments Reaktor Blocks Wired) (Version: 1.0.2.1 - Native Instruments)
Native Instruments Reaktor Factory Library (HKLM-x32\...\Native Instruments Reaktor Factory Library) (Version: 1.1.0.3 - Native Instruments)
Native Instruments Reaktor Factory Selection R2 (HKLM-x32\...\Native Instruments Reaktor Factory Selection R2) (Version: 1.0.1.7 - Native Instruments)
Native Instruments Reaktor Prism (HKLM-x32\...\Native Instruments Reaktor Prism) (Version: 1.6.1.1 - Native Instruments)
Native Instruments Reaktor Spark R2 (HKLM-x32\...\Native Instruments Reaktor Spark R2) (Version: 1.4.0.4 - Native Instruments)
Native Instruments Reflektor (HKLM-x32\...\Native Instruments Reflektor) (Version: 2.0.0.8 - Native Instruments)
Native Instruments Replika (HKLM-x32\...\Native Instruments Replika) (Version: 1.4.0.47 - Native Instruments)
Native Instruments Replika XT (HKLM-x32\...\Native Instruments Replika XT) (Version: 1.1.0.47 - Native Instruments)
Native Instruments Retro Machines Mk2 (HKLM-x32\...\Native Instruments Retro Machines Mk2) (Version: 1.3.0.6 - Native Instruments)
Native Instruments Rise and Hit (HKLM-x32\...\Native Instruments Rise and Hit) (Version: 1.2.0.11 - Native Instruments)
Native Instruments Rounds (HKLM-x32\...\Native Instruments Rounds) (Version: 1.2.0.3 - Native Instruments)
Native Instruments Scarbee Funk Guitarist (HKLM-x32\...\Native Instruments Scarbee Funk Guitarist) (Version: 1.2.0.1 - Native Instruments)
Native Instruments Scarbee Jay-Bass (HKLM-x32\...\Native Instruments Scarbee Jay-Bass) (Version: 1.1.0.4 - Native Instruments)
Native Instruments Scarbee Mark I (HKLM-x32\...\Native Instruments Scarbee Mark I) (Version: 1.4.0.15 - Native Instruments)
Native Instruments Scarbee MM-Bass (HKLM-x32\...\Native Instruments Scarbee MM-Bass) (Version: 1.2.0.2 - Native Instruments)
Native Instruments Scarbee MM-Bass Amped (HKLM-x32\...\Native Instruments Scarbee MM-Bass Amped) (Version: 1.1.0.3 - Native Instruments)
Native Instruments Scarbee Pre-Bass (HKLM-x32\...\Native Instruments Scarbee Pre-Bass) (Version: 1.2.0.3 - Native Instruments)
Native Instruments Scarbee Pre-Bass Amped (HKLM-x32\...\Native Instruments Scarbee Pre-Bass Amped) (Version: 1.1.0.4 - Native Instruments)
Native Instruments Scarbee Rickenbacker Bass (HKLM-x32\...\Native Instruments Scarbee Rickenbacker Bass) (Version: 1.2.0.3 - Native Instruments)
Native Instruments Scarbee Vintage Keys (HKLM-x32\...\Native Instruments Scarbee Vintage Keys) (Version: 1.3.0.6 - Native Instruments)
Native Instruments Session Guitarist - Electric Sunburst (HKLM-x32\...\Native Instruments Session Guitarist - Electric Sunburst) (Version: 1.0.0.11 - Native Instruments)
Native Instruments Session Guitarist - Strummed Acoustic (HKLM-x32\...\Native Instruments Session Guitarist - Strummed Acoustic) (Version: 1.1.0.1 - Native Instruments)
Native Instruments Session Guitarist - Strummed Acoustic 2 (HKLM-x32\...\Native Instruments Session Guitarist - Strummed Acoustic 2) (Version: 1.0.0.1 - Native Instruments)
Native Instruments Session Horns Pro (HKLM-x32\...\Native Instruments Session Horns Pro) (Version: 1.4.0.2 - Native Instruments)
Native Instruments Session Strings Pro 2 (HKLM-x32\...\Native Instruments Session Strings Pro 2) (Version: 1.0.3.1 - Native Instruments)
Native Instruments Skanner XT (HKLM-x32\...\Native Instruments Skanner XT) (Version: 1.3.0.3 - Native Instruments)
Native Instruments Solid Bus Comp FX (HKLM-x32\...\Native Instruments Solid Bus Comp FX) (Version: 1.4.0.73 - Native Instruments)
Native Instruments Solid Dynamics FX (HKLM-x32\...\Native Instruments Solid Dynamics FX) (Version: 1.4.0.73 - Native Instruments)
Native Instruments Solid EQ FX (HKLM-x32\...\Native Instruments Solid EQ FX) (Version: 1.4.0.73 - Native Instruments)
Native Instruments Studio Drummer (HKLM-x32\...\Native Instruments Studio Drummer) (Version: 1.4.0.13 - Native Instruments)
Native Instruments Supercharger (HKLM-x32\...\Native Instruments Supercharger) (Version: 1.4.0.73 - Native Instruments)
Native Instruments Supercharger GT (HKLM-x32\...\Native Instruments Supercharger GT) (Version: 1.4.0.73 - Native Instruments)
Native Instruments Symphony Essentials Brass Ensemble (HKLM-x32\...\Native Instruments Symphony Essentials Brass Ensemble) (Version: 1.3.0.7 - Native Instruments)
Native Instruments Symphony Essentials Brass Solo (HKLM-x32\...\Native Instruments Symphony Essentials Brass Solo) (Version: 1.3.0.5 - Native Instruments)
Native Instruments Symphony Essentials Percussion (HKLM-x32\...\Native Instruments Symphony Essentials Percussion) (Version: 1.3.0.9 - Native Instruments)
Native Instruments Symphony Essentials String Ensemble (HKLM-x32\...\Native Instruments Symphony Essentials String Ensemble) (Version: 1.4.1.1 - Native Instruments)
Native Instruments Symphony Essentials Woodwind Ensemble (HKLM-x32\...\Native Instruments Symphony Essentials Woodwind Ensemble) (Version: 1.3.0.5 - Native Instruments)
