Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojan:Script/Woreflint.A!cl in file: C:\Users\name\AppData\Local\Temp\SCFA2EB.tmp

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Thema geschlossen
Alt 24.05.2023, 13:03   #1
cysar78
 
Trojan:Script/Woreflint.A!cl in file: C:\Users\name\AppData\Local\Temp\SCFA2EB.tmp - Standard

Trojan:Script/Woreflint.A!cl in file: C:\Users\name\AppData\Local\Temp\SCFA2EB.tmp



Guten Tag,

Leider wurde ich Opfer der Mailware Trojan:Script/Woreflint.A!cl.

Diese befindet sich nun seit Wochen auf dem PC. Wird zwar immer wieder "entfernt", aber ich bekomme trotzdem die Windowsdefender Meldung.

Hier habe ich logs bei deren Auswertung ich Hilfe Brauche

FRST:

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-05-2023
durchgeführt von savio (Administrator) auf PC-SAVIO (24-05-2023 13:28:43)
Gestartet von C:\Users\savio\Desktop\FRST64.exe
Geladene Profile: savio
Plattform: Microsoft Windows 11 Pro Insider Preview Version 22H2 23451.1000 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\Google\Drive File Stream\74.0.3.0\GoogleDriveFS.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\75.0.2.0\GoogleDriveFS.exe <6>
(C:\Program Files\Google\Drive File Stream\75.0.2.0\GoogleDriveFS.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\75.0.2.0\crashpad_handler.exe <8>
(C:\Program Files\LGHUB\lghub.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe
(C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3404.0_x64__kzf8qxf38zg5c\Skype\Skype.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_523.11500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\113.0.1774.50\msedgewebview2.exe <6>
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MpCopyAccelerator.exe
(C:\Users\savio\AppData\Local\Figma\app-116.9.5\Figma.exe ->) (Figma, Inc. -> ) C:\Users\savio\AppData\Local\FigmaAgent\figma_agent.exe
(C:\Users\savio\Desktop\adwcleaner.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2304.26.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <2>
(cmd.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(cmd.exe ->) (Agilebits -> AgileBits, Inc.) C:\Users\savio\AppData\Local\1Password\app\8\1Password-BrowserSupport.exe
(DriverStore\FileRepository\u0391400.inf_amd64_78dd64c613d4c112\B391098\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0391400.inf_amd64_78dd64c613d4c112\B391098\atieclxx.exe
(explorer.exe ->) (Agilebits -> 1Password) C:\Users\savio\AppData\Local\1Password\app\8\1Password.exe <5>
(explorer.exe ->) (Figma, Inc. -> Figma, Inc.) C:\Users\savio\AppData\Local\Figma\app-116.9.5\Figma.exe <10>
(explorer.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\74.0.3.0\crashpad_handler.exe <2>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\74.0.3.0\GoogleDriveFS.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub.exe <3>
(explorer.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(explorer.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Users\savio\Desktop\adwcleaner.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <57>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <2>
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0391400.inf_amd64_78dd64c613d4c112\B391098\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Codice Software SL -> Codice Software, S.L.) C:\Program Files\PlasticSCM5\client\plasticchangetrackerservice.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2>
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\NisSrv.exe
(services.exe ->) (peakstar technologies Inc. -> AtlasVPN.Worker) C:\Program Files\AtlasVPN\Bin\AtlasVPN.Worker.exe
(services.exe ->) (philandro Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(services.exe ->) (plasticd) [Datei ist nicht signiert] C:\Program Files\PlasticSCM5\server\plasticd.exe
(services.exe ->) (Reallusion Inc. -> Reallusion.Inc) C:\Program Files (x86)\Common Files\Reallusion\RLHostService\RLHostService.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Surfshark B.V. -> Surfshark) C:\Program Files (x86)\Surfshark\Surfshark.Service.exe
(sihost.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(sihost.exe ->) (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3404.0_x64__kzf8qxf38zg5c\Skype\Skype.exe <6>
(Slack Technologies, Inc. -> Slack Technologies Inc.) C:\ProgramData\savio\slack\app-4.32.122\slack.exe <7>
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2317.9.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> ) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.210.760.0_x86__zpdnekdrzrea0\SpotifyWidgetProvider.exe
(svchost.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_523.11500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [881440 2019-06-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [3088752 2023-03-10] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-09-18] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [OnScreen Control] => C:\Program Files (x86)\LG Electronics\OnScreen Control\bin\OnScreenStartUpApp.exe [1820568 2020-10-19] (LG Electronics Inc. -> LG Electronics Inc.)
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\113.0.1774.50\Installer\setup.exe [4045200 2023-05-24] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\75.0.2.0\GoogleDriveFS.exe [53969176 2023-05-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\75.0.2.0\GoogleDriveFS.exe [53969176 2023-05-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\Run: [MicrosoftEdgeAutoLaunch_BB803E781B762523B5E016383944836F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4152256 2023-05-11] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\Run: [Discord] => C:\Users\savio\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\Run: [1Password] => C:\Users\savio\AppData\Local\1Password\app\8\1Password.exe [160138096 2023-05-09] (Agilebits -> 1Password)
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4362600 2023-03-24] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\Run: [Opera GX Browser Assistant] => C:\Users\savio\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32754128 2023-01-08] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\Run: [Figma Agent] => C:\Users\savio\AppData\Local\FigmaAgent\figma_agent.exe [6698800 2023-05-15] (Figma, Inc. -> )
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\lghub.exe [152025856 2023-04-16] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [1090168 2023-05-13] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\Run: [Surfshark] => C:\Program Files (x86)\Surfshark\Surfshark.exe [11455560 2023-01-30] (Surfshark B.V. -> Surfshark)
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\75.0.2.0\GoogleDriveFS.exe [53969176 2023-05-24] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\Run: [com.squirrel.slack.slack] => C:\ProgramData\savio\slack\slack.exe [310584 2023-05-01] (Slack Technologies, Inc. -> Slack Technologies Inc.)
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\savio\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (Keine Datei)
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\savio\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (Keine Datei)
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\RunOnce: [Uninstall 23.096.0507.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\savio\AppData\Local\Microsoft\OneDrive\23.096.0507.0001" (Keine Datei)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\75.0.2.0\GoogleDriveFS.exe [53969176 2023-05-24] (Google LLC -> Google, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\113.0.5672.127\Installer\chrmstp.exe [2023-05-24] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2022-02-13]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\qt_temp.Hp4444 [2023-05-14] () [Datei ist nicht signiert]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\StartRLCMS.lnk [2023-05-14]
ShortcutTarget: StartRLCMS.lnk -> C:\ProgramData\Reallusion\RLRunUtility.exe (Reallusion Inc. -> )
Startup: C:\Users\savio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2023-05-05]

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {1F1D6BAA-5141-4692-A288-2B5A15F9928B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MpCmdRun.exe [1650024 2023-05-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {228523ED-E976-4B12-A28C-106657F591E9} - System32\Tasks\AMD Updater => "C:\Program Files\AMD\CIM\\Bin64\RadeonInstaller.exe"  /AUTOUPDATEIN (Keine Datei)
Task: {234573A1-A67F-4D6B-9858-C635915ED820} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2017-07-24] (Apple Inc. -> Apple Inc.)
Task: {2C8DDBB6-9BAB-49C3-9200-1D7D100034CA} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1645444329 => C:\Users\savio\AppData\Local\Programs\Opera GX\launcher.exe [2611616 2023-05-18] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\savio\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {31D68498-24AC-4F77-BE52-DDF406225F5D} - System32\Tasks\RLHub_SkipUac_savio => C:\Program Files (x86)\Common Files\Reallusion\LiveUpdate\Reallusion Hub.exe [1166160 2021-08-04] (Reallusion Inc. -> Reallusion Inc.)
Task: {4BE351D0-FA5C-4408-B42D-55E0E989525A} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [954816 2022-09-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {4CAB2E60-3FCD-41CA-A03A-93FC7E2BEE65} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2022-02-13] (Google Inc -> Google Inc.)
Task: {55FB6318-986C-4FE7-8C01-D6D79F3B3143} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MpCmdRun.exe [1650024 2023-05-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {62A46340-DD7E-4E45-A2E3-E3027F7CA0B3} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [183232 2022-09-15] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {695DD85C-981E-46DB-8441-F84E0E1F052C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Keine Datei)
Task: {85AAA4D4-07E7-431E-80EC-8D3D703C9178} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {A7E1B018-203F-4BF1-9F73-E935243C02ED} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [67504 2022-04-18] (Microsoft Corporation -> Microsoft)
Task: {A93661A1-E180-4775-92A9-2F42BB5AAD9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156968 2022-02-13] (Google Inc -> Google Inc.)
Task: {BE06AEC1-B184-45C1-B087-420DFE6D1EC5} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [954816 2022-09-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {C24A9BA9-5BE2-4A3B-A5D0-55754F17B540} - System32\Tasks\Opera GX scheduled Autoupdate 1644753098 => C:\Users\savio\AppData\Local\Programs\Opera GX\launcher.exe [2611616 2023-05-18] (Opera Norway AS -> Opera Software)
Task: {F3992AAB-CCC3-4601-8779-DA98923914EC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MpCmdRun.exe [1650024 2023-05-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FEB9FFFD-3555-406F-A9E4-4FC3FB251C9D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MpCmdRun.exe [1650024 2023-05-02] (Microsoft Windows Publisher -> Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{61344b52-b331-4574-a64a-4a63ae29da93}: [DhcpNameServer] 192.168.2.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\savio\AppData\Local\Microsoft\Edge\User Data\Default [2023-05-24]
Edge Notifications: Default -> hxxps://mail.google.com; hxxps://www.faceit.com
Edge HomePage: Default -> hxxp://www.google.com/
Edge StartupUrls: Default -> "hxxp://google.com/"
Edge Extension: (Google Übersetzer) - C:\Users\savio\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2023-03-22]
Edge Extension: (lock) - C:\Users\savio\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dppgmdbiimibapkepcbdbmkaabgiofem [2023-04-19]
Edge Extension: (Google Docs Offline) - C:\Users\savio\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-05-24]
Edge Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\savio\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2023-04-25]
Edge Extension: (Übersetzer - Webübersetzer, Wörterbuch) - C:\Users\savio\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jbopnianfmifhdbdljehjepcknehlpci [2023-02-20]
Edge Extension: (Edge relevant text changes) - C:\Users\savio\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-24]
Edge Extension: (Microsoft Edge DevTools Enhancements) - C:\Users\savio\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\kfbdpdaobnofkbopebjglnaadopfikhh [2023-04-05]
Edge Extension: (Reader Mode Pro) - C:\Users\savio\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\koddbhkhginnhnfnhgldkampappgmmje [2022-11-14]
Edge Extension: (ClickUp: Tasks, Screenshots, Email, Time) - C:\Users\savio\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pliibjocnfmkagafnbkfcimonlnlpghj [2022-10-21]
Edge Profile: C:\Users\savio\AppData\Local\Microsoft\Edge\User Data\Guest Profile [2023-02-03]
Edge HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [kagpabjoboikccfdghpdlaaopmgpgfdc]

Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\savio\AppData\Local\Google\Chrome\User Data\Default [2023-04-05]
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Extension: (lock) - C:\Users\savio\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeblfdkhhhdcdjpifhhbdiojplfjncoa [2023-04-05]
CHR Extension: (Google Docs Offline) - C:\Users\savio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-04-05]
CHR Extension: (Anwendungs-Launcher für Drive (von Google)) - C:\Users\savio\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-02-01]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\savio\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-02-13]
CHR Extension: (Dubble — Free Step-by-Step Guide Creator) - C:\Users\savio\AppData\Local\Google\Chrome\User Data\Default\Extensions\odinmjjdainghmojdffgpjmkefajhlbn [2023-03-21]
CHR Profile: C:\Users\savio\AppData\Local\Google\Chrome\User Data\Guest Profile [2023-05-04]
CHR Profile: C:\Users\savio\AppData\Local\Google\Chrome\User Data\Profile 1 [2023-02-09]
CHR Extension: (Google Docs Offline) - C:\Users\savio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-01-12]
CHR Extension: (Microsoft Power Automate) - C:\Users\savio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ljglajjnnkapghbckkcmodicjhacbfhk [2023-02-09]
CHR Extension: (Anwendungs-Launcher für Drive (von Google)) - C:\Users\savio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-01-12]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\savio\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-01-12]
CHR Profile: C:\Users\savio\AppData\Local\Google\Chrome\User Data\System Profile [2023-05-04]
CHR HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ljglajjnnkapghbckkcmodicjhacbfhk]
CHR HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]

Opera: 
=======
StartMenuInternet: (HKU\S-1-5-21-3636290956-4184935153-3330214957-1001) Opera GXStable - "C:\Users\savio\AppData\Local\Programs\Opera GX\Launcher.exe"

