| |
| |||||||
Log-Analyse und Auswertung: WINDOWS 10: .SCR Malware BefallWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
15.11.2022, 14:48
| #1 |
| |  WINDOWS 10: .SCR Malware Befall Ich habe eine unseriöse Mail erhalten in der ein Dropbox-Link verlinkt war. Ich war dumm genug die zip Datei in dieser Dropbox runter zu laden und die darin enthaltenden .SCR Dateien auszuführen. Nachdem ich die Datei nicht öffnen konnte, habe ich ein wenig recherchiert und bin auf den ".SCR Malware Hack" gestoßen, von welchem ich höchst wahrscheinlich Befallen wurde. Die Mail, inklusive des Dropbox-Links und die zip Datei ist noch vorhanden, falls ich diese noch nachreichen sollte. Inwiefern muss ich mir nach der Bereinigung meines PC's Gedanken machen, was von meinen Daten preisgegeben wurde und wie genau sollte ich danach agieren? Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-11-2022
durchgeführt von Anwender (Administrator) auf MEAN-MACHINE (Micro-Star International Co., Ltd. MS-7B79) (15-11-2022 14:22:56)
Gestartet von C:\Users\Anwender\AppData\Local\Temp\scoped_dir14736_1598031958
Geladene Profile: Anwender
Plattform: Microsoft Windows 10 Home Version 22H2 19045.2251 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Opera
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(A-Volute SAS -> A-Volute) C:\Users\Anwender\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.exe <3>
(Blizzard Entertainment, Inc. -> Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.8067\Agent.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) () [Datei ist nicht signiert] C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.battery.sdPlugin\com.barraider.battery.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) () [Datei ist nicht signiert] C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.spotify.sdPlugin\com.barraider.spotify.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) () [Datei ist nicht signiert] C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\com.elgato.cpu.sdPlugin\cpu.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) () [Datei ist nicht signiert] C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\com.streamelements.obslive.sdPlugin\obslive-sdplugin.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) () [Datei ist nicht signiert] C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\tv.twitch.studio.sdPlugin\twitchstudiostreamdeck.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) (BarRaider) [Datei ist nicht signiert] C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.twitchtools.sdPlugin\com.barraider.twitchtools.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) (com.barraider.obstools) [Datei ist nicht signiert] C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\com.barraider.obstools.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) (Frederick Emmott -> ) C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\com.fredemmott.micmutetoggle.sdPlugin\sdmicmute.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) (The Qt Company Oy -> The Qt Company Ltd.) C:\Program Files\Elgato\StreamDeck\QtWebEngineProcess.exe <6>
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) (Voicemod Sociedad Limitada -> ) C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\net.voicemod.windowsdesktop.sdPlugin\voicemodplugin.exe
(C:\Program Files\LGHUB\lghub.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCopyAccelerator.exe
(C:\Users\Anwender\AppData\Local\Programs\Opera GX\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Anwender\AppData\Local\Programs\Opera GX\91.0.4516.106\opera_crashreporter.exe
(Discord Inc. -> Discord Inc.) C:\Users\Anwender\AppData\Local\Discord\app-1.0.9007\Discord.exe <6>
(explorer.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc) C:\Program Files\Elgato\StreamDeck\StreamDeck.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe <3>
(explorer.exe ->) (Nota Inc. -> Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(explorer.exe ->) (Opera Software AS -> Opera Software) C:\Users\Anwender\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe <2>
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(explorer.exe ->) (Vincent Burel -> VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicService.exe
(services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bd530e4cbd42e0a3\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3dd75df32535321a\RtkAudUService64.exe <2>
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Skutta, Kristjan -> ) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22092.211.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Anwender\AppData\Local\Programs\Opera GX\opera.exe <27>
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3dd75df32535321a\RtkAudUService64.exe [1361000 2021-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3951968 2019-07-09] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3089288 2022-10-25] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [Stream Deck] => C:\Program Files\Elgato\StreamDeck\StreamDeck.exe [11144232 2022-09-29] (Corsair Memory, Inc. -> Corsair Memory, Inc)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [Discord] => C:\Users\Anwender\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4234088 2022-10-19] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [Spotify] => C:\Users\Anwender\AppData\Roaming\Spotify\Spotify.exe [20232568 2022-11-12] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [915848 2020-03-30] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [14433864 2020-07-31] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [152025856 2022-10-25] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Anwender\AppData\Local\Microsoft\Teams\Update.exe [2452664 2020-11-10] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32616416 2022-05-11] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [Opera GX Browser Assistant] => C:\Users\Anwender\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Anwender\Desktop\photopea\_PHOTO~1\PHOTOP~2.SCR
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\107.0.5304.107\Installer\chrmstp.exe [2022-11-10] (Google LLC -> Google LLC)
Startup: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2021-10-24]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe (Vincent Burel -> VB-AUDIO Software)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {015C246E-40A7-4FAD-B631-B297A4E853EF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8576000 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {0EFA1366-CECB-425F-84B2-ABC5DD261F5E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1739B963-06B8-4DD9-9FA2-ABAB1D91EBB5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-08-30] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {1E161918-E87E-4995-B4EF-0BC6AAA585B4} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {409A0E3F-320D-43B2-97DD-909698D9E08D} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)
Task: {41C4A322-598A-44D9-994E-081E93B4F82A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {5BF59928-A479-47AA-937F-E73AF125FA58} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {75A1424E-8CE6-452C-875B-AB21166BAB38} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {92AE3312-DD00-43B8-B253-0AFDD6E26F12} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8576000 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {9BAC744A-E459-408C-A92C-4FC1F1604481} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-02] (Google Inc -> Google LLC)
Task: {A2947668-9BBB-4858-A8CB-F53185FC88F2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144312 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {A55EF7FA-BB7C-4BA1-B404-95DF300F1706} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A9FA51FA-473D-4376-9A78-7634C4F9FE44} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [66936 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {CBF6DB5E-6F02-4CDD-8213-0815F9EC8697} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {D2E71353-4AFB-4FE7-9D8C-0BC58B510878} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-02] (Google Inc -> Google LLC)
Task: {D39B5433-58F1-46C5-81D4-C093EF681D77} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D69BE544-84E1-45BC-8391-DB8F74EEC3AC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DFBA51AB-3FAF-43C7-96CF-F29242902FEF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154960 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {E96CDAB2-BF6E-4D21-BF99-56337114838D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {EB6B7195-55F8-42D6-B897-35F0AF58DADC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144312 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC873EBF-40C0-4FC3-823C-B77BE3514B1F} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {F29CB073-D387-4AA8-A3E5-AFE35FE4A978} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154960 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {F2DA71F2-D693-4E60-B31E-0CD88A6EE3FC} - System32\Tasks\Opera GX scheduled Autoupdate 1643148445 => C:\Users\Anwender\AppData\Local\Programs\Opera GX\launcher.exe [2471880 2022-10-28] (Opera Norway AS -> Opera Software)
Task: {F4C6A0C8-CFD2-45AB-B1A2-0A5A056AB148} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)
Task: {F561B9AE-7FCF-4130-8613-DFE1FA880D08} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {F7ECD032-CE1E-432D-98F2-E06F4A4B1FD8} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1644846457 => C:\Users\Anwender\AppData\Local\Programs\Opera GX\launcher.exe [2471880 2022-10-28] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Anwender\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {F94A1AEF-769F-4572-97FD-2A99693793E8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2022-10-17] (Nvidia Corporation -> NVIDIA Corporation)
Task: {FD5B10C9-3331-4BC7-B61E-CFC05AC3249A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{26a2f333-5b78-4917-a043-c3e576c811a7}: [DhcpNameServer] 192.168.2.1
Edge:
=======
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Anwender\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-21]
Edge DefaultSearchURL: Default -> hxxps://manageyoursearch.com/?q={searchTerms}
Edge DefaultSuggestURL: Default -> hxxps://manageyoursearch.com/suggest?q={searchTerms}
Edge Extension: (Outlook) - C:\Users\Anwender\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-16]
Edge Extension: (Word) - C:\Users\Anwender\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-16]
Edge Extension: (Excel) - C:\Users\Anwender\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-16]
Edge Extension: (Search Manager) - C:\Users\Anwender\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh [2020-06-26]
Edge Extension: (PowerPoint) - C:\Users\Anwender\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-16]
Edge HKLM\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
Edge HKU\S-1-5-21-1577740540-671938675-3438131953-1000\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
Edge HKLM-x32\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
FireFox:
========
FF DefaultProfile: jpluq1gd.default
FF ProfilePath: C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\jpluq1gd.default [2020-04-08]
FF ProfilePath: C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\la25466s.default-release [2022-09-05]
FF Extension: (BetterTTV) - C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\la25466s.default-release\Extensions\firefox@betterttv.net.xpi [2022-02-27]
FF Extension: (Search Manager) - C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\la25466s.default-release\Extensions\{24436206-088d-4a1a-8d0e-cf93ca7a2d23}.xpi [2020-04-08] [UpdateUrl:hxxps://qupotomu.com/update?x=restype=ffjson]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default [2022-11-05]
CHR Extension: (BetterTTV) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2022-10-02]
CHR Extension: (7TV) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\ammjkodgmmoknidbanneddgankgfejfh [2022-09-06]
CHR Extension: (Screencap) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\aniaallgmlgdlefladlfhadglocahllm [2021-02-21]
CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-09-06]
CHR Extension: (Watch2Gether) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimpffimgeipdhnhjohpbehjkcdpjolg [2022-10-12]
CHR Extension: (Dark Reader) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2022-10-07]
CHR Extension: (Google Docs Offline) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-06]
CHR Extension: (Coupert DE - Coupon Finder & Cashback) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidniedemcgceagapgdekdbmanojomk [2022-10-26]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2022-10-12]
CHR Profile: C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-11-02]
CHR Profile: C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-10-07]
CHR Extension: (Dark Reader) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2022-10-07]
CHR Extension: (Google Docs Offline) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-10-07]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-10-07]
CHR Profile: C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\System Profile [2022-11-02]
Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-1577740540-671938675-3438131953-1000) Opera GXStable - "C:\Users\Anwender\AppData\Local\Programs\Opera GX\Launcher.exe"
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8736880 2020-12-11] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12516280 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
S3 dcsvc; C:\WINDOWS\system32\dcsvc.dll [785408 2022-11-11] (Microsoft Windows -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1134624 2022-09-28] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [584680 2022-09-28] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2022-07-19] (Epic Games Inc. -> Epic Games, Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1677384 2020-07-31] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-05-06] (GOG Sp. z o.o. -> GOG.com)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10097408 2022-10-25] (Logitech Inc -> Logitech, Inc.)
R2 LogiFacecamService; C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe [499336 2020-05-18] (Logitech Inc -> Logitech)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1888424 2021-10-08] (A-Volute SAS -> Nahimic)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13261608 2021-05-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10426128 2022-10-25] (Riot Games, Inc. -> Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe [3191272 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe [133544 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bd530e4cbd42e0a3\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bd530e4cbd42e0a3\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [44880 2022-09-28] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [32080 2022-09-28] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [73040 2022-09-28] (Logitech Inc -> Logitech)
R3 MpKsl14e34f16; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{13FE8EE2-DE73-475D-A182-54C3A1262AC5}\MpKslDrv.sys [214280 2022-11-15] (Microsoft Windows -> Microsoft Corporation)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85616 2021-08-13] (A-Volute -> Windows (R) Win 7 DDK provider)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
S3 VBAudioVACAMME; C:\WINDOWS\System32\drivers\vbaudio_cablea64_win7.sys [41144 2015-10-19] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 VBAudioVACBMME; C:\WINDOWS\System32\drivers\vbaudio_cableb64_win7.sys [41144 2015-10-19] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMAUXVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmauxvaio64_win10.sys [71920 2021-10-24] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win10.sys [71712 2021-10-24] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8738816 2022-10-25] (Riot Games, Inc. -> Riot Games, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-11-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [469288 2022-11-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-11] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-11-15 14:22 - 2022-11-15 14:23 - 000000000 ____D C:\FRST
2022-11-15 10:53 - 2022-11-15 10:53 - 002512923 _____ C:\Users\Anwender\Downloads\[Photopea] Promotional Materials.zip
2022-11-14 16:00 - 2022-11-14 16:00 - 000000000 ___HD C:\$WinREAgent
2022-11-12 23:32 - 2022-11-12 23:32 - 014638290 _____ C:\Users\Anwender\Downloads\streamladder-gliding.mp4
2022-11-11 17:45 - 2022-11-11 17:45 - 000688128 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-11-11 17:45 - 2022-11-11 17:45 - 000073216 _____ C:\WINDOWS\system32\nettraceex.dll
2022-11-11 17:45 - 2022-11-11 17:45 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-11-11 17:44 - 2022-11-11 17:44 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-11-11 15:46 - 2022-11-11 15:46 - 000000000 ____D C:\Users\Anwender\AppData\Roaming\Brotato
2022-11-11 13:27 - 2022-11-11 13:27 - 000000223 _____ C:\Users\Anwender\Desktop\Brotato.url
2022-11-10 23:17 - 2022-11-10 23:17 - 008454082 _____ C:\Users\Anwender\Downloads\streamladder-look.mp4
2022-11-10 23:14 - 2022-11-10 23:14 - 013029222 _____ C:\Users\Anwender\Downloads\streamladder-riot fart.mp4
2022-11-10 23:14 - 2022-11-10 23:14 - 006073065 _____ C:\Users\Anwender\Downloads\AT-cm_fq8K0dgoHLq5txen-lOqyw (1).mp4
2022-11-10 20:22 - 2022-11-09 11:03 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-11-10 20:22 - 2022-11-09 11:03 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-11-10 20:22 - 2022-11-09 11:03 - 001642592 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-11-10 20:22 - 2022-11-09 11:03 - 001642592 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-11-10 20:22 - 2022-11-09 11:03 - 001487912 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-11-10 20:22 - 2022-11-09 11:03 - 001444416 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-11-10 20:22 - 2022-11-09 11:03 - 001444416 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-11-10 20:22 - 2022-11-09 11:03 - 001227304 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-11-10 20:22 - 2022-11-09 11:03 - 001168960 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-11-10 20:22 - 2022-11-09 11:03 - 001168960 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-11-10 20:22 - 2022-11-09 10:59 - 000865272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-11-10 20:22 - 2022-11-09 10:59 - 000672232 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-11-10 20:22 - 2022-11-09 10:59 - 000507432 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-11-10 20:22 - 2022-11-09 10:58 - 002162176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-11-10 20:22 - 2022-11-09 10:58 - 001618408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-11-10 20:22 - 2022-11-09 10:58 - 001531400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-11-10 20:22 - 2022-11-09 10:58 - 001190392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-11-10 20:22 - 2022-11-09 10:58 - 000950280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-11-10 20:22 - 2022-11-09 10:58 - 000746536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-11-10 20:22 - 2022-11-09 10:58 - 000734184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-11-10 20:22 - 2022-11-09 10:57 - 012452360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-11-10 20:22 - 2022-11-09 10:57 - 010218488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-11-10 20:22 - 2022-11-09 10:57 - 005891072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-11-10 20:22 - 2022-11-09 10:57 - 005856744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2022-11-10 20:22 - 2022-11-09 10:57 - 003334136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-11-10 20:22 - 2022-11-09 10:57 - 000457752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-11-10 20:22 - 2022-11-09 10:56 - 005816312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2022-11-10 20:22 - 2022-11-09 10:56 - 000853016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-11-10 20:22 - 2022-11-08 23:40 - 000100589 _____ C:\WINDOWS\system32\nvinfo.pb
2022-11-09 15:27 - 2022-11-09 15:27 - 006073065 _____ C:\Users\Anwender\Downloads\AT-cm_fq8K0dgoHLq5txen-lOqyw.mp4
2022-11-06 21:17 - 2022-11-06 21:17 - 000000061 _____ C:\Users\Anwender\Desktop\Betriebsausgaben.txt
2022-11-06 20:04 - 2022-11-06 20:04 - 023253183 _____ C:\Users\Anwender\Downloads\streamladder-god damn.mp4
2022-11-05 12:27 - 2022-11-08 13:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-11-03 23:01 - 2022-11-03 23:01 - 001450503 _____ C:\Users\Anwender\Downloads\Snaptik.app_7111311398293998854.mp4
2022-10-31 23:35 - 2022-10-31 23:35 - 014925164 _____ C:\Users\Anwender\Downloads\streamladder-NERF GRAVES .mp4
2022-10-31 00:49 - 2022-10-31 00:49 - 017649305 _____ C:\Users\Anwender\Downloads\streamladder-SCRIPTING SEJUANI _XD.mp4
2022-10-30 21:37 - 2022-10-30 21:37 - 000000223 _____ C:\Users\Anwender\Desktop\Love, Sam.url
2022-10-27 22:55 - 2022-10-27 22:55 - 017142084 _____ C:\Users\Anwender\Downloads\streamladder-lesgoo (1).mp4
2022-10-27 20:16 - 2022-10-26 01:15 - 000041984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2022-10-26 22:00 - 2022-10-26 22:00 - 027429986 _____ C:\Users\Anwender\Downloads\streamladder-lesgoo.mp4
2022-10-26 12:54 - 2022-10-26 12:54 - 000000650 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2022-10-26 12:54 - 2022-10-26 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2022-10-23 20:06 - 2022-07-14 00:32 - 000060112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2022-10-21 18:32 - 2022-10-21 18:32 - 000056548 _____ C:\Users\Anwender\Downloads\Lebenslauf_von_Nick_Haberkorn.pdf