Native Instruments Symphony Essentials Woodwind Solo (HKLM-x32\...\Native Instruments Symphony Essentials Woodwind Solo) (Version: 1.3.0.4 - Native Instruments)
Native Instruments The Finger R2 (HKLM-x32\...\Native Instruments The Finger R2) (Version: 1.3.0.3 - Native Instruments)
Native Instruments The Gentleman (HKLM-x32\...\Native Instruments The Gentleman) (Version: 1.2.0.3 - Native Instruments)
Native Instruments The Giant (HKLM-x32\...\Native Instruments The Giant) (Version: 1.2.0.8 - Native Instruments)
Native Instruments The Grandeur (HKLM-x32\...\Native Instruments The Grandeur) (Version: 1.2.0.3 - Native Instruments)
Native Instruments The Maverick (HKLM-x32\...\Native Instruments The Maverick) (Version: 1.2.0.5 - Native Instruments)
Native Instruments The Mouth (HKLM-x32\...\Native Instruments The Mouth) (Version: 1.3.0.2 - Native Instruments)
Native Instruments Thrill (HKLM-x32\...\Native Instruments Thrill) (Version: 1.1.0.6 - Native Instruments)
Native Instruments Traktor DJ 2 (HKLM-x32\...\Native Instruments Traktor DJ 2) (Version: 2.4.1.478 - Native Instruments)
Native Instruments Traktors 12 (HKLM-x32\...\Native Instruments Traktors 12) (Version: 2.0.0.8 - Native Instruments)
Native Instruments Transient Master FX (HKLM-x32\...\Native Instruments Transient Master FX) (Version: 1.4.0.73 - Native Instruments)
Native Instruments TRK-01 (HKLM-x32\...\Native Instruments TRK-01) (Version: 1.1.1.1 - Native Instruments)
Native Instruments TRK-01 Bass (HKLM-x32\...\Native Instruments TRK-01 Bass) (Version: 1.0.0.10 - Native Instruments)
Native Instruments TRK-01 Kick (HKLM-x32\...\Native Instruments TRK-01 Kick) (Version: 1.0.1.8 - Native Instruments)
Native Instruments True School (HKLM-x32\...\Native Instruments True School) (Version: 2.0.0.6 - Native Instruments)
Native Instruments Una Corda (HKLM-x32\...\Native Instruments Una Corda) (Version: 1.0.0.13 - Native Instruments)
Native Instruments Vari Comp (HKLM-x32\...\Native Instruments Vari Comp) (Version: 1.4.0.73 - Native Instruments)
Native Instruments VC 160 FX (HKLM-x32\...\Native Instruments VC 160 FX) (Version: 1.4.0.73 - Native Instruments)
Native Instruments VC 2A FX (HKLM-x32\...\Native Instruments VC 2A FX) (Version: 1.4.0.73 - Native Instruments)
Native Instruments VC 76 FX (HKLM-x32\...\Native Instruments VC 76 FX) (Version: 1.4.0.73 - Native Instruments)
Native Instruments Velvet Lounge (HKLM-x32\...\Native Instruments Velvet Lounge) (Version: 2.0.1.2 - Native Instruments)
Native Instruments Vintage Organs (HKLM-x32\...\Native Instruments Vintage Organs) (Version: 1.5.0.3 - Native Instruments)
Native Instruments West Africa (HKLM-x32\...\Native Instruments West Africa) (Version: 1.4.1.4 - Native Instruments)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 8.1.1 - Notepad++ Team)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Grafiktreiber 471.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 471.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.60 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.14131.20278 - Microsoft Corporation) Hidden
Ozone 9 Elements (HKLM\...\Ozone 9 Elements) (Version: 9.1.0 - iZotope, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.3.723.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8564 - Realtek Semiconductor Corp.)
REDlauncher (HKU\S-1-5-21-1925304147-3306375938-1739808556-1001\...\{7258BA11-600C-430E-A759-27E2C691A335}-REDlauncher_is1) (Version: - GOG.com)
RogueKiller Version 15.0.7.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.0.7.0 - Adlice Software)
Samsung DeX (HKLM-x32\...\{589A31D3-C347-4F23-A3B8-98E7603C3DCA}) (Version: 2.0.0.21 - Samsung Electronics Co., Ltd.) Hidden
Samsung DeX (HKLM-x32\...\{a57d934a-f197-4680-96f3-6b7b837ab1fa}) (Version: 2.0.0.21 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.43-3 - Wacom Technology Corp.)
Windows-PC-Integritätsprüfung (HKLM\...\{19636A97-EA1C-4ED9-8BCB-EFF8AFCACABD}) (Version: 2.3.2106.25001 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.2.2 - ASUSTeK COMPUTER INC.)
Packages:
=========
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.41601.0_x64__8wekyb3d8bbwe [2021-07-09] (Microsoft Corporation)
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-07-09] (Canon Inc.)
Diagnostic Data Viewer -> C:\Program Files\WindowsApps\Microsoft.DiagnosticDataViewer_4.2007.11582.0_x64__8wekyb3d8bbwe [2021-07-09] (Microsoft Corporation)
HEVC-Videoerweiterungen -> C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtensions_1.0.41531.0_x64__8wekyb3d8bbwe [2021-07-09] (Microsoft Corporation)
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.6151.0_x64__8wekyb3d8bbwe [2021-07-09] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.48.41861.0_x64__8wekyb3d8bbwe [2021-07-09] (Microsoft Corporation) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.97.752.0_x64__mcm4njqhnhss8 [2021-07-09] (Netflix, Inc.)
