| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PUP.Adware.Heuristic / bcnexumWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.04.2025, 17:33
| #1 |
| |  PUP.Adware.Heuristic / bcnexum Liebe Leute, Irgendwann ist mir die domain bcnexum.com in meinem Firefox-Verlauf aufgefallen. AdwCleaner hat "PUP.Adware.Heuristic" festgestellt und "HKCU\SOFTWARE\438f84b93ab73e6e9ccd233d1abe724b" entfernt. 7 Tage später tauchte bcnexum wieder auf und PUP.Adware.Heuristic ist auch bei jedem Neustart wieder da. Das geht schon eine Weile so, die DIY-Tips zum endgültigen Entfernen, die ich gefunden habe ( https://hackerdose.com/malware/bcnexum-com-redirect/ und https://praxistipps.chip.de/pup-adware-heuristic-entfernen-so-gehts_96925 ) , konnte ich nicht erfolgreich umsetzen, und ich bin mit meinem Latein am Ende. Danke, dass ihr euch um so Sachen kümmert! FRST-Logs: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-04-2025
durchgeführt von Páll (Administrator) auf DESKTOP-8H8CSAR (Micro-Star International Co., Ltd. MS-7C56) (17-04-2025 10:29:20)
Gestartet von C:\Users\Páll\Downloads\FRST64.exe
Geladene Profile: Páll
Plattform: Microsoft Windows 11 Pro Version 24H2 26100.3775 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.983.1\DropboxCrashHandler.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe ->) (Native Instruments GmbH -> ) C:\Program Files\Common Files\Native Instruments\NTK\crashpad_handler.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSettings.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiTray.exe
(C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(C:\Users\Páll\Downloads\adwcleaner.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2501.31.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <2>
(cmd.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(DriverStore\FileRepository\u0413647.inf_amd64_d320f14af0da075c\B413137\atiesrxx.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0413647.inf_amd64_d320f14af0da075c\B413137\atieclxx.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <8>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.056.0324.0003\Microsoft.SharePoint.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\regedit.exe
(explorer.exe ->) (OpenVPN Inc. -> ) C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <20>
(RuntimeBroker.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Users\Páll\Downloads\adwcleaner.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0413647.inf_amd64_d320f14af0da075c\B413137\atiesrxx.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\scheduler.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_1da2893e2ffb6838\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe
(services.exe ->) (Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe
(services.exe ->) (OpenVPN Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_434f4faf6aa034b3\RtkAudUService64.exe <2>
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25031.45.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(sihost.exe ->) (Musecy SM Ltd. -> Muse) C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.exe
(svchost.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.1.4.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.296.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.5100.40.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_434f4faf6aa034b3\RtkAudUService64.exe [2389976 2024-12-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330040 2014-02-11] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [9238408 2025-04-15] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Páll\AppData\Local\Microsoft\Teams\Update.exe [2588640 2023-12-01] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (Keine Datei)
HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5013832 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\Run: [OpenVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [829304 2021-06-17] (OpenVPN Inc. -> )
HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\Run: [Microsoft.Lists] => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\Microsoft.SharePoint.exe [1031976 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\Run: [AMDNoiseSuppression] => C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe [164840 2024-06-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\WINDOWS\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [Datei ist nicht signiert]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{E5931AF4-2A8F-48A5-AFC8-460348F480E8}] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe"
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\Páll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitCleaner Tasker.lnk [2024-03-03] <==== ACHTUNG
ShortcutTarget: BitCleaner Tasker.lnk -> C:\Users\Páll\AppData\Roaming\BitCleaner\BitCleaner Tasker.exe (BINARYLABS LIMITED -> Binarylabs LTD) <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {56C2FFB7-9E96-4F0B-A26B-B70B0B72CB77} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {362B8CE5-631B-402F-AEA5-88E1D0AA1B2A} - System32\Tasks\AMD Install Manager - Check For Updates => C:\Program Files\AMD\AMDInstallManager\AMDInstallManager.exe [55232720 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.) -> C:\Program Files\AMD\AMDInstallManager\\-CheckForUpdates
Task: {B4F7D5C2-BD32-4F03-A6DD-1469A0B3DCA9} - System32\Tasks\AMD Install Manager - Install Updates => C:\Program Files\AMD\AMDInstallManager\AMDInstallManager.exe [55232720 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.) -> C:\Program Files\AMD\AMDInstallManager\\-InstallUpdates -Auto
Task: {1DCDB645-2256-4947-85FC-0E076AC80B78} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1038544 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {AD52520A-8DA2-448A-908F-D8A72A78BC57} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [191184 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {ECC45768-467E-428B-897E-9F9978818079} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-11-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {A6E810A8-EB72-4985-B86D-BEB3998B3D20} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-11-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {256F55DA-28C2-4606-AFAD-0F6F0FE32A3C} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [89840 2014-10-19] (Hewlett-Packard Company -> Hewlett Packard)
Task: {CFD0E61C-F4CC-4A51-8805-864BC6E0B7D7} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315544 2025-04-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {01F091ED-1616-455E-8809-9E3FC90145BD} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315544 2025-04-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {A31A605F-71C1-46E5-81AB-DFB7297DA840} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29107936 2025-04-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {38A49F5C-5207-42A3-97EC-E7E342BF51A4} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [68328 2025-04-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {946C804A-9975-4E88-A267-EEBCD8601040} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29107936 2025-04-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {607778FF-ADDC-4A1A-B589-E2A61F3A375F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315544 2025-04-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {CE55396D-89E9-4D36-87B8-7CB36B33D319} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315544 2025-04-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {C2530059-9DDE-4153-8FE0-F06901055A17} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [204400 2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {CB280622-400B-4808-BC22-05DE35242278} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4536760 2025-04-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {24FB97BB-3BD5-4424-904B-FE137BA70AC6} - System32\Tasks\Microsoft\Windows\AccountHealth\RecoverabilityToastTask => {B7F5B442-EBF8-46CD-9F0B-D8E45ED43492} C:\WINDOWS\system32\AccountHealth.dll [258048 2025-03-31] (Microsoft Windows -> Microsoft Corporation)
Task: {E88D9B2C-DDEA-47B2-9582-085153004DB5} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (Keine Datei)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Keine Datei)
Task: {86A85C57-D7F8-4E72-8EA7-ACD8AE47F874} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (Keine Datei)
Task: {E5FCB0C7-1A4A-4A60-9918-E2A6F399A651} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (Keine Datei)
Task: {CEC27C84-275A-40B7-AD7A-879856542C2A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (Keine Datei)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
Task: {F744877B-71CD-4852-BB31-BF53264D1D0D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {860E698E-5C6A-4973-9AA0-5399C82D45AA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E2B7E138-2F2E-4DCF-818B-01FAE35CFFD2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {98BC770D-5721-4428-AF0C-54FEA1C08BB2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {44BF852D-C173-4890-9067-11D72C3EAD31} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2463600 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {D4930081-AEE1-4A45-8467-92B65689C015} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1938792 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {FA00A83C-5C01-4687-9835-F23506E72563} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2335600 2021-09-08] (Microsoft Corporation -> Microsoft)
Task: {A0464567-5C7E-4B6E-8CC2-1561125ABBC4} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\CEIP.exe [32632 2021-09-08] (Microsoft Corporation -> Microsoft)
Task: {BC53EF15-3974-42B8-AD79-1A2031531E1E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2463600 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {6352B3E7-8D16-4F8B-A90C-112B17EE1A8D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1938792 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {9DFB9E7F-60E4-40CE-A0D6-C9ABB2DA8923} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1038544 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {E792D9D9-60B8-4726-9648-41E190A077D5} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2129917812-2419563499-1881424802-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-04-14] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {1AF9B551-A0A2-4D62-AB4C-4DC455E9F70E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-04-14] (Mozilla Corporation -> Mozilla Foundation)
Task: {6681352A-F2C6-4351-9F9A-A4D071A334E5} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223832 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {4157E1A3-50D1-4723-8041-1E808F97D891} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2129917812-2419563499-1881424802-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223832 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {F49D432F-26BC-47D3-96C2-AE881199E49B} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2129917812-2419563499-1881424802-1001 => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\OneDriveLauncher.exe [676680 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {638D8052-6C94-46ED-9B7C-30552073C18B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [142544 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {B6FF67DD-A57A-4C81-B95B-34380DF9F284} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [309968 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 217.69.224.73 213.187.64.1
Tcpip\..\Interfaces\{b0cd0ea0-d7b3-47c8-8482-2fa35f02c9a7}: [DhcpNameServer] 217.69.224.73 213.187.64.1
Tcpip\..\Interfaces\{d1049e77-17bf-4cfd-af2e-b55a841ad76c}: [DhcpNameServer] 130.208.165.87 130.208.72.10
Edge:
=======
Edge Profile: C:\Users\Páll\AppData\Local\Microsoft\Edge\User Data\Default [2025-04-16]
Edge Extension: (Google Docs Offline) - C:\Users\Páll\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-16]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Bitcleaner Surfguard) - C:\Users\Páll\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gidnhakgfijhghmilgiiffidakihnbnb [2024-03-03]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge Extension: (Edge relevant text changes) - C:\Users\Páll\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-03]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [gidnhakgfijhghmilgiiffidakihnbnb]
FireFox:
========
FF DefaultProfile: 6wug9kbj.default
FF DefaultProfile: b3abstqg.default
FF ProfilePath: C:\Users\Páll\AppData\Roaming\Zotero\Zotero\Profiles\6wug9kbj.default [2025-03-25]
FF ProfilePath: C:\Users\Páll\AppData\Roaming\Mozilla\Firefox\Profiles\b3abstqg.default [2025-04-16]
FF ProfilePath: C:\Users\Páll\AppData\Roaming\Mozilla\Firefox\Profiles\zgkz7p2r.default-release [2025-04-17]
FF Extension: (uBlock Origin) - C:\Users\Páll\AppData\Roaming\Mozilla\Firefox\Profiles\zgkz7p2r.default-release\Extensions\uBlock0@raymondhill.net.xpi [2025-04-16]
FF Extension: (Return YouTube Dislike) - C:\Users\Páll\AppData\Roaming\Mozilla\Firefox\Profiles\zgkz7p2r.default-release\Extensions\{762f9885-5a13-4abd-9c77-433dcd38b8fd}.xpi [2025-04-16]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-03-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13862104 2025-04-08] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-11-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-11-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48528 2025-04-15] (Dropbox, Inc -> Dropbox, Inc.)
S3 DropboxElevationService; C:\Program Files (x86)\Dropbox\Client\222.4.5042\DropboxElevationService.exe [1659280 2025-04-15] (Dropbox, Inc -> Dropbox, Inc.)
R2 FA_Scheduler; C:\Program Files\Fortinet\FortiClient\scheduler.exe [437328 2023-07-18] (Fortinet Technologies (Canada) ULC -> Fortinet Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncHelper.exe [3545416 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [Datei ist nicht signiert]
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243664 2025-03-10] (HP Inc. -> HP Inc.)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe [2009608 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 MuseHub Updater Service; C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.Updater.exe [7815248 2025-02-06] (Musecy SM Ltd. -> Muse.Updater)
R2 NTKDaemonService; C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe [16953568 2024-07-02] (Native Instruments GmbH -> Native Instruments GmbH)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.056.0324.0003\OneDriveUpdaterService.exe [3892568 2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73592 2021-06-17] (OpenVPN Inc. -> The OpenVPN Project)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559320 2025-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe [4538400 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe [278320 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 amdfendrmgr; C:\WINDOWS\System32\DriverStore\FileRepository\amdfendr.inf_amd64_1da2893e2ffb6838\amdfendrmgr.sys [36136 2024-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R2 AMDRyzenMasterDriverV28; C:\Windows\system32\AMDRyzenMasterDriver.sys [61264 2025-02-24] (Advanced Micro Devices -> Advanced Micro Devices)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_66bdd11a4e97edd1\amdsafd.sys [112840 2024-05-02] (AMD Test Build -> Advanced Micro Devices)
R3 amduw23g; C:\WINDOWS\System32\DriverStore\FileRepository\u0413647.inf_amd64_d320f14af0da075c\B413137\amdkmdag.sys [111263168 2025-03-12] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [63008 2024-05-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 FortiFilter; C:\WINDOWS\system32\DRIVERS\FortiFilter.sys [35400 2023-07-18] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 Fortips; C:\WINDOWS\System32\drivers\fortips.sys [165072 2023-07-18] (Fortinet, Inc. -> Fortinet Inc)
S3 FortiTransCtrl; C:\WINDOWS\System32\drivers\FortiTransCtrl.sys [84136 2023-07-18] (Fortinet, Inc. -> Fortinet Inc)
R3 ftsvnic; C:\WINDOWS\System32\drivers\ftsvnic.sys [75888 2023-07-18] (Fortinet, Inc. -> Fortinet Inc.)
R3 ft_vnic; C:\WINDOWS\System32\drivers\ftvnic.sys [70368 2023-07-18] (Fortinet Technologies (Canada) Inc. -> Fortinet Corporation)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2024-06-21] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 ThermalFilter; C:\WINDOWS\System32\DriverStore\FileRepository\c_thermal.inf_amd64_732a53ed1662b707\ThermalFilter.sys [75376 2025-03-31] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20016 2025-04-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [605576 2025-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100744 2025-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 wini3ctarget; C:\WINDOWS\System32\DriverStore\FileRepository\wini3ctarget.inf_amd64_bdb09ebda2834009\wini3ctarget.sys [75168 2025-03-31] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [38176 2024-06-21] (WireGuard LLC -> WireGuard LLC)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-04-17 10:29 - 2025-04-17 10:29 - 000031065 _____ C:\Users\Páll\Downloads\FRST.txt
2025-04-17 10:29 - 2025-04-17 10:29 - 000000000 ____D C:\FRST
2025-04-17 10:28 - 2025-04-17 10:28 - 002404864 _____ (Farbar) C:\Users\Páll\Downloads\FRST64.exe
2025-04-17 10:23 - 2025-04-17 10:23 - 000707760 _____ C:\WINDOWS\system32\perfh007.dat
2025-04-17 10:23 - 2025-04-17 10:23 - 000478860 _____ C:\WINDOWS\system32\perfh008.dat
2025-04-17 10:23 - 2025-04-17 10:23 - 000400580 _____ C:\WINDOWS\system32\perfh006.dat
2025-04-17 10:23 - 2025-04-17 10:23 - 000150734 _____ C:\WINDOWS\system32\perfc007.dat
2025-04-17 10:23 - 2025-04-17 10:23 - 000081052 _____ C:\WINDOWS\system32\perfc008.dat
2025-04-17 10:23 - 2025-04-17 10:23 - 000071570 _____ C:\WINDOWS\system32\perfc006.dat
2025-04-17 09:32 - 2025-04-17 10:06 - 000592574 _____ C:\WINDOWS\ntbtlog.txt
2025-04-17 09:32 - 2025-04-17 10:01 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2025-04-17 08:52 - 2025-04-17 08:52 - 000003900 _____ C:\WINDOWS\system32\Tasks\AMD Install Manager - Install Updates
2025-04-17 08:47 - 2025-04-17 08:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2025-04-16 16:16 - 2025-04-16 16:16 - 000002034 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Privater Modus.lnk
2025-04-16 16:16 - 2025-04-16 16:16 - 000001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-04-16 16:16 - 2025-04-16 16:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2025-04-16 16:16 - 2025-04-16 16:16 - 000000000 ____D C:\Users\Páll\AppData\Roaming\Mozilla
2025-04-16 16:16 - 2025-04-16 16:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-04-16 16:14 - 2025-04-16 16:14 - 000382392 _____ (Mozilla) C:\Users\Páll\Downloads\Firefox Installer.exe
2025-04-16 16:03 - 2025-04-16 16:03 - 000035968 _____ C:\Users\Páll\Downloads\rtet.csv
2025-04-16 15:59 - 2025-04-16 15:59 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2025-04-15 20:34 - 2025-04-16 16:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-04-15 13:06 - 2025-04-15 13:06 - 000048528 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2025-04-13 09:55 - 2025-04-13 09:55 - 040056876 _____ C:\Users\Páll\Desktop\Riff 25.03.30 lang.wav
2025-04-11 21:17 - 2025-04-11 21:17 - 000000000 ____D C:\inetpub
2025-04-11 21:07 - 2025-04-11 21:07 - 009575227 _____ C:\Users\Páll\Downloads\Old World-Official User Manual.pdf
2025-04-11 13:49 - 2025-04-11 13:49 - 000001700 _____ C:\Users\Páll\Downloads\Riff 30.03.2025.tg
2025-04-10 08:59 - 2025-04-17 08:49 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-04-09 18:13 - 2025-04-11 13:41 - 040056876 _____ C:\Users\Páll\Desktop\Riff 30.03.2025.wav
2025-04-08 21:24 - 2025-04-08 21:24 - 000069260 _____ C:\Users\Páll\Downloads\Überweisung Hochschulsport.pdf