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3853384 2022-08-13] (philandro Software GmbH -> AnyDesk Software GmbH)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc. -> Apple Inc.)
R2 AtlasVPN.Worker; C:\Program Files\AtlasVPN\Bin\AtlasVPN.Worker.exe [158168 2023-02-22] (peakstar technologies Inc. -> AtlasVPN.Worker)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8885112 2022-06-20] (BattlEye Innovations e.K. -> )
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [9948264 2022-12-21] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-03-24] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2022-07-14] (Epic Games Inc. -> Epic Games, Inc.)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation -> Microsoft Corporation)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10196736 2023-04-16] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9255384 2023-05-24] (Malwarebytes Inc. -> Malwarebytes)
R2 Plastic Change Tracker; C:\Program Files\PlasticSCM5\client\plasticchangetrackerservice.exe [368984 2022-02-06] (Codice Software SL -> Codice Software, S.L.)
R2 Plastic Server 6; C:\Program Files\PlasticSCM5\server\plasticd.exe [142848 2022-02-06] (plasticd) [Datei ist nicht signiert]
R2 RLHostService; C:\Program Files (x86)\Common Files\Reallusion\RLHostService\RLHostService.exe [280072 2021-02-25] (Reallusion Inc. -> Reallusion.Inc)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [302008 2023-04-29] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Surfshark Service; C:\Program Files (x86)\Surfshark\Surfshark.Service.exe [3662408 2023-01-30] (Surfshark B.V. -> Surfshark)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [11060856 2023-03-10] (Riot Games, Inc. -> Riot Games, Inc.)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\NisSrv.exe [3216064 2023-05-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2304.8-0\MsMpEng.exe [133544 2023-05-02] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [35880 2023-04-27] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R2 AMDRyzenMasterDriverV19; C:\WINDOWS\system32\AMDRyzenMasterDriver.sys [43336 2022-09-15] (Advanced Micro Devices INC. -> Advanced Micro Devices)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_1a1a381a2c0e293c\amdsafd.sys [113056 2022-08-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0391400.inf_amd64_78dd64c613d4c112\B391098\amdkmdag.sys [101190176 2023-04-27] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [59920 2022-05-31] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 busenum; C:\WINDOWS\System32\drivers\busenum.sys [57824 2012-08-03] (Synology Inc. -> Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus2.sys [160376 2021-10-08] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [213280 2023-04-29] (Microsoft Windows -> Microsoft Corporation)
R1 googledrivefs31092; C:\WINDOWS\System32\DRIVERS\googledrivefs31092.sys [384600 2023-02-08] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R3 logi_joy_bus_enum; C:\WINDOWS\system32\drivers\logi_joy_bus_enum.sys [44880 2022-09-23] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\WINDOWS\system32\drivers\logi_joy_vir_hid.sys [32080 2022-09-22] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\WINDOWS\system32\drivers\logi_joy_xlcore.sys [73040 2022-09-23] (Logitech Inc -> Logitech)
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [66952 2018-07-30] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-05-24] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-05-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (ManyCam -> Visicom Media Inc.)
R3 MpKsl338387e9; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{04FAA76D-A782-4D66-8973-43AD06FC97B2}\MpKslDrv.sys [212264 2023-05-24] (Microsoft Windows -> Microsoft Corporation)
R3 rtcx21; C:\WINDOWS\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_3ab91b059be7f058\rtcx21x64.sys [652880 2022-05-11] (Realtek Semiconductor Corp. -> Realtek)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [65144 2021-10-08] (Samsung Electronics Co., Ltd. -> QUALCOMM Incorporated)
S3 SurfsharkSplitTunnelDriver; C:\Program Files (x86)\Surfshark\Resources\x64\SurfsharkSplitTunnelCalloutDriver.sys [39648 2022-02-01] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [30720 2019-10-31] (OpenVPN Inc. -> The OpenVPN Project)
R3 tapsurfshark; C:\WINDOWS\System32\drivers\tapsurfshark.sys [38728 2020-06-15] (WDKTestCert Lenovo,131775874531219913 -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2018-05-04] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-03] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [22292248 2023-03-10] (Riot Games, Inc. -> Riot Games, Inc.)
S3 VirtualHID; C:\WINDOWS\System32\drivers\VirtualHID.sys [26768 2020-02-05] (Voyetra Turtle Beach, Inc. -> TurtleBeach)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [94208 2023-04-29] (Microsoft Windows -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2023-05-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498944 2023-05-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-05-02] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2023-05-24 13:28 - 2023-05-24 13:29 - 000031411 _____ C:\Users\savio\Desktop\FRST.txt
2023-05-24 13:28 - 2023-05-24 13:29 - 000000000 ____D C:\FRST
2023-05-24 13:27 - 2023-05-24 13:28 - 002382848 _____ (Farbar) C:\Users\savio\Desktop\FRST64.exe
2023-05-24 13:24 - 2023-05-24 13:24 - 000001481 _____ C:\Users\savio\Desktop\AdwCleaner[S01].txt
2023-05-24 13:22 - 2023-05-24 13:23 - 000000000 ____D C:\AdwCleaner
2023-05-24 13:21 - 2023-05-24 13:21 - 008791352 _____ (Malwarebytes) C:\Users\savio\Desktop\adwcleaner.exe
2023-05-24 13:20 - 2023-05-24 13:20 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-05-24 13:20 - 2023-05-24 13:20 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-05-24 13:20 - 2023-05-24 13:20 - 000000000 ____D C:\Users\savio\AppData\Local\mbam
2023-05-24 13:20 - 2023-05-24 13:20 - 000000000 ____D C:\Users\savio\AppData\Local\Malwarebytes
2023-05-24 13:19 - 2023-05-24 13:19 - 002638680 _____ (Malwarebytes) C:\Users\savio\Desktop\MBSetup.exe
2023-05-24 13:19 - 2023-05-24 13:19 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-05-24 13:19 - 2023-05-24 13:19 - 000000000 ____D C:\Program Files\Malwarebytes
2023-05-24 09:10 - 2023-05-24 09:10 - 000994375 _____ C:\Users\savio\Desktop\Dextra Rechtsschutz AG, Hohlstrasse 556, CH-8048 ZürichLRI.pdf
2023-05-24 08:49 - 2023-05-24 08:49 - 000797826 _____ C:\Users\savio\Desktop\Vereinbarung Zusammenarbeit «Casual-Games» Entwick-.pdf
2023-05-24 08:07 - 2023-05-24 08:07 - 000758844 _____ C:\WINDOWS\system32\perfh007.dat
2023-05-24 08:07 - 2023-05-24 08:07 - 000157062 _____ C:\WINDOWS\system32\perfc007.dat
2023-05-05 10:48 - 2023-04-27 12:57 - 002185760 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2023-05-05 10:48 - 2023-04-27 12:57 - 002185760 _____ C:\WINDOWS\system32\vulkaninfo.exe
2023-05-05 10:48 - 2023-04-27 12:57 - 001619960 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-05-05 10:48 - 2023-04-27 12:57 - 001619960 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2023-05-05 10:48 - 2023-04-27 12:57 - 001593376 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 001593376 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 001500936 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 001500936 _____ C:\WINDOWS\system32\vulkan-1.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 001232088 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 001232088 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000952816 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2023-05-05 10:48 - 2023-04-27 12:57 - 000792048 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Rapidfire64.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000669168 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\Rapidfire.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000598008 _____ C:\WINDOWS\system32\GameManager64.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000539632 _____ C:\WINDOWS\system32\libsmi_guest.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000533488 _____ C:\WINDOWS\system32\dgtrayicon.exe
2023-05-05 10:48 - 2023-04-27 12:57 - 000532464 _____ C:\WINDOWS\system32\libsmi_host.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000526320 _____ C:\WINDOWS\system32\atieah64.exe
2023-05-05 10:48 - 2023-04-27 12:57 - 000493040 _____ C:\WINDOWS\system32\EEURestart.exe
2023-05-05 10:48 - 2023-04-27 12:57 - 000463904 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000451568 _____ C:\WINDOWS\SysWOW64\GameManager32.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000395256 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2023-05-05 10:48 - 2023-04-27 12:57 - 000351728 _____ C:\WINDOWS\system32\clinfo.exe
2023-05-05 10:48 - 2023-04-27 12:57 - 000257008 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000217584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000201040 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000197624 _____ C:\WINDOWS\system32\mantle64.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000186864 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000176632 _____ C:\WINDOWS\system32\mantleaxl64.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000174584 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atisamu64.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000163936 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000154104 _____ C:\WINDOWS\SysWOW64\mantle32.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000138232 _____ C:\WINDOWS\SysWOW64\mantleaxl32.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000137720 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atisamu32.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000065568 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ati2erec.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000041968 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\RapidFireServer64.dll
2023-05-05 10:48 - 2023-04-27 12:57 - 000038904 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\RapidFireServer.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 105774112 _____ C:\WINDOWS\system32\amd_comgr.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 089135136 _____ C:\WINDOWS\SysWOW64\amd_comgr32.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 016633376 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdhip64.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 007362440 _____ C:\WINDOWS\system32\amdsmi.exe
2023-05-05 10:48 - 2023-04-27 12:56 - 004376096 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdadlx64.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 004180000 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdadlx32.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 002203128 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdsasrv64.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 001701672 _____ (AMD) C:\WINDOWS\system32\amf-mft-mjpeg-decoder64.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 001378984 _____ (AMD) C:\WINDOWS\SysWOW64\amf-mft-mjpeg-decoder32.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 001305592 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdsacli64.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 001030176 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdsacli32.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 000934432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 000761888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 000559136 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 000553928 _____ C:\WINDOWS\system32\amdmiracast.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 000461856 _____ C:\WINDOWS\system32\amdlogum.exe
2023-05-05 10:48 - 2023-04-27 12:56 - 000422944 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 000380448 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 000178368 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdihk32.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 000156608 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 000156608 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 000146192 _____ C:\WINDOWS\system32\atidxx64.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 000129056 _____ C:\WINDOWS\system32\amdxc64.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 000126368 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 000126368 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 000119592 _____ C:\WINDOWS\SysWOW64\atidxx32.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 000109088 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amfrt32.dll
2023-05-05 10:48 - 2023-04-27 12:56 - 000104480 _____ C:\WINDOWS\SysWOW64\amdxc32.dll
2023-05-05 10:48 - 2023-04-27 12:55 - 000166456 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdave64.dll
2023-05-05 10:48 - 2023-04-27 12:55 - 000140888 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdave32.dll
2023-05-05 10:48 - 2023-04-20 12:16 - 103230200 _____ C:\WINDOWS\system32\amdxc64.so
2023-05-05 08:51 - 2023-05-24 08:07 - 001754678 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-05-05 08:46 - 2023-05-05 08:46 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-05-05 08:45 - 2023-05-05 08:45 - 000000020 ___SH C:\Users\savio\ntuser.ini
2023-05-05 00:31 - 2023-05-24 08:09 - 000003926 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-05-05 00:31 - 2023-05-24 08:09 - 000003802 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-05-05 00:31 - 2023-05-24 08:09 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3636290956-4184935153-3330214957-1001
2023-05-05 00:31 - 2023-05-24 08:09 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3636290956-4184935153-3330214957-1001
2023-05-05 00:31 - 2023-05-24 08:05 - 000004198 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1644753098
2023-05-05 00:31 - 2023-05-24 08:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-05-05 00:31 - 2023-05-13 12:51 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-05-05 00:31 - 2023-05-13 12:51 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-05-05 00:31 - 2023-05-05 00:31 - 000003760 _____ C:\WINDOWS\system32\Tasks\AMD Updater
2023-05-05 00:31 - 2023-05-05 00:31 - 000003758 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled assistant Autoupdate 1645444329
2023-05-05 00:31 - 2023-05-05 00:31 - 000002518 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2023-05-05 00:31 - 2023-05-05 00:31 - 000002420 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2023-05-05 00:31 - 2023-05-05 00:31 - 000002404 _____ C:\WINDOWS\system32\Tasks\AMDRyzenMasterSDKTask
2023-05-05 00:31 - 2023-05-05 00:31 - 000002320 _____ C:\WINDOWS\system32\Tasks\RLHub_SkipUac_savio
2023-05-05 00:31 - 2023-05-05 00:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2023-05-05 00:31 - 2023-05-05 00:31 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2023-05-05 00:30 - 2023-05-05 00:31 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2023-05-05 00:30 - 2023-05-05 00:31 - 000011433 _____ C:\WINDOWS\diagerr.xml
2023-05-05 00:29 - 2023-05-05 00:29 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2023-05-05 00:27 - 2023-05-24 08:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-05-05 00:27 - 2023-05-05 08:44 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2023-05-05 00:27 - 2023-05-05 00:27 - 000306336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-05-04 21:14 - 2023-05-04 21:14 - 000000000 ____D C:\Users\savio\AppData\Roaming\Microsoft\Network
2023-05-04 21:13 - 2023-05-05 00:27 - 000000000 ____D C:\Users\savio\AppData\Roaming\Microsoft\Crypto
2023-05-04 21:13 - 2023-05-04 21:13 - 000000000 ____D C:\Users\savio\AppData\Roaming\Microsoft\SystemCertificates
2023-05-04 21:07 - 2023-05-05 00:27 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2023-05-04 21:05 - 2023-05-05 08:45 - 000000000 ____D C:\Users\savio\AppData\Roaming\Microsoft\Windows
2023-05-04 21:05 - 2023-05-05 08:45 - 000000000 ____D C:\Users\savio
2023-05-04 21:05 - 2023-05-05 00:27 - 000000000 ____D C:\Users\savio\AppData\Roaming\Microsoft\Spelling
2023-05-04 21:05 - 2023-05-04 21:05 - 000000000 _SHDL C:\Users\savio\Vorlagen
2023-05-04 21:05 - 2023-05-04 21:05 - 000000000 _SHDL C:\Users\savio\Startmenü
2023-05-04 21:05 - 2023-05-04 21:05 - 000000000 _SHDL C:\Users\savio\Netzwerkumgebung
2023-05-04 21:05 - 2023-05-04 21:05 - 000000000 _SHDL C:\Users\savio\Lokale Einstellungen
2023-05-04 21:05 - 2023-05-04 21:05 - 000000000 _SHDL C:\Users\savio\Eigene Dateien
2023-05-04 21:05 - 2023-05-04 21:05 - 000000000 _SHDL C:\Users\savio\Druckumgebung
2023-05-04 21:05 - 2023-05-04 21:05 - 000000000 _SHDL C:\Users\savio\Documents\Eigene Videos
2023-05-04 21:05 - 2023-05-04 21:05 - 000000000 _SHDL C:\Users\savio\Documents\Eigene Musik
2023-05-04 21:05 - 2023-05-04 21:05 - 000000000 _SHDL C:\Users\savio\Documents\Eigene Bilder
2023-05-04 21:05 - 2023-05-04 21:05 - 000000000 _SHDL C:\Users\savio\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2023-05-04 21:05 - 2023-05-04 21:05 - 000000000 _SHDL C:\Users\savio\AppData\Local\Verlauf
2023-05-04 21:05 - 2023-05-04 21:05 - 000000000 _SHDL C:\Users\savio\AppData\Local\Anwendungsdaten
2023-05-04 21:05 - 2023-05-04 21:05 - 000000000 _SHDL C:\Users\savio\Anwendungsdaten
2023-05-04 21:04 - 2023-05-04 21:07 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-05-04 21:01 - 2023-05-04 21:01 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2023-05-04 21:01 - 2023-05-04 21:01 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2023-05-04 21:01 - 2023-05-04 21:01 - 000000000 ____D C:\WINDOWS\addins
2023-05-04 21:00 - 2023-05-05 00:27 - 000000000 ____D C:\Program Files (x86)\MSBuild