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.961.0_x64__56jybvy8sckqj [2021-07-09] (NVIDIA Corp.)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0 [2021-07-09] (Spotify AB) [Startup Task]
Xbox Zubehör -> C:\Program Files\WindowsApps\Microsoft.XboxDevices_300.2105.20001.0_x64__8wekyb3d8bbwe [2021-07-09] (Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncShell64.dll [2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncShell64.dll [2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncShell64.dll [2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncShell64.dll [2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncShell64.dll [2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncShell64.dll [2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncShell64.dll [2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncShell64.dll [2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncShell64.dll [2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncShell64.dll [2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncShell64.dll [2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncShell64.dll [2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncShell64.dll [2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncShell64.dll [2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncShell64.dll [2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2021-03-22] (Notepad++ -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncShell64.dll [2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.119.0613.0001\FileSyncShell64.dll [2021-06-28] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_e1c005a6713cc50a\nvshext.dll [2021-06-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-06-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (Canon Inc. -> CANON INC.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-07-07] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1925304147-3306375938-1739808556-1001\Control Panel\Desktop\\Wallpaper -> c:\users\cybot\appdata\local\microsoft\windows\themes\roamedthemefiles\desktopbackground\zelda-wallpaper-6.jpg
HKU\S-1-5-21-1925304147-3306375938-1739808556-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\nikew\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\20180722_174901.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run32: => "Jabra Direct"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX2"
HKU\S-1-5-21-1925304147-3306375938-1739808556-1001\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1925304147-3306375938-1739808556-1001\...\StartupApproved\Run: => "Samsung DeX"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{CD500CB0-7D93-4668-A741-B637F5AA06BC}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{F8BDF353-C3E6-4907-8A1A-0D3BE7BECDD8}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{D9C1E831-3EF9-408F-8066-577929424279}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{62D0F81B-B50A-450C-9AFF-431691D8BD0B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{CCAED34F-DE1E-403D-A637-ADCF6A6B9F18}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{D7D72A52-9CCD-4944-82B9-419343ACA160}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4521F640-01FF-4A87-8A89-F0F58C5F1F05}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{FF95265E-D983-4C1B-AE92-E82A7B58F40B}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Cyberpunk 2077\REDprelauncher.exe (GOG Sp. z o.o. -> GOG.com)
FirewallRules: [{765DE8EA-0184-447D-A5A9-E3545D9376D2}] => (Allow) D:\Games\SteamLibrary\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [Datei ist nicht signiert]
FirewallRules: [{48FB4758-AEAE-466C-AC53-4838AF7DFD15}] => (Allow) D:\Games\SteamLibrary\steamapps\common\No Man's Sky\Binaries\NMS.exe (Hello Games) [Datei ist nicht signiert]
FirewallRules: [{D7B59E4F-F7A3-4468-B096-31963C617D98}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{7620D393-E2E4-4614-AA3A-BFA3EF7EE22F}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{9F2410C4-B902-4772-A6F4-FE71E3D2CD65}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{34B076E6-2A3D-47D3-B24F-9BA6D0D59F3F}] => (Allow) D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivlauncher.exe (SQUARE ENIX CO., LTD. -> SQUARE ENIX CO., LTD.)
FirewallRules: [{A4E29D38-17A7-469A-88D8-4EDE5401ADCE}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Krita\krita\bin\krita.exe (K Desktop Environment e.V. -> )
FirewallRules: [{14688770-D643-45A3-9EF3-9190CDB94C0A}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Krita\krita\bin\krita.exe (K Desktop Environment e.V. -> )
FirewallRules: [TCP Query User{AFD999C5-3842-4F98-8B1B-D4629A77A203}D:\games\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\games\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [UDP Query User{2ADCBC82-32DD-4FE8-857D-83334CD50840}D:\games\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe] => (Allow) D:\games\steamlibrary\steamapps\common\cyberpunk 2077\bin\x64\cyberpunk2077.exe (CD PROJEKT SPÓŁKA AKCYJNA -> CD PROJEKT S.A.)