2025-04-07 17:38 - 2025-04-07 17:38 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2025-04-07 14:11 - 2025-04-07 14:11 - 000135524 _____ C:\Users\Páll\Downloads\GMX - RE_ Insurance deposit refund-1.pdf
2025-04-07 14:11 - 2025-04-07 14:11 - 000073928 _____ C:\Users\Páll\Downloads\Corresp. Sparkasse Giessen.pdf
2025-04-07 14:05 - 2025-04-07 14:10 - 000020197 _____ C:\Users\Páll\Downloads\AW_Problem_bei_Auslandsueberweisung.pdf
2025-04-07 14:05 - 2025-04-07 14:05 - 000019396 _____ C:\Users\Páll\Downloads\S_20250407_140535_AW_Problem_bei_Auslandsueberweisung.ZIP
2025-04-07 13:53 - 2025-04-07 13:53 - 000118632 _____ C:\Users\Páll\Downloads\Hochschulsport.pdf
2025-04-06 20:56 - 2025-04-06 20:56 - 000204743 _____ C:\Users\Páll\Downloads\DB_Ticket_869549164029.pdf
2025-04-05 18:47 - 2025-04-05 18:47 - 000000000 ____D C:\WINDOWS\system32\AccountHealthAssets
2025-04-04 23:21 - 2025-04-04 23:21 - 035835948 _____ C:\Users\Páll\Desktop\Riff 25.02.28.wav
2025-03-31 21:42 - 2025-03-31 21:42 - 000053050 _____ C:\Users\Páll\Documents\Rundfunkbeitrag - Bestätigung.pdf
2025-03-31 13:04 - 2025-03-31 13:04 - 000208442 _____ C:\Users\Páll\Downloads\image-1000-805f01d16bd722eff86baa7a53f2fa8d.jpeg
2025-03-31 11:26 - 2025-03-31 11:26 - 000000667 _____ C:\Users\Páll\Downloads\Riff 2 30.03.2025.tg
2025-03-31 11:18 - 2025-03-31 11:18 - 000029042 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-03-31 11:18 - 2025-03-31 11:18 - 000029042 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2025-03-25 10:53 - 2025-03-25 10:53 - 000135524 _____ C:\Users\Páll\Downloads\GMX - RE_ Insurance deposit refund.pdf
2025-03-25 09:30 - 2025-03-25 09:30 - 000096657 _____ C:\Users\Páll\Downloads\Paul Theissen Income 03.25.pdf
2025-03-25 09:30 - 2025-03-25 09:30 - 000002737 _____ C:\Users\Páll\Downloads\20250325-42064635-umsatz(2).CSV
2025-03-25 09:29 - 2025-03-25 09:29 - 000002737 _____ C:\Users\Páll\Downloads\20250325-42064635-umsatz.CSV
2025-03-25 09:29 - 2025-03-25 09:29 - 000002737 _____ C:\Users\Páll\Downloads\20250325-42064635-umsatz(1).CSV
2025-03-22 07:25 - 2025-03-22 07:25 - 000807361 _____ C:\Users\Páll\Downloads\Beowulf by All - 9781641894746.pdf
2025-03-20 17:28 - 2025-03-20 17:28 - 006277616 _____ (GOG.com ) C:\Users\Páll\Downloads\setup_old_world_expansion_1_76679_(64bit)_(80422)(1).exe
2025-03-20 17:27 - 2025-03-20 17:27 - 000000000 ____D C:\Users\Páll\AppData\LocalLow\MohawkGames
2025-03-20 17:06 - 2025-04-13 10:39 - 000000000 ____D C:\WINDOWS\Minidump
2025-03-19 10:48 - 2025-03-19 10:48 - 000063808 _____ C:\Users\Páll\Documents\Isländisch Sprachkurs Rechnung.pdf
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-04-17 10:29 - 2025-02-06 11:58 - 000000000 ____D C:\Users\Páll\AppData\Local\Muse Hub
2025-04-17 10:28 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-04-17 10:23 - 2025-03-16 20:02 - 002661938 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-04-17 10:23 - 2024-04-01 09:24 - 000000000 ____D C:\WINDOWS\INF
2025-04-17 10:20 - 2023-10-13 12:03 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-04-17 10:19 - 2024-11-29 21:34 - 000000000 ____D C:\Users\Páll\AppData\Roaming\Dropbox
2025-04-17 10:19 - 2024-11-29 21:34 - 000000000 ____D C:\Users\Páll\AppData\Local\Dropbox
2025-04-17 10:18 - 2025-03-16 15:00 - 000003116 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2025-04-17 10:18 - 2025-03-16 15:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-04-17 10:18 - 2025-03-16 14:58 - 000002920 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-04-17 10:18 - 2025-02-06 11:58 - 000000000 ____D C:\Users\Páll\AppData\Local\MuseSampler
2025-04-17 10:18 - 2024-07-13 17:54 - 000000000 ____D C:\ProgramData\boost_interprocess
2025-04-17 10:18 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-04-17 10:18 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-04-17 10:18 - 2024-04-01 09:21 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-04-17 10:18 - 2023-10-13 17:57 - 000012288 ___SH C:\DumpStack.log.tmp
2025-04-17 09:26 - 2023-12-01 14:51 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-04-17 08:52 - 2025-03-16 15:00 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-04-17 08:52 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-04-17 08:47 - 2024-11-29 21:34 - 000000000 ____D C:\Program Files (x86)\Dropbox
2025-04-16 19:38 - 2023-10-13 12:44 - 000000000 ____D C:\Program Files (x86)\Steam
2025-04-16 19:27 - 2023-10-13 14:50 - 000000000 ____D C:\Users\Páll\Desktop\Noten etc
2025-04-16 19:02 - 2024-01-16 20:54 - 000000000 ____D C:\Users\Páll\AppData\Roaming\landnama
2025-04-16 16:05 - 2023-12-01 09:16 - 000000000 ____D C:\Users\Páll\AppData\Roaming\Microsoft\Teams
2025-04-16 16:05 - 2023-10-13 12:00 - 000000000 ____D C:\Users\Páll\AppData\Local\D3DSCache
2025-04-16 15:59 - 2023-10-13 22:50 - 000000000 ____D C:\Program Files\Common Files\VST3
2025-04-16 15:59 - 2023-10-13 22:47 - 000000000 ____D C:\Program Files\VstPlugIns
2025-04-15 20:33 - 2025-03-16 15:00 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2129917812-2419563499-1881424802-1001
2025-04-15 20:33 - 2025-03-16 15:00 - 000003552 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-2129917812-2419563499-1881424802-1001
2025-04-15 20:33 - 2025-03-16 15:00 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-04-15 20:33 - 2023-11-30 12:34 - 000002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-04-13 10:40 - 2025-03-16 14:58 - 000000000 ____D C:\Users\Páll
2025-04-13 10:39 - 2025-03-16 14:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-04-13 10:38 - 2025-03-16 14:00 - 001108270 ____N C:\WINDOWS\Minidump\041325-15703-01.dmp
2025-04-12 20:36 - 2023-10-13 17:58 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-04-12 08:17 - 2025-03-16 14:00 - 000868767 ____N C:\WINDOWS\Minidump\041225-10328-01.dmp
2025-04-11 21:18 - 2025-03-16 14:57 - 000638208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-04-11 21:17 - 2024-04-01 18:37 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2025-04-11 21:17 - 2024-04-01 18:36 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-04-11 21:17 - 2024-04-01 18:36 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemResources
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-04-11 19:19 - 2023-10-15 22:15 - 000000000 ____D C:\Users\Páll\AppData\Roaming\vlc
2025-04-11 08:54 - 2023-10-13 17:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-04-11 08:50 - 2023-11-30 12:32 - 000000000 ____D C:\Program Files\Microsoft Office
2025-04-10 21:22 - 2025-03-16 13:18 - 000000000 ____D C:\Users\Páll\AppData\Local\AMD_Common
2025-04-08 20:29 - 2025-03-16 14:59 - 003352064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-04-06 01:45 - 2023-10-13 13:24 - 000000000 ____D C:\Users\Páll\AppData\Roaming\discord
2025-04-06 01:05 - 2023-10-13 13:24 - 000000000 ____D C:\Users\Páll\AppData\Local\Discord
2025-04-05 19:52 - 2025-03-16 15:00 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-04-05 19:52 - 2025-03-16 15:00 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-04-05 19:05 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\USOPrivate
2025-04-05 19:02 - 2023-10-13 13:24 - 000002242 _____ C:\Users\Páll\Desktop\Discord.lnk
2025-04-05 18:47 - 2024-04-01 18:37 - 000000000 ____D C:\WINDOWS\InboxApps
2025-04-05 18:47 - 2024-04-01 18:37 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2025-04-05 18:47 - 2024-04-01 18:37 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\system32\UNP
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\system32\F12
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\UUS
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemApps
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\setup
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\Program Files\Common Files\System
2025-04-05 18:47 - 2024-04-01 09:21 - 000000000 ____D C:\WINDOWS\servicing
2025-04-05 11:17 - 2023-11-30 12:35 - 000000000 ____D C:\Users\Páll\AppData\Roaming\Microsoft\Word
2025-04-05 09:31 - 2023-10-13 12:00 - 000000000 ____D C:\Users\Páll\AppData\Local\Packages
2025-04-03 21:15 - 2025-03-16 14:00 - 000797220 ____N C:\WINDOWS\Minidump\040325-37312-01.dmp
2025-04-03 21:14 - 2024-11-29 21:35 - 000000000 ___RD C:\Users\Páll\Dropbox
2025-03-31 10:50 - 2025-03-16 14:08 - 000000000 ___DC C:\WINDOWS\Panther
2025-03-31 10:48 - 2025-03-16 14:00 - 001713386 ____N C:\WINDOWS\Minidump\033125-12390-01.dmp
2025-03-26 00:00 - 2024-03-07 20:59 - 000000000 ____D C:\Users\Páll\Zotero
2025-03-25 10:30 - 2023-10-16 00:10 - 000000000 ____D C:\Users\Páll\Desktop\Soundclips
2025-03-25 09:29 - 2023-12-27 08:42 - 000000000 ____D C:\Users\Páll\AppData\Roaming\Microsoft\Excel
2025-03-25 08:46 - 2023-10-16 11:03 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-03-25 08:46 - 2023-10-16 11:03 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2025-03-20 17:28 - 2024-06-29 21:09 - 000000000 ____D C:\Users\Páll\Documents\My Games
2025-03-20 17:06 - 2025-03-16 14:00 - 001897265 ____N C:\WINDOWS\Minidump\032025-11937-01.dmp
2025-03-19 20:21 - 2024-06-06 22:22 - 002897472 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2025-03-19 20:21 - 2024-06-06 22:22 - 000788008 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2025-03-19 20:21 - 2024-06-06 22:22 - 000267816 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2025-03-19 20:21 - 2024-06-06 22:22 - 000243264 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2025-03-19 20:21 - 2024-06-06 22:22 - 000153152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2025-03-19 20:21 - 2024-06-06 22:22 - 000124480 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2025-03-19 20:21 - 2024-06-06 22:22 - 000075304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2025-03-19 20:17 - 2023-10-13 12:00 - 000000000 ____D C:\ProgramData\Packages
2025-03-19 10:44 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2025-03-18 15:02 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\appcompat
2025-03-18 02:02 - 2023-10-13 12:02 - 000000000 ___RD C:\Users\Páll\OneDrive
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2023-10-13 22:53 - 2025-02-06 11:59 - 000000048 _____ () C:\Users\Páll\AppData\Roaming\msregsvv.dll
2024-09-23 19:25 - 2024-09-23 19:25 - 000003469 _____ () C:\Users\Páll\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-04-2025
durchgeführt von Páll (17-04-2025 10:30:41)
Gestartet von C:\Users\Páll\Downloads
Microsoft Windows 11 Pro Version 24H2 26100.3775 (X64) (2025-03-16 13:01:01)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-2129917812-2419563499-1881424802-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2129917812-2419563499-1881424802-503 - Limited - Disabled)
Gast (S-1-5-21-2129917812-2419563499-1881424802-501 - Limited - Disabled)
Páll (S-1-5-21-2129917812-2419563499-1881424802-1001 - Administrator - Enabled) => C:\Users\Páll
WDAGUtilityAccount (S-1-5-21-2129917812-2419563499-1881424802-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 25.001.20435 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Install Manager (HKLM\...\{64763D96-BC41-442A-A10F-4C9EF1783BCB}) (Version: 24.30.25071.1901 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 25.3.1 - Advanced Micro Devices, Inc.)
Amped - Roots version 2.0.0 (HKLM\...\Amped - Roots_is1) (Version: 2.0.0 - )
Amped - Stevie T version 1.0.2 (HKLM\...\Amped - Stevie T_is1) (Version: 1.0.2 - )
AmpliTube 5 version 5.7.1 (HKLM\...\{D831D61F-EBF5-4158-AEE1-F58A7B8C04C8}_is1) (Version: 5.7.1 - IK Multimedia)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.15 - tippach engineering)
Audacity 3.0.0 (HKLM-x32\...\Audacity_is1) (Version: 3.0.0 - Audacity Team)
Audacity 3.7.3 (64 Bit) (HKLM\...\Audacity_is1) (Version: 3.7.3 - Audacity Team)
AusweisApp (HKLM\...\{780E63F7-FD7F-4FD4-8224-56C65E7BF2D8}) (Version: 2.2.2 - Governikus GmbH & Co. KG)
Banished (HKLM-x32\...\1207660783_is1) (Version: 1.0.7 - GOG.com)
BitCleaner (HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\BitCleaner) (Version: 1.0.8.0 - BinaryLabs LTD) <==== ACHTUNG
Blackguards 2 (HKLM-x32\...\1207667233_is1) (Version: 2.2.0.5 - GOG.com)
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
calibre 64bit (HKLM\...\{08B38F11-2B6D-434D-B5D5-8C2FE3D70A66}) (Version: 7.4.0 - Kovid Goyal)
Custom Shop 2.0.0 (HKLM\...\5b86c39c-6f2f-52a0-a1b0-9b9fc743254c) (Version: 2.0.0 - IK Multimedia)
Custom Shop version 2.0.0 (HKLM\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 2.0.0 - IK Multimedia)
DIE SIEDLER - Das Erbe der Könige (HKLM-x32\...\{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}) (Version: 1.00.0000 - Blue Byte)
Discord (HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\Discord) (Version: 1.0.9019 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 222.4.5042 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.983.1 - Dropbox, Inc.) Hidden
FortiClient VPN (HKLM\...\{FF46D152-9845-4ACE-8258-DBA7E3BE9785}) (Version: 7.0.9.0493 - Fortinet Technologies Inc)
GIMP 2.10.34 (HKLM\...\GIMP-2_is1) (Version: 2.10.34 - The GIMP Team)
HP LaserJet Pro MFP M127-M128 (HKLM-x32\...\{3b050369-8d19-413d-9dec-84ff278472eb}) (Version: 15.0.15309.1258 - Hewlett-Packard)
HP LaserJet Pro MFP M127-M128 Fax (HKLM\...\{C5835004-643A-4EB6-A280-706F9F62F985}) (Version: 32.0.44.0 - Hewlett-Packard Co.) Hidden
HP LaserJet Pro MFP M127-M128 Fax (HKLM-x32\...\{FAE97B40-E8E2-4B52-9A9E-219C3CCC0107}) (Version: 32.0.44.0 - Hewlett-Packard Co.) Hidden
HP LaserJet Pro MFP M127-M128 Fax Driver (HKLM\...\{65072E52-F51B-4280-9DA6-EA5F1EE72C3A}) (Version: 32.0.44.0 - Hewlett-Packard Co.) Hidden
HP LaserJet Pro MFP M127-M128 HP Device Toolbox (HKLM-x32\...\{612631AC-0D84-4116-9D8A-D2D63467B7BF}) (Version: 32.0.28.0 - Hewlett-Packard Co.) Hidden
HP LJ M127128 Scan HP Scan (HKLM-x32\...\{2F518061-89DB-4AF0-9A7A-2BF73B60E6F0}) (Version: 1.0.302.0 - Hewlett-Packard Co.) Hidden
HP Product FWUpdater (HKLM-x32\...\{1A8F20ED-C9CC-43FD-A678-20970BB83A9E}) (Version: 4.0.0.8895 - Hewlett-Packard Company) Hidden
HP Unified IO (HKLM\...\{5C76ED0D-0F6F-4985-8B34-F9AE7834848F}) (Version: 2.0.0.434 - HP) Hidden
HP Unified IO (HKLM-x32\...\{F1390872-2500-4408-A46C-CD16C960C661}) (Version: 2.0.0.434 - HP) Hidden
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPLJProMFPM127M128 (HKLM-x32\...\{B5409C23-DE0C-4B48-8C8A-50AE38694955}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (HKLM-x32\...\{B445502B-2F83-4873-90F1-06059F71A46A}) (Version: 014.000.0001 - HP) Hidden
HPLJUTM127_128 (HKLM-x32\...\{2C886751-51BD-4A8C-B33A-B4C513AB5B9A}) (Version: 008.000.0001 - HP) Hidden
hppM125LaserJetService (HKLM-x32\...\{18D5B189-DBDD-4E57-A84B-58C7700E9BB0}) (Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{7504A7B0-003E-4875-A454-B627E127E9D9}) (Version: 100.040.00218 - Hewlett Packard) Hidden
hpStatusAlertsM127-M128 (HKLM-x32\...\{10D7EBAF-A550-48CD-8511-7D947184EE44}) (Version: 080.046.00112 - Hewlett-Packard) Hidden
IK Product Manager (HKLM\...\a401809f-3509-5ed7-a6dc-34dc618bf372) (Version: 1.0.9 - IK Multimedia)
Inkulinati (HKLM-x32\...\1788295898_is1) (Version: 1.48.1.0 - GOG.com)
Java(TM) SE Development Kit 22 (64-bit) (HKLM\...\{0A90CDCF-216E-51BC-89BE-70E263109A25}) (Version: 22.0.0.0 - Oracle Corporation)
LibreOffice 7.6.2.1 (HKLM\...\{69CAC3E6-C2D7-4221-9351-1F27CCBA92F1}) (Version: 7.6.2.1 - The Document Foundation)
MAGIX Analogue Modelling Suite Plus (HKLM\...\{F485F2FE-1D3D-4F6D-AD4E-13FA5FB22A88}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Analogue Modelling Suite Plus (HKLM\...\MX.{F485F2FE-1D3D-4F6D-AD4E-13FA5FB22A88}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Vandal VST-PlugIn (HKLM\...\{24F96DED-7B99-49C4-B877-CDCDC37762FA}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Vandal VST-PlugIn (HKLM\...\MX.{24F96DED-7B99-49C4-B877-CDCDC37762FA}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX VariVerb II VST-PlugIn (HKLM\...\{7A97538C-6D3F-4BB5-B2A1-D0ECFB199A4C}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX VariVerb II VST-PlugIn (HKLM\...\MX.{7A97538C-6D3F-4BB5-B2A1-D0ECFB199A4C}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Vintage Effects Suite (HKLM\...\{48978B41-9CD5-4274-9519-B622DD89727D}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Vintage Effects Suite (HKLM\...\MX.{48978B41-9CD5-4274-9519-B622DD89727D}) (Version: 1.0.0.0 - MAGIX Software GmbH)
Microsoft .NET Host - 8.0.8 (x64) (HKLM\...\{3BA242F8-BDB5-4096-9FBC-333CD663BBAD}) (Version: 64.32.18380 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.8 (x64) (HKLM\...\{7FE24458-0796-4428-99C2-9A0F8DAB93CC}) (Version: 64.32.18380 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.8 (x64) (HKLM\...\{9ACB23DB-4D32-49ED-A5E3-F4E2F8D9D2AA}) (Version: 64.32.18380 - Microsoft Corporation) Hidden
Microsoft 365 Apps for enterprise - da-dk (HKLM\...\O365ProPlusRetail - da-dk) (Version: 16.0.18623.20178 - Microsoft Corporation)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.18623.20178 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 135.0.3179.73 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 135.0.3179.73 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.056.0324.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34438 (HKLM-x32\...\{b49c10dd-4d54-45f8-ad13-fa25704456a4}) (Version: 14.42.34438.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34438 (HKLM-x32\...\{ba10fda9-f731-441f-a999-000bbb7ceec2}) (Version: 14.42.34438.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34438 (HKLM\...\{E528AD94-12D7-42C4-91A3-908BE28E9BD2}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34438 (HKLM\...\{2E15F519-4FDA-4834-B4EE-7EFCE7D8D4EE}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34438 (HKLM-x32\...\{A5592FEF-F948-4BA6-A066-8BBFC2DC7EE1}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34438 (HKLM-x32\...\{5D0C4511-3CA1-4FF8-A4BA-C0E1957ABEEA}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.8 (x64) (HKLM\...\{663E7053-3B36-4AE5-8223-234867FAEAE6}) (Version: 64.32.18376 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.8 (x64) (HKLM-x32\...\{33832ff3-5583-4b81-b270-d9fd42760e1a}) (Version: 8.0.8.33916 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 14.41.137.0 - Microsoft Corporation)
MODO DRUM version 1.5.0 (HKLM\...\{A795A974-32B1-421C-AA21-B03288C5C562}_is1) (Version: 1.5.0 - IK Multimedia)
Mount and Blade: Warband - Viking Conquest (HKLM-x32\...\1207666933_is1) (Version: 2.068 - GOG.com)
Mount and Blade: Warband (HKLM-x32\...\1207666913_is1) (Version: 2.064 (GOG) - GOG.com)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 137.0.2 (x64 de)) (Version: 137.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 137.0.2 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Native Access 3.12.1 (HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\c410b7d2-8fce-53b3-8332-e98b6e89a16a) (Version: 3.12.1 - Native Instruments)
Native Instruments Kontakt (HKLM-x32\...\Native Instruments Kontakt) (Version: 6.8.0.0 - Native Instruments)
Native Instruments Kontakt 7 (HKLM-x32\...\Native Instruments Kontakt 7) (Version: 7.10.5.0 - Native Instruments)
Native Instruments NTKDaemon (HKLM-x32\...\Native Instruments NTKDaemon) (Version: 1.19.0.0 - Native Instruments)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 30.1.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20178 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0406-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Old World (HKLM-x32\...\2010300617_is1) (Version: 76679 - GOG.com)
Old World Expansion 1 (HKLM-x32\...\1721325518_is1) (Version: 76679 - GOG.com)
OpenVPN 2.5.3-I601 amd64 (HKLM\...\{E5931AF4-2A8F-48A5-AFC8-460348F480E8}) (Version: 2.5.022 - OpenVPN, Inc.)