2023-05-04 21:00 - 2023-05-04 21:00 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2023-05-04 21:00 - 2023-05-04 21:00 - 000000000 ____D C:\Program Files\Reference Assemblies
2023-05-04 21:00 - 2023-05-04 21:00 - 000000000 ____D C:\Program Files\MSBuild
2023-05-04 21:00 - 2023-05-04 21:00 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2023-05-04 20:50 - 2023-05-04 20:50 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2023-05-04 20:33 - 2023-05-16 08:25 - 000000000 ___DC C:\WINDOWS\Panther
2023-05-04 10:31 - 2023-05-04 10:31 - 000000258 _____ C:\Users\savio\Desktop\Produktionsnotizen.txt
2023-05-04 09:52 - 2023-05-04 09:53 - 000002396 _____ C:\Users\savio\Desktop\Frozen City.txt
2023-05-04 08:55 - 2023-05-04 08:55 - 000000203 _____ C:\Users\savio\Desktop\Taskplanung.txt
2023-05-04 08:52 - 2023-05-04 09:11 - 000000361 _____ C:\Users\savio\Desktop\Dobler.txt
2023-05-03 11:14 - 2023-05-03 11:14 - 000013979 _____ C:\Users\savio\Desktop\Advanced Reporting 2022 Dez 2023 April.csv
2023-05-03 11:06 - 2023-05-03 11:06 - 000010381 _____ C:\Users\savio\Desktop\Network Comparision 2022 Dez 2023 April.csv
2023-04-29 16:27 - 2023-05-04 08:37 - 000000000 ____D C:\Users\savio\Desktop\Etsy
2023-04-29 16:20 - 2023-05-04 20:59 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-04-29 16:20 - 2023-05-04 20:59 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-04-29 16:20 - 2023-05-04 20:59 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-04-29 16:20 - 2023-04-29 16:20 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2023-04-29 16:20 - 2023-04-29 16:20 - 000000000 ___SD C:\WINDOWS\system32\AppV
2023-04-29 16:20 - 2023-04-29 16:20 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2023-04-29 16:20 - 2023-04-29 16:20 - 000000000 ____D C:\WINDOWS\system32\Drivers\mde
2023-04-29 16:20 - 2023-04-29 16:20 - 000000000 ____D C:\WINDOWS\RemotePackages
2023-04-29 16:20 - 2023-04-29 16:20 - 000000000 ____D C:\WINDOWS\InboxApps
2023-04-29 16:20 - 2023-04-29 16:20 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2023-04-29 16:19 - 2023-04-29 16:19 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2023-04-29 16:19 - 2023-04-29 16:19 - 000000000 ____D C:\ProgramData\ssh
2023-04-29 16:10 - 2023-04-29 16:10 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2023-04-29 16:10 - 2023-04-29 16:10 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2023-04-29 16:09 - 2023-05-04 20:59 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2023-04-29 16:09 - 2023-05-04 20:59 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2023-04-29 16:09 - 2023-05-04 20:59 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2023-04-29 16:09 - 2023-05-04 20:59 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2023-04-29 16:09 - 2023-05-04 20:59 - 000000000 ____D C:\WINDOWS\system32\winrm
2023-04-29 16:09 - 2023-05-04 20:59 - 000000000 ____D C:\WINDOWS\system32\WCN
2023-04-29 16:09 - 2023-05-04 20:59 - 000000000 ____D C:\WINDOWS\system32\slmgr
2023-04-29 16:09 - 2023-05-04 20:59 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2023-04-29 16:09 - 2023-04-29 16:20 - 000000000 ____D C:\WINDOWS\system32\de
2023-04-29 16:09 - 2023-04-29 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2023-04-29 16:09 - 2023-04-29 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\de
2023-04-29 16:09 - 2023-04-29 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2023-04-29 16:09 - 2023-04-29 16:09 - 000000000 ____D C:\WINDOWS\system32\0409
2023-04-29 16:09 - 2023-04-29 16:09 - 000000000 ____D C:\WINDOWS\DigitalLocker
2023-04-29 09:14 - 2023-04-29 09:14 - 000000000 _SHDL C:\Users\Default User
2023-04-29 09:14 - 2023-04-29 09:14 - 000000000 _SHDL C:\Users\All Users
2023-04-29 09:01 - 2023-05-04 21:16 - 000000000 ____D C:\WINDOWS\Setup
2023-04-29 08:57 - 2023-05-24 13:20 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-04-29 08:57 - 2023-05-24 13:20 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-04-29 08:57 - 2023-05-24 13:19 - 000000000 ___RD C:\Program Files (x86)
2023-04-29 08:57 - 2023-05-24 13:19 - 000000000 ___HD C:\Program Files\WindowsApps
2023-04-29 08:57 - 2023-05-24 13:19 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-04-29 08:57 - 2023-05-24 13:18 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-04-29 08:57 - 2023-05-05 09:02 - 000000000 ____D C:\ProgramData\USOPrivate
2023-04-29 08:57 - 2023-05-05 09:01 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-04-29 08:57 - 2023-05-05 09:00 - 000000000 ____D C:\WINDOWS\appcompat
2023-04-29 08:57 - 2023-05-05 08:45 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-04-29 08:57 - 2023-05-05 08:45 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-04-29 08:57 - 2023-05-05 08:44 - 000000000 ____D C:\Program Files\Windows NT
2023-04-29 08:57 - 2023-05-05 00:31 - 000000000 ____D C:\Program Files\Windows Defender
2023-04-29 08:57 - 2023-05-05 00:28 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2023-04-29 08:57 - 2023-05-05 00:27 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2023-04-29 08:57 - 2023-05-05 00:27 - 000000000 __RHD C:\Users\Public\Libraries
2023-04-29 08:57 - 2023-05-05 00:27 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-04-29 08:57 - 2023-05-05 00:27 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-04-29 08:57 - 2023-05-05 00:27 - 000000000 ____D C:\WINDOWS\system32\spool
2023-04-29 08:57 - 2023-05-05 00:27 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2023-04-29 08:57 - 2023-05-05 00:27 - 000000000 ____D C:\WINDOWS\system32\NDF
2023-04-29 08:57 - 2023-05-05 00:27 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-04-29 08:57 - 2023-05-05 00:27 - 000000000 ____D C:\WINDOWS\ServiceState
2023-04-29 08:57 - 2023-05-05 00:27 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-04-29 08:57 - 2023-05-05 00:27 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-04-29 08:57 - 2023-05-04 21:05 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2023-04-29 08:57 - 2023-05-04 21:02 - 000000000 ____D C:\WINDOWS\OCR
2023-04-29 08:57 - 2023-05-04 21:01 - 000000000 ____D C:\WINDOWS\system32\setup
2023-04-29 08:57 - 2023-05-04 21:01 - 000000000 ____D C:\WINDOWS\Globalization
2023-04-29 08:57 - 2023-05-04 21:00 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2023-04-29 08:57 - 2023-05-04 21:00 - 000000000 ____D C:\WINDOWS\system32\MUI
2023-04-29 08:57 - 2023-05-04 20:59 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-04-29 08:57 - 2023-05-04 20:59 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-04-29 08:57 - 2023-05-04 20:59 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-04-29 08:57 - 2023-05-04 20:59 - 000000000 ___SD C:\WINDOWS\system32\dsc
2023-04-29 08:57 - 2023-05-04 20:59 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-04-29 08:57 - 2023-05-04 20:59 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-04-29 08:57 - 2023-05-04 20:59 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-04-29 08:57 - 2023-05-04 20:59 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-04-29 08:57 - 2023-05-04 20:59 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-04-29 08:57 - 2023-05-04 20:59 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-04-29 08:57 - 2023-05-04 20:59 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-04-29 08:57 - 2023-04-29 16:21 - 000000000 ____D C:\WINDOWS\Containers
2023-04-29 08:57 - 2023-04-29 16:20 - 000000000 ____D C:\WINDOWS\SystemResources
2023-04-29 08:57 - 2023-04-29 16:20 - 000000000 ____D C:\WINDOWS\SystemApps
2023-04-29 08:57 - 2023-04-29 16:20 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-04-29 08:57 - 2023-04-29 16:20 - 000000000 ____D C:\WINDOWS\security
2023-04-29 08:57 - 2023-04-29 16:20 - 000000000 ____D C:\WINDOWS\schemas
2023-04-29 08:57 - 2023-04-29 16:20 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-04-29 08:57 - 2023-04-29 16:10 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2023-04-29 08:57 - 2023-04-29 16:10 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2023-04-29 08:57 - 2023-04-29 16:10 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2023-04-29 08:57 - 2023-04-29 16:10 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2023-04-29 08:57 - 2023-04-29 16:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2023-04-29 08:57 - 2023-04-29 16:10 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2023-04-29 08:57 - 2023-04-29 16:10 - 000000000 ____D C:\WINDOWS\system32\id-ID
2023-04-29 08:57 - 2023-04-29 16:10 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2023-04-29 08:57 - 2023-04-29 16:10 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2023-04-29 08:57 - 2023-04-29 16:10 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2023-04-29 08:57 - 2023-04-29 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-04-29 08:57 - 2023-04-29 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-04-29 08:57 - 2023-04-29 16:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2023-04-29 08:57 - 2023-04-29 16:09 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2023-04-29 08:57 - 2023-04-29 16:09 - 000000000 ____D C:\WINDOWS\system32\Com
2023-04-29 08:57 - 2023-04-29 16:09 - 000000000 ____D C:\WINDOWS\IME
2023-04-29 08:57 - 2023-04-29 16:09 - 000000000 ____D C:\WINDOWS\Help
2023-04-29 08:57 - 2023-04-29 16:09 - 000000000 ____D C:\WINDOWS\BrowserCore
2023-04-29 08:57 - 2023-04-29 16:09 - 000000000 ____D C:\Program Files\Common Files\System
2023-04-29 08:57 - 2023-04-29 16:09 - 000000000 ____D C:\Program Files (x86)\Windows NT
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 __SHD C:\Program Files\Windows Sidebar
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 ____D C:\WINDOWS\Web
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 ____D C:\WINDOWS\system32\winevt
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 ____D C:\WINDOWS\system32\ras
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 ____D C:\WINDOWS\system32\Pbr
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 ____D C:\WINDOWS\SKB
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 ____D C:\WINDOWS\Resources
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 ____D C:\WINDOWS\Registration
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 ____D C:\WINDOWS\PLA
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 ____D C:\WINDOWS\Media
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 ____D C:\WINDOWS\InputMethod
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 ____D C:\WINDOWS\IdentityCRL
2023-04-29 08:57 - 2023-04-29 09:14 - 000000000 ____D C:\WINDOWS\DiagTrack
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ___SD C:\WINDOWS\SysWOW64\lxss
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ___SD C:\WINDOWS\system32\Nui
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ___SD C:\WINDOWS\system32\lxss
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\WUModels
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\WaaS
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\Vss
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\UUS
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\tracing
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\TAPI
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\Keywords
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\WebThreatDefSvc
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\Keywords
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\IME
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\icsxml
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\ias
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\DriverState
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\downlevel
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\System
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\SchCache
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\rescache
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\Performance
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\ModemLogs
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\L2Schemas
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\Cursors
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\Branding
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Spelling
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\ProgramData\USOShared
2023-04-29 08:57 - 2023-04-29 08:57 - 000000000 ____D C:\Program Files\ModifiableWindowsApps
2023-04-29 08:57 - 2023-04-29 08:54 - 000003103 _____ C:\WINDOWS\SysWOW64\mmc.exe.config
2023-04-29 08:57 - 2023-04-29 08:54 - 000003103 _____ C:\WINDOWS\system32\mmc.exe.config
2023-04-29 08:57 - 2023-04-29 08:54 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2023-04-29 08:57 - 2023-04-27 12:56 - 000515104 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2023-04-29 08:54 - 2023-05-24 08:07 - 000000000 ____D C:\WINDOWS\INF
2023-04-29 08:52 - 2023-04-29 08:52 - 000000146 _____ C:\WINDOWS\system32\UevAppMonitor.exe.config
2023-04-29 08:52 - 2023-04-29 08:52 - 000000112 _____ C:\WINDOWS\SysWOW64\MixedRealityRuntime.json
2023-04-29 08:52 - 2023-04-29 08:52 - 000000112 _____ C:\WINDOWS\system32\MixedRealityRuntime.json
2023-04-29 08:51 - 2023-04-29 08:51 - 000046645 _____ C:\WINDOWS\SysWOW64\ctac.json
2023-04-29 08:51 - 2023-04-29 08:51 - 000040448 _____ (Microsoft) C:\WINDOWS\SysWOW64\csrr.rs
2023-04-29 08:51 - 2023-04-29 08:51 - 000038400 _____ (Microsoft) C:\WINDOWS\SysWOW64\oflc-nz.rs
2023-04-29 08:51 - 2023-04-29 08:51 - 000037888 _____ (Microsoft) C:\WINDOWS\SysWOW64\fpb.rs
2023-04-29 08:51 - 2023-04-29 08:51 - 000033280 _____ (Microsoft) C:\WINDOWS\SysWOW64\cero.rs
2023-04-29 08:51 - 2023-04-29 08:51 - 000030208 _____ (Microsoft) C:\WINDOWS\SysWOW64\esrb.rs
2023-04-29 08:51 - 2023-04-29 08:51 - 000027648 _____ (Microsoft) C:\WINDOWS\SysWOW64\usk.rs
2023-04-29 08:51 - 2023-04-29 08:51 - 000027648 _____ (Microsoft) C:\WINDOWS\SysWOW64\cob-au.rs
2023-04-29 08:51 - 2023-04-29 08:51 - 000019456 _____ (Microsoft) C:\WINDOWS\SysWOW64\pegi-pt.rs
2023-04-29 08:51 - 2023-04-29 08:51 - 000019456 _____ (Microsoft) C:\WINDOWS\SysWOW64\pegi.rs
2023-04-29 08:51 - 2023-04-29 08:51 - 000017920 _____ (Microsoft) C:\WINDOWS\SysWOW64\grb.rs
2023-04-29 08:51 - 2023-04-29 08:51 - 000014336 _____ (Microsoft) C:\WINDOWS\SysWOW64\djctq.rs
2023-04-29 08:51 - 2023-04-29 08:51 - 000013824 _____ (Microsoft) C:\WINDOWS\SysWOW64\pcbp.rs
2023-04-29 08:51 - 2023-04-29 08:51 - 000008269 _____ C:\WINDOWS\system32\ResPriHMImageListLowCost
2023-04-29 08:51 - 2023-04-29 08:51 - 000008269 _____ C:\WINDOWS\system32\ResPriHMImageList
2023-04-29 08:51 - 2023-04-29 08:51 - 000008266 _____ C:\WINDOWS\system32\ResPriUHMImageList
2023-04-29 08:51 - 2023-04-29 08:51 - 000008264 _____ C:\WINDOWS\system32\ResPriImageListLowCost
2023-04-29 08:51 - 2023-04-29 08:51 - 000008240 _____ C:\WINDOWS\system32\ResPriLMImageList
2023-04-29 08:51 - 2023-04-29 08:51 - 000008240 _____ C:\WINDOWS\system32\ResPriImageList
2023-04-29 08:51 - 2023-04-29 08:51 - 000004608 _____ (Microsoft) C:\WINDOWS\SysWOW64\WEB.rs
2023-04-29 08:51 - 2023-04-29 08:51 - 000001820 _____ C:\WINDOWS\SysWOW64\rasctrnm.h
2023-04-29 08:51 - 2023-04-29 08:51 - 000001820 _____ C:\WINDOWS\system32\rasctrnm.h
2023-04-29 08:51 - 2023-04-29 08:51 - 000000670 ___RH C:\WINDOWS\WindowsShell.Manifest
2023-04-29 08:50 - 2023-04-29 08:50 - 000089761 _____ C:\WINDOWS\system32\DiskSnapshot.conf
2023-04-29 08:50 - 2023-04-29 08:50 - 000049152 _____ (Microsoft) C:\WINDOWS\system32\oflc-nz.rs
2023-04-29 08:50 - 2023-04-29 08:50 - 000049152 _____ (Microsoft) C:\WINDOWS\system32\csrr.rs
2023-04-29 08:50 - 2023-04-29 08:50 - 000046645 _____ C:\WINDOWS\system32\ctac.json
2023-04-29 08:50 - 2023-04-29 08:50 - 000045056 _____ (Microsoft) C:\WINDOWS\system32\fpb.rs
2023-04-29 08:50 - 2023-04-29 08:50 - 000040960 _____ (Microsoft) C:\WINDOWS\system32\esrb.rs
2023-04-29 08:50 - 2023-04-29 08:50 - 000040960 _____ (Microsoft) C:\WINDOWS\system32\cero.rs
2023-04-29 08:50 - 2023-04-29 08:50 - 000038128 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaLPSSi_GPIO.sys
2023-04-29 08:50 - 2023-04-29 08:50 - 000036864 _____ (Microsoft) C:\WINDOWS\system32\usk.rs
2023-04-29 08:50 - 2023-04-29 08:50 - 000036864 _____ (Microsoft) C:\WINDOWS\system32\cob-au.rs
2023-04-29 08:50 - 2023-04-29 08:50 - 000028672 _____ (Microsoft) C:\WINDOWS\system32\pegi-pt.rs
2023-04-29 08:50 - 2023-04-29 08:50 - 000028672 _____ (Microsoft) C:\WINDOWS\system32\pegi.rs
2023-04-29 08:50 - 2023-04-29 08:50 - 000028672 _____ (Microsoft) C:\WINDOWS\system32\grb.rs
2023-04-29 08:50 - 2023-04-29 08:50 - 000024576 _____ (Microsoft) C:\WINDOWS\system32\pcbp.rs
2023-04-29 08:50 - 2023-04-29 08:50 - 000024576 _____ (Microsoft) C:\WINDOWS\system32\djctq.rs
2023-04-29 08:50 - 2023-04-29 08:50 - 000012288 _____ (Microsoft) C:\WINDOWS\system32\WEB.rs
2023-04-29 08:50 - 2023-04-29 08:50 - 000010576 _____ C:\WINDOWS\system32\TransformPPSToWlan.xslt
2023-04-29 08:50 - 2023-04-29 08:50 - 000001688 _____ C:\WINDOWS\system32\TransformPPSToWlanCredentials.xslt
2023-04-29 08:48 - 2023-05-24 08:00 - 104595456 _____ C:\WINDOWS\system32\config\SOFTWARE
2023-04-29 08:48 - 2023-05-17 11:54 - 019136512 _____ C:\WINDOWS\system32\config\SYSTEM
2023-04-29 08:48 - 2023-05-17 11:54 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT
2023-04-29 08:48 - 2023-05-17 11:54 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-04-29 08:48 - 2023-05-17 11:54 - 000131072 _____ C:\WINDOWS\system32\config\SAM
2023-04-29 08:48 - 2023-05-17 11:54 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY
2023-04-29 08:48 - 2023-05-05 00:31 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-04-29 08:48 - 2023-05-04 21:02 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-04-29 08:48 - 2023-05-04 20:59 - 000000000 ____D C:\WINDOWS\servicing
2023-04-29 08:48 - 2023-04-29 09:14 - 000000000 ____D C:\WINDOWS\system32\SMI