2022-10-21 15:00 - 2022-10-21 15:00 - 002819410 _____ C:\Users\Anwender\Downloads\flying-elbow-drop-onto-microwave-wwe-cm-punk-style-ytshorts.savetube.me.mp4
2022-10-21 14:14 - 2022-10-21 14:14 - 030015081 _____ C:\Users\Anwender\Downloads\streamladder-AT-cm_8JJr1bAV6CjTyTtsOOUOvg.mp4
2022-10-20 18:57 - 2022-10-20 18:57 - 011776794 _____ C:\Users\Anwender\Downloads\AT-cm_8JJr1bAV6CjTyTtsOOUOvg.mp4
2022-10-18 16:43 - 2022-10-18 16:43 - 026718839 _____ C:\Users\Anwender\Downloads\streamladder-wat.mp4
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-11-15 14:23 - 2019-11-02 21:26 - 000000000 ____D C:\Users\Anwender\AppData\Roaming\Discord
2022-11-15 14:22 - 2020-04-15 20:49 - 000000000 ____D C:\Users\Anwender\AppData\Local\Battle.net
2022-11-15 14:22 - 2019-12-11 15:36 - 000000000 ____D C:\Users\Anwender\Desktop\Rengar related
2022-11-15 14:21 - 2019-11-02 20:35 - 000000000 ____D C:\Users\Anwender\AppData\Local\D3DSCache
2022-11-15 14:16 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-15 14:09 - 2019-11-02 22:14 - 000000000 ____D C:\Program Files (x86)\Steam
2022-11-15 14:09 - 2019-11-02 21:02 - 000000000 ____D C:\Program Files (x86)\Google
2022-11-15 14:02 - 2019-11-02 21:26 - 000000000 ____D C:\Users\Anwender\AppData\Local\Discord
2022-11-15 13:49 - 2020-11-04 13:19 - 000000000 ____D C:\Users\Anwender\AppData\Local\LGHUB
2022-11-15 12:43 - 2019-10-31 13:36 - 000000000 ____D C:\ProgramData\NVIDIA
2022-11-15 11:39 - 2021-01-24 14:55 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-11-15 11:37 - 2020-09-02 13:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-11-15 11:08 - 2020-09-02 13:53 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-11-15 11:08 - 2019-12-07 15:50 - 000743708 _____ C:\WINDOWS\system32\perfh007.dat
2022-11-15 11:08 - 2019-12-07 15:50 - 000150130 _____ C:\WINDOWS\system32\perfc007.dat
2022-11-15 11:08 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-11-15 11:05 - 2020-11-27 12:14 - 000000000 ____D C:\Users\Anwender\AppData\Local\CrashDumps
2022-11-15 11:04 - 2020-04-07 19:38 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2022-11-15 11:02 - 2020-11-04 13:19 - 000000000 ____D C:\Users\Anwender\AppData\Roaming\LGHUB
2022-11-15 11:01 - 2020-09-02 13:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-11-15 11:01 - 2020-09-02 13:44 - 000008192 ___SH C:\DumpStack.log.tmp
2022-11-15 11:01 - 2020-03-20 12:15 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2022-11-15 11:01 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-11-15 11:00 - 2021-10-24 12:29 - 000037958 _____ C:\Users\Anwender\AppData\Roaming\VoiceMeeterBananaDefault.xml
2022-11-15 11:00 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-11-15 10:38 - 2020-04-06 22:23 - 000000000 ____D C:\Users\Anwender\AppData\LocalLow\Mozilla
2022-11-14 22:36 - 2019-11-03 10:05 - 000000000 ____D C:\Users\Anwender\AppData\Roaming\obs-studio
2022-11-14 22:18 - 2019-11-16 22:36 - 000000000 ____D C:\Users\Anwender\AppData\Roaming\Spotify
2022-11-14 21:54 - 2019-11-02 21:05 - 000000000 ____D C:\ProgramData\Riot Games
2022-11-14 20:42 - 2019-11-16 22:36 - 000000000 ____D C:\Users\Anwender\AppData\Local\Spotify
2022-11-14 18:34 - 2020-06-26 08:52 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-14 18:34 - 2020-06-26 08:52 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-11-14 18:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-14 18:34 - 2019-11-02 21:02 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-11-14 18:34 - 2019-11-02 21:02 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-11-14 16:02 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-11-13 18:05 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-12 15:42 - 2020-09-02 13:48 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-11-12 15:42 - 2020-09-02 13:48 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-11-11 19:11 - 2020-09-02 13:44 - 000444672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-11-11 19:10 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-11-11 19:10 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-11-11 19:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-11-11 19:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-11-11 19:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-11-11 19:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-11-11 19:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-11-11 17:44 - 2020-09-02 13:48 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-11-11 17:39 - 2019-11-02 19:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-11-11 17:37 - 2019-11-02 19:35 - 146960040 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-11-11 13:18 - 2019-10-31 13:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-11-10 20:26 - 2022-04-22 20:26 - 000000000 ____D C:\Program Files\Riot Vanguard
2022-11-10 15:25 - 2022-02-07 18:21 - 000000000 ____D C:\Users\Anwender\AppData\Roaming\Vampire_Survivors
2022-11-09 17:16 - 2020-04-15 20:49 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-11-09 10:55 - 2022-09-05 14:34 - 007642816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2022-11-09 10:55 - 2022-09-05 14:34 - 006512336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-11-08 18:46 - 2020-09-02 13:48 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1577740540-671938675-3438131953-1000
2022-11-08 18:46 - 2020-09-02 13:38 - 000002404 _____ C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-11-08 13:24 - 2020-04-06 22:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-11-05 19:27 - 2021-10-12 15:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-11-05 19:27 - 2020-04-06 22:23 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-11-05 19:05 - 2019-10-31 13:38 - 000000000 ____D C:\Users\Anwender\AppData\Local\Packages
2022-11-03 16:24 - 2021-12-12 19:42 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1577740540-671938675-3438131953-1000
2022-11-03 15:18 - 2019-11-18 15:49 - 000000000 ____D C:\Program Files\Microsoft Office
2022-11-02 14:55 - 2022-01-25 23:07 - 000004246 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1643148445
2022-11-02 14:55 - 2022-01-25 23:07 - 000001443 _____ C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk
2022-10-26 12:54 - 2020-11-04 13:19 - 000000000 ____D C:\Program Files\LGHUB
2022-10-26 01:15 - 2022-09-05 14:34 - 000129000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2022-10-25 19:53 - 2022-10-14 21:49 - 000000000 ____D C:\Program Files (x86)\Overwatch
2022-10-23 20:06 - 2022-05-31 22:33 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000001443 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2022-10-23 20:06 - 2019-10-31 13:36 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-10-23 20:06 - 2019-10-31 13:36 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-10-23 20:06 - 2019-10-31 13:36 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-10-22 22:12 - 2022-09-13 21:01 - 000000000 ____D C:\ProgramData\boost_interprocess
2022-10-22 14:52 - 2019-11-02 21:26 - 000002242 _____ C:\Users\Anwender\Desktop\Discord.lnk
2022-10-17 21:49 - 2022-09-15 21:54 - 000000675 _____ C:\Users\Anwender\Desktop\24hstream.txt
2022-10-17 07:25 - 2022-05-31 22:33 - 002890296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2022-10-17 07:25 - 2022-05-31 22:33 - 002224696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2022-10-17 07:25 - 2022-05-31 22:33 - 001297464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2020-01-24 20:25 - 2020-01-24 20:25 - 000000000 _____ () C:\Users\Anwender\AppData\Roaming\nexus2.txt
2021-09-17 16:56 - 2022-10-12 17:31 - 000000016 _____ () C:\Users\Anwender\AppData\Roaming\obs-virtualcam.txt
2021-10-24 12:29 - 2022-11-15 11:00 - 000037958 _____ () C:\Users\Anwender\AppData\Roaming\VoiceMeeterBananaDefault.xml
2021-10-24 11:14 - 2021-10-24 11:16 - 000006095 _____ () C:\Users\Anwender\AppData\Roaming\VoiceMeeterDefault.xml
2021-04-08 10:19 - 2021-04-08 10:19 - 000000024 _____ () C:\Users\Anwender\AppData\Roaming\Microsoft\{8ADA9B80-E373-E18E-DB02-F11B969F143C}
2022-01-22 13:39 - 2022-06-10 00:11 - 001097870 _____ () C:\Users\Anwender\AppData\Local\PlariumPlay.log
2022-08-29 17:39 - 2022-08-29 17:39 - 000007605 _____ () C:\Users\Anwender\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-11-2022
durchgeführt von Anwender (15-11-2022 14:23:44)
Gestartet von C:\Users\Anwender\AppData\Local\Temp\scoped_dir14736_1598031958
Microsoft Windows 10 Home Version 22H2 19045.2251 (X64) (2020-09-02 12:48:31)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-1577740540-671938675-3438131953-500 - Administrator - Disabled)
Anwender (S-1-5-21-1577740540-671938675-3438131953-1000 - Administrator - Enabled) => C:\Users\Anwender
DefaultAccount (S-1-5-21-1577740540-671938675-3438131953-503 - Limited - Disabled)
Gast (S-1-5-21-1577740540-671938675-3438131953-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1577740540-671938675-3438131953-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blackmagic RAW Common Components (HKLM\...\{28612306-CE2C-429F-8288-D707C9A84838}) (Version: 1.8.1 - Blackmagic Design)
Chatterino7 version 7.3.5 (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\{F5FE6614-04D4-4D32-8600-0ABA0AC113A4}_is1) (Version: 7.3.5 - 7TV)
DaVinci Resolve (HKLM\...\{8CD009CC-08AB-4873-BA5C-DC4AEA8BACEB}) (Version: 16.2.7010 - Blackmagic Design)
DaVinci Resolve Keyboards (HKLM\...\{04F776FB-37A2-4116-84F2-6CF3D731999D}) (Version: 1.0.0.0 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{567706B7-1501-43BC-81AB-C7E306B40C73}) (Version: 1.3.2.0 - Blackmagic Design)
Discord (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Discord) (Version: 0.0.309 - Discord Inc.)
Elgato Stream Deck (HKLM\...\{D2A26B85-6DA9-40F7-8717-CB8F78E3AFEA}) (Version: 5.3.3.15214 - Elgato Systems GmbH)
Epic Games Launcher (HKLM-x32\...\{07D9F8F3-EC99-4133-919D-DA341C62937C}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{B3DE52F7-D9AA-49EF-873F-506F76CD45B8}) (Version: 2.0.35.0 - Epic Games, Inc.)
Excel (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.107 - Google LLC)
Gyazo 4.1.2.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
League of Legends PBE (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Riot Game league_of_legends.pbe) (Version: - Riot Games, Inc)
Logitech Capture (HKLM\...\Capture) (Version: 2.02.155 - Logitech)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2022.10.326382 - Logitech)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.42 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.42 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - de-de (HKLM\...\ProPlus2019Retail - de-de) (Version: 16.0.15726.20174 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\OneDriveSetup.exe) (Version: 22.217.1016.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Teams) (Version: 1.3.00.28779 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{80F1AF52-7AC0-42A3-9AF0-689BFB271D1D}) (Version: 3.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 106.0.5 (x64 de)) (Version: 106.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0.1 - Mozilla)
NVIDIA FrameView SDK 1.3.8107.31782123 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8107.31782123 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.26.0.154 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.26.0.154 - NVIDIA Corporation)
NVIDIA Grafiktreiber 526.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 526.86 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.39.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.16 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.2.4 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.15726.20096 - Microsoft Corporation) Hidden
Opera GX Stable 91.0.4516.106 (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Opera GX 91.0.4516.106) (Version: 91.0.4516.106 - Opera Software)
Outlook (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PowerPoint (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Snaz version 1.12.6.0 (HKLM-x32\...\{70A76031-FDC6-4F9B-BB5C-33776703F45A}_is1) (Version: 1.12.6.0 - JimsApps)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Spotify) (Version: 1.1.98.691.gf759311c - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StreamElements SE.Live (HKLM-x32\...\StreamElements OBS.Live) (Version: 22.9.8.69 - StreamElements)
StreamLabels 0.3.4 (only current user) (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\8000d50a-fcb7-5b38-8a3b-a02a0ec79daa) (Version: 0.3.4 - Streamlabs)
StreamLabels 0.4.1 (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\{8000d50a-fcb7-5b38-8a3b-a02a0ec79daa}) (Version: 0.4.1 - Streamlabs)
Streamlabs Desktop 1.11.1 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 1.11.1 - General Workings, Inc.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.3.2 - TeamSpeak Systems GmbH)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.18.5 - TeamViewer)
VALORANT (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)
Packages:
=========
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.91.2.0_x64__kgqvnymyfvs32 [2022-11-03] (king.com)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-12-10] (Microsoft Corporation)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-04] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-02] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-09-21] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2022-11-10] (NVIDIA Corp.)
Pixlr E -> C:\Program Files\WindowsApps\InmagineLabPteLtd.PixlrE_1.0.1.0_neutral__0fvarhdejbjpm [2022-03-19] (Inmagine Lab Pte Ltd)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.29.256.0_x64__dt26b99r8h8gj [2021-12-17] (Realtek Semiconductor Corp)
Word -> C:\Program Files\WindowsApps\word.office.com-CECA1A7F_1.0.0.0_neutral__jc2kecmnkxwqc [2022-07-10] (word.office.com)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52 [2021-06-04] (New Work SE)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1577740540-671938675-3438131953-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Anwender\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1577740540-671938675-3438131953-1000_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\Anwender\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute)
CustomCLSID: HKU\S-1-5-21-1577740540-671938675-3438131953-1000_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Anwender\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bd530e4cbd42e0a3\nvshext.dll [2022-11-09] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\Anwender\Desktop\Pusi - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf --app-url=hxxps://powerpoint.office.com/
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2022-11-08 19:48 - 2022-11-08 19:48 - 104871424 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\libcef.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 000112128 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\libegl.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 006227456 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\libglesv2.dll
2021-10-24 11:24 - 2021-10-24 11:24 - 000967168 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\VB\Voicemeeter\mp3lame\lame_enc.dll
2022-09-29 13:11 - 2022-09-29 13:11 - 000038400 _____ () [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\giflib5.dll
2022-09-29 13:11 - 2022-09-29 13:11 - 000098816 _____ () [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\QtZeroConf.dll
2022-09-29 13:11 - 2022-09-29 13:11 - 000720384 _____ () [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\turbojpeg.dll
2022-10-26 12:54 - 2022-10-25 23:00 - 000156160 _____ () [Datei ist nicht signiert] C:\Program Files\LGHUB\resources\app.asar.unpacked\keytar.node
2022-09-29 13:11 - 2022-09-29 13:11 - 001742848 _____ (SQLite Development Team) [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\sqlite3.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 000810496 _____ (The Chromium Authors) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\chrome_elf.dll
2022-03-04 13:26 - 2020-04-26 14:10 - 003000832 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\net.voicemod.windowsdesktop.sdPlugin\libcrypto-1_1-x64.dll
2022-09-29 13:11 - 2022-09-29 13:11 - 002696704 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\libcrypto-1_1-x64.dll
2022-09-29 13:11 - 2022-09-29 13:11 - 000642560 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\libssl-1_1-x64.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 000047104 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\audio\qtaudio_windows.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 000026112 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\imageformats\qgif.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 000027136 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\imageformats\qico.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 000243712 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\imageformats\qjpeg.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 000223744 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\imageformats\qmng.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 000020992 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\imageformats\qsvg.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 000332288 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\imageformats\qtiff.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 001140224 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\platforms\qwindows.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 004943360 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Core.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 005022208 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Gui.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 000626176 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Multimedia.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 000877056 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Network.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 002908672 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Qml.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 003078656 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Quick.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 000259072 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Svg.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 004718080 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Widgets.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 000439296 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5WinExtras.dll
2022-11-08 19:48 - 2022-11-08 19:48 - 000159232 _____ (The Qt Company Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Battle.net\Battle.net.13835\Qt5Xml.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [2498]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [2498]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [2498]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [2498]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [2498]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [2498]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk:5465085A2F [2498]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [2498]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [2498]
AlternateDataStreams: C:\Users\Anwender\Anwendungsdaten:5a7a7919109c97d615ad7581cd492710 [394]
AlternateDataStreams: C:\Users\Anwender\AppData\Roaming:5a7a7919109c97d615ad7581cd492710 [394]
AlternateDataStreams: C:\Users\Anwender\AppData\Local\Temp:{67AD6FA5-2A7D-47de-A0C4-F04C8F26F841} [0]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [3874]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dbnwss_20_15_ssg00¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0DzzyCtC0AtCyDyD0BtBzyyDyD0AtN0D0Tzu0StAtDtBtDtN1L2XzuyEtFyCtCtFtDtFtCzyzztN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2SyE0FyDtCtAtD0D0AtGyE0DyDyCtG0Bzyzy0DtGtDyB0DtBtG0F0F0A0ByDtDyDtA0A0EyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1QyEyDzz1SyDyDzytGtDyD1QtBtGyEtCyDtDtGzzyCzz1RtGyDyEzztAtC1P1P1PyByC1TtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutByCtAzzyDtN1Q2Z1B1P1RzutCyDzzyCtAyEtAtBzytB%26cr%3D1389621428%26a%3Dwsg_dbnwss_20_15_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKU\S-1-5-21-1577740540-671938675-3438131953-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dbnwss_20_15_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0DzzyCtC0AtCyDyD0BtBzyyDyD0AtN0D0Tzu0StAtDtBtDtN1L2XzuyEtFyCtCtFtDtFtCzyzztN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2SyE0FyDtCtAtD0D0AtGyE0DyDyCtG0Bzyzy0DtGtDyB0DtBtG0F0F0A0ByDtDyDtA0A0EyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1QyEyDzz1SyDyDzytGtDyD1QtBtGyEtCyDtDtGzzyCzz1RtGyDyEzztAtC1P1P1PyByC1TtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutByCtAzzyDtN1Q2Z1B1P1RzutCyDzzyCtAyEtAtBzytB%26cr%3D1389621428%26a%3Dwsg_dbnwss_20_15_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1577740540-671938675-3438131953-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dbnwss_20_15_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0DzzyCtC0AtCyDyD0BtBzyyDyD0AtN0D0Tzu0StAtDtBtDtN1L2XzuyEtFyCtCtFtDtFtCzyzztN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2SyE0FyDtCtAtD0D0AtGyE0DyDyCtG0Bzyzy0DtGtDyB0DtBtG0F0F0A0ByDtDyDtA0A0EyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1QyEyDzz1SyDyDzytGtDyD1QtBtGyEtCyDtDtGzzyCzz1RtGyDyEzztAtC1P1P1PyByC1TtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutByCtAzzyDtN1Q2Z1B1P1RzutCyDzzyCtAyEtAtBzytB%26cr%3D1389621428%26a%3Dwsg_dbnwss_20_15_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Anwender\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Profile-picture (1).jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\StartupApproved\Run: => "GogGalaxy"