Pathologic 2 (HKLM-x32\...\1076642617_is1) (Version: 1.5.30038-rel-dev-st + mn - GOG.com)
ProjectSAM The Free Orchestra (HKLM-x32\...\ProjectSAM The Free Orchestra) (Version: 2.0.0.1 - ProjectSAM)
Realms of Arkania 2 - Star Trail (HKLM-x32\...\1207661983_is1) (Version: 1.0 v2 - GOG.com)
RyzenMasterSDK (HKLM\...\{EA69F3F4-94A3-4B3D-8A87-08C1D6ED87B4}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Samplitude Pro X2 Silver (HKLM\...\{C3A3C7A2-0118-4EAA-B51D-E8F26B22D320}) (Version: 13.1.3.176 - MAGIX Software GmbH) Hidden
Samplitude Pro X2 Silver (HKLM\...\MX.{C3A3C7A2-0118-4EAA-B51D-E8F26B22D320}) (Version: 13.1.3.176 - MAGIX Software GmbH)
Samplitude Pro X2 Silver Independence Free (HKLM\...\{E52AC3D4-3700-41D3-8E0E-2FD3C8A8CD3D}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Samplitude Pro X2 Silver Independence Free (HKLM\...\MX.{E52AC3D4-3700-41D3-8E0E-2FD3C8A8CD3D}) (Version: 1.0.0.0 - MAGIX Software GmbH)
Samplitude Pro X2 Silver Objekt-Synthesizer (HKLM\...\{0E9CFDBD-B513-42E5-B46F-D6CD1214FF77}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Samplitude Pro X2 Silver Objekt-Synthesizer (HKLM\...\MX.{0E9CFDBD-B513-42E5-B46F-D6CD1214FF77}) (Version: 1.0.0.0 - MAGIX Software GmbH)
Shadowrun Returns (HKLM-x32\...\1207660413_is1) (Version: 2.3.0.12 - GOG.com)
Soundpaint 3.1.2 (HKLM\...\{78841126-C6F3-4136-A6AF-DB43EB9DDF9F}_is1) (Version: 3.1.2 - 8Dio)
Spitfire Audio version 3.4.10 (HKLM-x32\...\{ABC5F486-25BD-4BAA-9FA1-A84152CBB563}_is1) (Version: 3.4.10 - Spitfire Audio Holdings Ltd)
STAR WARS Battlefront II (HKLM-x32\...\1421404701_is1) (Version: 1.1 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold HD (HKLM-x32\...\1207658712_is1) (Version: 1.41 - GOG.com)
Syntronik 2 version 2.1.1 (HKLM\...\{D1F669F8-F75C-442E-B303-107C052DD42C}_is1) (Version: 2.1.1 - IK Multimedia)
The Witcher Enhanced Edition Director's Cut (HKLM-x32\...\1207658924_is1) (Version: 2.1.0.15 - GOG.com)
TuxGuitar (HKLM\...\TuxGuitar 1.6.6) (Version: 1.6.6 - TuxGuitar)
TuxGuitar (HKLM-x32\...\TuxGuitar 1.5.6) (Version: 1.5.6 - TuxGuitar)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Zoom (HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\ZoomUMX) (Version: 5.17.11 (34827) - Zoom Video Communications, Inc.)
Zotero (HKLM-x32\...\Zotero 6.0.36 (x86 en-US)) (Version: 6.0.36 - Corporation for Digital Scholarship)
Packages:
=========
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3624.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-04-11] (Microsoft Windows)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2025-03-16] ()
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2025-04-17] (Dropbox Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_158.2.1134.0_x64__v10z8vjag6ke6 [2025-04-03] (HP Inc.)
Microsoft.StartExperiencesApp -> C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.296.0_x64__8wekyb3d8bbwe [2025-03-19] (Microsoft Corporation)
MuseHub -> C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6 [2025-03-16] (Muse) [Startup Task]
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-04-11] ()
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.52.354.0_x64__dt26b99r8h8gj [2025-03-16] (Realtek Semiconductor Corp)
SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0 [2025-04-14] (Spotify AB) [Startup Task]
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-04-11] (Microsoft Windows)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001_Classes\CLSID\{04271989-C4D2-DB05-E5F6-C88623FBD62F} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001_Classes\CLSID\{41AD5CCC-26E6-46CC-821E-81569059CA8D} -> [Dropbox] => C:\Users\Páll\Dropbox [2024-11-29 21:35]
CustomCLSID: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\Páll\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => Keine Datei
CustomCLSID: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Páll\Dropbox [2024-11-29 21:35]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncShell64.dll [2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncShell64.dll [2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncShell64.dll [2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncShell64.dll [2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncShell64.dll [2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncShell64.dll [2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncShell64.dll [2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncShell64.dll [2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncShell64.dll [2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncShell64.dll [2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncShell64.dll [2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncShell64.dll [2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncShell64.dll [2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncShell64.dll [2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncShell64.dll [2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncShell64.dll [2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.056.0324.0003\FileSyncShell64.dll [2025-04-15] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2009-09-16 18:44 - 2009-09-16 18:44 - 000153088 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\hptcpmib.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000331264 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 11:44 - 2009-09-16 11:44 - 000132096 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\hpzjrd01.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000317440 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\WINDOWS\System32\HPTcpMUI.dll
2023-07-18 15:12 - 2023-07-18 15:12 - 000155648 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Fortinet\FortiClient\legacy.DLL
2023-07-18 15:12 - 2023-07-18 15:12 - 006030336 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Fortinet\FortiClient\libcrypto-3-x64.dll
2023-07-18 15:12 - 2023-07-18 15:12 - 000776192 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Fortinet\FortiClient\libssl-3-x64.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) =============
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\sharepoint.com -> hxxps://cmsa3-files.sharepoint.com
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-12-07 11:14 - 2025-04-17 10:18 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Calibre2\;C:\Program Files\dotnet\
HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\Control Panel\Desktop\\Wallpaper -> D:\Bilder\2017 Dansk på Askov\20170825_063400.jpg
DNS Servers: 217.69.224.73 - 213.187.64.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
ist aktiviert.
Network Binding:
=============
Ethernet 2: Fortinet Virtual Ethernet Adapter (NDIS 6.30) -> ftvnic.sys
OpenVPN Wintun: Wintun Userspace Tunnel -> wintun.sys
LAN-Verbindung: TAP-Windows Adapter V9 -> tap0901.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
Ethernet 3: Fortinet SSL VPN Virtual Ethernet Adapter -> ftsvnic.sys
ft_fortifilter: FortiClient NDIS 6.3 Packet Filter Driver
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{8E0434B3-06C2-478E-92F3-D7EC27A8694C}C:\gog games\pathologic 2\pathologic.exe] => (Block) C:\gog games\pathologic 2\pathologic.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{D252EC65-5FB1-49E6-B3F9-0558F3BD8B32}C:\gog games\pathologic 2\pathologic.exe] => (Block) C:\gog games\pathologic 2\pathologic.exe () [Datei ist nicht signiert]
FirewallRules: [{ABBBC7D4-DC9D-4E8E-BC6E-2959BC0070E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Landnama\Landnama.exe (Godot Engine) [Datei ist nicht signiert]
FirewallRules: [{4865745D-3ABD-4530-86A0-BF58BE78B16F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Landnama\Landnama.exe (Godot Engine) [Datei ist nicht signiert]
FirewallRules: [{DA20D4E1-623E-467D-8AA6-DE0B6A331CA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BEAST\Beast.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{4668507F-5438-4821-8FBD-F63C451D5C37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BEAST\Beast.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{05C92B27-3CA7-4F52-99D3-3E55EB745487}] => (Allow) C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.exe (Musecy SM Ltd. -> Muse)
FirewallRules: [AusweisApp-Firewall-Rule] => (Allow) C:\Program Files\AusweisApp\AusweisApp.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG)
FirewallRules: [{CC0F8CD2-D0B7-4493-9AC2-D3DF80FF5A2E}] => (Allow) C:\Program Files\AusweisApp\AusweisApp.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG)
FirewallRules: [{BDBBAADB-1430-4E1C-B344-402B87CF1041}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{8180F412-8620-4E3E-98A5-8BE0FB4D9BB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{88D99470-889D-45D0-AF4B-890C29DE0DF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{CFE9C114-F537-4C00-A06A-41031B8FB60A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{ED347C13-0891-49A4-B11A-2FD993CA76F7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{515836BE-5504-42BC-A00F-6A56C8C4D78E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\2KLauncher\LauncherPatcher.exe => Keine Datei
FirewallRules: [{DDA9C3CB-1214-405C-8F43-7778B04F77D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\2KLauncher\LauncherPatcher.exe => Keine Datei
FirewallRules: [{9759CA40-9F76-4B65-8266-56D922F7EEF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hellish Quart\Hellish Quart.exe () [Datei ist nicht signiert]
FirewallRules: [{0BE84599-DE6B-4F26-AE1D-5676CC0E34E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hellish Quart\Hellish Quart.exe () [Datei ist nicht signiert]
FirewallRules: [{3E1E8D2D-7CA2-486F-A152-FB4D098521FB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2D22D465-F739-4BFB-A589-4E4E36591D58}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{78A567DB-0CB1-48AA-B9D1-2758CBAC402B}] => (Allow) C:\Users\Páll\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{02D02765-9F3F-4300-9CD9-6ED00F32CCCE}] => (Allow) C:\Users\Páll\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{653D25F2-8128-4C65-A0B2-B1DD1662C147}] => (Allow) C:\Users\Páll\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{CF0C24E2-88A0-4E63-A29E-F7258BCBF912}C:\gog games\wolfenstein the new order\wolfneworder_x64.exe] => (Block) C:\gog games\wolfenstein the new order\wolfneworder_x64.exe => Keine Datei
FirewallRules: [TCP Query User{69B489DB-1687-4AE8-8A85-838F05BE4BA3}C:\gog games\wolfenstein the new order\wolfneworder_x64.exe] => (Block) C:\gog games\wolfenstein the new order\wolfneworder_x64.exe => Keine Datei
FirewallRules: [{987BC49B-EEDA-435A-AAC8-82C2F48F89B3}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E7CBD212-B228-4F8D-BB4C-D5E909A18BE4}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{865DA2EE-A25A-48FB-83CE-4EC558825E08}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0C024BD2-9EDD-4EE5-9BCF-EA34CDC8AF51}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C2F85DDE-953A-4CD9-A87B-745FA43A294E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8A3E397D-76C2-47B6-98F9-5FB5947FB0B9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{509E010C-D013-4F0C-8CE6-E086ABCD3F02}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{56C42688-41D4-4BE4-BDC2-28BAA9A1BDB8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4FAE47C1-E782-4A46-B7DA-91C6873B7F5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{55D95518-5C71-44F7-8970-DBAE7809AA98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{2D3030DD-EF64-4FC7-BDA7-FDE25248E9A7}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\bin\EWSProxy.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{5B025E77-A240-43CF-BC62-F9DAD010FF13}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\Bin\HPNetworkCommunicatorCom.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{E8C6460E-4795-4838-AB7E-B9814D33B8F0}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\bin\FaxApplications.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{8C08937A-7C68-4CCA-A23A-7B4A1096083C}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\bin\FaxPrinterUtility.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{0B7EB188-E76E-4B0E-B817-ED13317B62D5}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\Bin\HPNetworkCommunicatorCom.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{9CEBF324-1973-40DA-B06B-3AF196ABE28D}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\bin\SendAFax.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{F6BBA465-91D1-45CD-8D1D-A7672EE76FA0}C:\gog games\wolfenstein the new order\wolfneworder_x64.exe] => (Block) C:\gog games\wolfenstein the new order\wolfneworder_x64.exe => Keine Datei
FirewallRules: [TCP Query User{6217295B-2F67-49A2-AB27-D51FFF71866F}C:\gog games\wolfenstein the new order\wolfneworder_x64.exe] => (Block) C:\gog games\wolfenstein the new order\wolfneworder_x64.exe => Keine Datei
FirewallRules: [{E9F8D213-418C-4F2B-955E-7B7BF91790BD}] => (Block) D:\magix\music maker\27\musicmaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [{003CAFAC-FAE9-468F-AA31-8D156FDA42D1}] => (Block) D:\magix\music maker\27\musicmaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [UDP Query User{2A943D1A-DFF0-4C80-A43C-203537D3B9F6}D:\magix\music maker\27\musicmaker.exe] => (Allow) D:\magix\music maker\27\musicmaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [TCP Query User{69301664-18C9-4D38-A1D0-B99AA383262A}D:\magix\music maker\27\musicmaker.exe] => (Allow) D:\magix\music maker\27\musicmaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [{FBC110EF-9276-48CF-BA74-3D0122E339F4}] => (Block) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => Keine Datei
FirewallRules: [{7EC0AD71-7242-4391-B865-F7CE2A9D2998}] => (Block) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => Keine Datei
FirewallRules: [UDP Query User{C6CEBF84-964E-4388-BBC8-BAFCDAF31BEA}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => Keine Datei
FirewallRules: [TCP Query User{6EC3D20E-992E-4F5B-906A-A81B4CE8B33F}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => Keine Datei
FirewallRules: [{5A5052CB-CD91-45E4-AEE9-D37B50180822}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{628858A9-CBAF-4B47-AC6F-8F0E608F6533}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2E1B84F5-986C-4758-B49E-2DE145C9A6EC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A85B0E3E-7CA8-4C4B-80E4-43DB4CE407AC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{CCA29C79-A347-4A33-B111-05C2FF6A52E2}] => (Allow) C:\Program Files\WindowsApps\Muse.MuseHub_2.1.0.1567_x64__rb9pth70m6nz6\Muse.exe (Musecy SM Ltd. -> Muse)
FirewallRules: [{728FD8CD-E9AE-46AC-BB29-0114B5895CD3}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1C8BB13F-EA68-49FF-A50D-2AD349590884}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-V2] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-NoScope] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{B859FD5D-817A-4F19-8190-432318E883AC}C:\gog games\old world\oldworld.exe] => (Block) C:\gog games\old world\oldworld.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{FC29BE39-F928-4D8C-811C-DF80A3A69034}C:\gog games\old world\oldworld.exe] => (Block) C:\gog games\old world\oldworld.exe () [Datei ist nicht signiert]
FirewallRules: [{6454C739-7691-421D-A3E5-69D26A0C888C}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\135.0.3179.73\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D071D613-CB54-473F-98E6-40183666A56E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D2FF42E4-0404-4664-AD0D-038BB62D902C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8E4B3347-F708-4111-9396-08564815351F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7760D861-68DF-4852-9E34-0AAA6125A7DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3023554F-AD3D-4D7D-BF74-0868550055D0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D1192CE2-0F54-43FA-B500-B46C5F25AC6D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{931FF170-4203-4C59-B9C7-E99F68D843DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{76DB5BDE-35AF-44D3-9D57-7EBE9F2CDFC5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E4EB7055-8E99-4D46-81AD-074FF44612F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D2DDD469-8E0B-4BFF-8E60-B5713A35B19D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BEB3177F-FCA6-4E5A-8FFC-D1F3FF1D7FE6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DF652755-783A-42D9-8FB0-13452EC3B625}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CEF517E2-C432-421E-A113-480156B20916}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{981F76D3-53FC-4CD6-94B6-6045B094BC2F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
==================== Wiederherstellungspunkte =========================
14-04-2025 17:28:00 Windows Update
16-04-2025 15:59:46 Removed Sitala
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (04/17/2025 10:00:12 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.]
Error: (04/17/2025 08:47:50 AM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) Das Handle ist ungültig.
Error: (04/17/2025 08:47:08 AM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) Das Handle ist ungültig.
Error: (04/16/2025 04:09:18 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-8H8CSAR)
Description: Fehlerhafter Anwendungsname: firefox.exe, Version: 137.0.2.563, Zeitstempel: 0x67fce35b
Fehlerhafter Modulname: xul.dll, Version: 137.0.2.563, Zeitstempel: 0x67fce3c3
Ausnahmecode: 0x80000003
Fehleroffset: 0x00000000054a1611
Fehlerhafte Prozess-ID: 0x3908
Fehlerhafte Anwendungsstartzeit: 0x1dbaed8e43539db
Fehlerhafter Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Fehlerhafter Modulpfad: C:\Program Files\Mozilla Firefox\xul.dll
Berichts-ID: 5e37cec6-4e97-48fe-8f89-f86233615359
Vollständiger Name des fehlerhaften Pakets:
Fehlerhafte paketbezogene Anwendungs-ID:
Error: (04/16/2025 03:53:11 PM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) Das Handle ist ungültig.
Error: (04/15/2025 08:33:48 PM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) Das Handle ist ungültig.
Error: (04/14/2025 05:22:13 PM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) Das Handle ist ungültig.
Error: (04/14/2025 08:26:34 AM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) Das Handle ist ungültig.
Systemfehler:
=============
Error: (04/17/2025 10:18:10 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8H8CSAR)
Description: Fehler "1084" in DCOM, als der Dienst "NPSMSvc_48481" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{BCBB9860-C012-4AD7-A938-6E337AE6ABA5}
Error: (04/17/2025 10:18:10 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8H8CSAR)
Description: Fehler "1084" in DCOM, als der Dienst "NPSMSvc_48481" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{BCBB9860-C012-4AD7-A938-6E337AE6ABA5}
Error: (04/17/2025 10:18:10 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8H8CSAR)
Description: Fehler "1084" in DCOM, als der Dienst "NPSMSvc_48481" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{BCBB9860-C012-4AD7-A938-6E337AE6ABA5}
Error: (04/17/2025 10:18:10 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8H8CSAR)
Description: Fehler "1084" in DCOM, als der Dienst "NPSMSvc_48481" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
{BCBB9860-C012-4AD7-A938-6E337AE6ABA5}
Error: (04/17/2025 10:18:07 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8H8CSAR)
Description: Fehler "1084" in DCOM, als der Dienst "UdkUserSvc_48481" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
WindowsUdk.UI.Shell.ViewCoordinator
Error: (04/17/2025 10:18:07 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8H8CSAR)
Description: Fehler "1084" in DCOM, als der Dienst "UdkUserSvc_48481" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
WindowsUdkInternal.System.ActivationService
Error: (04/17/2025 10:18:07 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8H8CSAR)
Description: Fehler "1084" in DCOM, als der Dienst "UdkUserSvc_48481" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
WindowsUdk.UI.Shell.ViewCoordinator
Error: (04/17/2025 10:18:07 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-8H8CSAR)
Description: Fehler "1084" in DCOM, als der Dienst "camsvc" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden:
Windows.Internal.CapabilityAccess.CapabilityAccess
Windows Defender:
================
Date: 2025-04-16 19:38:25
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-15 21:12:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-15 20:28:30
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-14 09:06:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-11 17:43:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
Date: 2025-04-17 10:11:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.427.296.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.25030.1
Error code: 0x8007043c
Error description: Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Date: 2025-04-17 10:01:12
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2025-04-17 09:32:21
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===============
Date: 2025-04-17 10:18:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\Dropbox.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\222.4.5042\vulkan-1.dll that did not meet the Microsoft signing level requirements.