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2023-05-24 13:19 - 2022-02-12 22:28 - 000000000 ____D C:\Users\savio\AppData\Local\Packages
2023-05-24 13:19 - 2022-02-12 22:28 - 000000000 ____D C:\ProgramData\Packages
2023-05-24 13:18 - 2022-10-10 15:45 - 000000000 ____D C:\Users\savio\AppData\Local\Spark Desktop
2023-05-24 13:18 - 2022-02-15 11:13 - 000000000 ____D C:\Users\savio\AppData\Roaming\ClickUp
2023-05-24 13:14 - 2022-02-13 11:03 - 000000000 ____D C:\Program Files (x86)\Google
2023-05-24 13:08 - 2022-02-12 22:43 - 000000000 ____D C:\Users\savio\AppData\Roaming\Slack
2023-05-24 12:57 - 2022-02-12 22:24 - 000000000 ___SD C:\Users\savio\AppData\Roaming\Microsoft\Credentials
2023-05-24 10:16 - 2022-08-29 11:47 - 000000000 ____D C:\Users\savio\AppData\Roaming\Figma
2023-05-24 08:42 - 2022-02-12 22:48 - 000000000 ____D C:\Users\savio\AppData\Roaming\1Password
2023-05-24 08:42 - 2022-02-12 22:48 - 000000000 ____D C:\Users\savio\AppData\Local\1Password
2023-05-24 08:34 - 2022-02-12 22:28 - 000000000 ____D C:\Users\savio\AppData\Local\D3DSCache
2023-05-24 08:16 - 2022-02-13 11:03 - 000002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-05-24 08:15 - 2023-04-10 14:26 - 000002057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2023-05-24 08:09 - 2022-02-12 22:29 - 000002399 _____ C:\Users\savio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-05-24 08:09 - 2022-02-12 22:18 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-05-24 08:06 - 2022-02-13 12:41 - 000000000 ____D C:\Users\savio\AppData\Local\AMD_Common
2023-05-24 08:05 - 2022-02-13 13:51 - 000001438 _____ C:\Users\savio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Opera GX.lnk
2023-05-24 08:02 - 2022-07-21 22:08 - 000000001 _____ C:\WINDOWS\vgkbootstatus.dat
2023-05-24 08:00 - 2022-09-23 08:44 - 000000000 ____D C:\Users\savio\AppData\Roaming\LGHUB
2023-05-24 08:00 - 2022-09-22 20:42 - 000000000 ____D C:\Users\savio\AppData\Local\LGHUB
2023-05-24 08:00 - 2022-03-02 10:19 - 000000000 ____D C:\ProgramData\Reallusion
2023-05-24 08:00 - 2022-02-12 22:17 - 000012288 ___SH C:\DumpStack.log.tmp
2023-05-17 01:50 - 2022-02-12 22:47 - 000000000 ____D C:\Users\savio\AppData\Roaming\discord
2023-05-17 00:52 - 2022-02-12 22:47 - 000000000 ____D C:\Users\savio\AppData\Local\Discord
2023-05-16 09:11 - 2022-08-29 11:47 - 000000000 ____D C:\Users\savio\AppData\Local\FigmaAgent
2023-05-15 18:07 - 2023-02-03 20:08 - 000000000 ____D C:\Users\savio\AppData\Roaming\UnityHub
2023-05-15 10:45 - 2022-11-15 18:46 - 000001270 _____ C:\Users\savio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Figma.lnk
2023-05-15 10:45 - 2022-08-29 11:47 - 000000000 ____D C:\Users\savio\AppData\Local\Figma
2023-05-14 09:46 - 2023-04-06 10:13 - 000001056 _____ C:\ProgramData\Microsoft\Windows\Start Menu\AtlasVPN.lnk
2023-05-14 09:46 - 2022-02-17 23:41 - 000000000 ____D C:\ProgramData\Riot Games
2023-05-14 09:46 - 2022-02-13 12:32 - 000001048 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk
2023-05-13 21:56 - 2022-10-05 18:22 - 000000000 ____D C:\Users\savio\AppData\Local\Battle.net
2023-05-13 20:59 - 2022-10-28 08:44 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2023-05-13 20:59 - 2022-03-28 15:54 - 000000948 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk
2023-05-13 20:59 - 2022-02-18 09:49 - 000000944 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2023-05-13 16:42 - 2023-01-08 01:14 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2023-05-13 16:26 - 2022-10-05 18:22 - 000000000 ____D C:\Program Files (x86)\Battle.net
2023-05-10 12:16 - 2022-02-12 22:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-05-10 12:14 - 2022-02-12 22:45 - 159583304 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-05-09 17:35 - 2022-10-08 17:06 - 000079312 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2023-05-09 17:35 - 2022-10-08 17:06 - 000062968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2023-05-09 17:35 - 2022-02-19 02:06 - 002794960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2023-05-09 17:35 - 2022-02-19 02:06 - 000488912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2023-05-09 17:35 - 2022-02-19 02:06 - 000247248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy.dll
2023-05-09 17:35 - 2022-02-19 02:06 - 000202192 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2023-05-09 17:35 - 2022-02-19 02:06 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2023-05-09 17:35 - 2022-02-19 02:06 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2023-05-09 17:26 - 2022-02-12 22:48 - 000001356 _____ C:\Users\savio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1Password.lnk
2023-05-08 09:37 - 2022-05-09 19:42 - 000000000 ____D C:\Users\savio\AppData\Local\CrashDumps
2023-05-06 14:16 - 2022-02-12 22:28 - 000000000 ____D C:\Users\savio\AppData\Local\AMD
2023-05-05 08:45 - 2022-02-12 22:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-05-05 00:27 - 2023-04-16 22:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2023-05-05 00:27 - 2023-04-15 08:09 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-05-05 00:27 - 2023-02-06 13:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2021.3.13f1
2023-05-05 00:27 - 2023-01-08 00:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
2023-05-05 00:27 - 2022-12-15 15:07 - 000000000 ____D C:\Users\savio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-05-05 00:27 - 2022-10-28 08:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2023-05-05 00:27 - 2022-10-05 19:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2023-05-05 00:27 - 2022-10-05 18:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2023-05-05 00:27 - 2022-09-27 00:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Software꞉ Adrenalin Edition
2023-05-05 00:27 - 2022-09-27 00:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Bug Report Tool
2023-05-05 00:27 - 2022-09-15 08:23 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2023-05-05 00:27 - 2022-09-12 11:57 - 000000000 ____D C:\Users\savio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps
2023-05-05 00:27 - 2022-08-31 14:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnScreen Control
2023-05-05 00:27 - 2022-05-02 09:28 - 000000000 ____D C:\WINDOWS\system32\AMD
2023-05-05 00:27 - 2022-04-23 16:30 - 000000000 ____D C:\Users\savio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\SysWOW64\3082
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\SysWOW64\1055
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\SysWOW64\1049
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\SysWOW64\1046
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\SysWOW64\1045
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\SysWOW64\1040
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\SysWOW64\1036
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\SysWOW64\1029
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\system32\3082
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\system32\1055
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\system32\1049
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\system32\1046
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\system32\1045
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\system32\1040
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\system32\1036
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\system32\1033
2023-05-05 00:27 - 2022-04-18 16:02 - 000000000 ____D C:\WINDOWS\system32\1029
2023-05-05 00:27 - 2022-03-31 15:46 - 000000000 ____D C:\Users\savio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2023-05-05 00:27 - 2022-03-02 10:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Character Creator 3
2023-05-05 00:27 - 2022-02-19 16:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSSL
2023-05-05 00:27 - 2022-02-19 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2023-05-05 00:27 - 2022-02-17 23:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2023-05-05 00:27 - 2022-02-17 23:03 - 000000000 ____D C:\Users\savio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2023-05-05 00:27 - 2022-02-13 15:00 - 000000000 ____D C:\Users\savio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-05-05 00:27 - 2022-02-13 15:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2023-05-05 00:27 - 2022-02-13 13:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SanDisk SSD Toolkit
2023-05-05 00:27 - 2022-02-13 11:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2023-05-05 00:27 - 2022-02-13 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2023-05-05 00:27 - 2022-02-12 22:47 - 000000000 ____D C:\Users\savio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2023-05-05 00:27 - 2021-06-05 14:10 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2023-05-04 22:32 - 2022-05-03 22:24 - 000001272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2023-05-04 22:32 - 2022-04-18 16:03 - 000001758 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2022.lnk
2023-05-04 21:07 - 2023-02-03 00:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Surfshark
2023-05-04 21:07 - 2022-12-27 17:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2023-05-04 21:07 - 2022-04-18 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2022
2023-05-04 21:07 - 2022-02-13 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2023-05-04 21:07 - 2022-02-13 00:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2019
2023-05-04 21:06 - 2023-01-08 00:52 - 000000000 ____D C:\Users\savio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2023-05-02 22:24 - 2022-02-12 22:17 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-04-29 00:40 - 2022-02-13 11:03 - 000000000 ____D C:\Program Files (x86)\AnyDesk
2023-04-27 12:57 - 2023-04-06 13:13 - 002072608 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2023-04-27 12:56 - 2023-04-06 13:13 - 000133152 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amfrt64.dll
2023-04-27 12:56 - 2023-04-06 13:08 - 000222688 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdihk64.dll
2023-04-27 12:56 - 2022-09-09 03:20 - 000610344 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdfendrsr.exe
2023-04-27 12:56 - 2022-09-09 03:20 - 000317480 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdfendr.sys
2023-04-27 12:56 - 2022-09-09 03:20 - 000035880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\amdfendrmgr.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2022-04-29 19:58 - 2022-12-19 23:20 - 000000032 _____ () C:\Users\savio\AppData\Roaming\.machineId
2022-05-04 01:33 - 2022-05-04 01:33 - 000007060 _____ () C:\Users\savio\AppData\Roaming\532b7a7a-018f-4cfe-b9e5-4e2933ecc52c.tmp