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{5A738D64-A3E2-4526-A41A-6BD2FBA7CE1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [Datei ist nicht signiert]
FirewallRules: [{680E1FE7-B1D2-4F0B-B413-D3EF6223DF98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{C1F1F245-E658-456D-BAA5-625AD740059F}C:\users\anwender\desktop\rubinum\rubinum\rubinumlauncher.exe] => (Allow) C:\users\anwender\desktop\rubinum\rubinum\rubinumlauncher.exe => Keine Datei
FirewallRules: [TCP Query User{33E793B7-61A7-42B2-89CB-EFA5563A9816}C:\users\anwender\desktop\rubinum\rubinum\rubinumlauncher.exe] => (Allow) C:\users\anwender\desktop\rubinum\rubinum\rubinumlauncher.exe => Keine Datei
FirewallRules: [UDP Query User{6E425FEF-5D37-44A8-93DD-8387522F96CC}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [TCP Query User{67C6FB00-3472-46A1-BC8E-565458D0D0F6}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [{4F480644-0BF7-481C-A0D6-DF03F4396E89}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{41C32BCF-7636-4455-B115-D9C707CBCD17}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{621E427F-CF5D-4FD6-9203-5190C0BC356E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{E9C34B3A-46F7-4C9B-876E-B7E3BC8273D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [UDP Query User{4A54C2F1-906E-4AE1-BE0D-8C6592A42057}C:\users\anwender\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\anwender\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{75ABD60A-4570-46D9-B58A-C06279AFC0B5}C:\users\anwender\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\anwender\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{10ED9C89-56BE-4956-9B8A-BA5E8AC9852F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D79DA858-255B-4D7F-8709-B6BF514BA744}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{1FD9B8E1-3EA4-48A7-8BDF-BB60102F1F1A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Keine Datei
FirewallRules: [{BE23767B-A96D-41A6-91CD-F05A54F191CE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Keine Datei
FirewallRules: [{38A5FDE0-647B-4F50-B758-89C5B28C9ED3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{FCDFB609-7888-4A9F-A9F4-527927EDC5F1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{F3CC4A70-65B7-4E2A-864E-B6C4CD84470C}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{2148071A-C68C-425D-9812-2870371E18DD}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{4A94FEFF-22C9-4308-A8EE-07C42E0D96C4}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{342EE7B6-E7A4-4981-9D08-5E38CB6FB39D}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{DB313B61-8B75-4898-AF3B-31C51E59DABF}] => (Allow) C:\Users\Anwender\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{94CD629C-78F1-42F6-87E5-13F1AE18EE10}] => (Allow) C:\Users\Anwender\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7D66C12B-8C46-4712-A8D9-F6C76F23EDDB}] => (Allow) C:\Users\Anwender\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{73FA8351-FD2B-4044-A783-983117961839}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{1323C0C0-1FE1-4291-B744-2A48AFF77688}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{787F477C-0E8B-4EBE-B054-AF1493F020B3}C:\program files\streamlabs obs\streamlabs obs.exe] => (Allow) C:\program files\streamlabs obs\streamlabs obs.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [UDP Query User{09FDD2A2-52CB-4B39-8874-4E4E5254169E}C:\program files\streamlabs obs\streamlabs obs.exe] => (Allow) C:\program files\streamlabs obs\streamlabs obs.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [{BF71AE1C-3D1A-445C-8429-F9F92B550EDF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{2A87046F-E07F-46EC-8312-336454E5CE45}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{5EA99C0F-0DE2-4481-B5AC-BA3F2E23A8F9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{56ED28F4-51DC-462E-A7A5-B8F82D6D01F3}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{15C100F4-3BFB-4F49-825E-5F606436A228}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{50371283-8B94-4ED1-9D17-9BA70E3B56DA}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{F51370DB-B21B-49BE-B1FB-7BCAA5C5394A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => Keine Datei
FirewallRules: [{42CDE875-88DB-43E4-B5E2-D39D9C630510}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe => Keine Datei
FirewallRules: [{74E8C166-BD5C-46DD-AD7E-C333DABD3231}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{960911BB-346E-4F0C-A5FC-7C3046A6089A}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => Keine Datei
FirewallRules: [TCP Query User{A38156CA-42E0-422A-B7A3-1723722B51C3}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Block) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [UDP Query User{E0882415-039B-442F-9E3F-920C89F18944}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Block) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [TCP Query User{90ACFFB6-87EA-4D7F-86AC-A0A086F637C8}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{C1CDB643-6B2E-4CDF-B227-4AD0EEF1BE57}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{D6AF6869-9FFA-4FBD-BE15-A9A2410E5387}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Block) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{02D98A24-D79E-4571-88F2-D991664CB89B}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Block) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{5A58EADB-E845-42AD-BA3D-BCF8289C9F04}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{209CF30B-BD90-4438-B99F-A5B84577670F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6B972250-1339-40DB-8B15-D32D5795C977}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{212D0A56-47DA-4F0E-99EE-2CCDC124327B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{131180DE-CA4F-44D2-B6B3-8DE8E5E8783B}C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe] => (Allow) C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe => Keine Datei
FirewallRules: [UDP Query User{73477402-CB21-48DE-BE1B-9C447E6078E2}C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe] => (Allow) C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe => Keine Datei
FirewallRules: [TCP Query User{5B96F2EC-0E8E-452C-AA9A-1380537F5157}C:\users\anwender\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\anwender\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{AD92FF7D-51D7-4DCB-86BC-D61674B30A01}C:\users\anwender\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\anwender\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{B8F988B0-4770-4EA5-8956-EBCE1CD5FB68}C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe] => (Allow) C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe => Keine Datei
FirewallRules: [UDP Query User{5F2BD7E1-5256-4B70-844B-DAD2DC3CE06B}C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe] => (Allow) C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe => Keine Datei
FirewallRules: [TCP Query User{6E31B405-B366-423F-BB7A-C4E815A0F562}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{732A5536-BA88-4AD1-8793-FD20DEBA3CCD}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{EE1CFFF5-F70C-4EC4-986A-C39B72377B85}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Block) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{C961051F-424E-47F2-B131-DA26422E710A}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Block) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{2CD976A5-29A1-4DDC-BF5F-9AB8C4BBBEA8}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [UDP Query User{D11D6C1B-D276-4772-9296-AB476CE9CE39}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [{93DC0AE8-27E8-4613-AC25-F5E67D1F61C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E849E3F4-0EAA-46B7-97D9-CD4149EBBFD0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B9CB106D-2F7B-4387-97C0-CB608BC6642B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1C927929-503B-41A0-A00D-3FDEA92A6E9F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F97602ED-5C44-4669-9A2B-0692BDC53DF6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{BB8ECEF6-C07C-4FB4-8857-015843E3823B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{EB21281D-0210-4A8C-8AA7-F1A33F06D0CF}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{6F9DD8B7-4D32-43B7-A585-0A4B695AC571}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{DA83A8F6-2577-4F46-B84F-29962F5FEEDB}C:\program files (x86)\steam\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\naraka bladepoint\narakabladepoint.exe => Keine Datei
FirewallRules: [UDP Query User{AE945FC4-ED24-410B-8868-D4FCAC3CEDB3}C:\program files (x86)\steam\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\naraka bladepoint\narakabladepoint.exe => Keine Datei
FirewallRules: [TCP Query User{38442072-D52E-41B4-8484-79C26E2142EA}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe => Keine Datei
FirewallRules: [UDP Query User{1BAE4DBC-4B62-49A2-ADBB-0C9418561568}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe => Keine Datei
FirewallRules: [{9D2F7DC4-D7CA-45CB-AEDE-7CAFC4928CE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [{BD41562F-95B3-41C7-ABAA-7CFE70271935}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [{955C28FD-730D-4E4C-9DD9-324AF96609E5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E3EB58E-D4E7-4991-A13E-EFB36DA61E9D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A65EBC58-60B7-42EB-9187-933BDF031976}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2C9C703B-04D4-4C2F-99E2-4031D56F77A3}C:\users\anwender\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\anwender\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{7C093299-9F6A-4B5F-BA03-1D02910E6930}C:\users\anwender\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\anwender\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{36BAB71A-8F82-4BDA-8455-BAEEF96324B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vampire Survivors\VampireSurvivors.exe (Luca Galante) [Datei ist nicht signiert]
FirewallRules: [{05BF89D0-6FE4-490F-9DC3-3D0651673103}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vampire Survivors\VampireSurvivors.exe (Luca Galante) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{F8E6E88E-0F8E-46FE-895A-80D5EDE134B8}C:\program files (x86)\steam\steamapps\common\hentai vs furries\avf2\binaries\win64\avf2-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hentai vs furries\avf2\binaries\win64\avf2-win64-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{B27F79C4-E47C-4669-9992-43AACD76F2ED}C:\program files (x86)\steam\steamapps\common\hentai vs furries\avf2\binaries\win64\avf2-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hentai vs furries\avf2\binaries\win64\avf2-win64-shipping.exe => Keine Datei
FirewallRules: [{789D288F-115E-48FC-B288-04289DE59240}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{82C717DB-296A-49F2-A971-04F4B81B728A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{651E3F42-0DCA-4FEE-A0C3-263351636B91}C:\users\anwender\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\anwender\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{8CC66DE9-4E6A-4786-9E2D-86F39820B5FD}C:\users\anwender\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\anwender\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{D42BA5B8-9325-47A4-81B8-0983D5179B21}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{D456E666-4713-4E77-928D-B75E3509A7ED}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{478BE521-9C88-4B72-86D3-55C697B05B32}C:\program files\obs-studio\obs-plugins\64bit\obs-browser-page.exe] => (Allow) C:\program files\obs-studio\obs-plugins\64bit\obs-browser-page.exe (Hugh Bailey -> )
FirewallRules: [UDP Query User{DE56C980-7BF9-4668-9C89-9BCFA774BC00}C:\program files\obs-studio\obs-plugins\64bit\obs-browser-page.exe] => (Allow) C:\program files\obs-studio\obs-plugins\64bit\obs-browser-page.exe (Hugh Bailey -> )
FirewallRules: [{B1DCFDD4-7B46-4239-B36C-927636B21782}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{C69B17A4-49B6-4B5E-A0DC-7476E71A6D1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{555C81C2-8DD5-4E9D-A5A4-ED76C4EB02BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{B6647367-7071-48A4-BA86-013A465276B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{4C785523-B021-4184-828B-0174BD45C58D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fall Guys\FallGuys_client.exe () [Datei ist nicht signiert]
FirewallRules: [{A885AAF6-BF49-4B4E-BF3D-0AC0D77A1B29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fall Guys\FallGuys_client.exe () [Datei ist nicht signiert]
FirewallRules: [{7BA6433F-7800-45C5-BA43-CF2C1CFA193B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fall Guys\FallGuys_client_game.exe () [Datei ist nicht signiert]
FirewallRules: [{D04671B9-B17E-4A9C-ADC1-C8B264AB02EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fall Guys\FallGuys_client_game.exe () [Datei ist nicht signiert]
FirewallRules: [{3423C594-B5F7-416F-AFC7-D5DF3170BB7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Fishing\UltimateFishing.exe () [Datei ist nicht signiert]
FirewallRules: [{69119BE8-FC2E-4D2B-8344-192535C26BBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Fishing\UltimateFishing.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{FE74C9AA-97AB-4B1B-B66C-3AF5B52E0EC6}C:\program files\obs-studio\obs-plugins\64bit\obs-browser-page.exe] => (Block) C:\program files\obs-studio\obs-plugins\64bit\obs-browser-page.exe (Hugh Bailey -> )
FirewallRules: [UDP Query User{13228A1E-11FF-4962-8A8E-108865782C52}C:\program files\obs-studio\obs-plugins\64bit\obs-browser-page.exe] => (Block) C:\program files\obs-studio\obs-plugins\64bit\obs-browser-page.exe (Hugh Bailey -> )
FirewallRules: [{237DF28B-23F0-4B4C-8BAC-779020E463BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StickFightTheGame\StickFight.exe () [Datei ist nicht signiert]
FirewallRules: [{D864EB98-CF65-46D6-9F9C-C4959ABC5B38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StickFightTheGame\StickFight.exe () [Datei ist nicht signiert]
FirewallRules: [{BBDD51F8-B411-4C15-9951-8C9161D57B1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GodOfWar\GoW.exe (Santa Monica Studio) [Datei ist nicht signiert]
FirewallRules: [{B96835AA-26F7-49BF-9750-92363A4BCB42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GodOfWar\GoW.exe (Santa Monica Studio) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{9641C647-7307-4020-8214-D0653842BF8D}C:\program files\streamlabs obs\streamlabs obs.exe] => (Allow) C:\program files\streamlabs obs\streamlabs obs.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [UDP Query User{83BB3909-6AF2-40D9-AD94-39A3E4F3E7FE}C:\program files\streamlabs obs\streamlabs obs.exe] => (Allow) C:\program files\streamlabs obs\streamlabs obs.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [{75BA7CFD-A8C2-4EAA-9A82-B756F7F4B668}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MultiVersus\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{CDA23D69-CBFC-4239-B9A8-7395813D3C12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MultiVersus\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{E9CEF5A0-AC25-41E9-AA81-A5D863AA49A8}] => (Allow) C:\Program Files\Elgato\StreamDeck\StreamDeck.exe (Corsair Memory, Inc. -> Corsair Memory, Inc)
FirewallRules: [{CD7A31D1-65D1-460F-89EC-BE9AF864886E}] => (Allow) C:\Program Files\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS)
FirewallRules: [{F9F53961-9BF9-4268-9600-ED131D019585}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{77E3D8E1-9E6C-44EB-855B-0F33FDFA44FB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F3EF2049-D938-415D-BD9D-74B8D689A5BC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{54D200BF-36ED-4FB0-9B1A-CE6E79136EFB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{D0C54AFE-B480-480A-BB88-26DEE62B0E4D}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{1CC56062-EA88-4DAD-A8F2-530D40CCD516}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{8C603AC3-F864-417B-AB17-8B23ECAA5578}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{DE1C4CF2-7B69-4337-9484-AE93C35959D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{E68D881D-5F95-423E-8D71-89761E1C1233}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{DB288C91-7723-4693-A17E-138913C3DC58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{4AF25F10-1FFE-47D5-A4AA-3A685903F265}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{ADFBF7BE-253B-4AED-B5B0-B3DBFD27728B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{6CC3D275-BA85-4D98-920A-E0C868780EDF}C:\program files (x86)\steam\steamapps\common\love, sam\lovesamrewrite\binaries\win64\lovesamrewrite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\love, sam\lovesamrewrite\binaries\win64\lovesamrewrite.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{6A9C7096-6B0C-4351-B867-FB68805EE9AA}C:\program files (x86)\steam\steamapps\common\love, sam\lovesamrewrite\binaries\win64\lovesamrewrite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\love, sam\lovesamrewrite\binaries\win64\lovesamrewrite.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{A26A9E7D-5418-4B07-A140-DC1C0B830A85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{72A0EC89-8357-45A3-8961-5A7D57000192}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{D4193298-C198-46E7-A640-65B1C1F86534}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A2CDBEFE-0016-4ABF-B05C-E5233C403D2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brotato\Brotato.exe (Thomas Gervraud) [Datei ist nicht signiert]
FirewallRules: [{014D20B8-DA66-4874-BC45-2340E9B74764}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brotato\Brotato.exe (Thomas Gervraud) [Datei ist nicht signiert]
FirewallRules: [{A35E6640-DFAC-4172-A82B-160010C91C54}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.42\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
11-11-2022 19:31:30 Geplanter Prüfpunkt
14-11-2022 16:02:14 Windows Modules Installer
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (11/15/2022 11:05:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Photopea video for voiceover.scr, Version: 1.0.14.255, Zeitstempel: 0x636e5713
Name des fehlerhaften Moduls: clr.dll, Version: 4.8.4515.0, Zeitstempel: 0x624cf48c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001b46bd
ID des fehlerhaften Prozesses: 0x147c
Startzeit der fehlerhaften Anwendung: 0x01d8f8d9c3205bf7
Pfad der fehlerhaften Anwendung: C:\Users\Anwender\Desktop\photopea\[Photopea] Promotional Materials\Photopea video for voiceover.scr
Pfad des fehlerhaften Moduls: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
Berichtskennung: 29ddbbaa-1833-43a7-a24f-8be18f8ef4a4
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/15/2022 11:05:20 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Anwendung: Photopea video for voiceover.scr
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines internen Fehlers in der .NET-Laufzeit beendet. bei IP 70E546BD (70CA0000) mit Exitcode 80131506.
Error: (11/14/2022 06:33:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Error: (11/14/2022 06:33:47 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (11/11/2022 07:22:47 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Die Speicheroptimierung konnte erneut optimieren auf Volume (D:) nicht abschließen. Grund: Der angeforderte Vorgang wird von der Hardware des Volumes nicht unterstützt. (0x8900002A)
Error: (11/10/2022 08:25:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wallpaper32.exe, Version: 2.2.0.18, Zeitstempel: 0x6352babb
Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 31.0.15.2647, Zeitstempel: 0x6358346e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00238b47
ID des fehlerhaften Prozesses: 0x2ac4
Startzeit der fehlerhaften Anwendung: 0x01d8f4f4c1692116
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ade64cd54ec2f9ed\nvwgf2um.dll
Berichtskennung: 779c481f-bfea-42da-8030-60b93adc05b6
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/05/2022 01:45:12 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: MEAN-MACHINE)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).
Error: (11/05/2022 01:45:12 PM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: MEAN-MACHINE)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Systemfehler:
=============
Error: (11/14/2022 12:52:59 PM) (Source: DCOM) (EventID: 10010) (User: MEAN-MACHINE)
Description: Der Server "Windows.Media.Capture.Internal.AppCaptureShell" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/11/2022 07:27:15 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (11/11/2022 05:51:55 PM) (Source: DCOM) (EventID: 10010) (User: MEAN-MACHINE)
Description: Der Server "Windows.Media.Capture.Internal.AppCaptureShell" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/11/2022 04:37:41 PM) (Source: DCOM) (EventID: 10010) (User: MEAN-MACHINE)
Description: Der Server "Windows.Media.Capture.Internal.AppCaptureShell" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/10/2022 08:25:21 PM) (Source: DCOM) (EventID: 10005) (User: MEAN-MACHINE)
Description: Fehler "1053" in DCOM, als der Dienst "BcastDVRUserService_1024db3e" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
Windows.Media.Capture.Internal.AppCaptureShell
Error: (11/10/2022 08:25:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Benutzerdienst für GameDVR und Übertragungen_1024db3e" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (11/10/2022 08:25:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Benutzerdienst für GameDVR und Übertragungen_1024db3e erreicht.
Error: (11/10/2022 08:24:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.