FirewallRules: [{6841F72D-5BE1-480E-8C95-10743D34723E}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{C9E2579B-7C8B-41DC-9181-976FABFABF19}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [TCP Query User{F0C94C55-CE37-400F-B3E8-10FCD542110E}D:\games\steamlibrary\steamapps\common\biomutant\biomutant\binaries\win64\biomutant-win64-shipping.exe] => (Allow) D:\games\steamlibrary\steamapps\common\biomutant\biomutant\binaries\win64\biomutant-win64-shipping.exe (Experiment 101) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{8E42D347-C412-45FA-814E-3C8FEF8B331C}D:\games\steamlibrary\steamapps\common\biomutant\biomutant\binaries\win64\biomutant-win64-shipping.exe] => (Allow) D:\games\steamlibrary\steamapps\common\biomutant\biomutant\binaries\win64\biomutant-win64-shipping.exe (Experiment 101) [Datei ist nicht signiert]
FirewallRules: [{F422F10A-24DD-408C-878C-F5F6CF261E72}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{1C44B59E-6973-4974-8710-91CB805D6B6B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{BD600C9F-44CB-48D9-9B11-D32C19E61952}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Valheim\valheim.exe () [Datei ist nicht signiert]
FirewallRules: [{D7136F95-9A1F-4E71-BF1E-DA566CA7EFF5}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Valheim\valheim.exe () [Datei ist nicht signiert]
FirewallRules: [{9F5D05EE-7537-4F22-B9C4-A38AA0ECC2CE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A56AEEFB-B3EF-4E35-9FBD-4A11EF8D301C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E2C008CF-EE94-4CD4-A36F-6066864B38B2}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{25B47ECD-AE6F-4626-AE5C-213F70B5A13A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D9BB62F2-E85F-4084-92D6-9E83AF65664C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{71D560C6-165C-461D-8E9D-2F103F8060D3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6E2365EC-79D5-44B9-9E8F-B20B3ABA21E0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F5B5ABBA-17BD-4136-9091-971830B5A5F1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{32E9113D-703E-4F3C-AB82-F955D4755C02}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{869D6EE0-C7BC-438A-9D30-4866291738DF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{48E794F4-ADEA-4301-935F-A95B31F108DD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0405D1BB-70F6-476E-BE0B-D269FA69FF51}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{016593A4-E879-4997-B1BD-0CFE02D1344F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{A192E61E-DC58-46FD-998E-3B5B8C819DD6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{BBB15B4A-E69B-44A3-B597-AF15A7F95F21}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B5EECC66-2DA8-4C32-922F-4FC9BC0CAD5E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.162.583.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{64F1EA56-B6C5-45C4-8160-5AF8D8330518}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation-Wireless Connectivity Solutions -> )
FirewallRules: [{9E16FE44-D257-46A5-A6B8-21648ACA62FB}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{D1926714-6FCF-43EE-90BB-A60ACB80A8D9}] => (Allow) C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{0E9852F2-BF16-42AC-8A08-24EC0D9DBF10}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{83EF83D4-0359-4B86-B764-B2425C4FBD2A}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios)
FirewallRules: [{612A7D6E-EBD9-4D06-9C66-A9BB4BCD95FA}] => (Allow) D:\Games\SteamLibrary\steamapps\common\Zenimax Online\zosSteamStarter.exe (Zenimax Media Inc. -> Zenimax Online Studios)
FirewallRules: [{1CC19F85-7438-4556-B6AD-4E5C188EDE0E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.67\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{61E9B3BD-2E31-4F9A-8349-CBE707A6920A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Wiederherstellungspunkte =========================
11-07-2021 17:05:39 Windows Modules Installer
11-07-2021 19:56:19 Windows-Sicherung
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (07/11/2021 08:05:12 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (07/11/2021 07:46:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 10.0.19041.1081, Zeitstempel: 0x4a52ebe1
Name des fehlerhaften Moduls: fhshl.dll_unloaded, Version: 10.0.19041.928, Zeitstempel: 0x2c60368f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000012cbf
ID des fehlerhaften Prozesses: 0x31c
Startzeit der fehlerhaften Anwendung: 0x01d7766d763aa860
Pfad der fehlerhaften Anwendung: C:\Windows\explorer.exe
Pfad des fehlerhaften Moduls: fhshl.dll
Berichtskennung: 886928d3-5e75-40d8-81ac-6947a8abec40
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (07/11/2021 05:57:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 10.0.19041.1081, Zeitstempel: 0x4a52ebe1
Name des fehlerhaften Moduls: fhshl.dll_unloaded, Version: 10.0.19041.928, Zeitstempel: 0x2c60368f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000012cbf
ID des fehlerhaften Prozesses: 0x2464
Startzeit der fehlerhaften Anwendung: 0x01d7766d52ece8a1
Pfad der fehlerhaften Anwendung: C:\Windows\explorer.exe
Pfad des fehlerhaften Moduls: fhshl.dll
Berichtskennung: fe9ae8dd-d5be-415e-a8c5-bbd7acb92916
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (07/11/2021 05:05:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 10.0.19041.1081, Zeitstempel: 0x4a52ebe1
Name des fehlerhaften Moduls: zipfldr.dll_unloaded, Version: 10.0.19041.789, Zeitstempel: 0x34e59b26
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000032cbf
ID des fehlerhaften Prozesses: 0x548
Startzeit der fehlerhaften Anwendung: 0x01d77665864433a4
Pfad der fehlerhaften Anwendung: C:\Windows\explorer.exe
Pfad des fehlerhaften Moduls: zipfldr.dll
Berichtskennung: fb874949-657d-4ee6-9bd3-ab772a0e1a65
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (07/11/2021 04:29:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SearchApp.exe, Version: 10.0.19041.1081, Zeitstempel: 0x14a83b0b
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.1081, Zeitstempel: 0xde3fc775
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000010bd3e
ID des fehlerhaften Prozesses: 0x316c
Startzeit der fehlerhaften Anwendung: 0x01d77660fca01718
Pfad der fehlerhaften Anwendung: C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 3191b244-c4f1-4ef0-a8ec-2efae0bc306d
Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.Search_1.14.2.19041_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: CortanaUI
Error: (07/11/2021 04:29:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 10.0.19041.1081, Zeitstempel: 0x4a52ebe1
Name des fehlerhaften Moduls: fhshl.dll_unloaded, Version: 10.0.19041.928, Zeitstempel: 0x2c60368f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000012cbf
ID des fehlerhaften Prozesses: 0x31c4
Startzeit der fehlerhaften Anwendung: 0x01d77660b7c6b3c3
Pfad der fehlerhaften Anwendung: C:\Windows\explorer.exe
Pfad des fehlerhaften Moduls: fhshl.dll
Berichtskennung: fbe8885c-1979-4fc1-925e-5a21e66b4996
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (07/11/2021 04:26:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 10.0.19041.1081, Zeitstempel: 0x4a52ebe1
Name des fehlerhaften Moduls: fhshl.dll_unloaded, Version: 10.0.19041.928, Zeitstempel: 0x2c60368f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000012cbf
ID des fehlerhaften Prozesses: 0xf70
Startzeit der fehlerhaften Anwendung: 0x01d7765bbd1dcf74
Pfad der fehlerhaften Anwendung: C:\Windows\explorer.exe
Pfad des fehlerhaften Moduls: fhshl.dll
Berichtskennung: 44474b3d-f263-4e57-a312-8f3e118b8ff1
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (07/10/2021 03:04:45 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Systemfehler:
=============
Error: (07/11/2021 08:06:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "SysMain" wurde mit folgendem Fehler beendet:
Falscher Parameter.