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================
         

Alt 24.05.2023, 13:05   #2
cysar78
 
Trojan:Script/Woreflint.A!cl in file: C:\Users\name\AppData\Local\Temp\SCFA2EB.tmp - Standard

Trojan:Script/Woreflint.A!cl in file: C:\Users\name\AppData\Local\Temp\SCFA2EB.tmp



Hier die weiteren Logs (Diese waren zu lang für eine Nachricht):

Addition:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-05-2023
durchgeführt von savio (24-05-2023 13:30:03)
Gestartet von C:\Users\savio\Desktop
Microsoft Windows 11 Pro Insider Preview Version 22H2 23451.1000 (X64) (2023-05-05 06:45:11)
Start-Modus: Normal
==========================================================


==================== Konten: =============================


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-3636290956-4184935153-3330214957-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3636290956-4184935153-3330214957-503 - Limited - Disabled)
Gast (S-1-5-21-3636290956-4184935153-3330214957-501 - Limited - Disabled)
savio (S-1-5-21-3636290956-4184935153-3330214957-1001 - Administrator - Enabled) => C:\Users\savio
WDAGUtilityAccount (S-1-5-21-3636290956-4184935153-3330214957-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

1Password (HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\1Password) (Version: 8.10.6 - AgileBits Inc.)
4K Video Downloader (HKLM\...\{4B33CF4E-63BE-4753-BECA-E03D18450CB3}) (Version: 4.20.1.4780 - Open Media LLC) Hidden
4K Video Downloader (HKLM-x32\...\{1b24a593-14ce-4a3a-8928-73b68b7ae5da}) (Version: 4.20.1.4780 - Open Media LLC)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 22.9.1 - Advanced Micro Devices, Inc.)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 7.0.14 - AnyDesk Software GmbH)
Apple Application Support (32-Bit) (HKLM-x32\...\{3D1290E6-1F77-46D5-A715-A56679C8D4E3}) (Version: 6.0.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D0E45DEC-F4B9-4370-A9DF-66837789C2EF}) (Version: 6.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E3C4B99B-BE71-4C27-8E3C-4FAE3C46E1D5}) (Version: 11.0.0.30 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{C1BBFD2A-BCDD-45B3-8C0B-66BD434970A8}) (Version: 2.4.8.1 - Apple Inc.)
AtlasVPN (HKLM\...\{3BA2BD5B-4C65-421F-9DFB-4422749F7809}) (Version: 2.5.3.0 - peakstar technologies Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Branding64 (HKLM\...\{0DB6E0DC-607A-42C1-A3CE-7567A9F85AF4}) (Version: 1.00.0008 - Advanced Micro Devices, Inc.) Hidden
Character Creator 3 Pipeline Extension v3.44 (HKLM-x32\...\{B6A66CD9-37B1-4C26-A768-0A370DCCC254}) (Version: 3.44.4709.1 - Reallusion Inc.)
Character Creator v3.44 (HKLM-x32\...\{B554C896-2F28-4B35-B8F6-3202F725330B}) (Version: 3.44.4709.1 - Reallusion Inc.)
ClickOnce Bootstrapper Package for Microsoft .NET Framework (HKLM-x32\...\{5A260D5A-95D3-4956-8E0A-E182CC4144ED}) (Version: 4.8.04162 - Microsoft Corporation) Hidden
ClickUp 3.2.8 (HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\c74c0073-61c4-5f5c-aa1c-6722d538bc46) (Version: 3.2.8 - ClickUp)
Codice Software Plastic SCM (HKLM\...\Codice Software Plastic SCM 10.0.16.6538) (Version: 10.0.16.6538 - Codice Software S.L.)
CPUID CPU-Z 1.99 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.99 - CPUID, Inc.)
DiagnosticsHub_CollectionService (HKLM\...\{1F3C3AAC-9F7A-47DA-A082-0ACE770041BE}) (Version: 16.1.28901 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\Discord) (Version: 1.0.9003 - Discord Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 12.76.0.5333 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{816fce18-a75a-44a3-a828-cd870157ed95}) (Version: 12.76.0.5333 - Electronic Arts)
Entity Framework 6.2.0 Tools  for Visual Studio 2022 (HKLM-x32\...\{BA73F2EE-EEB4-4A9C-BAF4-AC3599983E8B}) (Version: 6.2.0.0 - Microsoft Corporation) Hidden
Epic Games Launcher (HKLM-x32\...\{5F15891E-8342-47CD-AFFF-89211CFC04D0}) (Version: 1.3.23.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{758842D2-1538-4008-A8E3-66F65A061C52}) (Version: 2.0.33.0 - Epic Games, Inc.)
Figma (HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\Figma) (Version: 116.9.5 - Figma, Inc.)
Figma Agent (HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\FigmaAgent) (Version: 116.8.4 - Figma, Inc.)
GitHub Desktop (HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\GitHubDesktop) (Version: 2.9.12 - GitHub, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 113.0.5672.127 - Google LLC)
Google Drive (HKLM\...\{6BBAE539-2232-434A-A4E5-9A33560C6283}) (Version: 75.0.2.0 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.23 - Google Inc.) Hidden
Gravit Designer 3.5.73 (HKLM\...\73ce129c-e9ab-5027-8f0d-8b378da1411c) (Version: 3.5.73 - Gravit GmbH)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
icecap_collection_neutral (HKLM-x32\...\{04C533D3-8445-4E47-A351-A66B1DA1B631}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
icecap_collection_x64 (HKLM\...\{4CDCF412-13D2-48AD-B98C-3AB4A771A127}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
icecap_collectionresources (HKLM-x32\...\{13AC1F0D-2185-48E9-8274-884BD9E53C7F}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
icecap_collectionresourcesx64 (HKLM-x32\...\{D072CF88-3B90-4367-85BC-A8516986690F}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
Intel(R) C++ Redistributables on Intel(R) 64 (HKLM-x32\...\{3E1C36F0-C3A2-4137-9DA4-8580CF6191E1}) (Version: 19.0.324 - Intel Corporation)
IntelliTraceProfilerProxy (HKLM\...\{F8B9E8C8-61E8-4E9E-879D-F3F498AD0230}) (Version: 15.0.21225.01 - Microsoft Corporation) Hidden
IntelliTraceProfilerProxy (HKLM-x32\...\{C8891AD2-C223-45CD-A9BE-617A68923B61}) (Version: 15.0.21225.01 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{FA2E7FDC-13E8-4FBD-B5F7-2FFAE7C6E6D9}) (Version: 12.6.3.6 - Apple Inc.)
Java(TM) SE Development Kit 17.0.2 (64-bit) (HKLM\...\{65BA81E7-0238-5B54-9069-A59610247B0B}) (Version: 17.0.2.0 - Oracle Corporation)
Kumulatives Microsoft .NET Framework Intellisense Pack für Visual Studio (Deutsch) (HKLM-x32\...\{E1F68FC9-F23C-4F44-8092-CAC55E43A80B}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\Riot Game league_of_legends.live) (Version:  - Riot Games, Inc)
Logitech G HUB (HKLM\...\{521c89be-637f-4274-a840-baaf7460c2b2}) (Version: 2023.3.396302 - Logitech)
Magic Bullet Suite (HKLM\...\Magic Bullet Suite v14.0.4) (Version:  - Red Giant LLC)
Malwarebytes version 4.5.29.268 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.29.268 - Malwarebytes)
Microsoft .NET 6.0 Templates 6.0.202 (x64) (HKLM\...\{0E447544-DA72-4018-8EE7-A265919A5A69}) (Version: 24.5.55063 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 6.0.4 (x64) (HKLM\...\{576E6391-0E54-47C4-BD97-ED9E7492F7C7}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 6.0.4 (x64_arm) (HKLM\...\{E0448676-2245-4C30-B6F6-A09BF7F5AC8B}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 6.0.4 (x64_arm64) (HKLM\...\{CA519E52-D325-421C-A7E6-8FCAAB1A086B}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET AppHost Pack - 6.0.4 (x64_x86) (HKLM\...\{691585CF-4952-4078-BC23-8E6D7E40824B}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.1 Targeting Pack (HKLM-x32\...\{5686C5E9-A3B3-451E-A2EA-4C246CDE5CC9}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.7.2 Targeting Pack (HKLM-x32\...\{1784A8CD-F7FE-47E2-A87D-1F31E7242D0D}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 SDK (Deutsch) (HKLM-x32\...\{5F62E29E-C154-44CB-81D6-696FB3474844}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 SDK (HKLM-x32\...\{949C0535-171C-480F-9CF4-D25C9E60FE88}) (Version: 4.8.03928 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.8 Targeting Pack (HKLM-x32\...\{BAAF5851-0759-422D-A1E9-90061B597188}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Microsoft .NET Host - 6.0.4 (x64) (HKLM\...\{B04CA1A8-3390-4D3A-BAD9-1B4CC5D23274}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.4 (x64) (HKLM\...\{6C1E1983-8DF2-4863-A392-DCA0A81E4324}) (Version: 56.19.56696 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.4 (x64) (HKLM\...\{07348557-54BF-40C3-B8F5-44B045C3E730}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.4 (x86) (HKLM-x32\...\{E0D36D19-D4DB-444A-AE68-B88DCA25B6E9}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.4 (x64) (HKLM\...\{6E34B759-680E-4C25-B289-47199AD8B49A}) (Version: 56.19.56696 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.4 (x64) (HKLM\...\{0C4148E7-9623-42B5-84C8-1EF47AA84282}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.4 (x86) (HKLM-x32\...\{36AB9C75-DB9B-4B50-8AF4-93AFF8424EB3}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.4 (x64) (HKLM\...\{7AF0827F-6735-4FB1-B209-5E984F899D1B}) (Version: 56.19.56696 - Microsoft Corporation) Hidden
Microsoft .NET SDK 6.0.202 (x64) from Visual Studio (HKLM\...\{7D932616-6CDE-4A21-AF51-2434E6428FF0}) (Version: 6.2.222.17207 - Microsoft Corporation)
Microsoft .NET Standard Targeting Pack - 2.1.0 (x64) (HKLM\...\{A7036CFB-B403-4598-85FF-D397ABB88173}) (Version: 24.0.28113 - Microsoft Corporation) Hidden
Microsoft .NET Targeting Pack - 6.0.4 (x64) (HKLM\...\{8B984BAC-557A-4330-B81C-2A557FE307DA}) (Version: 48.19.39076 - Microsoft Corporation) Hidden
Microsoft .NET Toolset 6.0.202 (x64) (HKLM\...\{927EC1A9-C3A2-4E15-990A-5005C64D1CDA}) (Version: 24.4.55063 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 6.0.4 Shared Framework (x64) (HKLM\...\{A832CFC9-1DE7-342A-9189-4B1387B7A784}) (Version: 6.0.4.22172 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 6.0.4 Shared Framework (x86) (HKLM-x32\...\{07F565B3-B4AB-3912-BD14-61D32EF20FD1}) (Version: 6.0.4.22172 - Microsoft Corporation) Hidden
Microsoft ASP.NET Core 6.0.4 Targeting Pack (x64) (HKLM\...\{929B72A6-5EDA-3194-B105-A93E7D299715}) (Version: 6.0.4.22172 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 113.0.1774.50 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 113.0.1774.50 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\OneDriveSetup.exe) (Version: 23.101.0514.0001 - Microsoft Corporation)
Microsoft TestPlatform SDK Local Feed (HKLM-x32\...\{839C2D45-DDF6-432C-A6A2-C6AF2EF281BF}) (Version: 17.0.0.5175695 - Microsoft) Hidden
Microsoft Update Health Tools (HKLM\...\{4812E2CC-BAA9-49AE-B310-DA845882322B}) (Version: 4.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40660 (HKLM\...\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40660 (HKLM\...\{CB0836EC-B072-368D-82B2-D3470BF95707}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40660 (HKLM-x32\...\{7DAD0258-515C-3DD4-8964-BD714199E0F7}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40660 (HKLM-x32\...\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}) (Version: 12.0.40660 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.31.31103 (HKLM-x32\...\{41d7b770-418a-43b7-95a5-f925fff05789}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103 (HKLM\...\{A977984B-9244-49E3-BD24-43F0A8009667}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.31.31103 (HKLM\...\{A181A302-3F6D-4BAD-97A8-A426A6499D78}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.31.31103 (HKLM-x32\...\{5720EC03-F26F-40B7-980C-50B5D420B5DE}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.31.31103 (HKLM-x32\...\{799E3FFF-705C-461F-B400-6DE27398B3E5}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 3.1.2202.21079 - Microsoft Corporation)
Microsoft Visual Studio Setup Configuration (HKLM-x32\...\{F082120C-1245-4A49-A083-65CA57333B3B}) (Version: 3.1.2200.53929 - Microsoft Corporation) Hidden
Microsoft Visual Studio Setup WMI Provider (HKLM-x32\...\{0B7789FF-C1CE-4811-9712-51190BB6AA6C}) (Version: 3.1.2200.53929 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.4 (x64) (HKLM\...\{AECCC227-CE77-45CB-B1A2-F874E62A03D5}) (Version: 48.19.39090 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.4 (x86) (HKLM-x32\...\{5F630408-64BC-45D4-AE04-0E5A8C0CC58A}) (Version: 48.19.39090 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.4 (x64) (HKLM\...\{5EEC39AC-9491-4339-BA44-14AC375AA779}) (Version: 56.19.56739 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.4 (x64) (HKLM-x32\...\{2ee0e4e2-f7aa-4697-9077-75f15774a376}) (Version: 7.0.4.32218 - Microsoft Corporation)
Microsoft Windows Desktop Targeting Pack - 6.0.4 (x64) (HKLM\...\{C893F933-414F-4C2D-B153-37543D787713}) (Version: 48.19.39090 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.Android.Manifest-6.0.200 (HKLM\...\{FCB866C3-1C7F-48F1-82AA-27CDF5EDBF07}) (Version: 124.50.2 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.iOS.Manifest-6.0.200 (HKLM\...\{2685B6AE-7BBA-4305-A0C6-D85E95E6DFE3}) (Version: 60.50.4 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.MacCatalyst.Manifest-6.0.200 (HKLM\...\{D9C7F250-1F44-4F17-9114-892FE9B9392E}) (Version: 60.50.4 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.macOS.Manifest-6.0.200 (HKLM\...\{5023AA6C-3434-4651-97F4-A99E519A46BA}) (Version: 48.50.4 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.Maui.Manifest-6.0.200 (HKLM\...\{E654192D-D623-4F63-81B5-7B01FD812D47}) (Version: 24.50.2441 - Microsoft Corporation) Hidden
Microsoft.NET.Sdk.tvOS.Manifest-6.0.200 (HKLM\...\{ABB96929-74DA-4C9E-A79F-5482C80E2651}) (Version: 60.50.4 - Microsoft Corporation) Hidden
Microsoft.NET.Workload.Emscripten.Manifest (HKLM\...\{C9D91007-2287-4E7D-9E61-2DFB22026B9D}) (Version: 48.27.39026 - Microsoft Corporation) Hidden
Microsoft.NET.Workload.Mono.Toolchain.Manifest (HKLM\...\{DB9CEF46-644B-4C6F-B87F-BAB0B431CC88}) (Version: 48.3.39076 - Microsoft Corporation) Hidden
Microsoft-System-CLR-Typen für SQL Server 2019 (HKLM\...\{A2494B75-7366-47C0-A58F-C41BEE9317E6}) (Version: 15.0.2000.5 - Microsoft Corporation)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.3.3 - Mozilla)
Mozilla Thunderbird (x64 de) (HKLM\...\Mozilla Thunderbird 102.4.1 (x64 de)) (Version: 102.4.1 - Mozilla)
OnScreen Control (HKLM-x32\...\{E5C1B339-0E4E-49A5-859E-5E1DE1938706}) (Version: 7.58.0 - LG Electronics Inc)
OpenSSL 3.0.1 Light (64-bit) (HKLM\...\OpenSSL Light (64-bit)_is1) (Version:  - OpenSSL Win64 Installer Team)
Opera GX Stable 98.0.4759.74 (HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\Opera GX 98.0.4759.74) (Version: 98.0.4759.74 - Opera Software)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
paint.net (HKLM\...\{DBC43589-CC32-4502-BBEC-5B931AF4BD2E}) (Version: 5.0.2 - dotPDN LLC)
Paket zur Festlegung von "Doc Redirected"-Zielversionen von Microsoft .NET Framework 4.7.1 (Deutsch) (HKLM-x32\...\{5B970BE4-A2F2-41BD-8B91-FEA8DAA1DB9B}) (Version: 4.7.02558 - Microsoft Corporation) Hidden
Paket zur Festlegung von Zielversionen von Microsoft .NET Framework 4.7.2 (Deutsch) (HKLM-x32\...\{98FE7C2A-22A4-401A-B45B-2AA107C06DD7}) (Version: 4.7.03062 - Microsoft Corporation) Hidden
Paket zur Festlegung von Zielversionen von Microsoft .NET Framework 4.8 (Deutsch) (HKLM-x32\...\{9E68042B-8597-4DE3-BA10-D1198BA9316B}) (Version: 4.8.03761 - Microsoft Corporation) Hidden
Pitch (HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\55f04b34-3901-5cbe-846f-abfc9688486e) (Version: 1.120.2-stable.1 - Pitch Software GmbH)
Reallusion Hub (HKLM-x32\...\{CFF2760B-B727-4717-8635-5D668A0C9C4F}) (Version: 4.09.5513.1 - Reallusion Inc. )
Riot Vanguard (HKLM\...\Riot Vanguard) (Version:  - Riot Games, Inc.)
RyzenMasterSDK (HKLM\...\{AC75B02E-350D-40E6-9017-2CFED3B7D3DD}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
SanDisk SSD Toolkit 1.0.0.1 (HKLM-x32\...\{26326B5B-3D62-4C12-8841-6B55A19B552D}_is1) (Version: 1.0.0.1 - SanDisk Corporation)
sevDesk (HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\a8870c51abdbea34c31e54d74c144441) (Version: 1.0 - Google\Chrome)
Slack (HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\slack) (Version: 4.32.122 - Slack Technologies Inc.)
Smart Gallery Plug-in v1.31 for Character Creator (HKLM-x32\...\{F33C21BF-AB8E-4196-BAD3-A5FC1BF40632}) (Version: 1.31.2226.1 - Reallusion Inc.)
Spark Desktop 3.3.1 (HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\09e2d43b-2e9a-5a23-a54c-87838a95fcb3) (Version: 3.3.1 - Spark Mail Limited)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Surfshark (HKLM-x32\...\{27CD89D1-A50A-4BDD-B3AA-346B11084012}) (Version: 4.7.2999 - Surfshark) Hidden
Surfshark (HKLM-x32\...\Surfshark 4.7.2999) (Version: 4.7.2999 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{5B2D9FDF-9C17-4D36-B2BE-C7030183A9BD}) (Version: 1.0.1 - Surfshark)
Surfshark TAP Driver Windows (HKLM-x32\...\{FEC509A9-2CC6-4DF5-A189-DC121FBC23C0}) (Version: 1.0.1 - Surfshark)
TAP-Windows 9.24.2 (HKLM\...\TAP-Windows) (Version: 9.24.2 - OpenVPN Technologies, Inc.)
TechPowerUp GPU-Z (HKLM-x32\...\{8B0F211E-5846-4FB2-B0B9-4EB31546FDF9}}_is1) (Version: 2.44.0 - TechPowerUp)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 137.0.10799 - Ubisoft)
Unity 2021.3.13f1 (HKLM-x32\...\Unity 2021.3.13f1) (Version: 2021.3.13f1 - Unity Technologies ApS)
Unity Hub 3.4.1 (HKLM\...\Unity Technologies - Hub) (Version: 3.4.1 - Unity Technologies Inc.)
VALORANT (HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\Riot Game valorant.live) (Version:  - Riot Games, Inc)
vcpp_crt.redist.clickonce (HKLM-x32\...\{19C62CEE-08BD-4004-84DA-C0289E5865DB}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
vcpp_crt.redist.clickonce (HKLM-x32\...\{DE76BFB9-CBA9-48EB-8AAB-31292E7F1D0A}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Visual Studio Community 2022 (HKLM-x32\...\0eaf190e) (Version: 17.1.4 - Microsoft Corporation)
VS Immersive Activate Helper (HKLM-x32\...\{C0ACF658-B4DC-4CBB-B8F2-9E667D69919A}) (Version: 17.0.114.0 - Microsoft Corporation) Hidden
VS JIT Debugger (HKLM\...\{43F73608-5C94-436F-A1E6-E09ACE680391}) (Version: 17.0.114.0 - Microsoft Corporation) Hidden
VS Script Debugging Common (HKLM\...\{9EC852BD-33D2-457C-99BB-ED3099B8176F}) (Version: 17.0.114.0 - Microsoft Corporation) Hidden
vs_BlendMsi (HKLM-x32\...\{2D12F791-263F-4ABA-B7A8-5485933CADCF}) (Version: 17.1.32112 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsi (HKLM-x32\...\{B8B0A861-C76A-4DBA-B8D5-8830511173A3}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_clickoncebootstrappermsires (HKLM-x32\...\{16946E6F-037E-4A92-A30C-80293603EEC9}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_clickoncesigntoolmsi (HKLM-x32\...\{15CE6C23-B92A-4B2B-8521-6FA81661068B}) (Version: 17.1.32112 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{08693C65-8459-4C66-8AF3-15F091F28F87}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_communitysharedmsi (HKLM-x32\...\{7571C303-621A-4ACF-A392-BD6B9B3C67BF}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_communityx64msi (HKLM\...\{EB7405ED-A99C-47D4-8516-C5C35704B07C}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_CoreEditorFonts (HKLM-x32\...\{40783258-8C78-4602-B1A8-12B884C6107E}) (Version: 17.1.32406 - Microsoft Corporation) Hidden
vs_devenvsharedmsi (HKLM-x32\...\{923446B9-70EB-4850-95D7-1A1AB5D111CD}) (Version: 17.1.32112 - Microsoft Corporation) Hidden
vs_devenx64vmsi (HKLM\...\{5C99AE76-BEF9-4D4B-A77A-1B63238B86B0}) (Version: 17.1.32112 - Microsoft Corporation) Hidden
vs_filehandler_amd64 (HKLM-x32\...\{2C910925-05EE-403B-8295-D2593E11F751}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{46F71CD4-4841-4B77-A491-9933B98F8D0D}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{9DCCEEF7-CC00-4054-9879-7E0A12E5CF0A}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_minshellinteropsharedmsi (HKLM-x32\...\{05A82EA9-8768-4E1B-B16C-FCCF299D331C}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_minshellinteropx64msi (HKLM\...\{FB59095C-C7C6-4CA6-B300-852B50AB976D}) (Version: 17.1.32112 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{786313C8-40FA-4E06-A625-B1B30B66E872}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_minshellsharedmsi (HKLM-x32\...\{FEFEDA38-9B6A-4374-8D43-7D5517152080}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_minshellx64msi (HKLM\...\{CC15CA94-9817-4914-A9ED-A694A2F27783}) (Version: 17.1.32113 - Microsoft Corporation) Hidden
vs_SQLClickOnceBootstrappermsi (HKLM-x32\...\{4EF9011A-8E81-4D6F-9CB9-DBF0B1B12809}) (Version: 17.1.32112 - Microsoft Corporation) Hidden
vs_tipsmsi (HKLM-x32\...\{874561BE-97AD-4865-8512-579D41009147}) (Version: 17.1.32112 - Microsoft Corporation) Hidden
Windows IP Over USB (HKLM-x32\...\{8CBFAC58-3058-B2AD-10E2-9E2A859B554B}) (Version: 10.1.16299.15 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{350F0ECD-0783-4529-8797-98F0AD33EAC0}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.16299.15 (HKLM-x32\...\{6195c203-b53c-4bb7-983a-6070a902e704}) (Version: 10.1.16299.15 - Microsoft Corporation)
WinRAR 6.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.10.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\ZoomUMX) (Version: 5.12.2 (9281) - Zoom Video Communications, Inc.)