Windows Defender:
================
Date: 2022-11-15 14:23:39
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/InstallCore&threatid=311991&enterprise=0
Name: PUADlManager:Win32/InstallCore
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Users\Anwender\Downloads\adobe_flash_player_1993324768.exe; file:_C:\Users\Anwender\Downloads\adobe_flash_player_2151221308.exe; file:_C:\Users\Anwender\Downloads\adobe_flash_player_3461104809.exe; file:_C:\Users\Anwender\Downloads\CR_Downloader_fuer_project64_2184029674.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: MEAN-MACHINE\Anwender
Prozessname: C:\Users\Anwender\AppData\Local\Temp\scoped_dir14736_1598031958\FRST64.exe
Sicherheitsversion: AV: 1.379.379.0, AS: 1.379.379.0, NIS: 1.379.379.0
Modulversion: AM: 1.1.19800.4, NIS: 1.1.19800.4
Date: 2022-11-15 12:56:20
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/InstallCore&threatid=311991&enterprise=0
Name: PUADlManager:Win32/InstallCore
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Users\Anwender\Downloads\adobe_flash_player_1993324768.exe; file:_C:\Users\Anwender\Downloads\adobe_flash_player_2151221308.exe; file:_C:\Users\Anwender\Downloads\adobe_flash_player_3461104809.exe; file:_C:\Users\Anwender\Downloads\CR_Downloader_fuer_project64_2184029674.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: MEAN-MACHINE\Anwender
Prozessname: C:\Program Files (x86)\Overwatch\_retail_\Overwatch.exe
Sicherheitsversion: AV: 1.379.379.0, AS: 1.379.379.0, NIS: 1.379.379.0
Modulversion: AM: 1.1.19800.4, NIS: 1.1.19800.4
Date: 2022-11-15 12:56:20
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/InstallCore&threatid=311991&enterprise=0
Name: PUADlManager:Win32/InstallCore
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Users\Anwender\Downloads\adobe_flash_player_1993324768.exe; file:_C:\Users\Anwender\Downloads\adobe_flash_player_2151221308.exe; file:_C:\Users\Anwender\Downloads\adobe_flash_player_3461104809.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: MEAN-MACHINE\Anwender
Prozessname: C:\Program Files (x86)\Overwatch\_retail_\Overwatch.exe
Sicherheitsversion: AV: 1.379.379.0, AS: 1.379.379.0, NIS: 1.379.379.0
Modulversion: AM: 1.1.19800.4, NIS: 1.1.19800.4
Date: 2022-11-15 12:56:18
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/InstallCore&threatid=311991&enterprise=0
Name: PUADlManager:Win32/InstallCore
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Users\Anwender\Downloads\adobe_flash_player_1993324768.exe; file:_C:\Users\Anwender\Downloads\adobe_flash_player_2151221308.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: MEAN-MACHINE\Anwender
Prozessname: C:\Program Files (x86)\Overwatch\_retail_\Overwatch.exe
Sicherheitsversion: AV: 1.379.379.0, AS: 1.379.379.0, NIS: 1.379.379.0
Modulversion: AM: 1.1.19800.4, NIS: 1.1.19800.4
Date: 2022-11-15 12:56:17
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/InstallCore&threatid=311991&enterprise=0
Name: PUADlManager:Win32/InstallCore
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Users\Anwender\Downloads\adobe_flash_player_2151221308.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: MEAN-MACHINE\Anwender
Prozessname: C:\Program Files (x86)\Overwatch\_retail_\Overwatch.exe
Sicherheitsversion: AV: 1.379.379.0, AS: 1.379.379.0, NIS: 1.379.379.0
Modulversion: AM: 1.1.19800.4, NIS: 1.1.19800.4
CodeIntegrity:
===============
Date: 2022-11-11 19:22:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-11-10 23:17:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-11-01 14:19:22
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-10-30 17:45:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-09-30 22:49:30
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-09-06 12:05:52
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. H.00 08/05/2019
Hauptplatine: Micro-Star International Co., Ltd. X470 GAMING PLUS MAX (MS-7B79)
Prozessor: AMD Ryzen 5 3600 6-Core Processor
Prozentuale Nutzung des RAM: 24%
Installierter physikalischer RAM: 32714.45 MB
Verfügbarer physikalischer RAM: 24640.34 MB
Summe virtueller Speicher: 37578.45 MB
Verfügbarer virtueller Speicher: 26203.33 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:465.19 GB) (Free:136.43 GB) (Model: KINGSTON SA2000M8500G) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:931.38 GB) (Model: TOSHIBA HDWD110) NTFS
\\?\Volume{2d28b987-0000-0000-0000-100000000000}\ (System-reserviert) (Fixed) (Total:0.57 GB) (Free:0.11 GB) NTFS
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 4DDA2387)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 2D28B987)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt =======================
|
|
15.11.2022, 15:42
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | WINDOWS 10: .SCR Malware Befall Scripting/Repair mit FRST64
__________________WARNUNG AN ALLE MITLESER !!! Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!
__________________ |
|
15.11.2022, 15:51
| #3 |
| | WINDOWS 10: .SCR Malware BefallCode:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-11-2022
durchgeführt von Anwender (15-11-2022 15:45:58) Run:1
Gestartet von C:\Users\Anwender\Desktop\Rengar related
Geladene Profile: Anwender
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
Start::
CloseProcesses:
Virustotal: C:\Users\Anwender\Downloads\[Photopea] Promotional Materials.zip
Virustotal: C:\Users\Anwender\Desktop\photopea\[Photopea] Promotional Materials\Photopea video for voiceover.scr
Virustotal: C:\Users\Anwender\Desktop\photopea\_PHOTO~1\PHOTOP~2.SCR
File: C:\Users\Anwender\Downloads\[Photopea] Promotional Materials.zip
File: C:\Users\Anwender\Desktop\photopea\[Photopea] Promotional Materials\Photopea video for voiceover.scr
File: C:\Users\Anwender\Desktop\photopea\_PHOTO~1\PHOTOP~2.SCR
C:\Users\Anwender\Downloads\[Photopea] Promotional Materials.zip
C:\Users\Anwender\Desktop\photopea
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Users\Anwender\Desktop\photopea\_PHOTO~1\PHOTOP~2.SCR
emptytemp:
End::
*****************
Prozesse erfolgreich geschlossen.
VirusTotal: C:\Users\Anwender\Downloads\[Photopea] Promotional Materials.zip => https://www.virustotal.com/gui/file/85cd6425dcea1aaf7c74e2f39f34a8a72dcc18331a4f7b83421a2d33710c10ad/detection/f-85cd6425dcea1aaf7c74e2f39f34a8a72dcc18331a4f7b83421a2d33710c10ad-1668523569
"VirusTotal: C:\Users\Anwender\Desktop\photopea\[Photopea] Promotional Materials\Photopea video for voiceover.scr" => nicht gefunden
"VirusTotal: C:\Users\Anwender\Desktop\photopea\_PHOTO~1\PHOTOP~2.SCR" => nicht gefunden
========================= File: C:\Users\Anwender\Downloads\[Photopea] Promotional Materials.zip ========================
C:\Users\Anwender\Downloads\[Photopea] Promotional Materials.zip
Datei ist nicht signiert
MD5: B727271749DBE8E40A4DE7F9A22D2E1A
Erstellungs- und Änderungsdatum: 2022-11-15 10:53 - 2022-11-15 10:53
Größe: 002512923
Attribute: ----A
Firmenname:
Interne Name:
Original Name:
Produkt:
Beschreibung:
Datei Version:
Produkt Version:
Urheberrecht:
VirusTotal: 0
====== Ende von File: ======
========================= File: C:\Users\Anwender\Desktop\photopea\[Photopea] Promotional Materials\Photopea video for voiceover.scr ========================
"C:\Users\Anwender\Desktop\photopea\[Photopea] Promotional Materials\Photopea video for voiceover.scr" => nicht gefunden
====== Ende von File: ======
========================= File: C:\Users\Anwender\Desktop\photopea\_PHOTO~1\PHOTOP~2.SCR ========================
"C:\Users\Anwender\Desktop\photopea\_PHOTO~1\PHOTOP~2.SCR" => nicht gefunden
====== Ende von File: ======
C:\Users\Anwender\Downloads\[Photopea] Promotional Materials.zip => erfolgreich verschoben
"C:\Users\Anwender\Desktop\photopea" => nicht gefunden
"HKU\S-1-5-21-1577740540-671938675-3438131953-1000\Control Panel\Desktop\\SCRNSAVE.EXE" => erfolgreich entfernt
=========== EmptyTemp: ==========
FlushDNS => abgeschlossen
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 492840112 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 1443985240 B
Windows/system/drivers => 35084988 B
Edge => 51738 B
Chrome => 641455136 B
Firefox => 16977889 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 182910 B
Anwender => 18034214 B
RecycleBin => 0 B
EmptyTemp: => 2.5 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 15:46:29 ====
|
|
15.11.2022, 15:52
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WINDOWS 10: .SCR Malware Befall Dann System neu starten und neue FRST-Logs.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.11.2022, 15:57
| #5 |
| | WINDOWS 10: .SCR Malware BefallCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 15-11-2022
durchgeführt von Anwender (Administrator) auf MEAN-MACHINE (Micro-Star International Co., Ltd. MS-7B79) (15-11-2022 15:55:09)
Gestartet von C:\Users\Anwender\Desktop\Rengar related
Geladene Profile: Anwender
Plattform: Microsoft Windows 10 Home Version 22H2 19045.2251 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Opera
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(A-Volute SAS -> A-Volute) C:\Users\Anwender\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) () [Datei ist nicht signiert] C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.battery.sdPlugin\com.barraider.battery.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) () [Datei ist nicht signiert] C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.spotify.sdPlugin\com.barraider.spotify.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) () [Datei ist nicht signiert] C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\com.elgato.cpu.sdPlugin\cpu.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) () [Datei ist nicht signiert] C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\com.streamelements.obslive.sdPlugin\obslive-sdplugin.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) () [Datei ist nicht signiert] C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\tv.twitch.studio.sdPlugin\twitchstudiostreamdeck.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) (BarRaider) [Datei ist nicht signiert] C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.twitchtools.sdPlugin\com.barraider.twitchtools.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) (com.barraider.obstools) [Datei ist nicht signiert] C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\com.barraider.obstools.sdPlugin\com.barraider.obstools.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) (Frederick Emmott -> ) C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\com.fredemmott.micmutetoggle.sdPlugin\sdmicmute.exe
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) (The Qt Company Oy -> The Qt Company Ltd.) C:\Program Files\Elgato\StreamDeck\QtWebEngineProcess.exe <6>
(C:\Program Files\Elgato\StreamDeck\StreamDeck.exe ->) (Voicemod Sociedad Limitada -> ) C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\net.voicemod.windowsdesktop.sdPlugin\voicemodplugin.exe
(C:\Program Files\LGHUB\lghub.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Users\Anwender\AppData\Local\Programs\Opera GX\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\Anwender\AppData\Local\Programs\Opera GX\91.0.4516.106\opera_crashreporter.exe
(Discord Inc. -> Discord Inc.) C:\Users\Anwender\AppData\Local\Discord\app-1.0.9007\Discord.exe <6>
(explorer.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc) C:\Program Files\Elgato\StreamDeck\StreamDeck.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe <3>
(explorer.exe ->) (Nota Inc. -> Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(explorer.exe ->) (Opera Software AS -> Opera Software) C:\Users\Anwender\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe <2>
(explorer.exe ->) (Vincent Burel -> VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Opera Norway AS -> Opera Software) C:\Users\Anwender\AppData\Local\Programs\Opera GX\91.0.4516.106\opera_autoupdate.exe <2>
(Opera Norway AS -> Opera Software) C:\Users\Anwender\AppData\Local\Programs\Opera GX\launcher.exe
(Opera Norway AS -> Opera Software) C:\Users\Anwender\AppData\Local\Programs\Opera GX\opera.exe <23>
(services.exe ->) (A-Volute SAS -> Nahimic) C:\Windows\System32\NahimicService.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bd530e4cbd42e0a3\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3dd75df32535321a\RtkAudUService64.exe <2>
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22092.211.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.2180_none_7e328fe47c714aab\TiWorker.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3dd75df32535321a\RtkAudUService64.exe [1361000 2021-09-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3951968 2019-07-09] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3089288 2022-10-25] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [Stream Deck] => C:\Program Files\Elgato\StreamDeck\StreamDeck.exe [11144232 2022-09-29] (Corsair Memory, Inc. -> Corsair Memory, Inc)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [Discord] => C:\Users\Anwender\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4234088 2022-10-19] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [Spotify] => C:\Users\Anwender\AppData\Roaming\Spotify\Spotify.exe [20232568 2022-11-12] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [915848 2020-03-30] (Nota Inc. -> Nota Inc.)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [GogGalaxy] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [14433864 2020-07-31] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [152025856 2022-10-25] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Anwender\AppData\Local\Microsoft\Teams\Update.exe [2452664 2020-11-10] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32616416 2022-05-11] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Run: [Opera GX Browser Assistant] => C:\Users\Anwender\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\107.0.5304.107\Installer\chrmstp.exe [2022-11-10] (Google LLC -> Google LLC)
Startup: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter (VB-Audio).LNK [2021-10-24]
ShortcutTarget: Voicemeeter (VB-Audio).LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe (Vincent Burel -> VB-AUDIO Software)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {015C246E-40A7-4FAD-B631-B297A4E853EF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8576000 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {0EFA1366-CECB-425F-84B2-ABC5DD261F5E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1739B963-06B8-4DD9-9FA2-ABAB1D91EBB5} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-08-30] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {1E161918-E87E-4995-B4EF-0BC6AAA585B4} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {409A0E3F-320D-43B2-97DD-909698D9E08D} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)
Task: {41C4A322-598A-44D9-994E-081E93B4F82A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649784 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {5BF59928-A479-47AA-937F-E73AF125FA58} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {75A1424E-8CE6-452C-875B-AB21166BAB38} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {92AE3312-DD00-43B8-B253-0AFDD6E26F12} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [8576000 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {9BAC744A-E459-408C-A92C-4FC1F1604481} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-02] (Google Inc -> Google LLC)
Task: {A2947668-9BBB-4858-A8CB-F53185FC88F2} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144312 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {A55EF7FA-BB7C-4BA1-B404-95DF300F1706} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A9FA51FA-473D-4376-9A78-7634C4F9FE44} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [66936 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {CBF6DB5E-6F02-4CDD-8213-0815F9EC8697} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {D2E71353-4AFB-4FE7-9D8C-0BC58B510878} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155432 2019-11-02] (Google Inc -> Google LLC)
Task: {D39B5433-58F1-46C5-81D4-C093EF681D77} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D69BE544-84E1-45BC-8391-DB8F74EEC3AC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MpCmdRun.exe [1567360 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DFBA51AB-3FAF-43C7-96CF-F29242902FEF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154960 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {E96CDAB2-BF6E-4D21-BF99-56337114838D} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {EB6B7195-55F8-42D6-B897-35F0AF58DADC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144312 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC873EBF-40C0-4FC3-823C-B77BE3514B1F} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655864 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
Task: {F29CB073-D387-4AA8-A3E5-AFE35FE4A978} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26154960 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {F2DA71F2-D693-4E60-B31E-0CD88A6EE3FC} - System32\Tasks\Opera GX scheduled Autoupdate 1643148445 => C:\Users\Anwender\AppData\Local\Programs\Opera GX\launcher.exe [2471880 2022-10-28] (Opera Norway AS -> Opera Software)
Task: {F4C6A0C8-CFD2-45AB-B1A2-0A5A056AB148} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [6785448 2020-03-30] (Nota Inc. -> Nota Inc.)
Task: {F561B9AE-7FCF-4130-8613-DFE1FA880D08} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {F7ECD032-CE1E-432D-98F2-E06F4A4B1FD8} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1644846457 => C:\Users\Anwender\AppData\Local\Programs\Opera GX\launcher.exe [2471880 2022-10-28] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Anwender\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {F94A1AEF-769F-4572-97FD-2A99693793E8} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2022-10-17] (Nvidia Corporation -> NVIDIA Corporation)
Task: {FD5B10C9-3331-4BC7-B61E-CFC05AC3249A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908856 2022-10-13] (Nvidia Corporation -> NVIDIA Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{26a2f333-5b78-4917-a043-c3e576c811a7}: [DhcpNameServer] 192.168.2.1
Edge:
=======
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Anwender\AppData\Local\Microsoft\Edge\User Data\Default [2022-10-21]
Edge DefaultSearchURL: Default -> hxxps://manageyoursearch.com/?q={searchTerms}
Edge DefaultSuggestURL: Default -> hxxps://manageyoursearch.com/suggest?q={searchTerms}
Edge Extension: (Outlook) - C:\Users\Anwender\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-10-16]
Edge Extension: (Word) - C:\Users\Anwender\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-10-16]
Edge Extension: (Excel) - C:\Users\Anwender\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-10-16]
Edge Extension: (Search Manager) - C:\Users\Anwender\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\meckckfjnfnimlomkemnhcoonjfpbcoh [2020-06-26]
Edge Extension: (PowerPoint) - C:\Users\Anwender\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-10-16]
Edge HKLM\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
Edge HKU\S-1-5-21-1577740540-671938675-3438131953-1000\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
Edge HKLM-x32\...\Edge\Extension: [meckckfjnfnimlomkemnhcoonjfpbcoh]
FireFox:
========
FF DefaultProfile: jpluq1gd.default
FF ProfilePath: C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\jpluq1gd.default [2022-11-15]
FF ProfilePath: C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\la25466s.default-release [2022-11-15]
FF Extension: (BetterTTV) - C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\la25466s.default-release\Extensions\firefox@betterttv.net.xpi [2022-02-27]
FF Extension: (Search Manager) - C:\Users\Anwender\AppData\Roaming\Mozilla\Firefox\Profiles\la25466s.default-release\Extensions\{24436206-088d-4a1a-8d0e-cf93ca7a2d23}.xpi [2020-04-08] [UpdateUrl:hxxps://qupotomu.com/update?x=restype=ffjson]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default [2022-11-15]
CHR Extension: (BetterTTV) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2022-10-02]
CHR Extension: (7TV) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\ammjkodgmmoknidbanneddgankgfejfh [2022-09-06]
CHR Extension: (Screencap) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\aniaallgmlgdlefladlfhadglocahllm [2021-02-21]
CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-09-06]
CHR Extension: (Watch2Gether) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\cimpffimgeipdhnhjohpbehjkcdpjolg [2022-10-12]
CHR Extension: (Dark Reader) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2022-10-07]
CHR Extension: (Google Docs Offline) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-09-06]
CHR Extension: (Coupert DE - Coupon Finder & Cashback) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidniedemcgceagapgdekdbmanojomk [2022-10-26]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Netflix Party is now Teleparty) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocalimimngaihdkbihfgmpkcpnmlaoa [2022-10-12]
CHR Profile: C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Guest Profile [2022-11-15]
CHR Profile: C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Profile 1 [2022-11-15]
CHR Extension: (Dark Reader) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2022-10-07]
CHR Extension: (Google Docs Offline) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-10-07]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-10-07]
CHR Profile: C:\Users\Anwender\AppData\Local\Google\Chrome\User Data\System Profile [2022-11-15]
Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-1577740540-671938675-3438131953-1000) Opera GXStable - "C:\Users\Anwender\AppData\Local\Programs\Opera GX\Launcher.exe"
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8736880 2020-12-11] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12516280 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
S3 dcsvc; C:\WINDOWS\system32\dcsvc.dll [785408 2022-11-11] (Microsoft Windows -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1134624 2022-09-28] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [584680 2022-09-28] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2022-07-19] (Epic Games Inc. -> Epic Games, Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1677384 2020-07-31] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-05-06] (GOG Sp. z o.o. -> GOG.com)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10097408 2022-10-25] (Logitech Inc -> Logitech, Inc.)