Error: (07/10/2021 12:11:58 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (07/10/2021 12:11:58 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Cybot\AppData\Local\Temp\ehdrv.sys
Error: (07/10/2021 12:11:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (07/10/2021 12:11:57 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Cybot\AppData\Local\Temp\ehdrv.sys
Error: (07/10/2021 12:11:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (07/10/2021 12:11:57 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Cybot\AppData\Local\Temp\ehdrv.sys
Error: (07/10/2021 12:11:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Windows Defender:
================
Date: 2021-07-10 01:09:27
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {32354D08-3D12-4577-9074-A11DB898C853}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-07-10 00:03:13
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Mofksys.R!MTB&threatid=2147754982&enterprise=0
Name: Worm:Win32/Mofksys.R!MTB
Schweregrad: Schwerwiegend
Kategorie: Wurm
Pfad: file:_C:\Users\Cybot\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0004a2; file:_C:\Users\Cybot\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0004a3; file:_C:\Users\Cybot\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0004a4
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Program Files\RogueKiller\RogueKiller64.exe
Sicherheitsversion: AV: 1.343.706.0, AS: 1.343.706.0, NIS: 1.343.706.0
Modulversion: AM: 1.1.18300.4, NIS: 1.1.18300.4
Date: 2021-07-10 00:03:11
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Mofksys.R!MTB&threatid=2147754982&enterprise=0
Name: Worm:Win32/Mofksys.R!MTB
Schweregrad: Schwerwiegend
Kategorie: Wurm
Pfad: file:_C:\Users\Cybot\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0004a3; file:_C:\Users\Cybot\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0004a4
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Program Files\RogueKiller\RogueKiller64.exe
Sicherheitsversion: AV: 1.343.706.0, AS: 1.343.706.0, NIS: 1.343.706.0
Modulversion: AM: 1.1.18300.4, NIS: 1.1.18300.4
Date: 2021-07-10 00:03:10
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Mofksys.R!MTB&threatid=2147754982&enterprise=0
Name: Worm:Win32/Mofksys.R!MTB
Schweregrad: Schwerwiegend
Kategorie: Wurm
Pfad: file:_C:\Users\Cybot\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0004a3
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Program Files\RogueKiller\RogueKiller64.exe
Sicherheitsversion: AV: 1.343.706.0, AS: 1.343.706.0, NIS: 1.343.706.0
Modulversion: AM: 1.1.18300.4, NIS: 1.1.18300.4
Date: 2021-07-09 19:04:11
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Mofksys.RND!MTB&threatid=2147779160&enterprise=0
Name: Worm:Win32/Mofksys.RND!MTB
Schweregrad: Schwerwiegend
Kategorie: Wurm
Pfad: file:_C:\Windows\Resources\Themes\icsys.icn.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-LUNARIS\Cybot
Prozessname: C:\Windows\explorer.exe
Sicherheitsversion: AV: 1.343.688.0, AS: 1.343.688.0, NIS: 1.343.688.0
Modulversion: AM: 1.1.18300.4, NIS: 1.1.18300.4
Date: 2021-07-09 19:36:35
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Laden der Sicherheitsinformationen aufgetreten. Es wird versucht, zu einer als fehlerfrei bekannten Version zurückzukehren.
Sicherheitsversion versucht: Aktuell
Fehlercode: 0x80070003
Fehlerbeschreibung: Das System kann den angegebenen Pfad nicht finden.
tSicherheitsversion: 0.0.0.0;0.0.0.0
Modulversion: 0.0.0.0
Date: 2021-07-09 18:29:22
Description:
Fehler des Microsoft Defender Antivirus-Echtzeitschutz-Features.
Feature: Bei Zugriff
Fehlercode: 0x8007043c
Fehlerbeschreibung: Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Ursache: Die Antischadsoft-Sicherheitsfunktion wurde aus unbekanntem Grund beendet. Möglicherweise kann das Problem durch einen Neustart des Diensts behoben werden.
Date: 2021-06-29 11:15:33
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.341.1630.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18200.4
Fehlercode: 0x80070643
Fehlerbeschreibung: Schwerwiegender Fehler bei der Installation.
Date: 2021-06-29 11:15:26
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.343.25.0
%Vorherige Version der Sicherheitsinformationen: 1.341.1630.0
Update Source: Benutzer
Sicherheitstyp: AntiSpyware
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.18300.4
%Vorherige Modulversion: 1.1.18200.4
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.
Date: 2021-06-29 11:15:26
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 1.343.25.0
%Vorherige Version der Sicherheitsinformationen: 1.341.1630.0
Update Source: Benutzer
Sicherheitstyp: AntiVirus
Updatetyp: Delta
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 1.1.18300.4
%Vorherige Modulversion: 1.1.18200.4
Fehlercode: 0x80070666
Fehlerbeschreibung: Eine andere Version des Produkts ist bereits installiert. Die Installation dieser Version kann nicht fortgesetzt werden. Verwenden Sie die Systemsteuerungsoption "Software", um die vorhandene Version dieses Produkts zu konfigurieren oder zu entfernen.