Date: 2025-04-17 08:47:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\Dropbox.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\221.4.5365\vulkan-1.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends International, LLC. A.B0 08/11/2022
Hauptplatine: Micro-Star International Co., Ltd. B550-A PRO (MS-7C56)
Prozessor: AMD Ryzen 5 5600X 6-Core Processor
Prozentuale Nutzung des RAM: 39%
Installierter physikalischer RAM: 16310.09 MB
Verfügbarer physikalischer RAM: 9793.89 MB
Summe virtueller Speicher: 20918.09 MB
Verfügbarer virtueller Speicher: 10186.05 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:930.71 GB) (Free:557.08 GB) (Model: Samsung SSD 980 PRO 1TB) NTFS
Drive d: (Archiv) (Fixed) (Total:931.39 GB) (Free:262.13 GB) (Model: TOSHIBA HDWD110) NTFS
Drive e: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
\\?\Volume{5dd90591-b645-4434-8eb7-f8172c484e0d}\ () (Fixed) (Total:0.69 GB) (Free:0.11 GB) NTFS
\\?\Volume{0152c4ad-1b08-4590-88a8-cb263ce40039}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 84543A49)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt =======================
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-03-04.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 04-23-2025
# Duration: 00:00:10
# OS: Windows 11 (Build 26100.3775)
# Scanned: 32104
# Detected: 1
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Adware.Heuristic HKCU\SOFTWARE\438f84b93ab73e6e9ccd233d1abe724b
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
AdwCleaner[S00].txt - [1462 octets] - [29/09/2024 19:22:35]
AdwCleaner[C00].txt - [1632 octets] - [29/09/2024 19:22:52]
AdwCleaner[S01].txt - [1584 octets] - [09/11/2024 09:39:08]
AdwCleaner[C01].txt - [1754 octets] - [09/11/2024 09:39:32]
AdwCleaner[S02].txt - [1664 octets] - [09/11/2024 09:42:28]
AdwCleaner[C02].txt - [1854 octets] - [09/11/2024 09:42:36]
AdwCleaner[S03].txt - [1828 octets] - [25/11/2024 22:14:15]
AdwCleaner[C03].txt - [1998 octets] - [25/11/2024 22:14:30]
AdwCleaner[S04].txt - [1950 octets] - [05/12/2024 09:58:19]
AdwCleaner[C04].txt - [2120 octets] - [05/12/2024 09:58:31]
AdwCleaner[S05].txt - [2072 octets] - [12/12/2024 11:03:57]
AdwCleaner[C05].txt - [2242 octets] - [12/12/2024 11:04:04]
AdwCleaner[S06].txt - [2194 octets] - [21/12/2024 13:18:16]
AdwCleaner[C06].txt - [2364 octets] - [21/12/2024 13:18:23]
AdwCleaner[S07].txt - [2316 octets] - [10/01/2025 22:52:42]
AdwCleaner[C07].txt - [2486 octets] - [10/01/2025 22:52:48]
AdwCleaner[S08].txt - [2438 octets] - [24/01/2025 10:51:58]
AdwCleaner[C08].txt - [2608 octets] - [24/01/2025 10:52:03]
AdwCleaner[S09].txt - [2560 octets] - [04/02/2025 21:20:15]
AdwCleaner[C09].txt - [2730 octets] - [04/02/2025 21:20:21]
AdwCleaner[S10].txt - [2682 octets] - [14/02/2025 12:33:38]
AdwCleaner[C10].txt - [2852 octets] - [14/02/2025 12:33:44]
AdwCleaner[S11].txt - [2804 octets] - [01/03/2025 19:10:57]
AdwCleaner[C11].txt - [2974 octets] - [01/03/2025 19:11:02]
AdwCleaner[S12].txt - [2928 octets] - [10/03/2025 16:11:40]
AdwCleaner[C12].txt - [3098 octets] - [10/03/2025 16:11:44]
AdwCleaner[S13].txt - [3048 octets] - [20/03/2025 16:03:53]
AdwCleaner[C13].txt - [3218 octets] - [20/03/2025 16:03:58]
AdwCleaner[S14].txt - [3170 octets] - [25/03/2025 07:38:35]
AdwCleaner[C14].txt - [3340 octets] - [25/03/2025 07:38:40]
AdwCleaner[S15].txt - [3292 octets] - [05/04/2025 09:26:23]
AdwCleaner[C15].txt - [3462 octets] - [05/04/2025 09:26:30]
AdwCleaner[S16].txt - [3414 octets] - [13/04/2025 11:45:15]
AdwCleaner[C16].txt - [3584 octets] - [13/04/2025 11:45:21]
AdwCleaner[S17].txt - [3536 octets] - [17/04/2025 09:21:16]
AdwCleaner[S18].txt - [3597 octets] - [17/04/2025 09:59:51]
AdwCleaner[S19].txt - [3658 octets] - [17/04/2025 10:18:56]
AdwCleaner[C19].txt - [3828 octets] - [17/04/2025 10:38:16]
AdwCleaner[S20].txt - [3780 octets] - [17/04/2025 18:18:03]
AdwCleaner[C20].txt - [3950 octets] - [17/04/2025 18:18:13]
AdwCleaner[S21].txt - [3902 octets] - [18/04/2025 08:09:16]
AdwCleaner[C21].txt - [4072 octets] - [18/04/2025 08:09:20]
AdwCleaner[S22].txt - [4026 octets] - [21/04/2025 08:56:28]
AdwCleaner[C22].txt - [4196 octets] - [21/04/2025 08:56:32]
AdwCleaner[S23].txt - [4146 octets] - [21/04/2025 14:35:27]
AdwCleaner[C23].txt - [4316 octets] - [21/04/2025 14:35:33]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S24].txt ##########
|
|
23.04.2025, 20:59
| #2 | |
| /// TB-Ausbilder   | PUP.Adware.Heuristic / bcnexum Mein Name ist Matthias und ich werde dir bei der Analyse und Bereinigung deines Systems helfen. Die Ursache für deine Probleme liegen an miserablen Downloadquellen. Eine kurze Information vorab:  Downloadquellen Die folgenden Seiten verteilen Software häufig mit einem sog. "Installer", mit dem Potentiell Unerwünschte Programme (PUP) oder Adware installiert werden können. Vereinzelt beinhalten diese "Installer" sogar Trojaner. Vermeide daher unbedingt die folgenden Seiten:
Für Windows gibt es seit einiger Zeit einen brauchbaren Paketmanager, der mit einfachen Befehlen es erlaubt, automatisiert Software herunterzuladen und zu installieren. Das erspart eine Menge Arbeit, denn ohne einen Paketmanager muss man jedes Programm selbst prüfen und separat manuell updaten, vorher manuell noch runterladen etc. pp. - siehe auch --> chocolatey Paketmanager für Windows Wir empfehlen dringend, alle Programme, sofern verfügbar, über chocolatey zu installieren. Falls du schon mit Linux zu tun hattest, wird dir die Syntax sehr vertraut sein. Die FAQs zu choco findest du da --> Chocolatey: Häufig gestellte Fragen (englisch) Selbstverständlich darfst du auch Fragen zu chocolatey im o.g. Thread zu chocolatey stellen. Für den seltenen Fall, dass du das benötigte Programm nicht im repository von chocolatey findest: Lade diese Software immer direkt beim jeweiligen Hersteller / Entwickler. Zitat:
Wir benötigen aktuelle Logs. Bitte beachte unsere Hinweise für Hilfesuchende. Starte FRST erneut, das Tool sollte sich aktualisieren. Führe danach eine neuen Suchlauf durch und poste wieder beide Logs.
|
|
23.04.2025, 21:09
| #3 |
| | PUP.Adware.Heuristic / bcnexum Entschuldige, habe zu lange gewartet, hier auch zu schreiben
__________________Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-04-2025
durchgeführt von Páll (Administrator) auf DESKTOP-8H8CSAR (Micro-Star International Co., Ltd. MS-7C56) (23-04-2025 22:03:48)
Gestartet von C:\Users\Páll\Downloads\FRST64.exe
Geladene Profile: Páll
Plattform: Microsoft Windows 11 Pro Version 24H2 26100.3775 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.983.1\DropboxCrashHandler.exe
(C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe ->) (Native Instruments GmbH -> ) C:\Program Files\Common Files\Native Instruments\NTK\crashpad_handler.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSettings.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiTray.exe
(C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(DriverStore\FileRepository\u0413647.inf_amd64_d320f14af0da075c\B413137\atiesrxx.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0413647.inf_amd64_d320f14af0da075c\B413137\atieclxx.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <8>
(explorer.exe ->) (BINARYLABS LIMITED -> Binarylabs LTD) C:\Users\Páll\AppData\Roaming\BitCleaner\BitCleaner Tasker.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.060.0330.0003\Microsoft.SharePoint.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (OpenVPN Inc. -> ) C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\userinit.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0413647.inf_amd64_d320f14af0da075c\B413137\atiesrxx.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\scheduler.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_1da2893e2ffb6838\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe
(services.exe ->) (Musecy SM Ltd. -> Muse Group) C:\Program Files\MuseAuthService\MuseAuthService.exe
(services.exe ->) (Native Instruments GmbH -> Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe
(services.exe ->) (OpenVPN Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_434f4faf6aa034b3\RtkAudUService64.exe <2>
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25031.45.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(sihost.exe ->) (Musecy SM Ltd. -> Muse) C:\Program Files\WindowsApps\Muse.MuseHub_2.2.1.13_x64__rb9pth70m6nz6\Muse.exe
(svchost.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.1.4.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.5100.40.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_434f4faf6aa034b3\RtkAudUService64.exe [2389976 2024-12-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330040 2014-02-11] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [9238408 2025-04-15] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Páll\AppData\Local\Microsoft\Teams\Update.exe [2588640 2023-12-01] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (Keine Datei)
HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5013800 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\Run: [OpenVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [829304 2021-06-17] (OpenVPN Inc. -> )
HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\Run: [Microsoft.Lists] => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\Microsoft.SharePoint.exe [1032000 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\Run: [AMDNoiseSuppression] => C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe [164840 2024-06-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\WINDOWS\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [Datei ist nicht signiert]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{E5931AF4-2A8F-48A5-AFC8-460348F480E8}] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe"
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\Páll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitCleaner Tasker.lnk [2024-03-03] <==== ACHTUNG
ShortcutTarget: BitCleaner Tasker.lnk -> C:\Users\Páll\AppData\Roaming\BitCleaner\BitCleaner Tasker.exe (BINARYLABS LIMITED -> Binarylabs LTD) <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {56C2FFB7-9E96-4F0B-A26B-B70B0B72CB77} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {362B8CE5-631B-402F-AEA5-88E1D0AA1B2A} - System32\Tasks\AMD Install Manager - Check For Updates => C:\Program Files\AMD\AMDInstallManager\AMDInstallManager.exe [55232720 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.) -> C:\Program Files\AMD\AMDInstallManager\\-CheckForUpdates
Task: {15E60536-50B7-4F0A-91CD-0B4808FFA5EB} - System32\Tasks\AMD Install Manager - Install Updates => C:\Program Files\AMD\AMDInstallManager\AMDInstallManager.exe [55232720 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.) -> C:\Program Files\AMD\AMDInstallManager\\-InstallUpdates -Auto
Task: {D6613BB9-57D6-4549-B171-22396CA7D984} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1038544 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {AD52520A-8DA2-448A-908F-D8A72A78BC57} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [191184 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {ECC45768-467E-428B-897E-9F9978818079} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-11-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {A6E810A8-EB72-4985-B86D-BEB3998B3D20} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-11-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {256F55DA-28C2-4606-AFAD-0F6F0FE32A3C} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [89840 2014-10-19] (Hewlett-Packard Company -> Hewlett Packard)
Task: {1F76564C-00FF-4FA4-AB7F-9F8609237192} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {2D0C7E97-C3C9-442A-BAC4-46EA04349BD3} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {0D480302-B24A-401B-8DEA-86695478E30F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29107976 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {38A49F5C-5207-42A3-97EC-E7E342BF51A4} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [68360 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {1B920596-4037-4554-BA30-3D23FBDA6E50} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29107976 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {C6ACCE9E-C08A-481D-95F9-C87271EC9CE4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {03D72504-9CAB-4D9F-ACDC-38558B5CD84B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {2A467D51-9E65-4F07-B1CD-ABBCC8365F77} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [204400 2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {7B9E81F8-7DFB-4A6D-AEA7-9852C87A75D4} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4536784 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {E88D9B2C-DDEA-47B2-9582-085153004DB5} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (Keine Datei)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Keine Datei)
Task: {86A85C57-D7F8-4E72-8EA7-ACD8AE47F874} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (Keine Datei)
Task: {E5FCB0C7-1A4A-4A60-9918-E2A6F399A651} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (Keine Datei)
Task: {CEC27C84-275A-40B7-AD7A-879856542C2A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (Keine Datei)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
Task: {F744877B-71CD-4852-BB31-BF53264D1D0D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {860E698E-5C6A-4973-9AA0-5399C82D45AA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E2B7E138-2F2E-4DCF-818B-01FAE35CFFD2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {98BC770D-5721-4428-AF0C-54FEA1C08BB2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {44BF852D-C173-4890-9067-11D72C3EAD31} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2463600 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {D4930081-AEE1-4A45-8467-92B65689C015} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1938792 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {FA00A83C-5C01-4687-9835-F23506E72563} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2335600 2021-09-08] (Microsoft Corporation -> Microsoft)
Task: {A0464567-5C7E-4B6E-8CC2-1561125ABBC4} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\CEIP.exe [32632 2021-09-08] (Microsoft Corporation -> Microsoft)
Task: {BC53EF15-3974-42B8-AD79-1A2031531E1E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2463600 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {6352B3E7-8D16-4F8B-A90C-112B17EE1A8D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1938792 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {9DFB9E7F-60E4-40CE-A0D6-C9ABB2DA8923} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1038544 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {E792D9D9-60B8-4726-9648-41E190A077D5} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2129917812-2419563499-1881424802-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-04-14] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {1AF9B551-A0A2-4D62-AB4C-4DC455E9F70E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-04-14] (Mozilla Corporation -> Mozilla Foundation)
Task: {07DA9372-7B6E-48B0-AFD4-9C7A7224ED15} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223824 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {4157E1A3-50D1-4723-8041-1E808F97D891} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2129917812-2419563499-1881424802-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223824 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {F49D432F-26BC-47D3-96C2-AE881199E49B} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2129917812-2419563499-1881424802-1001 => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\OneDriveLauncher.exe [676688 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {638D8052-6C94-46ED-9B7C-30552073C18B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [142544 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {B6FF67DD-A57A-4C81-B95B-34380DF9F284} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [309968 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 217.69.224.73 213.187.64.1
Tcpip\..\Interfaces\{b0cd0ea0-d7b3-47c8-8482-2fa35f02c9a7}: [DhcpNameServer] 217.69.224.73 213.187.64.1
Tcpip\..\Interfaces\{d1049e77-17bf-4cfd-af2e-b55a841ad76c}: [DhcpNameServer] 130.208.165.87 130.208.72.10
Edge:
=======
Edge Profile: C:\Users\Páll\AppData\Local\Microsoft\Edge\User Data\Default [2025-04-16]
Edge Extension: (Google Docs Offline) - C:\Users\Páll\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-16]
Edge Extension: (Bitcleaner Surfguard) - C:\Users\Páll\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gidnhakgfijhghmilgiiffidakihnbnb [2024-03-03]
Edge Extension: (Edge relevant text changes) - C:\Users\Páll\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-03]
Edge HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [gidnhakgfijhghmilgiiffidakihnbnb]
FireFox:
========
FF DefaultProfile: 6wug9kbj.default
FF DefaultProfile: b3abstqg.default
FF ProfilePath: C:\Users\Páll\AppData\Roaming\Zotero\Zotero\Profiles\6wug9kbj.default [2025-03-25]
FF ProfilePath: C:\Users\Páll\AppData\Roaming\Mozilla\Firefox\Profiles\b3abstqg.default [2025-04-16]
FF ProfilePath: C:\Users\Páll\AppData\Roaming\Mozilla\Firefox\Profiles\zgkz7p2r.default-release [2025-04-23]
FF Extension: (uBlock Origin) - C:\Users\Páll\AppData\Roaming\Mozilla\Firefox\Profiles\zgkz7p2r.default-release\Extensions\uBlock0@raymondhill.net.xpi [2025-04-16]
FF Extension: (Return YouTube Dislike) - C:\Users\Páll\AppData\Roaming\Mozilla\Firefox\Profiles\zgkz7p2r.default-release\Extensions\{762f9885-5a13-4abd-9c77-433dcd38b8fd}.xpi [2025-04-16]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-03-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13863152 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-11-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-11-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48528 2025-04-15] (Dropbox, Inc -> Dropbox, Inc.)
S3 DropboxElevationService; C:\Program Files (x86)\Dropbox\Client\222.4.5042\DropboxElevationService.exe [1659280 2025-04-15] (Dropbox, Inc -> Dropbox, Inc.)
R2 FA_Scheduler; C:\Program Files\Fortinet\FortiClient\scheduler.exe [437328 2023-07-18] (Fortinet Technologies (Canada) ULC -> Fortinet Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncHelper.exe [3586392 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [Datei ist nicht signiert]
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243664 2025-03-10] (HP Inc. -> HP Inc.)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe [2009608 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MuseAuthService; C:\Program Files\MuseAuthService\MuseAuthService.exe [10467928 2025-04-21] (Musecy SM Ltd. -> Muse Group)
S3 MuseHub Updater Service; C:\Program Files\WindowsApps\Muse.MuseHub_2.2.1.13_x64__rb9pth70m6nz6\Muse.Updater.exe [6224984 2025-04-21] (Musecy SM Ltd. -> Muse.Updater)
R2 NTKDaemonService; C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe [16953568 2024-07-02] (Native Instruments GmbH -> Native Instruments GmbH)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.060.0330.0003\OneDriveUpdaterService.exe [3837256 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73592 2021-06-17] (OpenVPN Inc. -> The OpenVPN Project)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559320 2025-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe [4538400 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe [278320 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 amdfendrmgr; C:\WINDOWS\System32\DriverStore\FileRepository\amdfendr.inf_amd64_1da2893e2ffb6838\amdfendrmgr.sys [36136 2024-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R2 AMDRyzenMasterDriverV28; C:\Windows\system32\AMDRyzenMasterDriver.sys [61264 2025-02-24] (Advanced Micro Devices -> Advanced Micro Devices)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_66bdd11a4e97edd1\amdsafd.sys [112840 2024-05-02] (AMD Test Build -> Advanced Micro Devices)
R3 amduw23g; C:\WINDOWS\System32\DriverStore\FileRepository\u0413647.inf_amd64_d320f14af0da075c\B413137\amdkmdag.sys [111263168 2025-03-12] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [63008 2024-05-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 FortiFilter; C:\WINDOWS\system32\DRIVERS\FortiFilter.sys [35400 2023-07-18] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 Fortips; C:\WINDOWS\System32\drivers\fortips.sys [165072 2023-07-18] (Fortinet, Inc. -> Fortinet Inc)
S3 FortiTransCtrl; C:\WINDOWS\System32\drivers\FortiTransCtrl.sys [84136 2023-07-18] (Fortinet, Inc. -> Fortinet Inc)
S3 ftsvnic; C:\WINDOWS\System32\drivers\ftsvnic.sys [75888 2023-07-18] (Fortinet, Inc. -> Fortinet Inc.)