S2 LogiFacecamService; C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe [499336 2020-05-18] (Logitech Inc -> Logitech)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1888424 2021-10-08] (A-Volute SAS -> Nahimic)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13261608 2021-05-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [10426128 2022-10-25] (Riot Games, Inc. -> Riot Games, Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\NisSrv.exe [3191272 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe [133544 2022-11-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bd530e4cbd42e0a3\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bd530e4cbd42e0a3\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [44880 2022-09-28] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [32080 2022-09-28] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [73040 2022-09-28] (Logitech Inc -> Logitech)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [85616 2021-08-13] (A-Volute -> Windows (R) Win 7 DDK provider)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
S3 VBAudioVACAMME; C:\WINDOWS\System32\drivers\vbaudio_cablea64_win7.sys [41144 2015-10-19] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 VBAudioVACBMME; C:\WINDOWS\System32\drivers\vbaudio_cableb64_win7.sys [41144 2015-10-19] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMAUXVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmauxvaio64_win10.sys [71920 2021-10-24] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win10.sys [71712 2021-10-24] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [8738816 2022-10-25] (Riot Games, Inc. -> Riot Games, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-11-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [469288 2022-11-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-11-11] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-11-15 15:17 - 2022-11-15 15:53 - 098304000 _____ C:\WINDOWS\system32\config\SOFTWARE
2022-11-15 15:14 - 2022-11-15 15:17 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2022-11-15 14:22 - 2022-11-15 15:55 - 000000000 ____D C:\FRST
2022-11-14 16:00 - 2022-11-14 16:00 - 000000000 ___HD C:\$WinREAgent
2022-11-12 23:32 - 2022-11-12 23:32 - 014638290 _____ C:\Users\Anwender\Downloads\streamladder-gliding.mp4
2022-11-11 17:45 - 2022-11-11 17:45 - 000688128 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2022-11-11 17:45 - 2022-11-11 17:45 - 000073216 _____ C:\WINDOWS\system32\nettraceex.dll
2022-11-11 17:45 - 2022-11-11 17:45 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-11-11 17:44 - 2022-11-11 17:44 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-11-11 15:46 - 2022-11-11 15:46 - 000000000 ____D C:\Users\Anwender\AppData\Roaming\Brotato
2022-11-11 13:27 - 2022-11-11 13:27 - 000000223 _____ C:\Users\Anwender\Desktop\Brotato.url
2022-11-10 23:17 - 2022-11-10 23:17 - 008454082 _____ C:\Users\Anwender\Downloads\streamladder-look.mp4
2022-11-10 23:14 - 2022-11-10 23:14 - 013029222 _____ C:\Users\Anwender\Downloads\streamladder-riot fart.mp4
2022-11-10 23:14 - 2022-11-10 23:14 - 006073065 _____ C:\Users\Anwender\Downloads\AT-cm_fq8K0dgoHLq5txen-lOqyw (1).mp4
2022-11-10 20:22 - 2022-11-09 11:03 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2022-11-10 20:22 - 2022-11-09 11:03 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo.exe
2022-11-10 20:22 - 2022-11-09 11:03 - 001642592 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2022-11-10 20:22 - 2022-11-09 11:03 - 001642592 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2022-11-10 20:22 - 2022-11-09 11:03 - 001487912 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2022-11-10 20:22 - 2022-11-09 11:03 - 001444416 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2022-11-10 20:22 - 2022-11-09 11:03 - 001444416 _____ C:\WINDOWS\system32\vulkan-1.dll
2022-11-10 20:22 - 2022-11-09 11:03 - 001227304 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2022-11-10 20:22 - 2022-11-09 11:03 - 001168960 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2022-11-10 20:22 - 2022-11-09 11:03 - 001168960 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2022-11-10 20:22 - 2022-11-09 10:59 - 000865272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2022-11-10 20:22 - 2022-11-09 10:59 - 000672232 _____ C:\WINDOWS\system32\nvofapi64.dll
2022-11-10 20:22 - 2022-11-09 10:59 - 000507432 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2022-11-10 20:22 - 2022-11-09 10:58 - 002162176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2022-11-10 20:22 - 2022-11-09 10:58 - 001618408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2022-11-10 20:22 - 2022-11-09 10:58 - 001531400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2022-11-10 20:22 - 2022-11-09 10:58 - 001190392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2022-11-10 20:22 - 2022-11-09 10:58 - 000950280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2022-11-10 20:22 - 2022-11-09 10:58 - 000746536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2022-11-10 20:22 - 2022-11-09 10:58 - 000734184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2022-11-10 20:22 - 2022-11-09 10:57 - 012452360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2022-11-10 20:22 - 2022-11-09 10:57 - 010218488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2022-11-10 20:22 - 2022-11-09 10:57 - 005891072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2022-11-10 20:22 - 2022-11-09 10:57 - 005856744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2022-11-10 20:22 - 2022-11-09 10:57 - 003334136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2022-11-10 20:22 - 2022-11-09 10:57 - 000457752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2022-11-10 20:22 - 2022-11-09 10:56 - 005816312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2022-11-10 20:22 - 2022-11-09 10:56 - 000853016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2022-11-10 20:22 - 2022-11-08 23:40 - 000100589 _____ C:\WINDOWS\system32\nvinfo.pb
2022-11-09 15:27 - 2022-11-09 15:27 - 006073065 _____ C:\Users\Anwender\Downloads\AT-cm_fq8K0dgoHLq5txen-lOqyw.mp4
2022-11-06 21:17 - 2022-11-06 21:17 - 000000061 _____ C:\Users\Anwender\Desktop\Betriebsausgaben.txt
2022-11-06 20:04 - 2022-11-06 20:04 - 023253183 _____ C:\Users\Anwender\Downloads\streamladder-god damn.mp4
2022-11-05 12:27 - 2022-11-08 13:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-11-03 23:01 - 2022-11-03 23:01 - 001450503 _____ C:\Users\Anwender\Downloads\Snaptik.app_7111311398293998854.mp4
2022-10-31 23:35 - 2022-10-31 23:35 - 014925164 _____ C:\Users\Anwender\Downloads\streamladder-NERF GRAVES .mp4
2022-10-31 00:49 - 2022-10-31 00:49 - 017649305 _____ C:\Users\Anwender\Downloads\streamladder-SCRIPTING SEJUANI _XD.mp4
2022-10-30 21:37 - 2022-10-30 21:37 - 000000223 _____ C:\Users\Anwender\Desktop\Love, Sam.url
2022-10-27 22:55 - 2022-10-27 22:55 - 017142084 _____ C:\Users\Anwender\Downloads\streamladder-lesgoo (1).mp4
2022-10-27 20:16 - 2022-10-26 01:15 - 000041984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhdap64.dll
2022-10-26 22:00 - 2022-10-26 22:00 - 027429986 _____ C:\Users\Anwender\Downloads\streamladder-lesgoo.mp4
2022-10-26 12:54 - 2022-10-26 12:54 - 000000650 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2022-10-26 12:54 - 2022-10-26 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2022-10-23 20:06 - 2022-07-14 00:32 - 000060112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2022-10-21 18:32 - 2022-10-21 18:32 - 000056548 _____ C:\Users\Anwender\Downloads\Lebenslauf_von_Nick_Haberkorn.pdf
2022-10-21 15:00 - 2022-10-21 15:00 - 002819410 _____ C:\Users\Anwender\Downloads\flying-elbow-drop-onto-microwave-wwe-cm-punk-style-ytshorts.savetube.me.mp4
2022-10-21 14:14 - 2022-10-21 14:14 - 030015081 _____ C:\Users\Anwender\Downloads\streamladder-AT-cm_8JJr1bAV6CjTyTtsOOUOvg.mp4
2022-10-20 18:57 - 2022-10-20 18:57 - 011776794 _____ C:\Users\Anwender\Downloads\AT-cm_8JJr1bAV6CjTyTtsOOUOvg.mp4
2022-10-18 16:43 - 2022-10-18 16:43 - 026718839 _____ C:\Users\Anwender\Downloads\streamladder-wat.mp4
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-11-15 15:55 - 2019-12-11 15:36 - 000000000 ____D C:\Users\Anwender\Desktop\Rengar related
2022-11-15 15:55 - 2019-11-02 21:26 - 000000000 ____D C:\Users\Anwender\AppData\Roaming\Discord
2022-11-15 15:54 - 2020-11-04 13:19 - 000000000 ____D C:\Users\Anwender\AppData\Roaming\LGHUB
2022-11-15 15:54 - 2020-11-04 13:19 - 000000000 ____D C:\Users\Anwender\AppData\Local\LGHUB
2022-11-15 15:54 - 2020-09-02 13:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-11-15 15:54 - 2020-09-02 13:44 - 000008192 ___SH C:\DumpStack.log.tmp
2022-11-15 15:54 - 2020-04-07 19:38 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2022-11-15 15:54 - 2020-03-20 12:15 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2022-11-15 15:54 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-11-15 15:54 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-15 15:54 - 2019-11-02 21:26 - 000000000 ____D C:\Users\Anwender\AppData\Local\Discord
2022-11-15 15:54 - 2019-11-02 21:02 - 000000000 ____D C:\Program Files (x86)\Google
2022-11-15 15:54 - 2019-10-31 13:36 - 000000000 ____D C:\ProgramData\NVIDIA
2022-11-15 15:53 - 2021-10-24 12:29 - 000037958 _____ C:\Users\Anwender\AppData\Roaming\VoiceMeeterBananaDefault.xml
2022-11-15 15:53 - 2020-04-15 20:49 - 000000000 ____D C:\Users\Anwender\AppData\Local\Battle.net
2022-11-15 15:53 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-11-15 15:24 - 2020-09-02 13:53 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-11-15 15:24 - 2019-12-07 15:50 - 000743708 _____ C:\WINDOWS\system32\perfh007.dat
2022-11-15 15:24 - 2019-12-07 15:50 - 000150130 _____ C:\WINDOWS\system32\perfc007.dat
2022-11-15 15:24 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-11-15 15:13 - 2019-11-02 22:14 - 000000000 ____D C:\Program Files (x86)\Steam
2022-11-15 14:21 - 2019-11-02 20:35 - 000000000 ____D C:\Users\Anwender\AppData\Local\D3DSCache
2022-11-15 11:39 - 2021-01-24 14:55 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2022-11-15 11:37 - 2020-09-02 13:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-11-15 11:05 - 2020-11-27 12:14 - 000000000 ____D C:\Users\Anwender\AppData\Local\CrashDumps
2022-11-15 10:38 - 2020-04-06 22:23 - 000000000 ____D C:\Users\Anwender\AppData\LocalLow\Mozilla
2022-11-14 22:36 - 2019-11-03 10:05 - 000000000 ____D C:\Users\Anwender\AppData\Roaming\obs-studio
2022-11-14 22:18 - 2019-11-16 22:36 - 000000000 ____D C:\Users\Anwender\AppData\Roaming\Spotify
2022-11-14 21:54 - 2019-11-02 21:05 - 000000000 ____D C:\ProgramData\Riot Games
2022-11-14 20:42 - 2019-11-16 22:36 - 000000000 ____D C:\Users\Anwender\AppData\Local\Spotify
2022-11-14 18:34 - 2020-06-26 08:52 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-14 18:34 - 2020-06-26 08:52 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2022-11-14 18:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-14 18:34 - 2019-11-02 21:02 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-11-14 18:34 - 2019-11-02 21:02 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-11-14 16:02 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-11-13 18:05 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-12 15:42 - 2020-09-02 13:48 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-11-12 15:42 - 2020-09-02 13:48 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-11-11 19:11 - 2020-09-02 13:44 - 000444672 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-11-11 19:10 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-11-11 19:10 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-11-11 19:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-11-11 19:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-11-11 19:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-11-11 19:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-11-11 19:10 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-11-11 17:44 - 2020-09-02 13:48 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-11-11 17:39 - 2019-11-02 19:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-11-11 17:37 - 2019-11-02 19:35 - 146960040 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-11-11 13:18 - 2019-10-31 13:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-11-10 20:26 - 2022-04-22 20:26 - 000000000 ____D C:\Program Files\Riot Vanguard
2022-11-10 15:25 - 2022-02-07 18:21 - 000000000 ____D C:\Users\Anwender\AppData\Roaming\Vampire_Survivors
2022-11-09 17:16 - 2020-04-15 20:49 - 000000000 ____D C:\Program Files (x86)\Battle.net
2022-11-09 10:55 - 2022-09-05 14:34 - 007642816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2022-11-09 10:55 - 2022-09-05 14:34 - 006512336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2022-11-08 18:46 - 2020-09-02 13:48 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1577740540-671938675-3438131953-1000
2022-11-08 18:46 - 2020-09-02 13:38 - 000002404 _____ C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-11-08 13:24 - 2020-04-06 22:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-11-05 19:27 - 2021-10-12 15:00 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-11-05 19:27 - 2020-04-06 22:23 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-11-05 19:05 - 2019-10-31 13:38 - 000000000 ____D C:\Users\Anwender\AppData\Local\Packages
2022-11-03 16:24 - 2021-12-12 19:42 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1577740540-671938675-3438131953-1000
2022-11-03 15:18 - 2019-11-18 15:49 - 000000000 ____D C:\Program Files\Microsoft Office
2022-11-02 14:55 - 2022-01-25 23:07 - 000004246 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1643148445
2022-11-02 14:55 - 2022-01-25 23:07 - 000001443 _____ C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk
2022-10-26 12:54 - 2020-11-04 13:19 - 000000000 ____D C:\Program Files\LGHUB
2022-10-26 01:15 - 2022-09-05 14:34 - 000129000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2022-10-25 19:53 - 2022-10-14 21:49 - 000000000 ____D C:\Program Files (x86)\Overwatch
2022-10-23 20:06 - 2022-05-31 22:33 - 000004308 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000003976 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000003940 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000003894 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000003858 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000003654 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2022-10-23 20:06 - 2022-05-31 22:33 - 000001443 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2022-10-23 20:06 - 2019-10-31 13:36 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2022-10-23 20:06 - 2019-10-31 13:36 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2022-10-23 20:06 - 2019-10-31 13:36 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2022-10-22 22:12 - 2022-09-13 21:01 - 000000000 ____D C:\ProgramData\boost_interprocess
2022-10-22 14:52 - 2019-11-02 21:26 - 000002242 _____ C:\Users\Anwender\Desktop\Discord.lnk
2022-10-17 21:49 - 2022-09-15 21:54 - 000000675 _____ C:\Users\Anwender\Desktop\24hstream.txt
2022-10-17 07:25 - 2022-05-31 22:33 - 002890296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2022-10-17 07:25 - 2022-05-31 22:33 - 002224696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2022-10-17 07:25 - 2022-05-31 22:33 - 001297464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2020-01-24 20:25 - 2020-01-24 20:25 - 000000000 _____ () C:\Users\Anwender\AppData\Roaming\nexus2.txt
2021-09-17 16:56 - 2022-10-12 17:31 - 000000016 _____ () C:\Users\Anwender\AppData\Roaming\obs-virtualcam.txt
2021-10-24 12:29 - 2022-11-15 15:53 - 000037958 _____ () C:\Users\Anwender\AppData\Roaming\VoiceMeeterBananaDefault.xml
2021-10-24 11:14 - 2021-10-24 11:16 - 000006095 _____ () C:\Users\Anwender\AppData\Roaming\VoiceMeeterDefault.xml
2021-04-08 10:19 - 2021-04-08 10:19 - 000000024 _____ () C:\Users\Anwender\AppData\Roaming\Microsoft\{8ADA9B80-E373-E18E-DB02-F11B969F143C}
2022-01-22 13:39 - 2022-06-10 00:11 - 001097870 _____ () C:\Users\Anwender\AppData\Local\PlariumPlay.log
2022-08-29 17:39 - 2022-08-29 17:39 - 000007605 _____ () C:\Users\Anwender\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 15-11-2022
durchgeführt von Anwender (15-11-2022 15:55:59)
Gestartet von C:\Users\Anwender\Desktop\Rengar related
Microsoft Windows 10 Home Version 22H2 19045.2251 (X64) (2020-09-02 12:48:31)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-1577740540-671938675-3438131953-500 - Administrator - Disabled)
Anwender (S-1-5-21-1577740540-671938675-3438131953-1000 - Administrator - Enabled) => C:\Users\Anwender
DefaultAccount (S-1-5-21-1577740540-671938675-3438131953-503 - Limited - Disabled)
Gast (S-1-5-21-1577740540-671938675-3438131953-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1577740540-671938675-3438131953-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Blackmagic RAW Common Components (HKLM\...\{28612306-CE2C-429F-8288-D707C9A84838}) (Version: 1.8.1 - Blackmagic Design)
Chatterino7 version 7.3.5 (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\{F5FE6614-04D4-4D32-8600-0ABA0AC113A4}_is1) (Version: 7.3.5 - 7TV)
DaVinci Resolve (HKLM\...\{8CD009CC-08AB-4873-BA5C-DC4AEA8BACEB}) (Version: 16.2.7010 - Blackmagic Design)
DaVinci Resolve Keyboards (HKLM\...\{04F776FB-37A2-4116-84F2-6CF3D731999D}) (Version: 1.0.0.0 - Blackmagic Design)
DaVinci Resolve Panels (HKLM\...\{567706B7-1501-43BC-81AB-C7E306B40C73}) (Version: 1.3.2.0 - Blackmagic Design)
Discord (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Discord) (Version: 0.0.309 - Discord Inc.)
Elgato Stream Deck (HKLM\...\{D2A26B85-6DA9-40F7-8717-CB8F78E3AFEA}) (Version: 5.3.3.15214 - Elgato Systems GmbH)
Epic Games Launcher (HKLM-x32\...\{07D9F8F3-EC99-4133-919D-DA341C62937C}) (Version: 1.1.298.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{B3DE52F7-D9AA-49EF-873F-506F76CD45B8}) (Version: 2.0.35.0 - Epic Games, Inc.)
Excel (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.107 - Google LLC)
Gyazo 4.1.2.0 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version: - Nota Inc.)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
League of Legends PBE (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Riot Game league_of_legends.pbe) (Version: - Riot Games, Inc)
Logitech Capture (HKLM\...\Capture) (Version: 2.02.155 - Logitech)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2022.10.326382 - Logitech)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.42 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.42 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - de-de (HKLM\...\ProPlus2019Retail - de-de) (Version: 16.0.15726.20174 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\OneDriveSetup.exe) (Version: 22.217.1016.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Teams) (Version: 1.3.00.28779 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{80F1AF52-7AC0-42A3-9AF0-689BFB271D1D}) (Version: 3.68.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32\...\{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31332 (HKLM-x32\...\{3746f21b-c990-4045-bb33-1cf98cff7a68}) (Version: 14.32.31332.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32\...\{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32\...\{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31332 (HKLM\...\{F4499EE3-A166-496C-81BB-51D1BCDC70A9}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31332 (HKLM\...\{3407B900-37F5-4CC2-B612-5CD5D580A163}) (Version: 14.32.31332 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 106.0.5 (x64 de)) (Version: 106.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 74.0.1 - Mozilla)
NVIDIA FrameView SDK 1.3.8107.31782123 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.3.8107.31782123 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.26.0.154 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.26.0.154 - NVIDIA Corporation)
NVIDIA Grafiktreiber 526.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 526.86 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.39.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.39.16 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
NVIDIA USBC Driver 1.50.831.832 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_USBC) (Version: 1.50.831.832 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 27.2.4 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15726.20096 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.15726.20096 - Microsoft Corporation) Hidden
Opera GX Stable 91.0.4516.106 (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Opera GX 91.0.4516.106) (Version: 91.0.4516.106 - Opera Software)
Outlook (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PowerPoint (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Riot Vanguard (HKLM\...\Riot Vanguard) (Version: - Riot Games, Inc.)