Packages:
=========
AMD Radeon Software -> C:\Program Files\AMD\CNext\CNext [2022-09-27] (0)
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.23.20008.0_x64__0a9344xs7nr4m [2023-05-11] (Advanced Micro Devices Inc.) [Startup Task]
Blender -> C:\Program Files\WindowsApps\BlenderFoundation.Blender_3.5.1.0_x64__ppwjx1n5r4v9t [2023-04-26] (Blender Foundation)
Coda   Docs -> C:\Program Files\WindowsApps\coda.io-62E3E9EE_1.0.0.0_neutral__ctqsqdzw4qph8 [2023-05-15] (coda.io)
Crunchyroll -> C:\Program Files\WindowsApps\15EF7777.Crunchyroll_1.3.1.0_x64__mgdgtskya6f22 [2022-02-12] (Ellation, Inc.)
Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_1.52.5.0_x64__6rarf9sa4v8jt [2023-05-24] (Disney)
Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.19.0_neutral__8xx8rvfyw5nnt [2023-05-24] (Instagram)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-05-07] (Microsoft Corporation)
ms-resource:app_name_ms_todo -> C:\Program Files\WindowsApps\Microsoft.Todos_2.97.61391.0_x64__8wekyb3d8bbwe [2023-05-24] (Microsoft Corporation) [Startup Task]
ms-resource:ProductName -> C:\Program Files\WindowsApps\53887HaoCai.AirPlay-ScreenMirroring_1.6.4.0_x64__qrw73ppzkf79y [2023-05-24] (Hao Cai)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-03-02] (Netflix, Inc.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.1.137.0_x64__dt26b99r8h8gj [2023-05-05] (Realtek Semiconductor Corp)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.210.760.0_x86__zpdnekdrzrea0 [2023-04-28] (Spotify AB) [Startup Task]
Telegram Desktop -> C:\Program Files\WindowsApps\TelegramMessengerLLP.TelegramDesktop_4.8.1.0_x64__t4vj0pshhgkwm [2023-04-27] (Telegram Messenger LLP) [Startup Task]
TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2023-05-24] (Bytedance Pte. Ltd.)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2317.9.0_x64__cv1g1gvanyjgm [2023-05-13] (WhatsApp Inc.) [Startup Task]
WinDbg Preview -> C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2210.3001.0_x64__8wekyb3d8bbwe [2022-10-06] (Microsoft Corporation)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-05-05] (Microsoft Windows)
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x64__8wekyb3d8bbwe [2022-09-17] (Microsoft Corporation)
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x86__8wekyb3d8bbwe [2022-09-17] (Microsoft Corporation)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.820.152.0_x64__8wekyb3d8bbwe [2023-04-26] (Microsoft Corporation)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x64__8wekyb3d8bbwe [2023-05-16] (Microsoft Corporation)
WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x86__8wekyb3d8bbwe [2023-05-16] (Microsoft Corporation)
WinRAR -> C:\Program Files\WinRAR [2022-02-13] (0)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3636290956-4184935153-3330214957-1001_Classes\CLSID\{157A7F8D-CE70-4664-951F-D4867A941582}\localserver32 -> C:\Users\savio\AppData\Local\Programs\SparkDesktop\Spark Desktop.exe (Spark Mail Limited -> Spark Mail Limited)
CustomCLSID: HKU\S-1-5-21-3636290956-4184935153-3330214957-1001_Classes\CLSID\{23B3E3D8-C162-4A8B-AB0C-0905DCB1DF19}\InprocServer32 -> C:\Users\savio\AppData\Local\Packages\Microsoft.PowerAutomateDesktop_8wekyb3d8bbwe\TempState\RDP\DVCPlugin\x64\Microsoft.Flow.RPA.Desktop.UIAutomation.RDP.DVC.Plugin.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-3636290956-4184935153-3330214957-1001_Classes\CLSID\{3e5dba08-7ec3-cc88-1f18-0cf79ce7ade4}\localserver32 -> C:\Program Files\AtlasVPN\Bin\AtlasVPN.exe (peakstar technologies Inc. -> AtlasVPN)
ShellIconOverlayIdentifiers: [    GoogleDriveCloudOverlayIconHandler] -> {A8E52322-8734-481D-A7E2-27B309EF8D56} => C:\Program Files\Google\Drive File Stream\75.0.2.0\drivefsext.dll [2023-05-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveMirrorBlacklistedOverlayIconHandler] -> {51EF1569-67EE-4AD6-9646-E726C3FFC8A2} => C:\Program Files\Google\Drive File Stream\75.0.2.0\drivefsext.dll [2023-05-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDrivePinnedOverlayIconHandler] -> {CFE8B367-77A7-41D7-9C90-75D16D7DC6B6} => C:\Program Files\Google\Drive File Stream\75.0.2.0\drivefsext.dll [2023-05-24] (Google LLC -> Google, Inc.)
ShellIconOverlayIdentifiers: [    GoogleDriveProgressOverlayIconHandler] -> {C973DA94-CBDF-4E77-81D1-E5B794FBD146} => C:\Program Files\Google\Drive File Stream\75.0.2.0\drivefsext.dll [2023-05-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers1: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\75.0.2.0\drivefsext.dll [2023-05-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-24] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\75.0.2.0\drivefsext.dll [2023-05-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> Keine Datei
ContextMenuHandlers5: [DriveFS 28 or later] -> {EE15C2BD-CECB-49F8-A113-CA1BFC528F5B} => C:\Program Files\Google\Drive File Stream\75.0.2.0\drivefsext.dll [2023-05-24] (Google LLC -> Google, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-24] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

ShortcutWithArgument: C:\Users\savio\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__pmoklebamdambjiobdicfaficplchhen\Coda   Docs.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=pmoklebamdambjiobdicfaficplchhen --app-url=hxxps://coda.io/workspaces/ws-4muofDnoXD/docs --app-launch-source=4
ShortcutWithArgument: C:\Users\savio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\sevDesk.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) ->  --profile-directory=Default --app-id=dohegnnfbjcgjnhbchlggbjnpcghlipp
ShortcutWithArgument: C:\Users\savio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Coda   Docs.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=pmoklebamdambjiobdicfaficplchhen --app-url=hxxps://coda.io/workspaces/ws-4muofDnoXD/docs --app-launch-source=4

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2023-01-23 17:00 - 2023-01-23 17:00 - 000267264 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Surfshark\Resources\x64\Surfshark.Firewall.dll
2021-10-27 11:41 - 2021-10-27 11:41 - 001601536 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Surfshark\runtimes\win-x64\native\e_sqlite3.dll
2023-04-16 22:03 - 2023-04-16 08:47 - 000164864 _____ () [Datei ist nicht signiert] C:\Program Files\LGHUB\resources\app.asar.unpacked\keytar.node
2022-02-15 10:43 - 2020-03-02 12:29 - 000868352 _____ (Amazon.com, Inc) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\PlasticSCM5\server\AWSSDK.Core.dll
2022-02-15 10:43 - 2020-03-02 12:33 - 000547328 _____ (Amazon.com, Inc) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\PlasticSCM5\server\AWSSDK.S3.dll
2023-05-07 17:23 - 2023-05-07 17:23 - 000056832 _____ (Codice Software, S.L.) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\logwrapper\af366ab707013485c97b8d53986ec14d\logwrapper.ni.dll
2022-02-15 10:42 - 2019-11-05 16:57 - 000112128 _____ (Google Inc.) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\PlasticSCM5\server\Google.Apis.Auth.dll
2022-02-15 10:42 - 2019-11-05 16:57 - 000067584 _____ (Google Inc.) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\PlasticSCM5\server\Google.Apis.Core.dll
2022-02-15 10:42 - 2019-11-05 16:57 - 000076800 _____ (Google Inc.) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\PlasticSCM5\server\Google.Apis.dll
2022-02-15 10:42 - 2019-11-05 17:08 - 000132096 _____ (Google Inc.) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\PlasticSCM5\server\Google.Apis.Storage.v1.dll
2022-02-15 10:42 - 2020-01-06 13:03 - 000104448 _____ (Google Inc.) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\PlasticSCM5\server\Google.Cloud.Storage.V1.dll
2017-09-28 19:41 - 2017-09-28 19:41 - 000266240 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbPc.DLL
2022-02-15 10:43 - 2022-02-06 10:51 - 010307584 _____ (plasticd) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\PlasticSCM5\server\plasticd.dll
2022-02-15 10:42 - 2017-03-08 20:26 - 000221184 _____ (The Apache Software Foundation) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files\PlasticSCM5\server\log4net.dll
2023-05-07 17:23 - 2023-05-07 17:23 - 000949248 _____ (The Apache Software Foundation) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\log4net\3e6bf30daf8e851e5ecab43681725ea5\log4net.ni.dll
2022-03-02 10:20 - 2020-01-07 16:02 - 004679168 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Reallusion\RLHostService\Qt5Core.dll
2022-03-02 10:20 - 2020-01-07 16:02 - 000855040 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Reallusion\RLHostService\Qt5Network.dll
2022-03-02 10:20 - 2017-03-01 17:07 - 000109056 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Reallusion\RLHostService\Qt5WebSockets.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\AtlasVPN.lnk:5A652A68CD [2154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [2154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Video Downloader.lnk:CCF539F03F [2154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk:B026C77744 [2154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2022.lnk:D689419597 [7754]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [2154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [7754]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk:C629424870 [2154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z.lnk:718E15FDE8 [2154]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk:4D17D28237 [5162]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk:B4F139D4B9 [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity Hub.lnk:830092544A [3434]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2022.lnk:F94DB65675 [3434]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [4438]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========