CodeIntegrity:
===============
Date: 2021-07-10 00:11:58
Description:
Code Integrity determined that a process (System) attempted to load \Device\HarddiskVolume3\Users\Cybot\AppData\Local\Temp\ehdrv.sys that is not compatible with hypervisor enforcement. Failure bitmap 0x1. Status 0xC00000BB.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. GL502VS.306 05/17/2019
Hauptplatine: ASUSTeK COMPUTER INC. GL502VS
Prozessor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Prozentuale Nutzung des RAM: 32%
Installierter physikalischer RAM: 16319.89 MB
Verfügbarer physikalischer RAM: 11049.95 MB
Summe virtueller Speicher: 33727.89 MB
Verfügbarer virtueller Speicher: 26025.05 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:476.31 GB) (Free:270.4 GB) NTFS
Drive d: (Media) (Fixed) (Total:931.51 GB) (Free:473.72 GB) NTFS
\\?\Volume{a5d881f7-3b4b-4fce-9100-478c7ba2977e}\ () (Fixed) (Total:0.51 GB) (Free:0.08 GB) NTFS
\\?\Volume{04b4a0c8-c20c-4a05-afa4-3fc173952030}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 89CA9B69)
Partition: GPT.
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B72EE372)
Partition: GPT.
==================== Ende von Addition.txt =======================
Shortcut.txt: Code:
ATTFilter Untersuchungsergebnis der Verknüpfungen des Benutzers (x64) Version: 11-07-2021
durchgeführt von Cybot (11-07-2021 21:14:28)
Gestartet von C:\Users\Cybot\OneDrive\Desktop\Analysetools\FRST
Start-Modus: Normal
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Live Update.lnk -> C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK COMPUTER INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (Audacity Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (Epic Games, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk -> C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Program Files\Microsoft OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung DeX.lnk -> C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics Co., Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablett\Wacom Desktop Center.lnk -> C:\Program Files\Tablet\Wacom\32\WacomDesktopCenter.exe (Wacom Co. Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablett\Wacom Tablett-Eigenschaften.lnk -> C:\Program Files\Tablet\Wacom\Professional_CPL.exe (Wacom Co. Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Code\Visual Studio Code.lnk -> C:\Program Files\Microsoft VS Code\Code.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\NIHardwareAccessibilityHelper.exe.lnk -> C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareAccessibilityHelper.exe (Native Instruments GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\NTKDaemon.lnk -> C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe (Native Instruments GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX\FINAL FANTASY XIV ONLINE\FINAL FANTASY XIV System Information.lnk -> D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivsysinfo.exe (SQUARE ENIX CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX\FINAL FANTASY XIV ONLINE\FINAL FANTASY XIV.lnk -> D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller\RogueKiller.lnk -> C:\Program Files\RogueKiller\RogueKiller64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Traktor DJ 2\Traktor DJ 2.lnk -> C:\Program Files\Native Instruments\Traktor DJ 2\Traktor DJ.exe (Native Instruments GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Reaktor 6\Reaktor 6.lnk -> C:\Program Files\Native Instruments\Reaktor 6\Reaktor 6.exe (Native Instruments GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Native Access\Native Access.lnk -> C:\Program Files\Native Instruments\Native Access\Native Access.exe (Native Instruments GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Massive\Massive.lnk -> C:\Program Files\Native Instruments\Massive\Massive.exe (Native Instruments GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Maschine MK3\Maschine MK3 Control Panel.lnk -> C:\Program Files\Native Instruments\Maschine MK3 Driver\nimc3cpl.exe (Native Instruments GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Maschine 2\Maschine 2 (64-bit Mode).lnk -> C:\Program Files\Native Instruments\Maschine 2\Maschine 2.exe (Native Instruments GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Kontakt\Kontakt.lnk -> C:\Program Files\Native Instruments\Kontakt\Kontakt.exe (Native Instruments GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Komplete Kontrol\Komplete Kontrol (64-bit Mode).lnk -> C:\Program Files\Native Instruments\Komplete Kontrol\Komplete Kontrol.exe (Native Instruments GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Guitar Rig 5\Guitar Rig 5.lnk -> C:\Program Files\Native Instruments\Guitar Rig 5\Guitar Rig 5.exe (Native Instruments GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\FM8\FM8.lnk -> C:\Program Files\Native Instruments\FM8\FM8.exe (Native Instruments GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Creator Tools\Creator Tools.lnk -> C:\Program Files\Native Instruments\Creator Tools\Creator Tools.exe (Native Instruments GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Controller Editor\Controller Editor.lnk -> C:\Program Files\Native Instruments\Controller Editor\Controller Editor.exe (Native Instruments GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Battery 4\Battery 4.lnk -> C:\Program Files\Native Instruments\Battery 4\Battery 4.exe (Native Instruments GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Absynth 5\Absynth 5.lnk -> C:\Program Files\Native Instruments\Absynth 5\Absynth 5.exe (Native Instruments GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office-Spracheinstellungen.lnk -> C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetBrains\IntelliJ IDEA Community Edition 2021.1.1.lnk -> C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2021.1.1\bin\idea64.exe (JetBrains s.r.o.