Snaz version 1.12.6.0 (HKLM-x32\...\{70A76031-FDC6-4F9B-BB5C-33776703F45A}_is1) (Version: 1.12.6.0 - JimsApps)
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Spotify (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Spotify) (Version: 1.1.98.691.gf759311c - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
StreamElements SE.Live (HKLM-x32\...\StreamElements OBS.Live) (Version: 22.9.8.69 - StreamElements)
StreamLabels 0.3.4 (only current user) (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\8000d50a-fcb7-5b38-8a3b-a02a0ec79daa) (Version: 0.3.4 - Streamlabs)
StreamLabels 0.4.1 (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\{8000d50a-fcb7-5b38-8a3b-a02a0ec79daa}) (Version: 0.4.1 - Streamlabs)
Streamlabs Desktop 1.11.1 (HKLM\...\029c4619-0385-5543-9426-46f9987161d9) (Version: 1.11.1 - General Workings, Inc.)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.3.2 - TeamSpeak Systems GmbH)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.18.5 - TeamViewer)
VALORANT (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
VBCABLE, The Virtual Audio Cable (HKLM\...\VB:VBCABLE {87459874-1236-4469}) (Version: - VB-Audio Software)
Voicemeeter, The Virtual Mixing Console (HKLM-x32\...\VB:Voicemeeter {17359A74-1236-5467}) (Version: - VB-Audio Software)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 5.80 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)
Packages:
=========
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.91.2.0_x64__kgqvnymyfvs32 [2022-11-03] (king.com)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-12-10] (Microsoft Corporation)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-11-04] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-11-02] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-11-02] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-09-21] (Microsoft Studios) [MS Ad]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.963.0_x64__56jybvy8sckqj [2022-11-10] (NVIDIA Corp.)
Pixlr E -> C:\Program Files\WindowsApps\InmagineLabPteLtd.PixlrE_1.0.1.0_neutral__0fvarhdejbjpm [2022-03-19] (Inmagine Lab Pte Ltd)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.29.256.0_x64__dt26b99r8h8gj [2021-12-17] (Realtek Semiconductor Corp)
Word -> C:\Program Files\WindowsApps\word.office.com-CECA1A7F_1.0.0.0_neutral__jc2kecmnkxwqc [2022-07-10] (word.office.com)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52 [2021-06-04] (New Work SE)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1577740540-671938675-3438131953-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Anwender\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1577740540-671938675-3438131953-1000_Classes\CLSID\{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 -> C:\Users\Anwender\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS -> A-Volute)
CustomCLSID: HKU\S-1-5-21-1577740540-671938675-3438131953-1000_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Anwender\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bd530e4cbd42e0a3\nvshext.dll [2022-11-09] (Nvidia Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\Anwender\Desktop\Pusi - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm --app-url=hxxps://excel.office.com/
ShortcutWithArgument: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb --app-url=hxxps://outlook.com/
ShortcutWithArgument: C:\Users\Anwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf --app-url=hxxps://powerpoint.office.com/
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2021-10-24 11:24 - 2021-10-24 11:24 - 000967168 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\VB\Voicemeeter\mp3lame\lame_enc.dll
2022-09-29 13:11 - 2022-09-29 13:11 - 000038400 _____ () [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\giflib5.dll
2022-09-29 13:11 - 2022-09-29 13:11 - 000098816 _____ () [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\QtZeroConf.dll
2022-09-29 13:11 - 2022-09-29 13:11 - 000720384 _____ () [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\turbojpeg.dll
2022-10-26 12:54 - 2022-10-25 23:00 - 000156160 _____ () [Datei ist nicht signiert] C:\Program Files\LGHUB\resources\app.asar.unpacked\keytar.node
2019-11-10 18:21 - 2019-11-10 18:21 - 000710656 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52\e_sqlite3.dll
2021-06-04 12:57 - 2021-06-04 12:57 - 038131712 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52\Xing.UWP.dll
2022-09-29 13:11 - 2022-09-29 13:11 - 001742848 _____ (SQLite Development Team) [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\sqlite3.dll
2022-03-04 13:26 - 2020-04-26 14:10 - 003000832 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Users\Anwender\AppData\Roaming\Elgato\StreamDeck\Plugins\net.voicemod.windowsdesktop.sdPlugin\libcrypto-1_1-x64.dll
2022-09-29 13:11 - 2022-09-29 13:11 - 002696704 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\libcrypto-1_1-x64.dll
2022-09-29 13:11 - 2022-09-29 13:11 - 000642560 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Elgato\StreamDeck\libssl-1_1-x64.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\mntemp:8EAD8B3507 [2498]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [2498]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [2498]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [2498]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [2498]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk:980850BA8A [2498]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk:5465085A2F [2498]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [2498]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [2498]
AlternateDataStreams: C:\Users\Anwender\Anwendungsdaten:5a7a7919109c97d615ad7581cd492710 [394]
AlternateDataStreams: C:\Users\Anwender\AppData\Roaming:5a7a7919109c97d615ad7581cd492710 [394]
AlternateDataStreams: C:\Users\Anwender\AppData\Local\Temp:{67AD6FA5-2A7D-47de-A0C4-F04C8F26F841} [0]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [3874]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dbnwss_20_15_ssg00¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0DzzyCtC0AtCyDyD0BtBzyyDyD0AtN0D0Tzu0StAtDtBtDtN1L2XzuyEtFyCtCtFtDtFtCzyzztN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2SyE0FyDtCtAtD0D0AtGyE0DyDyCtG0Bzyzy0DtGtDyB0DtBtG0F0F0A0ByDtDyDtA0A0EyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1QyEyDzz1SyDyDzytGtDyD1QtBtGyEtCyDtDtGzzyCzz1RtGyDyEzztAtC1P1P1PyByC1TtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutByCtAzzyDtN1Q2Z1B1P1RzutCyDzzyCtAyEtAtBzytB%26cr%3D1389621428%26a%3Dwsg_dbnwss_20_15_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKU\S-1-5-21-1577740540-671938675-3438131953-1000 -> DefaultScope {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dbnwss_20_15_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0DzzyCtC0AtCyDyD0BtBzyyDyD0AtN0D0Tzu0StAtDtBtDtN1L2XzuyEtFyCtCtFtDtFtCzyzztN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2SyE0FyDtCtAtD0D0AtGyE0DyDyCtG0Bzyzy0DtGtDyB0DtBtG0F0F0A0ByDtDyDtA0A0EyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1QyEyDzz1SyDyDzytGtDyD1QtBtGyEtCyDtDtGzzyCzz1RtGyDyEzztAtC1P1P1PyByC1TtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutByCtAzzyDtN1Q2Z1B1P1RzutCyDzzyCtAyEtAtBzytB%26cr%3D1389621428%26a%3Dwsg_dbnwss_20_15_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1577740540-671938675-3438131953-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dbnwss_20_15_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtD0DzzyCtC0AtCyDyD0BtBzyyDyD0AtN0D0Tzu0StAtDtBtDtN1L2XzuyEtFyCtCtFtDtFtCzyzztN1L1Czu1BtCtN1L1G1B1V1N2Y1L1Qzu2SyE0FyDtCtAtD0D0AtGyE0DyDyCtG0Bzyzy0DtGtDyB0DtBtG0F0F0A0ByDtDyDtA0A0EyD0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1QyEyDzz1SyDyDzytGtDyD1QtBtGyEtCyDtDtGzzyCzz1RtGyDyEzztAtC1P1P1PyByC1TtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutByCtAzzyDtN1Q2Z1B1P1RzutCyDzzyCtAyEtAtBzytB%26cr%3D1389621428%26a%3Dwsg_dbnwss_20_15_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Anwender\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\Profile-picture (1).jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run: => "Riot Vanguard"
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\StartupApproved\StartupFolder: => "Twitch.lnk"
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\StartupApproved\Run: => "GogGalaxy"
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-1577740540-671938675-3438131953-1000\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{5A738D64-A3E2-4526-A41A-6BD2FBA7CE1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [Datei ist nicht signiert]
FirewallRules: [{680E1FE7-B1D2-4F0B-B413-D3EF6223DF98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{C1F1F245-E658-456D-BAA5-625AD740059F}C:\users\anwender\desktop\rubinum\rubinum\rubinumlauncher.exe] => (Allow) C:\users\anwender\desktop\rubinum\rubinum\rubinumlauncher.exe => Keine Datei
FirewallRules: [TCP Query User{33E793B7-61A7-42B2-89CB-EFA5563A9816}C:\users\anwender\desktop\rubinum\rubinum\rubinumlauncher.exe] => (Allow) C:\users\anwender\desktop\rubinum\rubinum\rubinumlauncher.exe => Keine Datei
FirewallRules: [UDP Query User{6E425FEF-5D37-44A8-93DD-8387522F96CC}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [TCP Query User{67C6FB00-3472-46A1-BC8E-565458D0D0F6}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [{4F480644-0BF7-481C-A0D6-DF03F4396E89}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{41C32BCF-7636-4455-B115-D9C707CBCD17}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{621E427F-CF5D-4FD6-9203-5190C0BC356E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [{E9C34B3A-46F7-4C9B-876E-B7E3BC8273D0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\launcher.exe (Skutta, Kristjan -> )
FirewallRules: [UDP Query User{4A54C2F1-906E-4AE1-BE0D-8C6592A42057}C:\users\anwender\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\anwender\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{75ABD60A-4570-46D9-B58A-C06279AFC0B5}C:\users\anwender\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\anwender\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{10ED9C89-56BE-4956-9B8A-BA5E8AC9852F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D79DA858-255B-4D7F-8709-B6BF514BA744}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{1FD9B8E1-3EA4-48A7-8BDF-BB60102F1F1A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Keine Datei
FirewallRules: [{BE23767B-A96D-41A6-91CD-F05A54F191CE}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Keine Datei
FirewallRules: [{38A5FDE0-647B-4F50-B758-89C5B28C9ED3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{FCDFB609-7888-4A9F-A9F4-527927EDC5F1}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [UDP Query User{F3CC4A70-65B7-4E2A-864E-B6C4CD84470C}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{2148071A-C68C-425D-9812-2870371E18DD}C:\riot games\league of legends\game\league of legends.exe] => (Allow) C:\riot games\league of legends\game\league of legends.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{4A94FEFF-22C9-4308-A8EE-07C42E0D96C4}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{342EE7B6-E7A4-4981-9D08-5E38CB6FB39D}] => (Allow) C:\Riot Games\League of Legends\LeagueClient.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [{DB313B61-8B75-4898-AF3B-31C51E59DABF}] => (Allow) C:\Users\Anwender\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{94CD629C-78F1-42F6-87E5-13F1AE18EE10}] => (Allow) C:\Users\Anwender\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{7D66C12B-8C46-4712-A8D9-F6C76F23EDDB}] => (Allow) C:\Users\Anwender\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{73FA8351-FD2B-4044-A783-983117961839}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{1323C0C0-1FE1-4291-B744-2A48AFF77688}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{787F477C-0E8B-4EBE-B054-AF1493F020B3}C:\program files\streamlabs obs\streamlabs obs.exe] => (Allow) C:\program files\streamlabs obs\streamlabs obs.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [UDP Query User{09FDD2A2-52CB-4B39-8874-4E4E5254169E}C:\program files\streamlabs obs\streamlabs obs.exe] => (Allow) C:\program files\streamlabs obs\streamlabs obs.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [{BF71AE1C-3D1A-445C-8429-F9F92B550EDF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{2A87046F-E07F-46EC-8312-336454E5CE45}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{5EA99C0F-0DE2-4481-B5AC-BA3F2E23A8F9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{56ED28F4-51DC-462E-A7A5-B8F82D6D01F3}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{15C100F4-3BFB-4F49-825E-5F606436A228}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{50371283-8B94-4ED1-9D17-9BA70E3B56DA}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{F51370DB-B21B-49BE-B1FB-7BCAA5C5394A}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe => Keine Datei
FirewallRules: [{42CDE875-88DB-43E4-B5E2-D39D9C630510}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\OxygenPanelDaemon.exe => Keine Datei
FirewallRules: [{74E8C166-BD5C-46DD-AD7E-C333DABD3231}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{960911BB-346E-4F0C-A5FC-7C3046A6089A}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe => Keine Datei
FirewallRules: [TCP Query User{A38156CA-42E0-422A-B7A3-1723722B51C3}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Block) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [UDP Query User{E0882415-039B-442F-9E3F-920C89F18944}C:\program files\blackmagic design\davinci resolve\dpdecoder.exe] => (Block) C:\program files\blackmagic design\davinci resolve\dpdecoder.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [TCP Query User{90ACFFB6-87EA-4D7F-86AC-A0A086F637C8}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{C1CDB643-6B2E-4CDF-B227-4AD0EEF1BE57}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Block) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{D6AF6869-9FFA-4FBD-BE15-A9A2410E5387}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Block) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{02D98A24-D79E-4571-88F2-D991664CB89B}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Block) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{5A58EADB-E845-42AD-BA3D-BCF8289C9F04}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{209CF30B-BD90-4438-B99F-A5B84577670F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{6B972250-1339-40DB-8B15-D32D5795C977}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{212D0A56-47DA-4F0E-99EE-2CCDC124327B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{131180DE-CA4F-44D2-B6B3-8DE8E5E8783B}C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe] => (Allow) C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe => Keine Datei
FirewallRules: [UDP Query User{73477402-CB21-48DE-BE1B-9C447E6078E2}C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe] => (Allow) C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe => Keine Datei
FirewallRules: [TCP Query User{5B96F2EC-0E8E-452C-AA9A-1380537F5157}C:\users\anwender\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\anwender\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{AD92FF7D-51D7-4DCB-86BC-D61674B30A01}C:\users\anwender\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\anwender\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{B8F988B0-4770-4EA5-8956-EBCE1CD5FB68}C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe] => (Allow) C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe => Keine Datei
FirewallRules: [UDP Query User{5F2BD7E1-5256-4B70-844B-DAD2DC3CE06B}C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe] => (Allow) C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe => Keine Datei
FirewallRules: [TCP Query User{6E31B405-B366-423F-BB7A-C4E815A0F562}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{732A5536-BA88-4AD1-8793-FD20DEBA3CCD}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{EE1CFFF5-F70C-4EC4-986A-C39B72377B85}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Block) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{C961051F-424E-47F2-B131-DA26422E710A}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Block) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{2CD976A5-29A1-4DDC-BF5F-9AB8C4BBBEA8}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [UDP Query User{D11D6C1B-D276-4772-9296-AB476CE9CE39}C:\program files (x86)\call of duty modern warfare\modernwarfare.exe] => (Allow) C:\program files (x86)\call of duty modern warfare\modernwarfare.exe => Keine Datei
FirewallRules: [{93DC0AE8-27E8-4613-AC25-F5E67D1F61C1}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E849E3F4-0EAA-46B7-97D9-CD4149EBBFD0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B9CB106D-2F7B-4387-97C0-CB608BC6642B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1C927929-503B-41A0-A00D-3FDEA92A6E9F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{F97602ED-5C44-4669-9A2B-0692BDC53DF6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{BB8ECEF6-C07C-4FB4-8857-015843E3823B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{EB21281D-0210-4A8C-8AA7-F1A33F06D0CF}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{6F9DD8B7-4D32-43B7-A585-0A4B695AC571}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{DA83A8F6-2577-4F46-B84F-29962F5FEEDB}C:\program files (x86)\steam\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\naraka bladepoint\narakabladepoint.exe => Keine Datei
FirewallRules: [UDP Query User{AE945FC4-ED24-410B-8868-D4FCAC3CEDB3}C:\program files (x86)\steam\steamapps\common\naraka bladepoint\narakabladepoint.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\naraka bladepoint\narakabladepoint.exe => Keine Datei
FirewallRules: [TCP Query User{38442072-D52E-41B4-8484-79C26E2142EA}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe => Keine Datei
FirewallRules: [UDP Query User{1BAE4DBC-4B62-49A2-ADBB-0C9418561568}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe => Keine Datei
FirewallRules: [{9D2F7DC4-D7CA-45CB-AEDE-7CAFC4928CE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [{BD41562F-95B3-41C7-ABAA-7CFE70271935}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\ui32.exe (Skutta, Kristjan -> )
FirewallRules: [{955C28FD-730D-4E4C-9DD9-324AF96609E5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{6E3EB58E-D4E7-4991-A13E-EFB36DA61E9D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A65EBC58-60B7-42EB-9187-933BDF031976}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{2C9C703B-04D4-4C2F-99E2-4031D56F77A3}C:\users\anwender\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\anwender\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{7C093299-9F6A-4B5F-BA03-1D02910E6930}C:\users\anwender\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\anwender\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{36BAB71A-8F82-4BDA-8455-BAEEF96324B5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vampire Survivors\VampireSurvivors.exe (Luca Galante) [Datei ist nicht signiert]
FirewallRules: [{05BF89D0-6FE4-490F-9DC3-3D0651673103}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Vampire Survivors\VampireSurvivors.exe (Luca Galante) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{F8E6E88E-0F8E-46FE-895A-80D5EDE134B8}C:\program files (x86)\steam\steamapps\common\hentai vs furries\avf2\binaries\win64\avf2-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hentai vs furries\avf2\binaries\win64\avf2-win64-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{B27F79C4-E47C-4669-9992-43AACD76F2ED}C:\program files (x86)\steam\steamapps\common\hentai vs furries\avf2\binaries\win64\avf2-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\hentai vs furries\avf2\binaries\win64\avf2-win64-shipping.exe => Keine Datei
FirewallRules: [{789D288F-115E-48FC-B288-04289DE59240}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{82C717DB-296A-49F2-A971-04F4B81B728A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{651E3F42-0DCA-4FEE-A0C3-263351636B91}C:\users\anwender\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\anwender\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{8CC66DE9-4E6A-4786-9E2D-86F39820B5FD}C:\users\anwender\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\anwender\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{D42BA5B8-9325-47A4-81B8-0983D5179B21}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{D456E666-4713-4E77-928D-B75E3509A7ED}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{478BE521-9C88-4B72-86D3-55C697B05B32}C:\program files\obs-studio\obs-plugins\64bit\obs-browser-page.exe] => (Allow) C:\program files\obs-studio\obs-plugins\64bit\obs-browser-page.exe (Hugh Bailey -> )
FirewallRules: [UDP Query User{DE56C980-7BF9-4668-9C89-9BCFA774BC00}C:\program files\obs-studio\obs-plugins\64bit\obs-browser-page.exe] => (Allow) C:\program files\obs-studio\obs-plugins\64bit\obs-browser-page.exe (Hugh Bailey -> )
FirewallRules: [{B1DCFDD4-7B46-4239-B36C-927636B21782}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{C69B17A4-49B6-4B5E-A0DC-7476E71A6D1D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{555C81C2-8DD5-4E9D-A5A4-ED76C4EB02BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{B6647367-7071-48A4-BA86-013A465276B8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{4C785523-B021-4184-828B-0174BD45C58D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fall Guys\FallGuys_client.exe () [Datei ist nicht signiert]
FirewallRules: [{A885AAF6-BF49-4B4E-BF3D-0AC0D77A1B29}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fall Guys\FallGuys_client.exe () [Datei ist nicht signiert]
FirewallRules: [{7BA6433F-7800-45C5-BA43-CF2C1CFA193B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fall Guys\FallGuys_client_game.exe () [Datei ist nicht signiert]
FirewallRules: [{D04671B9-B17E-4A9C-ADC1-C8B264AB02EC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fall Guys\FallGuys_client_game.exe () [Datei ist nicht signiert]
FirewallRules: [{3423C594-B5F7-416F-AFC7-D5DF3170BB7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Fishing\UltimateFishing.exe () [Datei ist nicht signiert]
FirewallRules: [{69119BE8-FC2E-4D2B-8344-192535C26BBD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ultimate Fishing\UltimateFishing.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{FE74C9AA-97AB-4B1B-B66C-3AF5B52E0EC6}C:\program files\obs-studio\obs-plugins\64bit\obs-browser-page.exe] => (Block) C:\program files\obs-studio\obs-plugins\64bit\obs-browser-page.exe (Hugh Bailey -> )
FirewallRules: [UDP Query User{13228A1E-11FF-4962-8A8E-108865782C52}C:\program files\obs-studio\obs-plugins\64bit\obs-browser-page.exe] => (Block) C:\program files\obs-studio\obs-plugins\64bit\obs-browser-page.exe (Hugh Bailey -> )
FirewallRules: [{237DF28B-23F0-4B4C-8BAC-779020E463BA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StickFightTheGame\StickFight.exe () [Datei ist nicht signiert]
FirewallRules: [{D864EB98-CF65-46D6-9F9C-C4959ABC5B38}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\StickFightTheGame\StickFight.exe () [Datei ist nicht signiert]
FirewallRules: [{BBDD51F8-B411-4C15-9951-8C9161D57B1C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GodOfWar\GoW.exe (Santa Monica Studio) [Datei ist nicht signiert]
FirewallRules: [{B96835AA-26F7-49BF-9750-92363A4BCB42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GodOfWar\GoW.exe (Santa Monica Studio) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{9641C647-7307-4020-8214-D0653842BF8D}C:\program files\streamlabs obs\streamlabs obs.exe] => (Allow) C:\program files\streamlabs obs\streamlabs obs.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [UDP Query User{83BB3909-6AF2-40D9-AD94-39A3E4F3E7FE}C:\program files\streamlabs obs\streamlabs obs.exe] => (Allow) C:\program files\streamlabs obs\streamlabs obs.exe (Streamlabs (General Workings, Inc.) -> General Workings, Inc.)