==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2021-06-05 14:08 - 2021-06-05 14:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> %INTEL_DEV_REDIST%redist\intel64_win\compiler;C:\Program Files\PlasticSCM5\server;C:\Program Files\PlasticSCM5\client;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\Java\jdk-17.0.2\bin;C:\Program Files\OpenSSL-Win64\bin;C:\Program Files\dotnet\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\savio\Pictures\macOS-Monterey-wallpaper-Dark.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\StartupFolder: => "StartRLCMS.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "OnScreen Control"
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\StartupApproved\StartupFolder: => "Reallusion Hub.lnk"
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\StartupApproved\StartupFolder: => "iTunes.lnk"
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\StartupApproved\Run: => "Opera GX Browser Assistant"
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\StartupApproved\Run: => "Surfshark"
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\StartupApproved\Run: => "Figma Agent"
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\StartupApproved\Run: => "Battle.net"
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\StartupApproved\Run: => "com.blitz.app"
HKU\S-1-5-21-3636290956-4184935153-3330214957-1001\...\StartupApproved\Run: => "electron.app.Loom"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{A91AAA5C-1ECB-4251-81CC-4981670FF85A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.210.760.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{52B603F8-EC0B-442A-80B9-90EF1D3B7A8F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.210.760.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{88487C6B-4DB7-4F46-B497-6E3FD40C6B6E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.210.760.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7E0A86C3-A7E7-4349-BC44-1474AD8AC87C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.210.760.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{254F69ED-9E31-44CD-9E59-7B2E2AEB0BF2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.210.760.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{01F27648-CD78-43E2-AE79-F7328A8DEAAF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.210.760.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3F3E9C38-C515-4B49-B81C-3D91A257A824}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.210.760.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{55DB19FC-3C7D-4032-9D86-0A030D97477F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.210.760.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7F9FB23B-1D46-4C06-9173-E8A72A20DF8C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.210.760.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{199B1A62-DC58-4262-B6AF-89AC019DBA38}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.210.760.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{489567D2-CB20-49AE-A4FB-38056B9F4300}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23091.406.2009.3890_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CC211CF4-59FA-4091-B917-8641CC1F4184}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23091.406.2009.3890_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{C1DBED54-D213-4309-B5C1-91E77D0B4928}C:\users\savio\appdata\local\discord\app-1.0.9012\discord.exe] => (Allow) C:\users\savio\appdata\local\discord\app-1.0.9012\discord.exe => Keine Datei
FirewallRules: [TCP Query User{70E46CAC-95BE-42D3-AEA0-34F65B6FE1B5}C:\users\savio\appdata\local\discord\app-1.0.9012\discord.exe] => (Allow) C:\users\savio\appdata\local\discord\app-1.0.9012\discord.exe => Keine Datei
FirewallRules: [{0514C163-7DA1-4BFB-ABCF-391A75B0DA0A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aim Lab\AimLab_tb.exe (Unity Technologies ApS) [Datei ist nicht signiert]
FirewallRules: [{08F87EE8-DAA5-45F6-BD39-CDFC714D21FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Aim Lab\AimLab_tb.exe (Unity Technologies ApS) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{EE5131D0-6E12-4E20-9D38-3E3AB46131B0}C:\program files (x86)\steam\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe => Keine Datei
FirewallRules: [TCP Query User{772B12F4-3D29-4581-8C80-4D0A517596C7}C:\program files (x86)\steam\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tribes of midgard\tom\binaries\win64\tom-win64-shipping.exe => Keine Datei
FirewallRules: [UDP Query User{26828596-4FE0-49AA-8399-28A0EEB17CFD}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [TCP Query User{0A36FAD6-7B46-429A-9505-B14B43F52181}C:\riot games\riot client\riotclientservices.exe] => (Allow) C:\riot games\riot client\riotclientservices.exe (Riot Games, Inc. -> Riot Games, Inc.)
FirewallRules: [UDP Query User{D7632E39-B434-458A-9E3F-775959C089F2}C:\program files\microsoft visual studio\2022\community\common7\ide\devenv.exe] => (Allow) C:\program files\microsoft visual studio\2022\community\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{94AD5ACB-CE22-42C1-8FDC-09187F70E51B}C:\program files\microsoft visual studio\2022\community\common7\ide\devenv.exe] => (Allow) C:\program files\microsoft visual studio\2022\community\common7\ide\devenv.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{DAACCD5C-6946-4CA9-8AA1-F71DCB8D6E0A}] => (Allow) C:\Users\savio\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2C45F189-8A12-47FC-9740-33E7F76F35F6}] => (Allow) C:\Users\savio\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{5E510194-A8EB-4791-987E-0087657C29D6}] => (Allow) C:\Users\savio\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2DCC8213-3320-4ABF-895E-4B04143B0994}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{D1FA65B1-2310-49D6-AD56-56A9B789C095}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{4D262D20-244B-493E-9D10-05E33E24567A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B9F8D90C-8F1E-4740-BB65-B0B367797DD2}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{1BEC37B3-25F3-4C7F-94D2-8596E33748EC}C:\users\savio\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\savio\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{8C942DDD-115C-4D0C-B847-B92DADD2B516}C:\users\savio\appdata\local\programs\opera gx\opera.exe] => (Allow) C:\users\savio\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{4457AD7C-9650-45DE-BBC9-426DC4C7C60D}C:\work\cinema4d\cinema\cinema 4d.exe] => (Allow) C:\work\cinema4d\cinema\cinema 4d.exe => Keine Datei
FirewallRules: [UDP Query User{89C4FBA5-CA03-4141-8BA4-79C09CD612AD}C:\work\cinema4d\cinema\cinema 4d.exe] => (Allow) C:\work\cinema4d\cinema\cinema 4d.exe => Keine Datei
FirewallRules: [TCP Query User{C72111F6-E2DE-4518-B147-4F8CC180E340}C:\work\cinema 4d\cinema 4d.exe] => (Block) C:\work\cinema 4d\cinema 4d.exe => Keine Datei
FirewallRules: [UDP Query User{C669762C-2B9A-4D65-9926-AB842DE9E6C3}C:\work\cinema 4d\cinema 4d.exe] => (Block) C:\work\cinema 4d\cinema 4d.exe => Keine Datei
FirewallRules: [TCP Query User{5B1C30FC-3764-4717-BC61-FF6627EB4CE6}C:\work\maxon\maxon\cinema 4d.exe] => (Allow) C:\work\maxon\maxon\cinema 4d.exe => Keine Datei
FirewallRules: [UDP Query User{30A24BBA-0C71-42F5-9653-C97B523D0C13}C:\work\maxon\maxon\cinema 4d.exe] => (Allow) C:\work\maxon\maxon\cinema 4d.exe => Keine Datei
FirewallRules: [TCP Query User{8CB73D06-39FD-4E7F-BA2C-C242B0A505F8}C:\work\maxon\cinema 4d.exe] => (Allow) C:\work\maxon\cinema 4d.exe => Keine Datei
FirewallRules: [UDP Query User{37FDB498-24FA-47D4-A63F-3C113248E4E0}C:\work\maxon\cinema 4d.exe] => (Allow) C:\work\maxon\cinema 4d.exe => Keine Datei
FirewallRules: [{440F290B-3AC7-4978-A1F9-1D563462B677}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [Datei ist nicht signiert]
FirewallRules: [{55636311-FFAF-49A7-86CE-031CF83F6D71}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe () [Datei ist nicht signiert]
FirewallRules: [{D8CE7B5E-1F4F-4618-BEBB-0B51EF000309}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [{FA391FBA-26F9-4623-A946-CAEB241BE258}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve Corp. -> )
FirewallRules: [TCP Query User{5BE11D13-D01F-4116-8C53-F21664352146}C:\program files (x86)\microsoft visual studio\2019\community\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2019\community\common7\ide\devenv.exe => Keine Datei
FirewallRules: [UDP Query User{1A4E30C3-61C0-4DF0-A646-14A389341153}C:\program files (x86)\microsoft visual studio\2019\community\common7\ide\devenv.exe] => (Allow) C:\program files (x86)\microsoft visual studio\2019\community\common7\ide\devenv.exe => Keine Datei
FirewallRules: [TCP Query User{FCA2A307-FC58-4C49-9D2A-6C7BB3062D4C}C:\users\savio\appdata\local\android\sdk\platform-tools\adb.exe] => (Allow) C:\users\savio\appdata\local\android\sdk\platform-tools\adb.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{17A2EF7C-61AC-4D91-884D-A9A877EF9A20}C:\users\savio\appdata\local\android\sdk\platform-tools\adb.exe] => (Allow) C:\users\savio\appdata\local\android\sdk\platform-tools\adb.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{2FA1F79B-23E7-4A9C-96A9-A607C3EE2394}C:\users\savio\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\savio\appdata\local\discord\app-1.0.9004\discord.exe => Keine Datei
FirewallRules: [UDP Query User{25A23B05-E608-4EF5-9B43-9A2B5DF56E90}C:\users\savio\appdata\local\discord\app-1.0.9004\discord.exe] => (Allow) C:\users\savio\appdata\local\discord\app-1.0.9004\discord.exe => Keine Datei
FirewallRules: [{17707E6A-20B1-4830-9FC4-9CCDCDD051B0}] => (Block) C:\users\savio\appdata\local\discord\app-1.0.9004\discord.exe => Keine Datei
FirewallRules: [{E6856124-D54D-44D6-9BF7-91027655163E}] => (Block) C:\users\savio\appdata\local\discord\app-1.0.9004\discord.exe => Keine Datei
FirewallRules: [TCP Query User{07C57A35-5F38-4893-8A1D-9AECC7C6D8A3}C:\own\work\programs\cinema-4d-old\maxon\cinema 4d.exe] => (Allow) C:\own\work\programs\cinema-4d-old\maxon\cinema 4d.exe => Keine Datei
FirewallRules: [UDP Query User{FD1A71BC-CF2C-4EFC-BE3B-094788BA6476}C:\own\work\programs\cinema-4d-old\maxon\cinema 4d.exe] => (Allow) C:\own\work\programs\cinema-4d-old\maxon\cinema 4d.exe => Keine Datei
FirewallRules: [TCP Query User{E253E2FD-DB57-435E-A169-7964634122B8}C:\xboxgames\surgeon simulator 2\content\surgeon simulator 2.exe] => (Allow) C:\xboxgames\surgeon simulator 2\content\surgeon simulator 2.exe => Keine Datei
FirewallRules: [UDP Query User{6716E3C4-ABE9-4CD5-8E52-9741F4AA3D67}C:\xboxgames\surgeon simulator 2\content\surgeon simulator 2.exe] => (Allow) C:\xboxgames\surgeon simulator 2\content\surgeon simulator 2.exe => Keine Datei
FirewallRules: [TCP Query User{0F440CF7-5C57-40DE-A422-2878F4103B01}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [UDP Query User{6130A530-1FBE-41F3-8828-E1F1A92C7BF0}C:\program files\lghub\lghub_agent.exe] => (Allow) C:\program files\lghub\lghub_agent.exe (Logitech Inc -> Logitech, Inc.)
FirewallRules: [TCP Query User{7D1B87EA-62C6-41EE-81E5-044EA108CEA3}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [UDP Query User{4EE3D547-757F-4D7D-8DDF-00ACF3273424}C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe] => (Allow) C:\program files (x86)\epic games\launcher\engine\binaries\win64\epicwebhelper.exe (Epic Games Inc. -> Epic Games, Inc.)
FirewallRules: [{35072A1E-EE1B-47C0-8B38-7017B66E0DF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [Datei ist nicht signiert]
FirewallRules: [{8E7BDFA9-E6D8-4CBB-9419-2414E4F9ABA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Among Us\Among Us.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{208AAD30-A09F-4E27-BDAE-C450063F94E5}C:\program files (x86)\steam\steamapps\common\propnight\propnight\binaries\win64\propnight.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\propnight\propnight\binaries\win64\propnight.exe => Keine Datei
FirewallRules: [UDP Query User{6F4F78AA-301E-4C6B-8A2B-D2F2FD02662E}C:\program files (x86)\steam\steamapps\common\propnight\propnight\binaries\win64\propnight.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\propnight\propnight\binaries\win64\propnight.exe => Keine Datei
FirewallRules: [TCP Query User{E97B20A1-DF6A-4E6A-9486-6C4CF8750AE0}C:\users\savio\appdata\local\programs\pitch\pitch.exe] => (Allow) C:\users\savio\appdata\local\programs\pitch\pitch.exe (Pitch Software GmbH -> Pitch Software GmbH)
FirewallRules: [UDP Query User{C1BFEF3E-6752-4CD9-9767-8A35B7B5B4FD}C:\users\savio\appdata\local\programs\pitch\pitch.exe] => (Allow) C:\users\savio\appdata\local\programs\pitch\pitch.exe (Pitch Software GmbH -> Pitch Software GmbH)
FirewallRules: [TCP Query User{D31B3816-AB32-4FBB-8AD2-6B345207B74D}C:\users\savio\appdata\local\programs\blitz\blitz.exe] => (Allow) C:\users\savio\appdata\local\programs\blitz\blitz.exe => Keine Datei
FirewallRules: [UDP Query User{9A93C6C9-A359-4631-89D1-8B208CE1AD29}C:\users\savio\appdata\local\programs\blitz\blitz.exe] => (Allow) C:\users\savio\appdata\local\programs\blitz\blitz.exe => Keine Datei
FirewallRules: [TCP Query User{AB85EB0B-3240-4681-A164-C0F187608881}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [UDP Query User{5B1D5298-9534-44F6-8A6C-E6D03B034CC9}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
FirewallRules: [{77B24179-1146-44E9-80BE-A05BAD9C6537}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2210.3001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B9E0D34B-7A92-46A9-8B51-D234D16480DA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2210.3001.0_x64__8wekyb3d8bbwe\x86\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{99998E3B-A434-4E55-AAF2-BF94B8E29A1A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2210.3001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D26F9EB9-7DAD-4B4A-B8D7-B2E58C730B5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2210.3001.0_x64__8wekyb3d8bbwe\amd64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EFEBC417-A825-486B-8F47-8ECCF7AD9D53}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2210.3001.0_x64__8wekyb3d8bbwe\woa\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{82FDAA72-74D7-4BAB-A348-6B5426363927}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2210.3001.0_x64__8wekyb3d8bbwe\woa\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EA6253AC-46E1-4C06-8733-C1B2330BEA13}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2210.3001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D210DAEB-CC0A-4899-803D-530C41490B0C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2210.3001.0_x64__8wekyb3d8bbwe\arm64\EngHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4BFD9F95-465A-4E94-9AE6-A46B76DD44FB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5033A585-6555-4CCE-94C8-49242CEEA9E6}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{514AE06C-A4A6-4C9D-97B5-5B6DF5497529}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{37F83D55-4ECC-470D-ADC7-23E14316A476}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ACE09974-2BCA-4CDC-8D9F-9A0C2D5B8C78}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{EBD7B3D4-CB39-445F-9785-53C37D31E930}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => Keine Datei
FirewallRules: [UDP Query User{5119F6D4-A902-44B8-8A96-7B7B327F2342}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe => Keine Datei
FirewallRules: [TCP Query User{56417759-BBF1-4768-8C68-F0219753B59F}C:\program files (x86)\dearmob\5kplayer\airplay.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\airplay.exe => Keine Datei
FirewallRules: [UDP Query User{C189DFF1-6407-482A-8D01-5FEC4AC37289}C:\program files (x86)\dearmob\5kplayer\airplay.exe] => (Block) C:\program files (x86)\dearmob\5kplayer\airplay.exe => Keine Datei
FirewallRules: [TCP Query User{7510C752-9A0B-45C3-BDEE-CB06648E3299}C:\program files\maxon cinema 4d r25\cinema 4d.exe] => (Block) C:\program files\maxon cinema 4d r25\cinema 4d.exe => Keine Datei
FirewallRules: [UDP Query User{D9A8F896-46F6-49AB-8DAF-7E33A98D4417}C:\program files\maxon cinema 4d r25\cinema 4d.exe] => (Block) C:\program files\maxon cinema 4d r25\cinema 4d.exe => Keine Datei
FirewallRules: [TCP Query User{7AC7AC7E-95FE-486B-99EB-3C3E1DF4892C}C:\users\savio\appdata\local\discord\app-1.0.9007\discord.exe] => (Allow) C:\users\savio\appdata\local\discord\app-1.0.9007\discord.exe => Keine Datei
FirewallRules: [UDP Query User{6767AFD0-5E7E-433E-8DD9-500C76448884}C:\users\savio\appdata\local\discord\app-1.0.9007\discord.exe] => (Allow) C:\users\savio\appdata\local\discord\app-1.0.9007\discord.exe => Keine Datei
FirewallRules: [{8B53C9D7-92E9-4725-B7EF-396A64C1789C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Escape Simulator\Escape Simulator.exe () [Datei ist nicht signiert]
FirewallRules: [{A5A33D58-D7AE-46F0-845A-A16819AA0073}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Escape Simulator\Escape Simulator.exe () [Datei ist nicht signiert]
FirewallRules: [{37375F88-085E-4D6D-933B-897464803A01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WitchIt\WitchIt\Binaries\Win64\PropWitchHuntModule-Win64-Shipping.exe => Keine Datei
FirewallRules: [{1EFB582D-11D5-4A0D-B23F-41CAB32537E5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\WitchIt\WitchIt\Binaries\Win64\PropWitchHuntModule-Win64-Shipping.exe => Keine Datei
FirewallRules: [{9C6DD415-A8B1-4224-AF8D-665984A91AD0}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{B66B8E5B-04CA-44F1-A18D-1649608C3511}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{5A02545A-0DA5-4D06-B90D-C8C281098043}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{1898F222-6C6E-4FA3-A991-E37A32BA562A}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{7946B993-DA72-47FD-BFDA-67D203F183F2}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [TCP Query User{91B152DF-A375-46E6-931E-7922797D48F4}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{2B5073B8-BF6A-48EA-A719-142D9D41A122}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{5816CCC5-BAD5-477A-BB78-3A6763FE5DDA}] => (Allow) C:\Program Files\Unity 2021.3.13f1\Editor\Unity.exe => Keine Datei
FirewallRules: [{FA762794-E465-48FC-9417-FF7BB407F1D4}] => (Block) C:\Program Files\Unity 2021.3.13f1\Editor\Unity.exe => Keine Datei
FirewallRules: [{D1706FF0-0ABC-4EB1-B9D7-DC80B039C4D4}] => (Allow) C:\Program Files\Unity Hub\Unity Hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [TCP Query User{25960D2C-18B2-4449-AA6A-46DBCD8513BA}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [UDP Query User{157AA6E3-9229-481C-9DB5-0529BA06D638}C:\program files\unity hub\unity hub.exe] => (Allow) C:\program files\unity hub\unity hub.exe (Unity Technologies SF -> Unity Technologies Inc.)
FirewallRules: [{902B9ABF-9579-4E1B-A7F2-BB4983AB52D6}] => (Allow) C:\Program Files\Unity\Hub\Editor\2021.3.13f1\Editor\Unity.exe (Unity Technologies ApS -> Unity Technologies ApS)
FirewallRules: [{BCD36902-B0C2-458D-ACA7-84FEC2BA7955}] => (Block) C:\Program Files\Unity\Hub\Editor\2021.3.13f1\Editor\Unity.exe (Unity Technologies ApS -> Unity Technologies ApS)
FirewallRules: [{B7CE2C1D-FF8C-42C3-BFF7-6F121BA677A9}] => (Allow) C:\Program Files (x86)\BlueStacks X\BlueStacksWeb.exe => Keine Datei
FirewallRules: [{10EEE82A-97BB-477E-AE8C-0E2B9D13AEF6}] => (Allow) C:\Program Files (x86)\BlueStacks X\Cloud Game.exe => Keine Datei
FirewallRules: [{3A57A778-BD50-4525-86E1-7965A9D8ADC5}] => (Allow) C:\Program Files\BlueStacks_nxt\HD-Player.exe => Keine Datei
FirewallRules: [{1C0A65F9-1ECF-4FD7-8001-2815FC4C2A46}] => (Allow) C:\Program Files\BlueStacks_nxt\BlueStacksAppplayerWeb.exe => Keine Datei
FirewallRules: [{987EF262-E066-427A-9FA8-CCF1FC7F3666}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unrailed\UnrailedGame.exe (Indoor Astronaut GmbH -> )
FirewallRules: [{C8F9A101-D5EC-44CF-9BFB-C0282C50B9F6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Unrailed\UnrailedGame.exe (Indoor Astronaut GmbH -> )
FirewallRules: [{FE017492-EE00-4EB0-B73F-F26220BF042A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PHOGS!\PHOGS.exe () [Datei ist nicht signiert]
FirewallRules: [{015F860A-FC9E-4954-B2F3-DCB4233D07EB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PHOGS!\PHOGS.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{1E77A163-AFF2-41AC-AC9F-87CEFB2E2CB2}C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [UDP Query User{52F86A7C-B635-41C0-935A-1C07FADF733B}C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe] => (Allow) C:\riot games\valorant\live\shootergame\binaries\win64\valorant-win64-shipping.exe (Riot Games, Inc. -> Riot Games)
FirewallRules: [TCP Query User{F51FDE09-BFEC-4C63-868D-FCF85571340C}C:\users\savio\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\savio\appdata\local\discord\app-1.0.9011\discord.exe => Keine Datei
FirewallRules: [UDP Query User{3B77A601-1867-484E-927C-7A979563188B}C:\users\savio\appdata\local\discord\app-1.0.9011\discord.exe] => (Allow) C:\users\savio\appdata\local\discord\app-1.0.9011\discord.exe => Keine Datei
FirewallRules: [{5E97860B-140B-4996-97E0-924F58D3E41A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3404.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{62B67AC3-D73F-4705-B9C3-5090BEC517DD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3404.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C64F81AA-1F66-4762-A649-2DE35F0B95C5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3404.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BC44DD04-F1DE-498B-8CC5-CE4500A1C255}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.97.3404.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B7872FDF-4C4C-4160-AE08-B2D7E8C2C5DE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{0596175E-72C2-4008-9448-22574EBE3031}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{C496CDC6-A7EC-4294-A903-ADF601385C59}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{5237D104-B452-45B3-B3E2-CD0B2AC54820}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{5AB424DD-7058-4EA6-9973-6316A1D40CF4}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{AFC3A449-B541-44FB-BF8E-0298F87F2009}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{713E6FAA-086B-4C94-954D-A45023BEC496}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{79D2C9ED-3A93-487E-915A-AB6EBEF3385D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{C3BDA550-0C66-41C2-9869-BD101A5811FA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F89D760C-BEDE-4FAE-9A8B-3A3678462C8F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{6F51A71B-E056-4B7D-AF7B-1067691D1470}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{87D64683-82A1-4DC5-9BC5-4B4B3AB1CE27}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F4892CAF-51B8-45DF-8420-6983650DA6DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F8EBBC8C-9565-43F4-9205-4B9F4C964090}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{00ECBA73-D4AB-435F-B50B-285EEEF610CF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{AFDEB648-ED12-4DBA-BCC6-EE96962EEE6E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.211.916.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{73989D32-9C61-45A3-BFD9-3A67ABA4712E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\113.0.1774.50\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0A41B1C5-6AAF-4171-9381-EA8D96F22E7C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Wiederherstellungspunkte =========================

16-05-2023 08:26:45 Windows Update
16-05-2023 08:26:46 Windows Update
16-05-2023 08:26:46 Windows Update
24-05-2023 08:00:58 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager ============


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (05/24/2023 09:16:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname PC-Savio.local already in use; will try PC-Savio-2.local instead

Error: (05/24/2023 09:16:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 PC-Savio.local. Addr 192.168.2.111

Error: (05/24/2023 09:16:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.111:5353   16 PC-Savio.local. AAAA 2003:00DF:8720:0809:F363:AF37:A333:1645

Error: (05/24/2023 09:16:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 PC-Savio.local. AAAA FE80:0000:0000:0000:A8DC:F7F9:4F9F:2A90

Error: (05/24/2023 09:16:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.111:5353   16 PC-Savio.local. AAAA 2003:00DF:8720:0809:F363:AF37:A333:1645

Error: (05/24/2023 09:16:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 PC-Savio.local. AAAA 2003:00DF:8720:0825:2593:E165:66AD:7E2A

Error: (05/24/2023 09:16:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.2.111:5353   16 PC-Savio.local. AAAA 2003:00DF:8720:0809:F363:AF37:A333:1645

Error: (05/24/2023 09:16:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing:   16 PC-Savio.local. AAAA 2003:00DF:8720:0825:7E57:25C6:0335:9DDD


Systemfehler:
=============
Error: (05/24/2023 08:16:16 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9NKSQGP7F2NH-5319275A.WhatsAppDesktop