R3 ft_vnic; C:\WINDOWS\System32\drivers\ftvnic.sys [70368 2023-07-18] (Fortinet Technologies (Canada) Inc. -> Fortinet Corporation)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2024-06-21] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 ThermalFilter; C:\WINDOWS\System32\DriverStore\FileRepository\c_thermal.inf_amd64_732a53ed1662b707\ThermalFilter.sys [75376 2025-03-31] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20016 2025-04-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [605576 2025-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100744 2025-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 wini3ctarget; C:\WINDOWS\System32\DriverStore\FileRepository\wini3ctarget.inf_amd64_bdb09ebda2834009\wini3ctarget.sys [75168 2025-03-31] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [38176 2024-06-21] (WireGuard LLC -> WireGuard LLC)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-04-23 22:03 - 2025-04-23 22:03 - 000000000 ____D C:\Users\Páll\Downloads\FRST-OlderVersion
2025-04-23 18:22 - 2025-04-23 18:22 - 000004268 _____ C:\Users\Páll\Downloads\AdwCleaner[S24].txt
2025-04-23 18:12 - 2025-04-23 18:12 - 000003900 _____ C:\WINDOWS\system32\Tasks\AMD Install Manager - Install Updates
2025-04-23 18:09 - 2025-04-23 18:09 - 000707760 _____ C:\WINDOWS\system32\perfh007.dat
2025-04-23 18:09 - 2025-04-23 18:09 - 000478860 _____ C:\WINDOWS\system32\perfh008.dat
2025-04-23 18:09 - 2025-04-23 18:09 - 000400580 _____ C:\WINDOWS\system32\perfh006.dat
2025-04-23 18:09 - 2025-04-23 18:09 - 000150734 _____ C:\WINDOWS\system32\perfc007.dat
2025-04-23 18:09 - 2025-04-23 18:09 - 000081052 _____ C:\WINDOWS\system32\perfc008.dat
2025-04-23 18:09 - 2025-04-23 18:09 - 000071570 _____ C:\WINDOWS\system32\perfc006.dat
2025-04-23 17:01 - 2025-04-23 17:01 - 000000000 ____D C:\ProgramData\Muse Hub
2025-04-21 08:56 - 2025-04-21 08:56 - 009568256 _____ (Malwarebytes) C:\Users\Páll\Downloads\adwcleaner(2).exe
2025-04-21 08:55 - 2025-04-21 08:55 - 000000000 ____D C:\ProgramData\MuseHubUpdater
2025-04-21 08:55 - 2025-04-21 08:55 - 000000000 ____D C:\ProgramData\MuseAuthService
2025-04-21 08:55 - 2025-04-21 08:55 - 000000000 ____D C:\Program Files\MuseAuthService
2025-04-18 09:52 - 2025-04-18 10:29 - 000000000 ____D C:\Users\Páll\Desktop\USB
2025-04-17 10:30 - 2025-04-17 10:31 - 000058445 _____ C:\Users\Páll\Downloads\Addition.txt
2025-04-17 10:29 - 2025-04-23 22:04 - 000029624 _____ C:\Users\Páll\Downloads\FRST.txt
2025-04-17 10:29 - 2025-04-23 22:04 - 000000000 ____D C:\FRST
2025-04-17 10:28 - 2025-04-23 22:03 - 002405376 _____ (Farbar) C:\Users\Páll\Downloads\FRST64.exe
2025-04-17 09:32 - 2025-04-17 10:06 - 000592574 _____ C:\WINDOWS\ntbtlog.txt
2025-04-17 09:32 - 2025-04-17 10:01 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2025-04-17 08:47 - 2025-04-17 08:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2025-04-16 16:16 - 2025-04-16 16:16 - 000002034 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Privater Modus.lnk
2025-04-16 16:16 - 2025-04-16 16:16 - 000001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-04-16 16:16 - 2025-04-16 16:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2025-04-16 16:16 - 2025-04-16 16:16 - 000000000 ____D C:\Users\Páll\AppData\Roaming\Mozilla
2025-04-16 16:16 - 2025-04-16 16:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-04-16 16:14 - 2025-04-16 16:14 - 000382392 _____ (Mozilla) C:\Users\Páll\Downloads\Firefox Installer.exe
2025-04-16 16:03 - 2025-04-16 16:03 - 000035968 _____ C:\Users\Páll\Downloads\rtet.csv
2025-04-16 15:59 - 2025-04-16 15:59 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2025-04-15 20:34 - 2025-04-16 16:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-04-15 13:06 - 2025-04-15 13:06 - 000048528 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2025-04-13 09:55 - 2025-04-13 09:55 - 040056876 _____ C:\Users\Páll\Desktop\Riff 25.03.30 lang.wav
2025-04-11 21:17 - 2025-04-11 21:17 - 000000000 ____D C:\inetpub
2025-04-11 21:07 - 2025-04-11 21:07 - 009575227 _____ C:\Users\Páll\Downloads\Old World-Official User Manual.pdf
2025-04-11 13:49 - 2025-04-11 13:49 - 000001700 _____ C:\Users\Páll\Downloads\Riff 30.03.2025.tg
2025-04-10 08:59 - 2025-04-21 10:55 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-04-09 18:13 - 2025-04-11 13:41 - 040056876 _____ C:\Users\Páll\Desktop\Riff 30.03.2025.wav
2025-04-08 21:24 - 2025-04-08 21:24 - 000069260 _____ C:\Users\Páll\Downloads\Überweisung Hochschulsport.pdf
2025-04-07 17:38 - 2025-04-07 17:38 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2025-04-07 14:11 - 2025-04-07 14:11 - 000135524 _____ C:\Users\Páll\Downloads\GMX - RE_ Insurance deposit refund-1.pdf
2025-04-07 14:11 - 2025-04-07 14:11 - 000073928 _____ C:\Users\Páll\Downloads\Corresp. Sparkasse Giessen.pdf
2025-04-07 14:05 - 2025-04-07 14:10 - 000020197 _____ C:\Users\Páll\Downloads\AW_Problem_bei_Auslandsueberweisung.pdf
2025-04-07 14:05 - 2025-04-07 14:05 - 000019396 _____ C:\Users\Páll\Downloads\S_20250407_140535_AW_Problem_bei_Auslandsueberweisung.ZIP
2025-04-07 13:53 - 2025-04-07 13:53 - 000118632 _____ C:\Users\Páll\Downloads\Hochschulsport.pdf
2025-04-06 20:56 - 2025-04-06 20:56 - 000204743 _____ C:\Users\Páll\Downloads\DB_Ticket_869549164029.pdf
2025-04-05 18:47 - 2025-04-05 18:47 - 000000000 ____D C:\WINDOWS\system32\AccountHealthAssets
2025-04-04 23:21 - 2025-04-04 23:21 - 035835948 _____ C:\Users\Páll\Desktop\Riff 25.02.28.wav
2025-03-31 21:42 - 2025-03-31 21:42 - 000053050 _____ C:\Users\Páll\Documents\Rundfunkbeitrag - Bestätigung.pdf
2025-03-31 13:04 - 2025-03-31 13:04 - 000208442 _____ C:\Users\Páll\Downloads\image-1000-805f01d16bd722eff86baa7a53f2fa8d.jpeg
2025-03-31 11:26 - 2025-03-31 11:26 - 000000667 _____ C:\Users\Páll\Downloads\Riff 2 30.03.2025.tg
2025-03-31 11:18 - 2025-03-31 11:18 - 000029042 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-03-31 11:18 - 2025-03-31 11:18 - 000029042 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2025-03-25 10:53 - 2025-03-25 10:53 - 000135524 _____ C:\Users\Páll\Downloads\GMX - RE_ Insurance deposit refund.pdf
2025-03-25 09:30 - 2025-03-25 09:30 - 000096657 _____ C:\Users\Páll\Downloads\Paul Theissen Income 03.25.pdf
2025-03-25 09:30 - 2025-03-25 09:30 - 000002737 _____ C:\Users\Páll\Downloads\20250325-42064635-umsatz(2).CSV
2025-03-25 09:29 - 2025-03-25 09:29 - 000002737 _____ C:\Users\Páll\Downloads\20250325-42064635-umsatz.CSV
2025-03-25 09:29 - 2025-03-25 09:29 - 000002737 _____ C:\Users\Páll\Downloads\20250325-42064635-umsatz(1).CSV
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-04-23 22:04 - 2025-02-06 11:58 - 000000000 ____D C:\Users\Páll\AppData\Local\Muse Hub
2025-04-23 22:03 - 2025-03-16 15:00 - 000003116 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2025-04-23 22:03 - 2025-02-06 11:58 - 000000000 ____D C:\Users\Páll\AppData\Local\MuseSampler
2025-04-23 22:03 - 2024-11-29 21:34 - 000000000 ____D C:\Users\Páll\AppData\Roaming\Dropbox
2025-04-23 22:03 - 2024-11-29 21:34 - 000000000 ____D C:\Users\Páll\AppData\Local\Dropbox
2025-04-23 22:03 - 2024-07-13 17:54 - 000000000 ____D C:\ProgramData\boost_interprocess
2025-04-23 18:40 - 2025-03-16 14:58 - 000000000 ____D C:\Users\Páll
2025-04-23 18:40 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-04-23 18:24 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-04-23 18:09 - 2025-03-16 20:02 - 002661938 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-04-23 18:09 - 2024-04-01 09:24 - 000000000 ____D C:\WINDOWS\INF
2025-04-23 18:05 - 2023-10-13 12:03 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-04-23 17:01 - 2025-03-20 17:06 - 000000000 ____D C:\WINDOWS\Minidump
2025-04-23 17:01 - 2025-03-16 15:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-04-23 17:01 - 2025-03-16 14:58 - 000003358 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-04-23 17:01 - 2025-03-16 14:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-04-23 17:01 - 2025-03-16 14:00 - 000870309 ____N C:\WINDOWS\Minidump\042325-18000-01.dmp
2025-04-23 17:01 - 2023-12-01 14:51 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-04-23 17:01 - 2023-10-13 17:57 - 000012288 ___SH C:\DumpStack.log.tmp
2025-04-23 16:54 - 2023-10-13 12:44 - 000000000 ____D C:\Program Files (x86)\Steam
2025-04-23 16:24 - 2024-01-16 20:54 - 000000000 ____D C:\Users\Páll\AppData\Roaming\landnama
2025-04-23 16:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-04-23 16:03 - 2023-11-30 12:32 - 000000000 ____D C:\Program Files\Microsoft Office
2025-04-23 16:00 - 2023-10-13 12:45 - 000000000 ____D C:\Users\Páll\AppData\Local\Steam
2025-04-23 15:57 - 2025-03-16 15:00 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2129917812-2419563499-1881424802-1001
2025-04-23 15:57 - 2025-03-16 15:00 - 000003552 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-2129917812-2419563499-1881424802-1001
2025-04-23 15:57 - 2025-03-16 15:00 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-04-23 15:57 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-04-23 15:57 - 2023-11-30 12:34 - 000002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-04-21 14:33 - 2024-04-01 09:21 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-04-21 09:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2025-04-21 09:02 - 2025-03-16 13:18 - 000000000 ____D C:\Users\Páll\AppData\Local\AMD_Common
2025-04-21 09:02 - 2023-10-13 12:00 - 000000000 ____D C:\Users\Páll\AppData\Local\D3DSCache
2025-04-21 08:56 - 2023-10-13 17:58 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-04-18 10:43 - 2023-11-30 13:02 - 000000000 ____D C:\Users\Páll\AppData\Roaming\Microsoft\PowerPoint
2025-04-18 10:28 - 2023-11-05 22:10 - 000000000 ____D C:\Users\Páll\AppData\Local\FortiClient
2025-04-18 10:28 - 2023-11-05 22:07 - 000000000 ____D C:\Users\Páll\AppData\Roaming\FortiClient
2025-04-18 09:51 - 2023-10-13 12:00 - 000000000 ____D C:\Users\Páll\AppData\Local\Packages
2025-04-17 08:52 - 2025-03-16 15:00 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-04-17 08:47 - 2024-11-29 21:34 - 000000000 ____D C:\Program Files (x86)\Dropbox
2025-04-16 19:27 - 2023-10-13 14:50 - 000000000 ____D C:\Users\Páll\Desktop\Noten etc
2025-04-16 16:05 - 2023-12-01 09:16 - 000000000 ____D C:\Users\Páll\AppData\Roaming\Microsoft\Teams
2025-04-16 15:59 - 2023-10-13 22:50 - 000000000 ____D C:\Program Files\Common Files\VST3
2025-04-16 15:59 - 2023-10-13 22:47 - 000000000 ____D C:\Program Files\VstPlugIns
2025-04-13 10:38 - 2025-03-16 14:00 - 001108270 ____N C:\WINDOWS\Minidump\041325-15703-01.dmp
2025-04-12 08:17 - 2025-03-16 14:00 - 000868767 ____N C:\WINDOWS\Minidump\041225-10328-01.dmp
2025-04-11 21:18 - 2025-03-16 14:57 - 000638208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-04-11 21:17 - 2024-04-01 18:37 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2025-04-11 21:17 - 2024-04-01 18:36 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-04-11 21:17 - 2024-04-01 18:36 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemResources
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-04-11 19:19 - 2023-10-15 22:15 - 000000000 ____D C:\Users\Páll\AppData\Roaming\vlc
2025-04-11 08:54 - 2023-10-13 17:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-04-08 20:29 - 2025-03-16 14:59 - 003352064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-04-06 01:45 - 2023-10-13 13:24 - 000000000 ____D C:\Users\Páll\AppData\Roaming\discord
2025-04-06 01:05 - 2023-10-13 13:24 - 000000000 ____D C:\Users\Páll\AppData\Local\Discord
2025-04-05 19:52 - 2025-03-16 15:00 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-04-05 19:52 - 2025-03-16 15:00 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-04-05 19:05 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\USOPrivate
2025-04-05 19:02 - 2023-10-13 13:24 - 000002242 _____ C:\Users\Páll\Desktop\Discord.lnk
2025-04-05 18:47 - 2024-04-01 18:37 - 000000000 ____D C:\WINDOWS\InboxApps
2025-04-05 18:47 - 2024-04-01 18:37 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2025-04-05 18:47 - 2024-04-01 18:37 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\system32\UNP
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\system32\F12
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\UUS
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemApps
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\setup
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\Program Files\Common Files\System
2025-04-05 18:47 - 2024-04-01 09:21 - 000000000 ____D C:\WINDOWS\servicing
2025-04-05 11:17 - 2023-11-30 12:35 - 000000000 ____D C:\Users\Páll\AppData\Roaming\Microsoft\Word
2025-04-03 21:15 - 2025-03-16 14:00 - 000797220 ____N C:\WINDOWS\Minidump\040325-37312-01.dmp
2025-04-03 21:14 - 2024-11-29 21:35 - 000000000 ___RD C:\Users\Páll\Dropbox
2025-03-31 10:50 - 2025-03-16 14:08 - 000000000 ___DC C:\WINDOWS\Panther
2025-03-31 10:48 - 2025-03-16 14:00 - 001713386 ____N C:\WINDOWS\Minidump\033125-12390-01.dmp
2025-03-26 00:00 - 2024-03-07 20:59 - 000000000 ____D C:\Users\Páll\Zotero
2025-03-25 10:30 - 2023-10-16 00:10 - 000000000 ____D C:\Users\Páll\Desktop\Soundclips
2025-03-25 09:29 - 2023-12-27 08:42 - 000000000 ____D C:\Users\Páll\AppData\Roaming\Microsoft\Excel
2025-03-25 08:46 - 2023-10-16 11:03 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-03-25 08:46 - 2023-10-16 11:03 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2023-10-13 22:53 - 2025-02-06 11:59 - 000000048 _____ () C:\Users\Páll\AppData\Roaming\msregsvv.dll
2024-09-23 19:25 - 2024-09-23 19:25 - 000003469 _____ () C:\Users\Páll\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-04-2025
durchgeführt von Páll (23-04-2025 22:05:16)
Gestartet von C:\Users\Páll\Downloads
Microsoft Windows 11 Pro Version 24H2 26100.3775 (X64) (2025-03-16 13:01:01)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-2129917812-2419563499-1881424802-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2129917812-2419563499-1881424802-503 - Limited - Disabled)
Gast (S-1-5-21-2129917812-2419563499-1881424802-501 - Limited - Disabled)
Páll (S-1-5-21-2129917812-2419563499-1881424802-1001 - Administrator - Enabled) => C:\Users\Páll
WDAGUtilityAccount (S-1-5-21-2129917812-2419563499-1881424802-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 25.001.20435 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Install Manager (HKLM\...\{64763D96-BC41-442A-A10F-4C9EF1783BCB}) (Version: 24.30.25071.1901 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 25.3.1 - Advanced Micro Devices, Inc.)