FirewallRules: [{75BA7CFD-A8C2-4EAA-9A82-B756F7F4B668}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MultiVersus\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{CDA23D69-CBFC-4239-B9A8-7395813D3C12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MultiVersus\start_protected_game.exe (EasyAntiCheat Oy -> Epic Games, Inc.)
FirewallRules: [{E9CEF5A0-AC25-41E9-AA81-A5D863AA49A8}] => (Allow) C:\Program Files\Elgato\StreamDeck\StreamDeck.exe (Corsair Memory, Inc. -> Corsair Memory, Inc)
FirewallRules: [{CD7A31D1-65D1-460F-89EC-BE9AF864886E}] => (Allow) C:\Program Files\obs-studio\bin\64bit\obs64.exe (Hugh Bailey -> OBS)
FirewallRules: [{F9F53961-9BF9-4268-9600-ED131D019585}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{77E3D8E1-9E6C-44EB-855B-0F33FDFA44FB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F3EF2049-D938-415D-BD9D-74B8D689A5BC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{54D200BF-36ED-4FB0-9B1A-CE6E79136EFB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{D0C54AFE-B480-480A-BB88-26DEE62B0E4D}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{1CC56062-EA88-4DAD-A8F2-530D40CCD516}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{8C603AC3-F864-417B-AB17-8B23ECAA5578}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{DE1C4CF2-7B69-4337-9484-AE93C35959D9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\bin\diagnostics32.exe (Skutta, Kristjan -> )
FirewallRules: [{E68D881D-5F95-423E-8D71-89761E1C1233}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{DB288C91-7723-4693-A17E-138913C3DC58}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{4AF25F10-1FFE-47D5-A4AA-3A685903F265}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [{ADFBF7BE-253B-4AED-B5B0-B3DBFD27728B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{6CC3D275-BA85-4D98-920A-E0C868780EDF}C:\program files (x86)\steam\steamapps\common\love, sam\lovesamrewrite\binaries\win64\lovesamrewrite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\love, sam\lovesamrewrite\binaries\win64\lovesamrewrite.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{6A9C7096-6B0C-4351-B867-FB68805EE9AA}C:\program files (x86)\steam\steamapps\common\love, sam\lovesamrewrite\binaries\win64\lovesamrewrite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\love, sam\lovesamrewrite\binaries\win64\lovesamrewrite.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{A26A9E7D-5418-4B07-A140-DC1C0B830A85}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{72A0EC89-8357-45A3-8961-5A7D57000192}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SlayTheSpire\jre\bin\javaw.exe
FirewallRules: [{D4193298-C198-46E7-A640-65B1C1F86534}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{A2CDBEFE-0016-4ABF-B05C-E5233C403D2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brotato\Brotato.exe (Thomas Gervraud) [Datei ist nicht signiert]
FirewallRules: [{014D20B8-DA66-4874-BC45-2340E9B74764}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Brotato\Brotato.exe (Thomas Gervraud) [Datei ist nicht signiert]
FirewallRules: [{A35E6640-DFAC-4172-A82B-160010C91C54}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.42\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
11-11-2022 19:31:30 Geplanter Prüfpunkt
14-11-2022 16:02:14 Windows Modules Installer
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (11/15/2022 03:13:28 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Error: (11/15/2022 03:13:28 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (11/15/2022 11:05:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Photopea video for voiceover.scr, Version: 1.0.14.255, Zeitstempel: 0x636e5713
Name des fehlerhaften Moduls: clr.dll, Version: 4.8.4515.0, Zeitstempel: 0x624cf48c
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001b46bd
ID des fehlerhaften Prozesses: 0x147c
Startzeit der fehlerhaften Anwendung: 0x01d8f8d9c3205bf7
Pfad der fehlerhaften Anwendung: C:\Users\Anwender\Desktop\photopea\[Photopea] Promotional Materials\Photopea video for voiceover.scr
Pfad des fehlerhaften Moduls: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
Berichtskennung: 29ddbbaa-1833-43a7-a24f-8be18f8ef4a4
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/15/2022 11:05:20 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Anwendung: Photopea video for voiceover.scr
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund eines internen Fehlers in der .NET-Laufzeit beendet. bei IP 70E546BD (70CA0000) mit Exitcode 80131506.
Error: (11/14/2022 06:33:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Error: (11/14/2022 06:33:47 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (11/11/2022 07:22:47 PM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: Die Speicheroptimierung konnte erneut optimieren auf Volume (D:) nicht abschließen. Grund: Der angeforderte Vorgang wird von der Hardware des Volumes nicht unterstützt. (0x8900002A)
Error: (11/10/2022 08:25:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: wallpaper32.exe, Version: 2.2.0.18, Zeitstempel: 0x6352babb
Name des fehlerhaften Moduls: nvwgf2um.dll, Version: 31.0.15.2647, Zeitstempel: 0x6358346e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00238b47
ID des fehlerhaften Prozesses: 0x2ac4
Startzeit der fehlerhaften Anwendung: 0x01d8f4f4c1692116
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ade64cd54ec2f9ed\nvwgf2um.dll
Berichtskennung: 779c481f-bfea-42da-8030-60b93adc05b6
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (11/15/2022 03:45:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Logi Facecam Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/15/2022 03:45:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/15/2022 03:45:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "TeamViewer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/15/2022 03:45:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/15/2022 03:45:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA LocalSystem Container" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 6000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/15/2022 03:45:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "LGHUB Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/15/2022 03:45:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Nahimic service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 3000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/15/2022 03:45:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Realtek Audio Universal Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Windows Defender:
================
Date: 2022-11-15 15:55:54
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/InstallCore&threatid=311991&enterprise=0
Name: PUADlManager:Win32/InstallCore
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Users\Anwender\Downloads\adobe_flash_player_1993324768.exe; file:_C:\Users\Anwender\Downloads\adobe_flash_player_2151221308.exe; file:_C:\Users\Anwender\Downloads\adobe_flash_player_3461104809.exe; file:_C:\Users\Anwender\Downloads\CR_Downloader_fuer_project64_2184029674.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: MEAN-MACHINE\Anwender
Prozessname: C:\Users\Anwender\Desktop\Rengar related\FRST64.exe
Sicherheitsversion: AV: 1.379.386.0, AS: 1.379.386.0, NIS: 1.379.386.0
Modulversion: AM: 1.1.19800.4, NIS: 1.1.19800.4
Date: 2022-11-15 15:55:53
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/InstallCore&threatid=311991&enterprise=0
Name: PUADlManager:Win32/InstallCore
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Users\Anwender\Downloads\adobe_flash_player_1993324768.exe; file:_C:\Users\Anwender\Downloads\adobe_flash_player_2151221308.exe; file:_C:\Users\Anwender\Downloads\adobe_flash_player_3461104809.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: MEAN-MACHINE\Anwender
Prozessname: C:\Users\Anwender\Desktop\Rengar related\FRST64.exe
Sicherheitsversion: AV: 1.379.386.0, AS: 1.379.386.0, NIS: 1.379.386.0
Modulversion: AM: 1.1.19800.4, NIS: 1.1.19800.4
Date: 2022-11-15 15:55:52
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/InstallCore&threatid=311991&enterprise=0
Name: PUADlManager:Win32/InstallCore
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Users\Anwender\Downloads\adobe_flash_player_1993324768.exe; file:_C:\Users\Anwender\Downloads\adobe_flash_player_2151221308.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: MEAN-MACHINE\Anwender
Prozessname: C:\Users\Anwender\Desktop\Rengar related\FRST64.exe
Sicherheitsversion: AV: 1.379.386.0, AS: 1.379.386.0, NIS: 1.379.386.0
Modulversion: AM: 1.1.19800.4, NIS: 1.1.19800.4
Date: 2022-11-15 15:55:52
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/InstallCore&threatid=311991&enterprise=0
Name: PUADlManager:Win32/InstallCore
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Users\Anwender\Downloads\adobe_flash_player_1993324768.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: MEAN-MACHINE\Anwender
Prozessname: C:\Users\Anwender\Desktop\Rengar related\FRST64.exe
Sicherheitsversion: AV: 1.379.386.0, AS: 1.379.386.0, NIS: 1.379.386.0
Modulversion: AM: 1.1.19800.4, NIS: 1.1.19800.4
Date: 2022-11-15 15:11:05
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUADlManager:Win32/InstallCore&threatid=311991&enterprise=0
Name: PUADlManager:Win32/InstallCore
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Users\Anwender\Downloads\adobe_flash_player_1993324768.exe; file:_C:\Users\Anwender\Downloads\adobe_flash_player_2151221308.exe; file:_C:\Users\Anwender\Downloads\adobe_flash_player_3461104809.exe; file:_C:\Users\Anwender\Downloads\CR_Downloader_fuer_project64_2184029674.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: MEAN-MACHINE\Anwender
Prozessname: C:\Windows\explorer.exe
Sicherheitsversion: AV: 1.379.379.0, AS: 1.379.379.0, NIS: 1.379.379.0
Modulversion: AM: 1.1.19800.4, NIS: 1.1.19800.4
CodeIntegrity:
===============
Date: 2022-11-11 19:22:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-11-10 23:17:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-11-01 14:19:22
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.4-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-10-30 17:45:07
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-09-30 22:49:30
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-09-06 12:05:52
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\ProgramData\Microsoft\Windows Defender\Platform\4.18.2205.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. H.00 08/05/2019
Hauptplatine: Micro-Star International Co., Ltd. X470 GAMING PLUS MAX (MS-7B79)
Prozessor: AMD Ryzen 5 3600 6-Core Processor
Prozentuale Nutzung des RAM: 19%
Installierter physikalischer RAM: 32714.45 MB
Verfügbarer physikalischer RAM: 26443.24 MB
Summe virtueller Speicher: 37578.45 MB
Verfügbarer virtueller Speicher: 29237.64 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:465.19 GB) (Free:137.81 GB) (Model: KINGSTON SA2000M8500G) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:931.38 GB) (Model: TOSHIBA HDWD110) NTFS
\\?\Volume{2d28b987-0000-0000-0000-100000000000}\ (System-reserviert) (Fixed) (Total:0.57 GB) (Free:0.11 GB) NTFS
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 4DDA2387)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: 2D28B987)
Partition 1: (Active) - (Size=579 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt =======================
|
|
16.11.2022, 08:48
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WINDOWS 10: .SCR Malware Befall adwCleaner Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags. adwcleaner bitte wiederholen falls es Funde gab.