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jabra\Jabra Direct.lnk -> C:\Program Files (x86)\Jabra\Direct4\jabra-direct.exe (GN Audio A/S)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope\Ozone 9 Elements\Uninstall Ozone 9 Elements.lnk -> C:\Program Files\iZotope\Ozone 9 Elements\Uninstall Ozone 9 Elements.exe (iZotope, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape\Inkscape.lnk -> C:\Program Files\Inkscape\bin\inkscape.exe (Inkscape project)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape\Inkview.lnk -> C:\Program Files\Inkscape\bin\inkview.exe (Inkscape project)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape\Uninstall.lnk -> C:\Program Files\Inkscape\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\HWMonitor.exe (CPUID)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\Uninstall HWMonitor.lnk -> C:\Program Files\CPUID\HWMonitor\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Quick Menu\Quick Menu.lnk -> C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\My Image Garden\Image Display.lnk -> C:\Program Files (x86)\Canon\My Image Garden\CNQMSWCS.EXE (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\My Image Garden\My Image Garden.lnk -> C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Scan Utility\IJ Scan Utility.lnk -> C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Printer Assistant Tool\IJ Printer Assistant Tool.lnk -> C:\Program Files\Canon\Canon IJ Printer Assistant Tool\cnmpaui.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Network Scanner Selector EX2\IJ Network Scanner Selector EX2.lnk -> C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Easy-PhotoPrint Editor\Easy-PhotoPrint Editor.lnk -> C:\Program Files (x86)\Canon\Easy-PhotoPrint Editor\cneppeditor.exe (Canon Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon TS6100 series On-Screen-Handbuch\Canon TS6100 series On-Screen-Handbuch.lnk -> C:\Program Files\Canon\IJ Manual\TS6100 series\German\CDM\Top.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\WinFlash.Lnk -> C:\Program Files (x86)\ASUS\WinFlash\WinFlash.exe (ASUSTek Computer Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\Cybot\Links\Desktop.lnk -> C:\Users\Cybot\OneDrive\Desktop ()
Shortcut: C:\Users\Cybot\Links\Downloads.lnk -> C:\Users\Cybot\Downloads ()
Shortcut: C:\Users\Cybot\AppData\Roaming\Thunderbird\Profiles\kvhvcf5p.default-release\defaults\shortcuts\Mozilla Thunderbird (No Extensions).lnk -> D:\Sonstiges\thunderbird\thunderbird.exe (Keine Datei)
Shortcut: C:\Users\Cybot\AppData\Roaming\Thunderbird\Profiles\kvhvcf5p.default-release\defaults\shortcuts\Mozilla Thunderbird.lnk -> D:\Sonstiges\thunderbird\thunderbird.exe (Keine Datei)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk -> C:\Users\Cybot\AppData\Local\PCHealthCheck\PCHealthCheck.exe ()
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Help and HOW-TO.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.chm ()
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Release info.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.txt ()
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe ()
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan\Uninstall SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\uninstall.exe ()
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Cybot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook.lnk -> C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Cybot\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Keine Datei)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\Links\Desktop.lnk -> C:\Users\nikew\OneDrive\Desktop ()
Shortcut: C:\Users\nikew\Links\Downloads.lnk -> C:\Users\nikew\Downloads ()
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (Audacity Team)
Shortcut: C:\Users\Public\Desktop\Epic Games Launcher.lnk -> C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win32\EpicGamesLauncher.exe (Epic Games, Inc.)
Shortcut: C:\Users\Public\Desktop\FINAL FANTASY XIV ONLINE.lnk -> D:\Games\SquareEnix\FINAL FANTASY XIV - A Realm Reborn\boot\ffxivboot.exe (SQUARE ENIX CO., LTD.)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Public\Desktop\Inkscape.lnk -> C:\Program Files\Inkscape\bin\inkscape.exe (Inkscape project)
Shortcut: C:\Users\Public\Desktop\IntelliJ IDEA Community Edition 2021.1.1 x64.lnk -> C:\Program Files\JetBrains\IntelliJ IDEA Community Edition 2021.1.1\bin\idea64.exe (JetBrains s.r.o.)
Shortcut: C:\Users\Public\Desktop\Notepad++.lnk -> C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\Users\Public\Desktop\Samsung DeX.lnk -> C:\Program Files (x86)\Samsung\Samsung DeX\SamsungDeX.exe (Samsung Electronics Co., Ltd.)
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
Shortcut: C:\Users\Public\Desktop\Visual Studio Code.lnk -> C:\Program Files\Microsoft VS Code\Code.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) -> /tsr
ShortcutWithArgument: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RtkNGUI64.exe - Verknüpfung.lnk -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) -> -s
ShortcutWithArgument: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Cybot\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Cybot\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\nikew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\nikew\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\nikew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\nikew\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape\Inkscape Homepage.url -> URL: hxxps://inkscape.org
InternetURL: C:\ProgramData\Bome Software\Bome Virtual MIDI\BMIDI Driver on the web.url -> URL: hxxp://www.bome.com/
InternetURL: C:\Users\Cybot\Videos\Maschine_das_umfassende_Videotraining\+Alle Trainings auf einen Blick.url -> URL: hxxps://www.dvd-lernkurs.de
InternetURL: C:\Users\Cybot\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\BIOMUTANT.url -> URL: steam://rungameid/597820
InternetURL: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Cyberpunk 2077.url -> URL: steam://rungameid/1091500
InternetURL: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Krita.url -> URL: steam://rungameid/280680
InternetURL: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\No Man's Sky.url -> URL: steam://rungameid/275850
InternetURL: C:\Users\Cybot\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\The Elder Scrolls Online.url -> URL: steam://rungameid/306130
InternetURL: C:\Users\nikew\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\nikew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Counter-Strike Global Offensive.url -> URL: steam://rungameid/730
InternetURL: C:\Users\nikew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Valheim.url -> URL: steam://rungameid/892970
==================== Ende vom Shortcut.txt =============================
|
|
12.07.2021, 00:04
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 10: Infektion mit Wurm Mofksys - System nun sauber? Danke für die Logs. Wäre noch schön wenn du schreibst was genau wo gefunden wurde ohne dass wir suchen müssen.