Amped - Roots version 2.0.0 (HKLM\...\Amped - Roots_is1) (Version: 2.0.0 - )
Amped - Stevie T version 1.0.2 (HKLM\...\Amped - Stevie T_is1) (Version: 1.0.2 - )
AmpliTube 5 version 5.7.1 (HKLM\...\{D831D61F-EBF5-4158-AEE1-F58A7B8C04C8}_is1) (Version: 5.7.1 - IK Multimedia)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.15 - tippach engineering)
Audacity 3.0.0 (HKLM-x32\...\Audacity_is1) (Version: 3.0.0 - Audacity Team)
Audacity 3.7.3 (64 Bit) (HKLM\...\Audacity_is1) (Version: 3.7.3 - Audacity Team)
AusweisApp (HKLM\...\{780E63F7-FD7F-4FD4-8224-56C65E7BF2D8}) (Version: 2.2.2 - Governikus GmbH & Co. KG)
Banished (HKLM-x32\...\1207660783_is1) (Version: 1.0.7 - GOG.com)
BitCleaner (HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\BitCleaner) (Version: 1.0.8.0 - BinaryLabs LTD) <==== ACHTUNG
Blackguards 2 (HKLM-x32\...\1207667233_is1) (Version: 2.2.0.5 - GOG.com)
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
calibre 64bit (HKLM\...\{08B38F11-2B6D-434D-B5D5-8C2FE3D70A66}) (Version: 7.4.0 - Kovid Goyal)
Custom Shop 2.0.0 (HKLM\...\5b86c39c-6f2f-52a0-a1b0-9b9fc743254c) (Version: 2.0.0 - IK Multimedia)
Custom Shop version 2.0.0 (HKLM\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 2.0.0 - IK Multimedia)
DIE SIEDLER - Das Erbe der Könige (HKLM-x32\...\{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}) (Version: 1.00.0000 - Blue Byte)
Discord (HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\Discord) (Version: 1.0.9019 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 222.4.5042 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.983.1 - Dropbox, Inc.) Hidden
FortiClient VPN (HKLM\...\{FF46D152-9845-4ACE-8258-DBA7E3BE9785}) (Version: 7.0.9.0493 - Fortinet Technologies Inc)
GIMP 2.10.34 (HKLM\...\GIMP-2_is1) (Version: 2.10.34 - The GIMP Team)
HP LaserJet Pro MFP M127-M128 (HKLM-x32\...\{3b050369-8d19-413d-9dec-84ff278472eb}) (Version: 15.0.15309.1258 - Hewlett-Packard)
HP LaserJet Pro MFP M127-M128 Fax (HKLM\...\{C5835004-643A-4EB6-A280-706F9F62F985}) (Version: 32.0.44.0 - Hewlett-Packard Co.) Hidden
HP LaserJet Pro MFP M127-M128 Fax (HKLM-x32\...\{FAE97B40-E8E2-4B52-9A9E-219C3CCC0107}) (Version: 32.0.44.0 - Hewlett-Packard Co.) Hidden
HP LaserJet Pro MFP M127-M128 Fax Driver (HKLM\...\{65072E52-F51B-4280-9DA6-EA5F1EE72C3A}) (Version: 32.0.44.0 - Hewlett-Packard Co.) Hidden
HP LaserJet Pro MFP M127-M128 HP Device Toolbox (HKLM-x32\...\{612631AC-0D84-4116-9D8A-D2D63467B7BF}) (Version: 32.0.28.0 - Hewlett-Packard Co.) Hidden
HP LJ M127128 Scan HP Scan (HKLM-x32\...\{2F518061-89DB-4AF0-9A7A-2BF73B60E6F0}) (Version: 1.0.302.0 - Hewlett-Packard Co.) Hidden
HP Product FWUpdater (HKLM-x32\...\{1A8F20ED-C9CC-43FD-A678-20970BB83A9E}) (Version: 4.0.0.8895 - Hewlett-Packard Company) Hidden
HP Unified IO (HKLM\...\{5C76ED0D-0F6F-4985-8B34-F9AE7834848F}) (Version: 2.0.0.434 - HP) Hidden
HP Unified IO (HKLM-x32\...\{F1390872-2500-4408-A46C-CD16C960C661}) (Version: 2.0.0.434 - HP) Hidden
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPLJProMFPM127M128 (HKLM-x32\...\{B5409C23-DE0C-4B48-8C8A-50AE38694955}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (HKLM-x32\...\{B445502B-2F83-4873-90F1-06059F71A46A}) (Version: 014.000.0001 - HP) Hidden
HPLJUTM127_128 (HKLM-x32\...\{2C886751-51BD-4A8C-B33A-B4C513AB5B9A}) (Version: 008.000.0001 - HP) Hidden
hppM125LaserJetService (HKLM-x32\...\{18D5B189-DBDD-4E57-A84B-58C7700E9BB0}) (Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{7504A7B0-003E-4875-A454-B627E127E9D9}) (Version: 100.040.00218 - Hewlett Packard) Hidden
hpStatusAlertsM127-M128 (HKLM-x32\...\{10D7EBAF-A550-48CD-8511-7D947184EE44}) (Version: 080.046.00112 - Hewlett-Packard) Hidden
IK Product Manager (HKLM\...\a401809f-3509-5ed7-a6dc-34dc618bf372) (Version: 1.0.9 - IK Multimedia)
Inkulinati (HKLM-x32\...\1788295898_is1) (Version: 1.48.1.0 - GOG.com)
Java(TM) SE Development Kit 22 (64-bit) (HKLM\...\{0A90CDCF-216E-51BC-89BE-70E263109A25}) (Version: 22.0.0.0 - Oracle Corporation)
LibreOffice 7.6.2.1 (HKLM\...\{69CAC3E6-C2D7-4221-9351-1F27CCBA92F1}) (Version: 7.6.2.1 - The Document Foundation)
MAGIX Analogue Modelling Suite Plus (HKLM\...\{F485F2FE-1D3D-4F6D-AD4E-13FA5FB22A88}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Analogue Modelling Suite Plus (HKLM\...\MX.{F485F2FE-1D3D-4F6D-AD4E-13FA5FB22A88}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Vandal VST-PlugIn (HKLM\...\{24F96DED-7B99-49C4-B877-CDCDC37762FA}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Vandal VST-PlugIn (HKLM\...\MX.{24F96DED-7B99-49C4-B877-CDCDC37762FA}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX VariVerb II VST-PlugIn (HKLM\...\{7A97538C-6D3F-4BB5-B2A1-D0ECFB199A4C}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX VariVerb II VST-PlugIn (HKLM\...\MX.{7A97538C-6D3F-4BB5-B2A1-D0ECFB199A4C}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Vintage Effects Suite (HKLM\...\{48978B41-9CD5-4274-9519-B622DD89727D}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Vintage Effects Suite (HKLM\...\MX.{48978B41-9CD5-4274-9519-B622DD89727D}) (Version: 1.0.0.0 - MAGIX Software GmbH)
Microsoft .NET Host - 8.0.8 (x64) (HKLM\...\{3BA242F8-BDB5-4096-9FBC-333CD663BBAD}) (Version: 64.32.18380 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.8 (x64) (HKLM\...\{7FE24458-0796-4428-99C2-9A0F8DAB93CC}) (Version: 64.32.18380 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.8 (x64) (HKLM\...\{9ACB23DB-4D32-49ED-A5E3-F4E2F8D9D2AA}) (Version: 64.32.18380 - Microsoft Corporation) Hidden
Microsoft 365 Apps for enterprise - da-dk (HKLM\...\O365ProPlusRetail - da-dk) (Version: 16.0.18623.20208 - Microsoft Corporation)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.18623.20208 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 135.0.3179.85 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 135.0.3179.85 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.060.0330.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34438 (HKLM-x32\...\{b49c10dd-4d54-45f8-ad13-fa25704456a4}) (Version: 14.42.34438.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34438 (HKLM-x32\...\{ba10fda9-f731-441f-a999-000bbb7ceec2}) (Version: 14.42.34438.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34438 (HKLM\...\{E528AD94-12D7-42C4-91A3-908BE28E9BD2}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34438 (HKLM\...\{2E15F519-4FDA-4834-B4EE-7EFCE7D8D4EE}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34438 (HKLM-x32\...\{A5592FEF-F948-4BA6-A066-8BBFC2DC7EE1}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34438 (HKLM-x32\...\{5D0C4511-3CA1-4FF8-A4BA-C0E1957ABEEA}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.8 (x64) (HKLM\...\{663E7053-3B36-4AE5-8223-234867FAEAE6}) (Version: 64.32.18376 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.8 (x64) (HKLM-x32\...\{33832ff3-5583-4b81-b270-d9fd42760e1a}) (Version: 8.0.8.33916 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 14.41.137.0 - Microsoft Corporation)
MODO DRUM version 1.5.0 (HKLM\...\{A795A974-32B1-421C-AA21-B03288C5C562}_is1) (Version: 1.5.0 - IK Multimedia)
Mount and Blade: Warband - Viking Conquest (HKLM-x32\...\1207666933_is1) (Version: 2.068 - GOG.com)
Mount and Blade: Warband (HKLM-x32\...\1207666913_is1) (Version: 2.064 (GOG) - GOG.com)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 137.0.2 (x64 de)) (Version: 137.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 137.0.2 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Native Access 3.12.1 (HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\c410b7d2-8fce-53b3-8332-e98b6e89a16a) (Version: 3.12.1 - Native Instruments)
Native Instruments Kontakt (HKLM-x32\...\Native Instruments Kontakt) (Version: 6.8.0.0 - Native Instruments)
Native Instruments Kontakt 7 (HKLM-x32\...\Native Instruments Kontakt 7) (Version: 7.10.5.0 - Native Instruments)
Native Instruments NTKDaemon (HKLM-x32\...\Native Instruments NTKDaemon) (Version: 1.19.0.0 - Native Instruments)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 30.1.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20208 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0406-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Old World (HKLM-x32\...\2010300617_is1) (Version: 76679 - GOG.com)
Old World Expansion 1 (HKLM-x32\...\1721325518_is1) (Version: 76679 - GOG.com)
OpenVPN 2.5.3-I601 amd64 (HKLM\...\{E5931AF4-2A8F-48A5-AFC8-460348F480E8}) (Version: 2.5.022 - OpenVPN, Inc.)
Pathologic 2 (HKLM-x32\...\1076642617_is1) (Version: 1.5.30038-rel-dev-st + mn - GOG.com)
ProjectSAM The Free Orchestra (HKLM-x32\...\ProjectSAM The Free Orchestra) (Version: 2.0.0.1 - ProjectSAM)
Realms of Arkania 2 - Star Trail (HKLM-x32\...\1207661983_is1) (Version: 1.0 v2 - GOG.com)
RyzenMasterSDK (HKLM\...\{EA69F3F4-94A3-4B3D-8A87-08C1D6ED87B4}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Samplitude Pro X2 Silver (HKLM\...\{C3A3C7A2-0118-4EAA-B51D-E8F26B22D320}) (Version: 13.1.3.176 - MAGIX Software GmbH) Hidden
Samplitude Pro X2 Silver (HKLM\...\MX.{C3A3C7A2-0118-4EAA-B51D-E8F26B22D320}) (Version: 13.1.3.176 - MAGIX Software GmbH)
Samplitude Pro X2 Silver Independence Free (HKLM\...\{E52AC3D4-3700-41D3-8E0E-2FD3C8A8CD3D}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Samplitude Pro X2 Silver Independence Free (HKLM\...\MX.{E52AC3D4-3700-41D3-8E0E-2FD3C8A8CD3D}) (Version: 1.0.0.0 - MAGIX Software GmbH)
Samplitude Pro X2 Silver Objekt-Synthesizer (HKLM\...\{0E9CFDBD-B513-42E5-B46F-D6CD1214FF77}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Samplitude Pro X2 Silver Objekt-Synthesizer (HKLM\...\MX.{0E9CFDBD-B513-42E5-B46F-D6CD1214FF77}) (Version: 1.0.0.0 - MAGIX Software GmbH)
Shadowrun Returns (HKLM-x32\...\1207660413_is1) (Version: 2.3.0.12 - GOG.com)
Soundpaint 3.1.2 (HKLM\...\{78841126-C6F3-4136-A6AF-DB43EB9DDF9F}_is1) (Version: 3.1.2 - 8Dio)
Spitfire Audio version 3.4.10 (HKLM-x32\...\{ABC5F486-25BD-4BAA-9FA1-A84152CBB563}_is1) (Version: 3.4.10 - Spitfire Audio Holdings Ltd)
STAR WARS Battlefront II (HKLM-x32\...\1421404701_is1) (Version: 1.1 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold HD (HKLM-x32\...\1207658712_is1) (Version: 1.41 - GOG.com)
Syntronik 2 version 2.1.1 (HKLM\...\{D1F669F8-F75C-442E-B303-107C052DD42C}_is1) (Version: 2.1.1 - IK Multimedia)
The Witcher Enhanced Edition Director's Cut (HKLM-x32\...\1207658924_is1) (Version: 2.1.0.15 - GOG.com)
TuxGuitar (HKLM\...\TuxGuitar 1.6.6) (Version: 1.6.6 - TuxGuitar)
TuxGuitar (HKLM-x32\...\TuxGuitar 1.5.6) (Version: 1.5.6 - TuxGuitar)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Zoom (HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\ZoomUMX) (Version: 5.17.11 (34827) - Zoom Video Communications, Inc.)
Zotero (HKLM-x32\...\Zotero 6.0.36 (x86 en-US)) (Version: 6.0.36 - Corporation for Digital Scholarship)
Packages:
=========
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3624.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-04-11] (Microsoft Windows)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2025-03-16] ()
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2025-04-17] (Dropbox Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_158.2.1134.0_x64__v10z8vjag6ke6 [2025-04-03] (HP Inc.)
Microsoft.StartExperiencesApp -> C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.296.0_x64__8wekyb3d8bbwe [2025-03-19] (Microsoft Corporation)
MuseHub -> C:\Program Files\WindowsApps\Muse.MuseHub_2.2.1.13_x64__rb9pth70m6nz6 [2025-04-21] (Muse) [Startup Task]
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-04-23] ()
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.52.354.0_x64__dt26b99r8h8gj [2025-03-16] (Realtek Semiconductor Corp)
SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0 [2025-04-14] (Spotify AB) [Startup Task]
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-04-11] (Microsoft Windows)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001_Classes\CLSID\{04271989-C4D2-DB05-E5F6-C88623FBD62F} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001_Classes\CLSID\{41AD5CCC-26E6-46CC-821E-81569059CA8D} -> [Dropbox] => C:\Users\Páll\Dropbox [2024-11-29 21:35]
CustomCLSID: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\Páll\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => Keine Datei
CustomCLSID: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Páll\Dropbox [2024-11-29 21:35]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2009-09-16 18:44 - 2009-09-16 18:44 - 000153088 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\hptcpmib.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000331264 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 11:44 - 2009-09-16 11:44 - 000132096 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\hpzjrd01.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000317440 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\WINDOWS\System32\HPTcpMUI.dll
2023-07-18 15:12 - 2023-07-18 15:12 - 000155648 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Fortinet\FortiClient\legacy.DLL
2023-07-18 15:12 - 2023-07-18 15:12 - 006030336 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Fortinet\FortiClient\libcrypto-3-x64.dll
2023-07-18 15:12 - 2023-07-18 15:12 - 000776192 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Fortinet\FortiClient\libssl-3-x64.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) =============
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\sharepoint.com -> hxxps://cmsa3-files.sharepoint.com
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-12-07 11:14 - 2025-04-23 17:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Calibre2\;C:\Program Files\dotnet\
HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\Control Panel\Desktop\\Wallpaper -> D:\Bilder\2017 Dansk på Askov\20170825_063400.jpg
DNS Servers: 217.69.224.73 - 213.187.64.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
ist aktiviert.
Network Binding:
=============
Ethernet 2: Fortinet Virtual Ethernet Adapter (NDIS 6.30) -> ftvnic.sys
OpenVPN Wintun: Wintun Userspace Tunnel -> wintun.sys
LAN-Verbindung: TAP-Windows Adapter V9 -> tap0901.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
Ethernet 3: Fortinet SSL VPN Virtual Ethernet Adapter -> ftsvnic.sys
ft_fortifilter: FortiClient NDIS 6.3 Packet Filter Driver
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{8E0434B3-06C2-478E-92F3-D7EC27A8694C}C:\gog games\pathologic 2\pathologic.exe] => (Block) C:\gog games\pathologic 2\pathologic.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{D252EC65-5FB1-49E6-B3F9-0558F3BD8B32}C:\gog games\pathologic 2\pathologic.exe] => (Block) C:\gog games\pathologic 2\pathologic.exe () [Datei ist nicht signiert]
FirewallRules: [{ABBBC7D4-DC9D-4E8E-BC6E-2959BC0070E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Landnama\Landnama.exe (Godot Engine) [Datei ist nicht signiert]
FirewallRules: [{4865745D-3ABD-4530-86A0-BF58BE78B16F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Landnama\Landnama.exe (Godot Engine) [Datei ist nicht signiert]
FirewallRules: [{DA20D4E1-623E-467D-8AA6-DE0B6A331CA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BEAST\Beast.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{4668507F-5438-4821-8FBD-F63C451D5C37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BEAST\Beast.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [AusweisApp-Firewall-Rule] => (Allow) C:\Program Files\AusweisApp\AusweisApp.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG)
FirewallRules: [{CC0F8CD2-D0B7-4493-9AC2-D3DF80FF5A2E}] => (Allow) C:\Program Files\AusweisApp\AusweisApp.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG)
FirewallRules: [{BDBBAADB-1430-4E1C-B344-402B87CF1041}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{8180F412-8620-4E3E-98A5-8BE0FB4D9BB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{88D99470-889D-45D0-AF4B-890C29DE0DF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{CFE9C114-F537-4C00-A06A-41031B8FB60A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{ED347C13-0891-49A4-B11A-2FD993CA76F7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{515836BE-5504-42BC-A00F-6A56C8C4D78E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\2KLauncher\LauncherPatcher.exe => Keine Datei
FirewallRules: [{DDA9C3CB-1214-405C-8F43-7778B04F77D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\2KLauncher\LauncherPatcher.exe => Keine Datei
FirewallRules: [{9759CA40-9F76-4B65-8266-56D922F7EEF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hellish Quart\Hellish Quart.exe () [Datei ist nicht signiert]
FirewallRules: [{0BE84599-DE6B-4F26-AE1D-5676CC0E34E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hellish Quart\Hellish Quart.exe () [Datei ist nicht signiert]
FirewallRules: [{3E1E8D2D-7CA2-486F-A152-FB4D098521FB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2D22D465-F739-4BFB-A589-4E4E36591D58}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{78A567DB-0CB1-48AA-B9D1-2758CBAC402B}] => (Allow) C:\Users\Páll\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{02D02765-9F3F-4300-9CD9-6ED00F32CCCE}] => (Allow) C:\Users\Páll\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{653D25F2-8128-4C65-A0B2-B1DD1662C147}] => (Allow) C:\Users\Páll\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{CF0C24E2-88A0-4E63-A29E-F7258BCBF912}C:\gog games\wolfenstein the new order\wolfneworder_x64.exe] => (Block) C:\gog games\wolfenstein the new order\wolfneworder_x64.exe => Keine Datei
FirewallRules: [TCP Query User{69B489DB-1687-4AE8-8A85-838F05BE4BA3}C:\gog games\wolfenstein the new order\wolfneworder_x64.exe] => (Block) C:\gog games\wolfenstein the new order\wolfneworder_x64.exe => Keine Datei
FirewallRules: [{987BC49B-EEDA-435A-AAC8-82C2F48F89B3}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E7CBD212-B228-4F8D-BB4C-D5E909A18BE4}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{865DA2EE-A25A-48FB-83CE-4EC558825E08}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0C024BD2-9EDD-4EE5-9BCF-EA34CDC8AF51}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C2F85DDE-953A-4CD9-A87B-745FA43A294E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8A3E397D-76C2-47B6-98F9-5FB5947FB0B9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{509E010C-D013-4F0C-8CE6-E086ABCD3F02}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{56C42688-41D4-4BE4-BDC2-28BAA9A1BDB8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4FAE47C1-E782-4A46-B7DA-91C6873B7F5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{55D95518-5C71-44F7-8970-DBAE7809AA98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{2D3030DD-EF64-4FC7-BDA7-FDE25248E9A7}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\bin\EWSProxy.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{5B025E77-A240-43CF-BC62-F9DAD010FF13}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\Bin\HPNetworkCommunicatorCom.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{E8C6460E-4795-4838-AB7E-B9814D33B8F0}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\bin\FaxApplications.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{8C08937A-7C68-4CCA-A23A-7B4A1096083C}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\bin\FaxPrinterUtility.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{0B7EB188-E76E-4B0E-B817-ED13317B62D5}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\Bin\HPNetworkCommunicatorCom.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{9CEBF324-1973-40DA-B06B-3AF196ABE28D}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\bin\SendAFax.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{F6BBA465-91D1-45CD-8D1D-A7672EE76FA0}C:\gog games\wolfenstein the new order\wolfneworder_x64.exe] => (Block) C:\gog games\wolfenstein the new order\wolfneworder_x64.exe => Keine Datei
FirewallRules: [TCP Query User{6217295B-2F67-49A2-AB27-D51FFF71866F}C:\gog games\wolfenstein the new order\wolfneworder_x64.exe] => (Block) C:\gog games\wolfenstein the new order\wolfneworder_x64.exe => Keine Datei
FirewallRules: [{E9F8D213-418C-4F2B-955E-7B7BF91790BD}] => (Block) D:\magix\music maker\27\musicmaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [{003CAFAC-FAE9-468F-AA31-8D156FDA42D1}] => (Block) D:\magix\music maker\27\musicmaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [UDP Query User{2A943D1A-DFF0-4C80-A43C-203537D3B9F6}D:\magix\music maker\27\musicmaker.exe] => (Allow) D:\magix\music maker\27\musicmaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [TCP Query User{69301664-18C9-4D38-A1D0-B99AA383262A}D:\magix\music maker\27\musicmaker.exe] => (Allow) D:\magix\music maker\27\musicmaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [{FBC110EF-9276-48CF-BA74-3D0122E339F4}] => (Block) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => Keine Datei
FirewallRules: [{7EC0AD71-7242-4391-B865-F7CE2A9D2998}] => (Block) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => Keine Datei
FirewallRules: [UDP Query User{C6CEBF84-964E-4388-BBC8-BAFCDAF31BEA}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => Keine Datei
FirewallRules: [TCP Query User{6EC3D20E-992E-4F5B-906A-A81B4CE8B33F}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => Keine Datei
FirewallRules: [{5A5052CB-CD91-45E4-AEE9-D37B50180822}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{628858A9-CBAF-4B47-AC6F-8F0E608F6533}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2E1B84F5-986C-4758-B49E-2DE145C9A6EC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A85B0E3E-7CA8-4C4B-80E4-43DB4CE407AC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{728FD8CD-E9AE-46AC-BB29-0114B5895CD3}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1C8BB13F-EA68-49FF-A50D-2AD349590884}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-V2] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-NoScope] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{B859FD5D-817A-4F19-8190-432318E883AC}C:\gog games\old world\oldworld.exe] => (Block) C:\gog games\old world\oldworld.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{FC29BE39-F928-4D8C-811C-DF80A3A69034}C:\gog games\old world\oldworld.exe] => (Block) C:\gog games\old world\oldworld.exe () [Datei ist nicht signiert]
FirewallRules: [{D071D613-CB54-473F-98E6-40183666A56E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D2FF42E4-0404-4664-AD0D-038BB62D902C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8E4B3347-F708-4111-9396-08564815351F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7760D861-68DF-4852-9E34-0AAA6125A7DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3023554F-AD3D-4D7D-BF74-0868550055D0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D1192CE2-0F54-43FA-B500-B46C5F25AC6D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{931FF170-4203-4C59-B9C7-E99F68D843DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{76DB5BDE-35AF-44D3-9D57-7EBE9F2CDFC5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E4EB7055-8E99-4D46-81AD-074FF44612F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D2DDD469-8E0B-4BFF-8E60-B5713A35B19D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BEB3177F-FCA6-4E5A-8FFC-D1F3FF1D7FE6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DF652755-783A-42D9-8FB0-13452EC3B625}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CEF517E2-C432-421E-A113-480156B20916}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{981F76D3-53FC-4CD6-94B6-6045B094BC2F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{5026CF2C-2111-4A49-A183-2A2411CD49C8}] => (Allow) C:\Program Files\WindowsApps\Muse.MuseHub_2.2.1.13_x64__rb9pth70m6nz6\Muse.exe (Musecy SM Ltd. -> Muse)
FirewallRules: [{3328610D-4F95-4802-B363-44692434DF76}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\135.0.3179.85\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
14-04-2025 17:28:00 Windows Update
16-04-2025 15:59:46 Removed Sitala
21-04-2025 14:38:19 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager ============
Name: Fortinet SSL VPN Virtual Ethernet Adapter
Description: Fortinet SSL VPN Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Fortinet Inc
Service: ftsvnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (04/23/2025 10:03:48 PM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) Das Handle ist ungültig.