__________________ --> WINDOWS 10: .SCR Malware Befall |
|
16.11.2022, 10:14
| #7 |
| | WINDOWS 10: .SCR Malware BefallCode:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-16-2022
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.2251)
# Cleaned: 13
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Chromium
Deleted C:\Program Files (x86)\Digital Communications
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKCU\Software\WebDiscoverBrowser
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKLM\Software\WebDiscoverBrowser
Deleted HKLM\Software\Wow6432Node\WebDiscoverBrowser
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SAntivirusSvc
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
Deleted Search Manager - {24436206-088d-4a1a-8d0e-cf93ca7a2d23}
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2766 octets] - [16/11/2022 10:12:21]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
|
|
16.11.2022, 12:23
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WINDOWS 10: .SCR Malware Befall Beitrag richtig gelesen? Was sollst du tun, wenn es Funde gab?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2022, 12:41
| #9 |
| | WINDOWS 10: .SCR Malware Befall Mein Fehler. adwCleaner wurde nochmal ausgeführt. Hier die Logs vom ersten Scan: Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-16-2022
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.2251)
# Cleaned: 13
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\Chromium
Deleted C:\Program Files (x86)\Digital Communications
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKCU\Software\WebDiscoverBrowser
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKLM\Software\WebDiscoverBrowser
Deleted HKLM\Software\Wow6432Node\WebDiscoverBrowser
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
Deleted HKLM\System\CurrentControlSet\Services\EventLog\Application\SAntivirusSvc
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
Deleted Search Manager - {24436206-088d-4a1a-8d0e-cf93ca7a2d23}
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2766 octets] - [16/11/2022 10:12:21]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-16-2022
# Duration: 00:00:04
# OS: Windows 10 (Build 19045.2251)
# Scanned: 32101
# Detected: 13
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.FakeChrome C:\Program Files (x86)\Chromium
PUP.Optional.Segurazo C:\Program Files (x86)\Digital Communications
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Legacy HKCU\Software\WebDiscoverBrowser
PUP.Optional.Legacy HKLM\Software\WebDiscoverBrowser
PUP.Optional.Legacy HKLM\Software\Wow6432Node\WebDiscoverBrowser
PUP.Optional.SAntivirus HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
PUP.Optional.SAntivirus HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
PUP.Optional.SAntivirus HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
PUP.Optional.SAntivirus HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
PUP.Optional.SAntivirus HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.exe
PUP.Optional.SAntivirus HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|santivirusclient.vshost.exe
PUP.Optional.Segurazo HKLM\System\CurrentControlSet\Services\EventLog\Application\SAntivirusSvc
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
PUP.Optional.SearchManager Search Manager - {24436206-088d-4a1a-8d0e-cf93ca7a2d23}
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-16-2022
# Duration: 00:00:03
# OS: Windows 10 (Build 19045.2251)
# Scanned: 32101
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
AdwCleaner[S00].txt - [2766 octets] - [16/11/2022 10:12:21]
AdwCleaner[C00].txt - [2716 octets] - [16/11/2022 10:12:34]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
|
|
16.11.2022, 12:43
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WINDOWS 10: .SCR Malware Befall Kontrollscans mit MBAM und RK Poste nach Abschluss der beiden Scans die Logs in CODE-Tags.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2022, 13:03
| #11 |
| | WINDOWS 10: .SCR Malware Befall MBAM: Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 16.11.22
Scan-Zeit: 12:48
Protokolldatei: a8447342-65a4-11ed-b4cf-00d861a155b2.json
-Softwaredaten-
Version: 4.5.17.221
Komponentenversion: 1.0.1806
Version des Aktualisierungspakets: 1.0.62364
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 19045.2251)
CPU: x64
Dateisystem: NTFS
Benutzer: Mean-Machine\Anwender
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 302901
Erkannte Bedrohungen: 34
In die Quarantäne verschobene Bedrohungen: 34
Abgelaufene Zeit: 1 Min., 49 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 4
PUP.Optional.WinYahoo, HKU\S-1-5-21-1577740540-671938675-3438131953-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}, In Quarantäne, 203, 254682, 1.0.62364, , ame, , ,
PUP.Optional.SearchHijacker, HKLM\SOFTWARE\MICROSOFT\EDGE\EXTENSIONS\MECKCKFJNFNIMLOMKEMNHCOONJFPBCOH, In Quarantäne, 321, 912315, , , , , ,
PUP.Optional.SearchHijacker, HKU\S-1-5-21-1577740540-671938675-3438131953-1000\SOFTWARE\MICROSOFT\EDGE\EXTENSIONS\MECKCKFJNFNIMLOMKEMNHCOONJFPBCOH, In Quarantäne, 321, 912315, , , , , ,
PUP.Optional.SearchHijacker, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\EDGE\EXTENSIONS\meckckfjnfnimlomkemnhcoonjfpbcoh, In Quarantäne, 321, 912315, 1.0.62364, , ame, , ,
Registrierungswert: 2
PUP.Optional.WinYahoo, HKU\S-1-5-21-1577740540-671938675-3438131953-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2f23ab71-4ac6-41f2-a955-ea576e553146}|URL, In Quarantäne, 203, 254682, 1.0.62364, , ame, , ,
PUP.Optional.SearchHijacker, HKU\S-1-5-21-1577740540-671938675-3438131953-1000\SOFTWARE\MICROSOFT\EDGE\PREFERENCEMACS\Default\extensions.settings|MECKCKFJNFNIMLOMKEMNHCOONJFPBCOH, In Quarantäne, 321, 912315, , , , , ,
Registrierungsdaten: 1
PUP.Optional.WinYahoo, HKU\S-1-5-21-1577740540-671938675-3438131953-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|START PAGE, Ersetzt, 203, 707485, 1.0.62364, , ame, , ,
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 3
PUP.Optional.SearchHijacker, C:\USERS\ANWENDER\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Extensions\MECKCKFJNFNIMLOMKEMNHCOONJFPBCOH, In Quarantäne, 321, 912315, , , , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\Anwender\AppData\Local\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\HowToRemove, In Quarantäne, 936, 542290, , , , , ,
PUP.Optional.WinYahoo.TskLnk, C:\USERS\ANWENDER\APPDATA\LOCAL\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}, In Quarantäne, 936, 542290, 1.0.62364, , ame, , ,
Datei: 24
PUP.Optional.SearchHijacker, C:\USERS\ANWENDER\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Secure Preferences, Ersetzt, 321, 912315, , , , , 461777EE4D89DE9E1AB11BAB71E3D10A, BE895DBF60BF4116C642D8F70103C36921069BCA0F0A015FFF968D664ABB993D
PUP.Optional.SearchManager.BITSRST, C:\USERS\ANWENDER\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\DEFAULT\EXTENSIONS\MECKCKFJNFNIMLOMKEMNHCOONJFPBCOH\10.1.4.70_1\RESPONSECONFIG.JSON, In Quarantäne, 245, 626727, 1.0.62364, , ame, , E2E264F970E768BD23EB5C9715CD0670, E4546429C867FD77A986717FCDACCAA0E4058A35C59122FB610A28AAF1E8C5D1
PUP.Optional.WinYahoo.TskLnk, C:\USERS\ANWENDER\APPDATA\LOCAL\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\HOWTOREMOVE\HOWTOREMOVE.HTML, In Quarantäne, 936, 542290, 1.0.62364, , ame, , 92A56BD431B8EC678C73844C916017CA, 47BFA64B49B9ABF0C2DCA4F400E0137E1C29211CE6ED4196EDE1560149D13FF2
PUP.Optional.WinYahoo.TskLnk, C:\Users\Anwender\AppData\Local\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\HowToRemove\chromium-min.jpg, In Quarantäne, 936, 542290, , , , , 63BC75E5CF5CBA301C0A333A493C1E6C, AECF7E9F8EA60035CF8E255B99ADDBC4739C357BC9773273B682B06073AE2BBC
PUP.Optional.WinYahoo.TskLnk, C:\Users\Anwender\AppData\Local\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\HowToRemove\control panel-min-min.JPG, In Quarantäne, 936, 542290, , , , , D3317C08A7FD5C68AF7607B56365D7EF, E0DF11EDFC606871F3FA3E825D0A346D895CF2246372E1919F3F6B6F823855EA
PUP.Optional.WinYahoo.TskLnk, C:\Users\Anwender\AppData\Local\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\HowToRemove\down.png, In Quarantäne, 936, 542290, , , , , BD28C167E200A3B28D65FAD11067F767, 782AEE35F1473A0818E85C7888276AB1A92A2C6650420A6914C11D4A87017959
PUP.Optional.WinYahoo.TskLnk, C:\Users\Anwender\AppData\Local\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\HowToRemove\ff menu.JPG, In Quarantäne, 936, 542290, , , , , 0ACF64A62398FD3E28C0F776E080E02E, A7E228427AFE421EE317EECF714464E5ED346B2032C98F4076B01EB61D92F11F
PUP.Optional.WinYahoo.TskLnk, C:\Users\Anwender\AppData\Local\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\HowToRemove\ff search engine-min.png, In Quarantäne, 936, 542290, , , , , 98167327578F423AD62775F9C0DA1C08, 95E4B167F0173DB00F6BCDDE9864CC2E5DDED171506F8AB8E7B9F7863D913680
PUP.Optional.WinYahoo.TskLnk, C:\Users\Anwender\AppData\Local\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\HowToRemove\hp-min ff.png, In Quarantäne, 936, 542290, , , , , AFE6FD269F10B4FB4055028CE2E0F70C, F0403DEBED00E906EE26EFE1463A63347D5B7CD6EB60BB38AE0E3C3460F71693
PUP.Optional.WinYahoo.TskLnk, C:\Users\Anwender\AppData\Local\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\HowToRemove\hp-min ie.png, In Quarantäne, 936, 542290, , , , , C76F780F7CDEDA6D63A72E00719EAE53, 0A53A6F7C61B73B40061A401ED4C5D1E520C1D1DEC270617C5C25C8EE64A95C6
PUP.Optional.WinYahoo.TskLnk, C:\Users\Anwender\AppData\Local\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\HowToRemove\search engine.gif, In Quarantäne, 936, 542290, , , , , D2665D24334093AFB3D3E64E22346AC4, E5CA26785BDB836C3C234A67E991BF1C70D4E87CAA75EC43747619E64DECAA57
PUP.Optional.WinYahoo.TskLnk, C:\Users\Anwender\AppData\Local\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\HowToRemove\setup pages.gif, In Quarantäne, 936, 542290, , , , , D8957AB88B51AC3D91DB06AC96369BE4, 6BB5388E49AAB90AB7C85A736EAABDEB9A78CDCCA4D7A4138B00DBC1C657C8D5
PUP.Optional.WinYahoo.TskLnk, C:\Users\Anwender\AppData\Local\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\HowToRemove\sp-min.png, In Quarantäne, 936, 542290, , , , , C4A8846B0AAC9BEF78F6A001514ECFF5, 4E9A05BDB43137235913F0BBB1F21C35DF34E62D33F2A4F4FC9C0F15FA1346E3
PUP.Optional.WinYahoo.TskLnk, C:\Users\Anwender\AppData\Local\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\HowToRemove\start-min.jpg, In Quarantäne, 936, 542290, , , , , 7A52610FBA6935C9ACF2A2F38CA86F6A, 677001B0CFD9F6C824E422C5EBBC5C042ABB0CF156990064DD3170CF6F3379C8
PUP.Optional.WinYahoo.TskLnk, C:\Users\Anwender\AppData\Local\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\HowToRemove\up.png, In Quarantäne, 936, 542290, , , , , 45B1D3F523A38E29419DC26AE6BDD253, 892E25F7363B1C4EFA5FFACD5F4CDADD01833F49EF5CEF335676D84DA871EBA0
PUP.Optional.WinYahoo.TskLnk, C:\Users\Anwender\AppData\Local\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\laconef, In Quarantäne, 936, 542290, , , , , F45B4692FF1D6D2CCB9223D8339C8E2A, F1210F85446863E8DED182F1C6FF3FAD83420A54D5E78638AC828A7C6C45C845
PUP.Optional.WinYahoo.TskLnk, C:\Users\Anwender\AppData\Local\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\timita, In Quarantäne, 936, 542290, , , , , 181B8B9347E234BBEB175A6198A0D25F, 53397BBFD387B2B5DD52FA824832622E1E45E7976D6E25E77035E26FB4F374F3
PUP.Optional.WinYahoo.TskLnk, C:\Users\Anwender\AppData\Local\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\uninst.exe, In Quarantäne, 936, 542290, , , , , 4ED777A5428F68EFA0A9D84FEB06D056, 59EE7AA430827FED2DCE7D0765AA95560094D864A811AB3611E30EA1B2CB4293
PUP.Optional.WinYahoo.TskLnk, C:\Users\Anwender\AppData\Local\{CBF0FDAC-EF58-9114-82C0-B4FCA6A84864}\uninstp.dat, In Quarantäne, 936, 542290, , , , , 07376496354D1F307EAE3E332D8D814A, C1C44F3888FE65C23FDD411D834F92D9B2C839431DB702BFF94C0FDBB9F3B6EB
Adware.WinYahoo, C:\PROGRAMDATA\ZZDGA\NINIWIC_270415_S4_1.EXE, In Quarantäne, 751, 718433, 1.0.62364, 86EDBBD56BB0F68FF0C31988, dds, 02038149, F4E7CC722D26DC5E61C43C2570C4EA92, F47E0B00BD1A9D9FD7CB24DC1587216A0A54B9E84080D6A65D3D286CF10A5C81
Adware.InstallCore, C:\USERS\ANWENDER\DOWNLOADS\ADOBE_FLASH_PLAYER_1993324768.EXE, In Quarantäne, 481, 845509, 1.0.62364, E75DEE78B889657D616EF64D, dds, 02038149, 54C53DD11D9C09610748F69CB6971FD2, F12A98D384058DC2CE9B1B6DF77FD8E323915480054A9C8AF86E538174230D29
Adware.InstallCore, C:\USERS\ANWENDER\DOWNLOADS\CR_DOWNLOADER_FUER_PROJECT64_2184029674.EXE, In Quarantäne, 481, 845509, 1.0.62364, 276E4DD76AB8E954D992053D, dds, 02038149, 0CD11AEB07E5300341ECE5788153FF49, CA1FFD7F67000632DC4D6617196D8EF2D562D47786D048A4569535A18074B81B
Adware.InstallCore, C:\USERS\ANWENDER\DOWNLOADS\ADOBE_FLASH_PLAYER_2151221308.EXE, In Quarantäne, 481, 845509, 1.0.62364, E75DEE78B889657D616EF64D, dds, 02038149, 54C53DD11D9C09610748F69CB6971FD2, F12A98D384058DC2CE9B1B6DF77FD8E323915480054A9C8AF86E538174230D29
Adware.InstallCore, C:\USERS\ANWENDER\DOWNLOADS\ADOBE_FLASH_PLAYER_3461104809.EXE, In Quarantäne, 481, 845509, 1.0.62364, E75DEE78B889657D616EF64D, dds, 02038149, 54C53DD11D9C09610748F69CB6971FD2, F12A98D384058DC2CE9B1B6DF77FD8E323915480054A9C8AF86E538174230D29
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter Program : RogueKiller Anti-Malware
Version : 15.6.3.0
x64 : Yes
Program Date : Nov 15 2022
Location : C:\Users\Anwender\AppData\Local\Temp\scoped_dir13832_1281236509\RogueKiller_portable64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19045) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Anwender
User is Admin : Yes
Date : 2022/11/16 12:00:37
Type : Removal
Aborted : No
Scan Mode : Standard
Duration : 249
Found items : 5
Total scanned : 72180
Signatures Version : 20221116_093222
Truesight Driver : Yes
Updates Count : 7
************************* Warnings *************************
************************* Removal *************************
[Suspicious.Path (Potenziell bösartig)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{131180DE-CA4F-44D2-B6B3-8DE8E5E8783B}C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe -- [%localappdata%\programs\crewlink\crewlink.exe] -> Gelöscht
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{131180DE-CA4F-44D2-B6B3-8DE8E5E8783B}C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe
[+] value : [%localappdata%\programs\crewlink\crewlink.exe]
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 0
[+] status : 3
[+] status_str : Gelöscht
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1
[Suspicious.Path (Potenziell bösartig)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{73477402-CB21-48DE-BE1B-9C447E6078E2}C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe -- [%localappdata%\programs\crewlink\crewlink.exe] -> Gelöscht
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{73477402-CB21-48DE-BE1B-9C447E6078E2}C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe
[+] value : [%localappdata%\programs\crewlink\crewlink.exe]
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 1
[+] status : 3
[+] status_str : Gelöscht
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1
[Suspicious.Path (Potenziell bösartig)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{5F2BD7E1-5256-4B70-844B-DAD2DC3CE06B}C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe -- [%localappdata%\programs\crewlink\crewlink.exe] -> Gelöscht
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{5F2BD7E1-5256-4B70-844B-DAD2DC3CE06B}C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe
[+] value : [%localappdata%\programs\crewlink\crewlink.exe]
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 2
[+] status : 3
[+] status_str : Gelöscht
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1
[Suspicious.Path (Potenziell bösartig)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{B8F988B0-4770-4EA5-8956-EBCE1CD5FB68}C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe -- [%localappdata%\programs\crewlink\crewlink.exe] -> Gelöscht
[+] scan_what : 1
[+] vendors : Suspicious.Path
[+] Name : HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{B8F988B0-4770-4EA5-8956-EBCE1CD5FB68}C:\users\anwender\appdata\local\programs\crewlink\crewlink.exe
[+] value : [%localappdata%\programs\crewlink\crewlink.exe]
[+] Type : Registry
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 3
[+] status : 3
[+] status_str : Gelöscht
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : -1
[PUP.SearchManager (Potenziell bösartig)] Search Manager -- {24436206-088d-4a1a-8d0e-cf93ca7a2d23} -> Gelöscht
[+] scan_what : 1
[+] vendors : PUP.SearchManager
[+] Name : Search Manager
[+] value : {24436206-088d-4a1a-8d0e-cf93ca7a2d23}
[+] Type : Browser
[+] file_vtscore : 0
[+] file_vttotal : 0
[+] is_malicious : Yes
[+] detection_level : 3
[+] id : 4
[+] status : 3
[+] status_str : Gelöscht
[+] removed : Yes
[+] status_choice : 2
[+] malpe_score : 0
|
|
16.11.2022, 13:07
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WINDOWS 10: .SCR Malware Befall Bitte beide Programme wiederholen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2022, 13:16
| #13 |
| | WINDOWS 10: .SCR Malware Befall MBAM: Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 16.11.22
Scan-Zeit: 13:09
Protokolldatei: 741d10b2-65a7-11ed-9d90-00d861a155b2.json
-Softwaredaten-
Version: 4.5.17.221
Komponentenversion: 1.0.1806
Version des Aktualisierungspakets: 1.0.62364
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 19045.2251)
CPU: x64
Dateisystem: NTFS
Benutzer: Mean-Machine\Anwender
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 303172
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 0 Min., 55 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter Program : RogueKiller Anti-Malware
Version : 15.6.3.0
x64 : Yes
Program Date : Nov 15 2022
Location : C:\Users\Anwender\Desktop\RogueKiller_portable64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19045) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : Anwender
User is Admin : Yes
Date : 2022/11/16 12:15:29
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 247
Found items : 0
Total scanned : 72212
Signatures Version : 20221116_093222
Truesight Driver : Yes
Updates Count : 7
************************* Warnings *************************
************************* Updates *************************
Mozilla Firefox (x64 de) (64-bit), version 106.0.5
[+] Available Version : 107.0
[+] Size : 213 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Mozilla Firefox
TeamSpeak 3 Client (64-bit), version 3.3.2
[+] Available Version : 3.5.6
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\TeamSpeak 3 Client
WinRAR 5.80 (64-bit) (64-bit), version 5.80.0
[+] Available Version : 6.11
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\WinRAR\
OBS Studio (32-bit), version 27.2.4
[+] Available Version : 28.1.2
[+] Wow6432 : Yes
[+] Portable : No
TeamViewer (32-bit), version 15.18.5
[+] Available Version : 15.35.9
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\TeamViewer
Discord (64-bit), version 0.0.309
[+] Available Version : 1.0.9006
[+] Size : 64,6 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Users\Anwender\AppData\Local\Discord
Zoom (64-bit), version 5.9.1 (2581)
[+] Available Version : 5.12.8
[+] Size : 9,76 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Users\Anwender\AppData\Roaming\Zoom\bin
************************* Processes *************************
************************* Modules *************************
************************* Services *************************
************************* Scheduled Tasks *************************
************************* Registry *************************
************************* WMI *************************
************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts
************************* Filesystem *************************
************************* Web Browsers *************************
************************* Antirootkit *************************
|
|
16.11.2022, 13:20
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | WINDOWS 10: .SCR Malware Befall SecurityCheck Führe SecurityCheck gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2022, 13:22
| #15 |
| | WINDOWS 10: .SCR Malware BefallCode:
ATTFilter SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21]
WebSite: www.safezone.cc
DateLog: 16.11.2022 13:21:25
Path starting: C:\Users\Anwender\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Anwender
VersionXML: 10.28is-13.11.2022
___________________________________________________________________________
Windows 10(6.3.19045) (x64) Core Release: 2009 Lang: German(0407)
Installation date OS: 02.09.2020 12:48:31
LicenseStatus: Windows(R), Core edition The machine is permanently activated.
LicenseStatus: Office 19, Office19ProPlus2019MSDNR_Retail edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [465.2 Gb] Used: [328.5 Gb] Free: [136.7 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.789.19041.0
User Account Control enabled (Level 3)
Sicherheitscenter (wscsvc) - The service is running
Remoteregistrierung (RemoteRegistry) - The service has stopped
SSDP-Suche (SSDPSRV) - The service is running
Remotedesktopdienste (TermService) - The service has stopped
Windows-Remoteverwaltung (WS-Verwaltung) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
Malwarebytes (enabled and up to date)
Windows Defender (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Defender Firewall (mpssvc) - The service is running
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Malwarebytes version 4.5.17.221 v.4.5.17.221
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Office Professional Plus 2019 - de-de v.16.0.15726.20202 [+]
NVIDIA GeForce Experience 3.26.0.154 v.3.26.0.154
Steam v.2.10.91.91
TeamViewer v.15.18.5 Warning! Download Update
Epic Games Launcher v.1.1.298.0
------------------------------- [ Backup ] --------------------------------
Microsoft OneDrive v.22.225.1026.0001
------------------------------ [ ArchAndFM ] ------------------------------
WinRAR 5.80 (64-bit) v.5.80.0 Warning! Download Update
-------------------------- [ IMAndCollaborate ] ---------------------------
Discord v.0.0.309 Warning! Download Update
Microsoft Teams v.1.3.00.28779 Warning! Download Update
Zoom v.5.9.1 (2581) Warning! Download Update
-------------------------------- [ Media ] --------------------------------
Spotify v.1.1.98.691.gf759311c
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox (x64 de) v.106.0.5
Opera GX Stable 91.0.4516.106 v.91.0.4516.106 Warning! Download Update
Google Chrome v.107.0.5304.107
Microsoft Edge v.107.0.1418.42
------------------ [ AntivirusFirewallProcessServices ] -------------------
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1363
Malwarebytes Service (MBAMService) - The service is running
C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1132
Microsoft Defender Antivirus-Dienst (WinDefend) - The service has stopped
Microsoft Defender Antivirus-Netzwerkinspektionsdienst (WdNisSvc) - The service has stopped
----------------------------- [ End of Log ] ------------------------------
|
|
| Themen zu WINDOWS 10: .SCR Malware Befall |
| antivirus, computer, downloader, email scam, excel, firefox, google, home, internet, internet explorer, malware, monitor, mozilla, nvcontainer, performance, prozesse, realtek, registry, rundll, scan, scr malware, services.exe, software, svchost.exe, system, udp, updates, windows, windows 10 |
Linear-Darstellung