__________________
__________________ |
|
12.07.2021, 19:49
| #4 |
| | Windows 10: Infektion mit Wurm Mofksys - System nun sauber? Oh, entschuldige bitte! Ich dachte, das ginge aus der Additions hervor. Windows Defender hat diese Funde gemeldet, als ich das Tool "Read Info Huawei.rar" in meinem Downloads-Ordner entpacken wollte. Code:
ATTFilter Name: Worm:Win32/Mofksys.RND!MTB
ID: 2147779160
Schweregrad: Schwerwiegend
Kategorie: Wurm
Pfad: file:_C:\Users\Cybot\Downloads\Read Info Huawei\Read Info Huawei.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-LUNARIS\Cybot
Prozessname: C:\Windows\System32\svchost.exe
Name: Worm:Win32/Mofksys.R!MTB
ID: 2147754982
Schweregrad: Schwerwiegend
Kategorie: Wurm
Pfad: file:_C:\Users\Cybot\Downloads\Read Info Huawei.rar
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-LUNARIS\Cybot
Prozessname: C:\Windows\System32\svchost.exe
Name: Worm:Win32/Mofksys.R!MTB
ID: 2147754982
Schweregrad: Schwerwiegend
Kategorie: Wurm
Pfad: file:_C:\Users\Cybot\Downloads\Nicht bestätigt 750116.crdownload; file:_C:\Users\Cybot\Downloads\Read Info Huawei.rar
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-LUNARIS\Cybot
Prozessname: C:\Windows\System32\svchost.exe
Name: Worm:Win32/Mofksys.RND!MTB
ID: 2147779160
Schweregrad: Schwerwiegend
Kategorie: Wurm
Pfad: file:_C:\Windows\Resources\svchost.exe; file:_C:\Windows\Resources\Themes\explorer.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-LUNARIS\Cybot
Prozessname: C:\Windows\System32\perfmon.exe
Name: Worm:Win32/Mofksys.RND!MTB
ID: 2147779160
Schweregrad: Schwerwiegend
Kategorie: Wurm
Pfad: file:_C:\Windows\Resources\svchost.exe; process:_pid:10460,ProcessStart:132703207848684956; regkey:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\Svchost; runonce:_HKLM\SOFTWARE\Wow6432Node\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE\\Svchost
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: System
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Windows\Resources\svchost.exe
Name: Worm:Win32/Mofksys.RND!MTB
ID: 2147779160
Schweregrad: Schwerwiegend
Kategorie: Wurm
Pfad: file:_C:\Windows\Resources\spoolsv.exe; file:_C:\Windows\Resources\svchost.exe; file:_C:\Windows\Resources\Themes\explorer.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-LUNARIS\Cybot
Prozessname: C:\Windows\Resources\Themes\explorer.exe
Name: Worm:Win32/Mofksys.RND!MTB
ID: 2147779160
Schweregrad: Schwerwiegend
Kategorie: Wurm
Pfad: file:_C:\Windows\Resources\Themes\icsys.icn.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-LUNARIS\Cybot
Prozessname: C:\Windows\explorer.exe
Allerdings hat der Windows Defender ein paar Stunden später wieder angeschlagen mit folgendem Eintrag: Code:
ATTFilter Name: Worm:Win32/Mofksys.R!MTB
ID: 2147754982
Schweregrad: Schwerwiegend
Kategorie: Wurm
Pfad: file:_C:\Users\Cybot\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0004a2; file:_C:\Users\Cybot\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0004a3; file:_C:\Users\Cybot\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0004a4
Erkennungsursprung: Lokaler Computer
Erkennungstype: FastPath
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Program Files\RogueKiller\RogueKiller64.exe
Edit: Und auch sämtliche temporäre Dateien, sowie den Dateisystemverlauf gelöscht Geändert von Silverdragon_w (12.07.2021 um 20:10 Uhr) |
|
12.07.2021, 20:24
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 10: Infektion mit Wurm Mofksys - System nun sauber?Zitat:
Wenn es nicht zur Ausführung kam weil der Defender glücklicherweise noch gerade rechtzeitig eingriff, gibt es keinen Grund für eine weitere Analyse. Und dann gab es auch keinen Grund für eine SWH.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.07.2021, 20:51
| #6 |
| | Windows 10: Infektion mit Wurm Mofksys - System nun sauber? Die .exe selbst nicht. Der Defender hat schon beim/nach dem Entpacken vom Archiv angeschlagen. Siehe der zweite Eintrag bei den Funden in meinem letzten Post. Besagter YouTuber hatte seinen kompletten Channel voll mit eigentlich gut gemachten Android-Rat&Tat-Videos und es als sein eigenes Tool angepriesen... Da war ich tatsächlich zu blauäugig  Aber dann bin ich beruhigt, wenn hier der Defender noch rechtzeitig handeln konnte und auch für dich/euch mein Log soweit sauber aussieht! Die Wiederherstellung hatte ich durchgeführt, nachdem ich über den Schädling auf der Sophos-Seite gelesen hatte, dass dieser sich direkt repliziert und sämtliche Festplatten/Dateien befällt -> Kurzschlussreaktion  |
|
14.07.2021, 10:46
| #7 |
| /// TB-Ausbilder | Windows 10: Infektion mit Wurm Mofksys - System nun sauber? Schritt 1
Dann wären wir durch! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Abschließend bitte noch einen Cleanup mit unserem TBCleanUpTool durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt: Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst...  Vielleicht möchtest du das Forum mit einer kleinen Spende  unterstützen.  Hinweis: Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
14.07.2021, 10:46
| #8 |
| /// TB-Ausbilder | Windows 10: Infektion mit Wurm Mofksys - System nun sauber? Wir sind froh, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Jeder andere bitte hier klicken und ein eigenes Thema erstellen. |
|
| Themen zu Windows 10: Infektion mit Wurm Mofksys - System nun sauber? |
| administrator, asus, auswerten, canon, computer, defender, geforce, google, home, homepage, internet, kaputt, nvcontainer, nvcontainer.exe, nvidia, performance, prozesse, realtek, rundll, scan, schädling, software, system, temp, updates, usb, windows, wurm |
Lesestoff:
Linear-Darstellung