Error: (04/23/2025 03:57:39 PM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) Das Handle ist ungültig.
Error: (04/21/2025 02:32:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren..
Error: (04/21/2025 02:32:57 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.]
Error: (04/21/2025 02:32:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren..
Error: (04/21/2025 02:32:57 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.]
Error: (04/21/2025 08:55:57 AM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) Das Handle ist ungültig.
Error: (04/17/2025 06:18:01 PM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) Das Handle ist ungültig.
Systemfehler:
=============
Error: (04/23/2025 06:40:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8H8CSAR)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (04/23/2025 06:40:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8H8CSAR)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (04/23/2025 06:40:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8H8CSAR)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (04/23/2025 06:40:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8H8CSAR)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (04/23/2025 06:40:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8H8CSAR)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (04/23/2025 06:40:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8H8CSAR)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (04/23/2025 06:40:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8H8CSAR)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (04/23/2025 06:40:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8H8CSAR)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Windows Defender:
================
Date: 2025-04-16 19:38:25
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-15 21:12:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-15 20:28:30
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-14 09:06:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-11 17:43:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
Date: 2025-04-17 10:11:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.427.296.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.25030.1
Error code: 0x8007043c
Error description: Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Date: 2025-04-17 10:01:12
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2025-04-17 09:32:21
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===============
Date: 2025-04-23 22:03:45
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\Dropbox.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\222.4.5042\vulkan-1.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends International, LLC. A.B0 08/11/2022
Hauptplatine: Micro-Star International Co., Ltd. B550-A PRO (MS-7C56)
Prozessor: AMD Ryzen 5 5600X 6-Core Processor
Prozentuale Nutzung des RAM: 35%
Installierter physikalischer RAM: 16310.09 MB
Verfügbarer physikalischer RAM: 10566.91 MB
Summe virtueller Speicher: 20918.09 MB
Verfügbarer virtueller Speicher: 12619.25 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:930.71 GB) (Free:552.53 GB) (Model: Samsung SSD 980 PRO 1TB) NTFS
Drive d: (Archiv) (Fixed) (Total:931.39 GB) (Free:251.77 GB) (Model: TOSHIBA HDWD110) NTFS
Drive e: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
\\?\Volume{5dd90591-b645-4434-8eb7-f8172c484e0d}\ () (Fixed) (Total:0.69 GB) (Free:0.11 GB) NTFS
\\?\Volume{0152c4ad-1b08-4590-88a8-cb263ce40039}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 84543A49)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt =======================
|
|
23.04.2025, 21:25
| #4 |
| /// TB-Ausbilder | PUP.Adware.Heuristic / bcnexum Vielen Dank für die neuen Logs, das gefällt mir schon besser.  Meinen Hinweis mit den Downloadquellen hast du gelesen?  Hast du mal was bei Chip.de geladen? Wir führen eine Reparatur mit FRST durch. Reparatur mit FRST HINWEIS AN ALLE MITLESER: Dieses FRST-Skript ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System verwendet werden!
|
|
23.04.2025, 21:36
| #5 |
| | PUP.Adware.Heuristic / bcnexum Chip.de hab ich schon öfter benutzt, bei vlc und audacity ist gut möglich, dass ich's mal von .de-Domänen her hab, beim Rest klingelt aus dem Stand nichts, aber ich hab auch die Browserchronik nicht mehr, deswegen keine Sicherheit.Fixlog: Code:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-04-2025
durchgeführt von Páll (23-04-2025 22:27:29) Run:1
Gestartet von C:\Users\Páll\Downloads
Geladene Profile: Páll
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
Start::
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (Keine Datei)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\Páll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitCleaner Tasker.lnk [2024-03-03] <==== ACHTUNG
C:\Users\Páll\AppData\Roaming\BitCleaner
Task: {E88D9B2C-DDEA-47B2-9582-085153004DB5} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (Keine Datei)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Keine Datei)
Task: {86A85C57-D7F8-4E72-8EA7-ACD8AE47F874} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (Keine Datei)
Task: {E5FCB0C7-1A4A-4A60-9918-E2A6F399A651} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (Keine Datei)
Task: {CEC27C84-275A-40B7-AD7A-879856542C2A} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (Keine Datei)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
C:\Users\Páll\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gidnhakgfijhghmilgiiffidakihnbnb
C:\Users\Páll\AppData\Roaming\msregsvv.dll
FirewallRules: [{78A567DB-0CB1-48AA-B9D1-2758CBAC402B}] => (Allow) C:\Users\Páll\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{02D02765-9F3F-4300-9CD9-6ED00F32CCCE}] => (Allow) C:\Users\Páll\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
CMD: reg query "HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitCleaner" /S
DeleteKey: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitCleaner
CMD: netsh winsock reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winhttp reset proxy
CMD: Bitsadmin /Reset /Allusers
CMD: Winmgmt /salvagerepository
CMD: Winmgmt /verifyrepository
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
Hosts:
RemoveProxy:
EmptyTemp:
End::
*****************
Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozesse erfolgreich geschlossen.
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\TeamsMachineUninstallerProgramData" => erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => erfolgreich entfernt
C:\Users\Páll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitCleaner Tasker.lnk => erfolgreich verschoben
"C:\Users\Páll\AppData\Roaming\BitCleaner" Ordner verschieben:
C:\Users\Páll\AppData\Roaming\BitCleaner => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E88D9B2C-DDEA-47B2-9582-085153004DB5}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E88D9B2C-DDEA-47B2-9582-085153004DB5}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Location\Notifications => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Location\Notifications" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{86A85C57-D7F8-4E72-8EA7-ACD8AE47F874}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86A85C57-D7F8-4E72-8EA7-ACD8AE47F874}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5FCB0C7-1A4A-4A60-9918-E2A6F399A651}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5FCB0C7-1A4A-4A60-9918-E2A6F399A651}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEC27C84-275A-40B7-AD7A-879856542C2A}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEC27C84-275A-40B7-AD7A-879856542C2A}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3E6E7ED-A196-4E44-8803-55FAB3AD4E29}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker" => erfolgreich entfernt
"C:\Users\Páll\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gidnhakgfijhghmilgiiffidakihnbnb" Ordner verschieben:
C:\Users\Páll\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gidnhakgfijhghmilgiiffidakihnbnb => erfolgreich verschoben
C:\Users\Páll\AppData\Roaming\msregsvv.dll => erfolgreich verschoben
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{78A567DB-0CB1-48AA-B9D1-2758CBAC402B}" => erfolgreich entfernt
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{02D02765-9F3F-4300-9CD9-6ED00F32CCCE}" => erfolgreich entfernt
========= reg query "HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitCleaner" /S =========
HKEY_USERS\S-1-5-21-2129917812-2419563499-1881424802-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\BitCleaner
DisplayName REG_SZ BitCleaner
DisplayVersion REG_SZ 1.0.8.0
Publisher REG_SZ BinaryLabs LTD
VersionMajor REG_SZ 1
VersionMinor REG_SZ 0
Version REG_SZ 1.0.8.0
InstallDate REG_BINARY 1927E6505325E640
DisplayIcon REG_SZ C:\Users\P*ll\AppData\Roaming\BitCleaner\uninstall.exe
UninstallString REG_SZ "C:\Users\P*ll\AppData\Roaming\BitCleaner\uninstall.exe" iid=402839_1379900906 -ec
========= Ende von CMD: =========
HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitCleaner => erfolgreich entfernt
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurückgesetzt.
Sie müssen den Computer neu starten, um den Vorgang abzuschließen.
========= Ende von CMD: =========
========= netsh advfirewall set allprofiles state ON =========
OK.
========= Ende von CMD: =========
========= netsh winhttp reset proxy =========
Aktuelle WinHTTP-Proxyeinstellungen:
DirectAccess (kein Proxyserver).
========= Ende von CMD: =========
========= Bitsadmin /Reset /Allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
0 out of 0 jobs canceled.
========= Ende von CMD: =========
========= Winmgmt /salvagerepository =========
Das WMI-Repository ist konsistent.
========= Ende von CMD: =========
========= Winmgmt /verifyrepository =========
Das WMI-Repository ist konsistent.
========= Ende von CMD: =========
========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellungen wurden erfolgreich aus dem Systemsicherungsspeicher neu erstellt.
========= Ende von CMD: =========
========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellungen wurden erfolgreich aus dem Systemsicherungsspeicher neu erstellt.
========= Ende von CMD: =========
========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellungen wurden erfolgreich aus dem Systemsicherungsspeicher neu erstellt.
========= Ende von CMD: =========
========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellungen wurden erfolgreich aus dem Systemsicherungsspeicher neu erstellt.
========= Ende von CMD: =========
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
========= RemoveProxy: =========
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
========= Ende von RemoveProxy: =========
=========== EmptyTemp: ==========
FlushDNS => abgeschlossen
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 37256889 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 1104042878 B
Windows/system/drivers => 350327293 B
Edge => 0 B
Firefox => 1195411981 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 93889 B
systemprofile32 => 93889 B
LocalService => 93889 B
NetworkService => 120877 B
Páll => 111163742 B
RecycleBin => 9892041443 B
EmptyTemp: => 11.8 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 22:29:03 ====
|
|
24.04.2025, 08:43
| #6 |
| /// TB-Ausbilder | PUP.Adware.Heuristic / bcnexum Gut gemacht.  Als Nächstes kommt noch eine kurze Reparatur hinterher und ein neuer Kontrollsuchlauf. Gib Bescheid, wie dein System nach diesen beiden Schritten läuft und ob du noch Auffälligkeiten im Firefox-Verlauf bemerkst. AdwCleaner sollte danach auch nicht mehr fündig werden. Reparatur mit FRST HINWEIS AN ALLE MITLESER: Dieses FRST-Skript ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System verwendet werden!
Suchlauf mit FRST
|
|
24.04.2025, 19:15
| #7 |
| | PUP.Adware.Heuristic / bcnexum So. AdwCleaner findet jedenfalls nix mehr Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-04-2025
durchgeführt von Páll (Administrator) auf DESKTOP-8H8CSAR (Micro-Star International Co., Ltd. MS-7C56) (24-04-2025 20:08:14)
Gestartet von C:\Users\Páll\Downloads\FRST64.exe
Geladene Profile: Páll
Plattform: Microsoft Windows 11 Pro Version 24H2 26100.3775 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.983.1\DropboxCrashHandler.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FCDBLog.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSettings.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiSSLVPNdaemon.exe
(C:\Program Files\Fortinet\FortiClient\scheduler.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\FortiTray.exe
(C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(cmd.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(DriverStore\FileRepository\u0413647.inf_amd64_d320f14af0da075c\B413137\atiesrxx.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0413647.inf_amd64_d320f14af0da075c\B413137\atieclxx.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <9>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.060.0330.0003\Microsoft.SharePoint.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(explorer.exe ->) (OpenVPN Inc. -> ) C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0413647.inf_amd64_d320f14af0da075c\B413137\atiesrxx.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Fortinet Technologies (Canada) ULC -> Fortinet Inc.) C:\Program Files\Fortinet\FortiClient\scheduler.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_1da2893e2ffb6838\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe
(services.exe ->) (Musecy SM Ltd. -> Muse Group) C:\Program Files\MuseAuthService\MuseAuthService.exe
(services.exe ->) (OpenVPN Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_434f4faf6aa034b3\RtkAudUService64.exe <2>
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.25031.45.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(sihost.exe ->) (Musecy SM Ltd. -> Muse) C:\Program Files\WindowsApps\Muse.MuseHub_2.2.1.13_x64__rb9pth70m6nz6\Muse.exe
(svchost.exe ->) (Advanced Micro Devices -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_6.1.4.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.296.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.5100.40.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_434f4faf6aa034b3\RtkAudUService64.exe [2389976 2024-12-30] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330040 2014-02-11] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [9238408 2025-04-15] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\Páll\AppData\Local\Microsoft\Teams\Update.exe [2588640 2023-12-01] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5013800 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\Run: [OpenVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [829304 2021-06-17] (OpenVPN Inc. -> )
HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\Run: [Microsoft.Lists] => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\Microsoft.SharePoint.exe [1032000 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\Run: [AMDNoiseSuppression] => C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe [164840 2024-06-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\WINDOWS\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [Datei ist nicht signiert]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{E5931AF4-2A8F-48A5-AFC8-460348F480E8}] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe"
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {56C2FFB7-9E96-4F0B-A26B-B70B0B72CB77} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {362B8CE5-631B-402F-AEA5-88E1D0AA1B2A} - System32\Tasks\AMD Install Manager - Check For Updates => C:\Program Files\AMD\AMDInstallManager\AMDInstallManager.exe [55232720 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.) -> C:\Program Files\AMD\AMDInstallManager\\-CheckForUpdates
Task: {47F875D2-020D-4E3E-833C-A757E59EBF54} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1038544 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {AD52520A-8DA2-448A-908F-D8A72A78BC57} - System32\Tasks\AMDRyzenMasterSDKTask => C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe [191184 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {ECC45768-467E-428B-897E-9F9978818079} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-11-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {A6E810A8-EB72-4985-B86D-BEB3998B3D20} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-11-29] (Dropbox, Inc -> Dropbox, Inc.)
Task: {256F55DA-28C2-4606-AFAD-0F6F0FE32A3C} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [89840 2014-10-19] (Hewlett-Packard Company -> Hewlett Packard)
Task: {1F76564C-00FF-4FA4-AB7F-9F8609237192} - System32\Tasks\Microsoft\Office\Office Apps Prewarm => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {2D0C7E97-C3C9-442A-BAC4-46EA04349BD3} - System32\Tasks\Microsoft\Office\Office Apps Prewarm Recurring => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {0D480302-B24A-401B-8DEA-86695478E30F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29107976 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {38A49F5C-5207-42A3-97EC-E7E342BF51A4} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [68360 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {1B920596-4037-4554-BA30-3D23FBDA6E50} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [29107976 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {C6ACCE9E-C08A-481D-95F9-C87271EC9CE4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {03D72504-9CAB-4D9F-ACDC-38558B5CD84B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [315600 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {2A467D51-9E65-4F07-B1CD-ABBCC8365F77} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [204400 2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Task: {7B9E81F8-7DFB-4A6D-AEA7-9852C87A75D4} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4536784 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {F744877B-71CD-4852-BB31-BF53264D1D0D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {860E698E-5C6A-4973-9AA0-5399C82D45AA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E2B7E138-2F2E-4DCF-818B-01FAE35CFFD2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {98BC770D-5721-4428-AF0C-54FEA1C08BB2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpCmdRun.exe [1745176 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {44BF852D-C173-4890-9067-11D72C3EAD31} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2463600 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {D4930081-AEE1-4A45-8467-92B65689C015} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1938792 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {FA00A83C-5C01-4687-9835-F23506E72563} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2335600 2021-09-08] (Microsoft Corporation -> Microsoft)
Task: {A0464567-5C7E-4B6E-8CC2-1561125ABBC4} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\CEIP.exe [32632 2021-09-08] (Microsoft Corporation -> Microsoft)
Task: {BC53EF15-3974-42B8-AD79-1A2031531E1E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2463600 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {6352B3E7-8D16-4F8B-A90C-112B17EE1A8D} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1938792 2021-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {9DFB9E7F-60E4-40CE-A0D6-C9ABB2DA8923} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1038544 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {E792D9D9-60B8-4726-9648-41E190A077D5} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2129917812-2419563499-1881424802-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-04-14] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {1AF9B551-A0A2-4D62-AB4C-4DC455E9F70E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-04-14] (Mozilla Corporation -> Mozilla Foundation)
Task: {07DA9372-7B6E-48B0-AFD4-9C7A7224ED15} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223824 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {4157E1A3-50D1-4723-8041-1E808F97D891} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2129917812-2419563499-1881424802-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223824 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {F49D432F-26BC-47D3-96C2-AE881199E49B} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2129917812-2419563499-1881424802-1001 => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\OneDriveLauncher.exe [676688 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {638D8052-6C94-46ED-9B7C-30552073C18B} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [142544 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
Task: {B6FF67DD-A57A-4C81-B95B-34380DF9F284} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [309968 2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 217.69.224.73 213.187.64.1
Tcpip\..\Interfaces\{b0cd0ea0-d7b3-47c8-8482-2fa35f02c9a7}: [DhcpNameServer] 217.69.224.73 213.187.64.1
Tcpip\..\Interfaces\{d1049e77-17bf-4cfd-af2e-b55a841ad76c}: [DhcpNameServer] 130.208.165.87 130.208.72.10
Edge:
=======
Edge Profile: C:\Users\Páll\AppData\Local\Microsoft\Edge\User Data\Default [2025-04-16]
Edge Extension: (Google Docs Offline) - C:\Users\Páll\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-04-16]
Edge Extension: (Edge relevant text changes) - C:\Users\Páll\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-03]
Edge HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [gidnhakgfijhghmilgiiffidakihnbnb]
FireFox:
========
FF DefaultProfile: 6wug9kbj.default
FF DefaultProfile: b3abstqg.default
FF ProfilePath: C:\Users\Páll\AppData\Roaming\Zotero\Zotero\Profiles\6wug9kbj.default [2025-03-25]
FF ProfilePath: C:\Users\Páll\AppData\Roaming\Mozilla\Firefox\Profiles\b3abstqg.default [2025-04-23]
FF ProfilePath: C:\Users\Páll\AppData\Roaming\Mozilla\Firefox\Profiles\zgkz7p2r.default-release [2025-04-24]
FF Extension: (uBlock Origin) - C:\Users\Páll\AppData\Roaming\Mozilla\Firefox\Profiles\zgkz7p2r.default-release\Extensions\uBlock0@raymondhill.net.xpi [2025-04-16]
FF Extension: (Return YouTube Dislike) - C:\Users\Páll\AppData\Roaming\Mozilla\Firefox\Profiles\zgkz7p2r.default-release\Extensions\{762f9885-5a13-4abd-9c77-433dcd38b8fd}.xpi [2025-04-16]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-03-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13863152 2025-04-17] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-11-29] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2024-11-29] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48528 2025-04-15] (Dropbox, Inc -> Dropbox, Inc.)