Error: (05/24/2023 08:15:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9NCBCSZSJRSB-SpotifyAB.SpotifyMusic

Error: (05/24/2023 08:01:15 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9NMPJ99VJBWV-Microsoft.YourPhone

Error: (05/24/2023 08:00:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "LGHUB Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/17/2023 08:03:05 AM) (Source: DCOM) (EventID: 10010) (User: PC-SAVIO)
Description: Der Server "{8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (05/16/2023 10:53:57 PM) (Source: DCOM) (EventID: 10010) (User: PC-SAVIO)
Description: Der Server "{8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (05/16/2023 10:51:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "LGHUB Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/16/2023 08:27:35 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9NMPJ99VJBWV-Microsoft.YourPhone


Windows Defender:
================
Date: 2023-05-24 13:08:38
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Woreflint.A!cl&threatid=2147726230&enterprise=0
Name: Trojan:Script/Woreflint.A!cl
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\savio\AppData\Local\Temp\SCFA2EB.tmp; file:_C:\Users\savio\AppData\Local\Temp\SCFA30B.tmp; file:_C:\Users\savio\AppData\Local\Temp\SCFA31C.tmp
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: PC-Savio\savio
Prozessname: C:\Users\savio\AppData\Local\Programs\SparkDesktop\Spark Desktop.exe
Sicherheitsversion: AV: 1.389.2284.0, AS: 1.389.2284.0, NIS: 1.389.2284.0
Modulversion: AM: 1.1.20300.3, NIS: 1.1.20300.3

Date: 2023-05-24 13:08:38
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Woreflint.A!cl&threatid=2147726230&enterprise=0
Name: Trojan:Script/Woreflint.A!cl
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\savio\AppData\Local\Temp\SCFA2EB.tmp; file:_C:\Users\savio\AppData\Local\Temp\SCFA30B.tmp
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: PC-Savio\savio
Prozessname: C:\Users\savio\AppData\Local\Programs\SparkDesktop\Spark Desktop.exe
Sicherheitsversion: AV: 1.389.2284.0, AS: 1.389.2284.0, NIS: 1.389.2284.0
Modulversion: AM: 1.1.20300.3, NIS: 1.1.20300.3

Date: 2023-05-24 13:08:38
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Woreflint.A!cl&threatid=2147726230&enterprise=0
Name: Trojan:Script/Woreflint.A!cl
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\savio\AppData\Local\Temp\SCFA2EB.tmp
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: PC-Savio\savio
Prozessname: C:\Users\savio\AppData\Local\Programs\SparkDesktop\Spark Desktop.exe
Sicherheitsversion: AV: 1.389.2284.0, AS: 1.389.2284.0, NIS: 1.389.2284.0
Modulversion: AM: 1.1.20300.3, NIS: 1.1.20300.3

Date: 2023-05-24 12:32:08
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Woreflint.A!cl&threatid=2147726230&enterprise=0
Name: Trojan:Script/Woreflint.A!cl
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\savio\AppData\Local\Temp\SCF37ED.tmp; file:_C:\Users\savio\AppData\Local\Temp\SCF380D.tmp; file:_C:\Users\savio\AppData\Local\Temp\SCF383D.tmp
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: PC-Savio\savio
Prozessname: C:\Users\savio\AppData\Local\Programs\SparkDesktop\Spark Desktop.exe
Sicherheitsversion: AV: 1.389.2284.0, AS: 1.389.2284.0, NIS: 1.389.2284.0
Modulversion: AM: 1.1.20300.3, NIS: 1.1.20300.3

Date: 2023-05-24 12:32:08
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Script/Woreflint.A!cl&threatid=2147726230&enterprise=0
Name: Trojan:Script/Woreflint.A!cl
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_C:\Users\savio\AppData\Local\Temp\SCF37ED.tmp; file:_C:\Users\savio\AppData\Local\Temp\SCF380D.tmp
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: PC-Savio\savio
Prozessname: C:\Users\savio\AppData\Local\Programs\SparkDesktop\Spark Desktop.exe
Sicherheitsversion: AV: 1.389.2284.0, AS: 1.389.2284.0, NIS: 1.389.2284.0
Modulversion: AM: 1.1.20300.3, NIS: 1.1.20300.3

CodeIntegrity:
===============
Date: 2023-05-24 12:20:30
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\ImmersiveControlPanel\SystemSettings.exe) attempted to load \Device\HarddiskVolume2\Program Files\Google\Drive File Stream\75.0.2.0\crashpad_handler.exe that did not meet the Microsoft signing level requirements.

Date: 2023-05-24 07:59:59
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\tap0901.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2023-05-13 21:15:04
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\ImmersiveControlPanel\SystemSettings.exe) attempted to load \Device\HarddiskVolume2\Program Files\Google\Drive File Stream\74.0.3.0\crashpad_handler.exe that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen =========================== 

BIOS: American Megatrends Inc. P3.30 05/10/2019
Hauptplatine: ASRock B450M Pro4
Prozessor: AMD Ryzen 5 3600 6-Core Processor 
Prozentuale Nutzung des RAM: 61%
Installierter physikalischer RAM: 16318.07 MB
Verfügbarer physikalischer RAM: 6263.51 MB
Summe virtueller Speicher: 20670.07 MB
Verfügbarer virtueller Speicher: 4771.12 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:476.27 GB) (Free:89.88 GB) (Model: INTEL SSDPEKNW512G8) NTFS
Drive d: (Volume) (Fixed) (Total:97.66 GB) (Free:97.44 GB) (Model: SanDisk SSD PLUS 240GB) NTFS
Drive e: (Volume) (Fixed) (Total:125.9 GB) (Free:125.8 GB) (Model: SanDisk SSD PLUS 240GB) NTFS
Drive g: (Google Drive) (Fixed) (Total:476.27 GB) (Free:85.38 GB) (Model: SanDisk SSD PLUS 240GB) FAT32

\\?\Volume{e54ae342-4dfe-11ec-b102-a9eb46d5cc39}\ () (Fixed) (Total:0.57 GB) (Free:0.07 GB) NTFS
\\?\Volume{e54ae344-4dfe-11ec-b102-a9eb46d5cc39}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 9DD0A020)

Partition: GPT.

==========================================================
Disk: 1 (Size: 476.9 GB) (Disk ID: 1E54BEE9)

Partition: GPT.

==================== Ende von Addition.txt =======================
         
Malewarebytes
Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 24.05.23
Scan-Zeit: 13:21
Protokolldatei: 1499ae58-fa25-11ed-b695-7085c2cf882f.json

-Softwaredaten-
Version: 4.5.29.268
Komponentenversion: 1.0.2022
Version des Aktualisierungspakets: 1.0.69925
Lizenz: Kostenlos

-Systemdaten-
Betriebssystem: Windows 11 (Build 23451.1000)
CPU: x64
Dateisystem: NTFS
Benutzer: PC-Savio\savio

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 354745
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 6 Min., 50 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)
         
AdwCleaner
Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    05-24-2023
# Duration: 00:00:06
# OS:       Windows 11 (Build 23451.1000)
# Scanned:  32104
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [1420 octets] - [24/05/2023 13:23:02]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########
         
__________________


Alt 24.05.2023, 20:23   #3
M-K-D-B
/// TB-Ausbilder
 
Trojan:Script/Woreflint.A!cl in file: C:\Users\name\AppData\Local\Temp\SCFA2EB.tmp - Standard

Trojan:Script/Woreflint.A!cl in file: C:\Users\name\AppData\Local\Temp\SCFA2EB.tmp







Mein Name ist Matthias und ich werde dir bei der Analyse und Bereinigung deines Systems helfen.





Schritt 1
Die folgenden Programme sind veraltet, stören die Bereinigung oder es handelt sich um Werbesoftware (Adware) bzw. Potentiell Unerwünschte Programme (PUP) und müssen entfernt werden.
  • Deinstalliere über Start > Einstellungen > Apps die folgenden Programme:
    • Spark Desktop
  • Starte den Rechner im Anschluss neu.
  • Gib eine kurze Rückmeldung, ob die Deinstallation erfolgreich war.





Schritt 2
WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Skript ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System verwendet werden!
  • Speichere deine Arbeiten und schließe alle offenen Programme, damit keine Daten verloren gehen.
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
    SystemRestore: On 
    CreateRestorePoint:
    CloseProcesses:
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\qt_temp.Hp4444 [2023-05-14] () [Datei ist nicht signiert]
    Task: {695DD85C-981E-46DB-8441-F84E0E1F052C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Keine Datei)
    S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
    CustomCLSID: HKU\S-1-5-21-3636290956-4184935153-3330214957-1001_Classes\CLSID\{157A7F8D-CE70-4664-951F-D4867A941582}\localserver32 -> C:\Users\savio\AppData\Local\Programs\SparkDesktop\Spark Desktop.exe (Spark Mail Limited -> Spark Mail Limited)
    CustomCLSID: HKU\S-1-5-21-3636290956-4184935153-3330214957-1001_Classes\CLSID\{23B3E3D8-C162-4A8B-AB0C-0905DCB1DF19}\InprocServer32 -> C:\Users\savio\AppData\Local\Packages\Microsoft.PowerAutomateDesktop_8wekyb3d8bbwe\TempState\RDP\DVCPlugin\x64\Microsoft.Flow.RPA.Desktop.UIAutomation.RDP.DVC.Plugin.dll => Keine Datei
    ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>  -> Keine Datei
    startpowershell:
    Function Remove-all-windefend-excludes {
    $Paths=(Get-MpPreference).ExclusionPath
    $Extensions=(Get-MpPreference).ExclusionExtension
    $Processes=(Get-MpPreference).ExclusionProcess
    foreach ($Path in $Paths) { Remove-MpPreference -ExclusionPath $Path -force}
    foreach ($Extension in $Extensions) { Remove-MpPreference -ExclusionExtension $Extension -force}
    foreach ($Process in $Processes) { Remove-MpPreference -ExclusionProcess $Process -force}
    }
    Set-MpPreference -DisableAutoExclusions $true -Force
    Remove-all-windefend-excludes
    endpowershell:
    CMD: netsh winsock reset
    CMD: netsh advfirewall reset
    CMD: netsh advfirewall set allprofiles state ON
    CMD: netsh winhttp reset proxy
    CMD: Bitsadmin /Reset /Allusers
    CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
    CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
    CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
    CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
    Hosts:
    RemoveProxy:
    EmptyTemp:
    Reboot:
    End::
             
  • Starte nun FRST und klicke direkt auf den Button Reparieren.
    Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!

  • Wichtig:
    • Bitte gedulde dich, sobald du die Reparatur gestartet hast. Je nach Art und Umfang der notwendigen Reparaturen kann dies einige Minuten dauern.
      Eventuell erhältst du während der Reparatur auch die Information "keine Rückmeldung" von FRST. Das ist normal, du musst nichts weiter tun, nur warten.
    • Mit dieser Reparatur werden alle temporären Dateien/Browserdaten sowie der Papierkorb gelöscht.
    • Mit dieser Reparatur werden die Windows Firewall-Einstellungen zurückgesetzt. Du wirst möglicherweise später aufgefordert, legitimen Programmen eine Erlaubnis/Ausnahme für die Firewall zu erteilen. Dies solltest du dann erlauben/zulassen.

  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.





Schritt 3
Führe ESET Online Scanner (EOS) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei.





Bitte poste mit deiner nächsten Antwort:
  • eine Rückmeldung bezüglich der Deinstallationen
  • die Logdatei des FRST-Fix (fixlog.txt)
  • die Logdatei von ESET
__________________

Alt 27.05.2023, 20:59   #4
M-K-D-B
/// TB-Ausbilder
 
Trojan:Script/Woreflint.A!cl in file: C:\Users\name\AppData\Local\Temp\SCFA2EB.tmp - Standard

Trojan:Script/Woreflint.A!cl in file: C:\Users\name\AppData\Local\Temp\SCFA2EB.tmp



Fehlende Rückmeldung
Dieses Thema wurde aus unseren Abos gelöscht. Somit bekommen wir keine Benachrichtigung über neue Antworten.
Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen!

Thema geschlossen

Themen zu Trojan:Script/Woreflint.A!cl in file: C:\Users\name\AppData\Local\Temp\SCFA2EB.tmp
administrator, auswertung, bonjour, desktop, email, file, google, homepage, internet, maleware, malwarebytes, microsoft, opera, ordner, prozesse, realtek, registry, scan, server, services.exe, svchost.exe, system, temp, treiber, trojan, trojaner, updates



Ähnliche Themen: Trojan:Script/Woreflint.A!cl in file: C:\Users\name\AppData\Local\Temp\SCFA2EB.tmp


  1. HEUR:Trojan.Script.Agent.gen / AppData\Local\Temp\ZAD_IxvE.js.part
    Plagegeister aller Art und deren Bekämpfung - 17.06.2017 (9)
  2. Windows 7, Trojan.Injector.MSIL in C:\Users\ev\AppData\Local\Temp\DMR\dmr_72.exe durch Malwarebytes erkannt
    Log-Analyse und Auswertung - 11.01.2016 (13)
  3. TR/Agent.7375 in C:\Users\HerrTest\AppData\Local\Temp\nscA085.tmp\temp\5FT.zip
    Log-Analyse und Auswertung - 18.10.2015 (13)
  4. C:\Users\****\AppData\Local\Temp\jrscpls.exe
    Plagegeister aller Art und deren Bekämpfung - 30.09.2013 (39)
  5. C:\Users\Helmut\AppData\Local\Temp\wpbt0.dll' enthielt einen Virus oder unerwünschtes Programm 'TR/Reveton.N.370' [trojan].
    Log-Analyse und Auswertung - 25.09.2013 (11)
  6. C:\Users\***\AppData\Local\Temp\addlyrics1030.exe (Trojan.StartPage)
    Log-Analyse und Auswertung - 09.04.2013 (9)
  7. Online- Banking gesperrt! Trojan.FakeAlert.Gen & Trojan.ZbotR.Gen in (C:\Users\\AppData\Temp & C:\Users\\AppData\Roaming\Osje\rutaap.exe)
    Log-Analyse und Auswertung - 06.02.2013 (1)
  8. TR.Dropper.gen in C:\Users\Christina\AppData\Local\Temp, Trojan/Zaccess, Trojan.Agent, ...
    Log-Analyse und Auswertung - 19.06.2012 (29)
  9. c:\users\***\appdata\local\temp\vcplt.dll
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (21)
  10. /Users/Standardbenutzer/AppData/Local/Temp/kes309523.exe <<< Is the Trojan horse TR/Reveton.A.165
    Log-Analyse und Auswertung - 06.05.2012 (20)
  11. C:\Users\***\AppData\Local\Temp!
    Plagegeister aller Art und deren Bekämpfung - 26.03.2012 (1)
  12. Trojan.MulDrop1.45351 in C:\Users\Darkshadow\AppData\Local\Temp\mexe.com
    Log-Analyse und Auswertung - 22.12.2011 (26)
  13. C:/Users/Appdata/Local/Temp/WAB.log
    Log-Analyse und Auswertung - 21.04.2011 (3)
  14. Trojan.Dropper in C:\Users\*****\AppData\Local\Temp\0.7247057717775541.exe
    Plagegeister aller Art und deren Bekämpfung - 14.01.2011 (12)
  15. TR/FraudPack.kvb.76 in C:\Users\***\AppData\Local\Temp\Fj0.exe
    Plagegeister aller Art und deren Bekämpfung - 31.12.2010 (4)
  16. 'TR/Vundo.Gen' [trojan] in 'C:\Users\Nobby\AppData\Local\Temp\spool.exe'
    Plagegeister aller Art und deren Bekämpfung - 30.11.2009 (2)
  17. BDS/Bredavi.azd in C:\Users\****\AppData\Local\Temp\****.exe
    Plagegeister aller Art und deren Bekämpfung - 29.11.2009 (8)

Zum Thema Trojan:Script/Woreflint.A!cl in file: C:\Users\name\AppData\Local\Temp\SCFA2EB.tmp - Guten Tag, Leider wurde ich Opfer der Mailware Trojan:Script/Woreflint.A!cl. Diese befindet sich nun seit Wochen auf dem PC. Wird zwar immer wieder "entfernt", aber ich bekomme trotzdem die Windowsdefender Meldung. - Trojan:Script/Woreflint.A!cl in file: C:\Users\name\AppData\Local\Temp\SCFA2EB.tmp...
Archiv
Du betrachtest: Trojan:Script/Woreflint.A!cl in file: C:\Users\name\AppData\Local\Temp\SCFA2EB.tmp auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.