S3 DropboxElevationService; C:\Program Files (x86)\Dropbox\Client\222.4.5042\DropboxElevationService.exe [1659280 2025-04-15] (Dropbox, Inc -> Dropbox, Inc.)
R2 FA_Scheduler; C:\Program Files\Fortinet\FortiClient\scheduler.exe [437328 2023-07-18] (Fortinet Technologies (Canada) ULC -> Fortinet Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncHelper.exe [3586392 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [Datei ist nicht signiert]
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243664 2025-03-10] (HP Inc. -> HP Inc.)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MpDefenderCoreService.exe [2009608 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MuseAuthService; C:\Program Files\MuseAuthService\MuseAuthService.exe [10467928 2025-04-21] (Musecy SM Ltd. -> Muse Group)
S3 MuseHub Updater Service; C:\Program Files\WindowsApps\Muse.MuseHub_2.2.1.13_x64__rb9pth70m6nz6\Muse.Updater.exe [6224984 2025-04-21] (Musecy SM Ltd. -> Muse.Updater)
S2 NTKDaemonService; C:\Program Files\Common Files\Native Instruments\NTK\NTKDaemon.exe [16953568 2024-07-02] (Native Instruments GmbH -> Native Instruments GmbH)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.060.0330.0003\OneDriveUpdaterService.exe [3837256 2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73592 2021-06-17] (OpenVPN Inc. -> The OpenVPN Project)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [559320 2025-04-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\NisSrv.exe [4538400 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25030.2-0\MsMpEng.exe [278320 2025-04-11] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 amdfendrmgr; C:\WINDOWS\System32\DriverStore\FileRepository\amdfendr.inf_amd64_1da2893e2ffb6838\amdfendrmgr.sys [36136 2024-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.)
R2 AMDRyzenMasterDriverV28; C:\Windows\system32\AMDRyzenMasterDriver.sys [61264 2025-02-24] (Advanced Micro Devices -> Advanced Micro Devices)
R3 AMDSAFD; C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_66bdd11a4e97edd1\amdsafd.sys [112840 2024-05-02] (AMD Test Build -> Advanced Micro Devices)
R3 amduw23g; C:\WINDOWS\System32\DriverStore\FileRepository\u0413647.inf_amd64_d320f14af0da075c\B413137\amdkmdag.sys [111263168 2025-03-12] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\WINDOWS\System32\drivers\amdxe.sys [63008 2024-05-16] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 FortiFilter; C:\WINDOWS\system32\DRIVERS\FortiFilter.sys [35400 2023-07-18] (Fortinet Technologies (Canada) Inc. -> Fortinet Inc)
S3 Fortips; C:\WINDOWS\System32\drivers\fortips.sys [165072 2023-07-18] (Fortinet, Inc. -> Fortinet Inc)
S3 FortiTransCtrl; C:\WINDOWS\System32\drivers\FortiTransCtrl.sys [84136 2023-07-18] (Fortinet, Inc. -> Fortinet Inc)
S3 ftsvnic; C:\WINDOWS\System32\drivers\ftsvnic.sys [75888 2023-07-18] (Fortinet, Inc. -> Fortinet Inc.)
R3 ft_vnic; C:\WINDOWS\System32\drivers\ftvnic.sys [70368 2023-07-18] (Fortinet Technologies (Canada) Inc. -> Fortinet Corporation)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [39920 2024-06-21] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 ThermalFilter; C:\WINDOWS\System32\DriverStore\FileRepository\c_thermal.inf_amd64_732a53ed1662b707\ThermalFilter.sys [75376 2025-03-31] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20016 2025-04-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [605576 2025-04-11] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100744 2025-04-11] (Microsoft Windows -> Microsoft Corporation)
S3 wini3ctarget; C:\WINDOWS\System32\DriverStore\FileRepository\wini3ctarget.inf_amd64_bdb09ebda2834009\wini3ctarget.sys [75168 2025-03-31] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [38176 2024-06-21] (WireGuard LLC -> WireGuard LLC)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-04-23 22:37 - 2025-04-23 22:37 - 000754454 _____ C:\WINDOWS\system32\perfh008.dat
2025-04-23 22:37 - 2025-04-23 22:37 - 000706648 _____ C:\WINDOWS\system32\perfh007.dat
2025-04-23 22:37 - 2025-04-23 22:37 - 000676174 _____ C:\WINDOWS\system32\perfh006.dat
2025-04-23 22:37 - 2025-04-23 22:37 - 000149622 _____ C:\WINDOWS\system32\perfc007.dat
2025-04-23 22:37 - 2025-04-23 22:37 - 000149096 _____ C:\WINDOWS\system32\perfc008.dat
2025-04-23 22:37 - 2025-04-23 22:37 - 000139614 _____ C:\WINDOWS\system32\perfc006.dat
2025-04-23 22:27 - 2025-04-24 20:06 - 000000831 _____ C:\Users\Páll\Downloads\Fixlog.txt
2025-04-23 22:03 - 2025-04-23 22:03 - 000000000 ____D C:\Users\Páll\Downloads\FRST-OlderVersion
2025-04-23 18:22 - 2025-04-23 18:22 - 000004268 _____ C:\Users\Páll\Downloads\AdwCleaner[S24].txt
2025-04-23 17:01 - 2025-04-23 17:01 - 000000000 ____D C:\ProgramData\Muse Hub
2025-04-21 08:56 - 2025-04-21 08:56 - 009568256 _____ (Malwarebytes) C:\Users\Páll\Downloads\adwcleaner(2).exe
2025-04-21 08:55 - 2025-04-21 08:55 - 000000000 ____D C:\ProgramData\MuseHubUpdater
2025-04-21 08:55 - 2025-04-21 08:55 - 000000000 ____D C:\ProgramData\MuseAuthService
2025-04-21 08:55 - 2025-04-21 08:55 - 000000000 ____D C:\Program Files\MuseAuthService
2025-04-18 09:52 - 2025-04-18 10:29 - 000000000 ____D C:\Users\Páll\Desktop\USB
2025-04-17 10:30 - 2025-04-23 22:05 - 000057744 _____ C:\Users\Páll\Downloads\Addition.txt
2025-04-17 10:29 - 2025-04-24 20:08 - 000028053 _____ C:\Users\Páll\Downloads\FRST.txt
2025-04-17 10:29 - 2025-04-24 20:08 - 000000000 ____D C:\FRST
2025-04-17 10:28 - 2025-04-23 22:03 - 002405376 _____ (Farbar) C:\Users\Páll\Downloads\FRST64.exe
2025-04-17 09:32 - 2025-04-17 10:06 - 000592574 _____ C:\WINDOWS\ntbtlog.txt
2025-04-17 09:32 - 2025-04-17 10:01 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2025-04-17 08:47 - 2025-04-17 08:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2025-04-16 16:16 - 2025-04-16 16:16 - 000002034 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Privater Modus.lnk
2025-04-16 16:16 - 2025-04-16 16:16 - 000001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-04-16 16:16 - 2025-04-16 16:16 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2025-04-16 16:16 - 2025-04-16 16:16 - 000000000 ____D C:\Users\Páll\AppData\Roaming\Mozilla
2025-04-16 16:16 - 2025-04-16 16:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-04-16 16:14 - 2025-04-16 16:14 - 000382392 _____ (Mozilla) C:\Users\Páll\Downloads\Firefox Installer.exe
2025-04-16 16:03 - 2025-04-16 16:03 - 000035968 _____ C:\Users\Páll\Downloads\rtet.csv
2025-04-16 15:59 - 2025-04-16 15:59 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2025-04-15 20:34 - 2025-04-16 16:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-04-15 13:06 - 2025-04-15 13:06 - 000048528 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2025-04-13 09:55 - 2025-04-13 09:55 - 040056876 _____ C:\Users\Páll\Desktop\Riff 25.03.30 lang.wav
2025-04-11 21:17 - 2025-04-11 21:17 - 000000000 ____D C:\inetpub
2025-04-11 21:07 - 2025-04-11 21:07 - 009575227 _____ C:\Users\Páll\Downloads\Old World-Official User Manual.pdf
2025-04-11 13:49 - 2025-04-11 13:49 - 000001700 _____ C:\Users\Páll\Downloads\Riff 30.03.2025.tg
2025-04-10 08:59 - 2025-04-21 10:55 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-04-09 18:13 - 2025-04-11 13:41 - 040056876 _____ C:\Users\Páll\Desktop\Riff 30.03.2025.wav
2025-04-08 21:24 - 2025-04-08 21:24 - 000069260 _____ C:\Users\Páll\Downloads\Überweisung Hochschulsport.pdf
2025-04-07 17:38 - 2025-04-07 17:38 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2025-04-07 14:11 - 2025-04-07 14:11 - 000135524 _____ C:\Users\Páll\Downloads\GMX - RE_ Insurance deposit refund-1.pdf
2025-04-07 14:11 - 2025-04-07 14:11 - 000073928 _____ C:\Users\Páll\Downloads\Corresp. Sparkasse Giessen.pdf
2025-04-07 14:05 - 2025-04-07 14:10 - 000020197 _____ C:\Users\Páll\Downloads\AW_Problem_bei_Auslandsueberweisung.pdf
2025-04-07 14:05 - 2025-04-07 14:05 - 000019396 _____ C:\Users\Páll\Downloads\S_20250407_140535_AW_Problem_bei_Auslandsueberweisung.ZIP
2025-04-07 13:53 - 2025-04-07 13:53 - 000118632 _____ C:\Users\Páll\Downloads\Hochschulsport.pdf
2025-04-06 20:56 - 2025-04-06 20:56 - 000204743 _____ C:\Users\Páll\Downloads\DB_Ticket_869549164029.pdf
2025-04-05 18:47 - 2025-04-05 18:47 - 000000000 ____D C:\WINDOWS\system32\AccountHealthAssets
2025-04-04 23:21 - 2025-04-04 23:21 - 035835948 _____ C:\Users\Páll\Desktop\Riff 25.02.28.wav
2025-03-31 21:42 - 2025-03-31 21:42 - 000053050 _____ C:\Users\Páll\Documents\Rundfunkbeitrag - Bestätigung.pdf
2025-03-31 13:04 - 2025-03-31 13:04 - 000208442 _____ C:\Users\Páll\Downloads\image-1000-805f01d16bd722eff86baa7a53f2fa8d.jpeg
2025-03-31 11:26 - 2025-03-31 11:26 - 000000667 _____ C:\Users\Páll\Downloads\Riff 2 30.03.2025.tg
2025-03-31 11:18 - 2025-03-31 11:18 - 000029042 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-03-31 11:18 - 2025-03-31 11:18 - 000029042 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2025-03-25 10:53 - 2025-03-25 10:53 - 000135524 _____ C:\Users\Páll\Downloads\GMX - RE_ Insurance deposit refund.pdf
2025-03-25 09:30 - 2025-03-25 09:30 - 000096657 _____ C:\Users\Páll\Downloads\Paul Theissen Income 03.25.pdf
2025-03-25 09:30 - 2025-03-25 09:30 - 000002737 _____ C:\Users\Páll\Downloads\20250325-42064635-umsatz(2).CSV
2025-03-25 09:29 - 2025-03-25 09:29 - 000002737 _____ C:\Users\Páll\Downloads\20250325-42064635-umsatz.CSV
2025-03-25 09:29 - 2025-03-25 09:29 - 000002737 _____ C:\Users\Páll\Downloads\20250325-42064635-umsatz(1).CSV
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-04-24 20:08 - 2025-02-06 11:58 - 000000000 ____D C:\Users\Páll\AppData\Local\Muse Hub
2025-04-24 20:08 - 2023-10-13 12:03 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-04-24 20:07 - 2025-03-16 15:00 - 000003116 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2025-04-24 20:07 - 2025-03-16 15:00 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-04-24 20:07 - 2025-03-16 14:58 - 000003796 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-04-24 20:07 - 2025-02-06 11:58 - 000000000 ____D C:\Users\Páll\AppData\Local\MuseSampler
2025-04-24 20:07 - 2024-11-29 21:34 - 000000000 ____D C:\Users\Páll\AppData\Roaming\Dropbox
2025-04-24 20:07 - 2024-11-29 21:34 - 000000000 ____D C:\Users\Páll\AppData\Local\Dropbox
2025-04-24 20:07 - 2024-07-13 17:54 - 000000000 ____D C:\ProgramData\boost_interprocess
2025-04-24 20:07 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-04-24 20:07 - 2023-10-13 17:57 - 000012288 ___SH C:\DumpStack.log.tmp
2025-04-24 20:06 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-04-24 20:06 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-04-24 20:06 - 2024-04-01 09:21 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2025-04-24 20:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-04-24 08:57 - 2023-10-13 12:44 - 000000000 ____D C:\Program Files (x86)\Steam
2025-04-24 08:54 - 2023-10-13 12:00 - 000000000 ____D C:\Users\Páll\AppData\Local\D3DSCache
2025-04-24 08:41 - 2024-01-16 20:54 - 000000000 ____D C:\Users\Páll\AppData\Roaming\landnama
2025-04-23 22:37 - 2025-03-16 20:02 - 003352330 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-04-23 22:37 - 2024-04-01 09:24 - 000000000 ____D C:\WINDOWS\INF
2025-04-23 22:28 - 2024-07-22 11:16 - 000000000 ____D C:\Users\Páll\AppData\LocalLow\Temp
2025-04-23 18:40 - 2025-03-16 14:58 - 000000000 ____D C:\Users\Páll
2025-04-23 17:01 - 2025-03-20 17:06 - 000000000 ____D C:\WINDOWS\Minidump
2025-04-23 17:01 - 2025-03-16 14:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-04-23 17:01 - 2025-03-16 14:00 - 000870309 ____N C:\WINDOWS\Minidump\042325-18000-01.dmp
2025-04-23 17:01 - 2023-12-01 14:51 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-04-23 16:03 - 2023-11-30 12:32 - 000000000 ____D C:\Program Files\Microsoft Office
2025-04-23 16:00 - 2023-10-13 12:45 - 000000000 ____D C:\Users\Páll\AppData\Local\Steam
2025-04-23 15:57 - 2025-03-16 15:00 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2129917812-2419563499-1881424802-1001
2025-04-23 15:57 - 2025-03-16 15:00 - 000003552 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-2129917812-2419563499-1881424802-1001
2025-04-23 15:57 - 2025-03-16 15:00 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-04-23 15:57 - 2023-11-30 12:34 - 000002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-04-21 09:05 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2025-04-21 09:02 - 2025-03-16 13:18 - 000000000 ____D C:\Users\Páll\AppData\Local\AMD_Common
2025-04-21 08:56 - 2023-10-13 17:58 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-04-18 10:43 - 2023-11-30 13:02 - 000000000 ____D C:\Users\Páll\AppData\Roaming\Microsoft\PowerPoint
2025-04-18 10:28 - 2023-11-05 22:10 - 000000000 ____D C:\Users\Páll\AppData\Local\FortiClient
2025-04-18 10:28 - 2023-11-05 22:07 - 000000000 ____D C:\Users\Páll\AppData\Roaming\FortiClient
2025-04-18 09:51 - 2023-10-13 12:00 - 000000000 ____D C:\Users\Páll\AppData\Local\Packages
2025-04-17 08:52 - 2025-03-16 15:00 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2025-04-17 08:47 - 2024-11-29 21:34 - 000000000 ____D C:\Program Files (x86)\Dropbox
2025-04-16 19:27 - 2023-10-13 14:50 - 000000000 ____D C:\Users\Páll\Desktop\Noten etc
2025-04-16 16:05 - 2023-12-01 09:16 - 000000000 ____D C:\Users\Páll\AppData\Roaming\Microsoft\Teams
2025-04-16 15:59 - 2023-10-13 22:50 - 000000000 ____D C:\Program Files\Common Files\VST3
2025-04-16 15:59 - 2023-10-13 22:47 - 000000000 ____D C:\Program Files\VstPlugIns
2025-04-13 10:38 - 2025-03-16 14:00 - 001108270 ____N C:\WINDOWS\Minidump\041325-15703-01.dmp
2025-04-12 08:17 - 2025-03-16 14:00 - 000868767 ____N C:\WINDOWS\Minidump\041225-10328-01.dmp
2025-04-11 21:18 - 2025-03-16 14:57 - 000638208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-04-11 21:17 - 2024-04-01 18:37 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2025-04-11 21:17 - 2024-04-01 18:36 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-04-11 21:17 - 2024-04-01 18:36 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemResources
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-04-11 21:17 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-04-11 19:19 - 2023-10-15 22:15 - 000000000 ____D C:\Users\Páll\AppData\Roaming\vlc
2025-04-11 08:54 - 2023-10-13 17:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-04-08 20:29 - 2025-03-16 14:59 - 003352064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-04-06 01:45 - 2023-10-13 13:24 - 000000000 ____D C:\Users\Páll\AppData\Roaming\discord
2025-04-06 01:05 - 2023-10-13 13:24 - 000000000 ____D C:\Users\Páll\AppData\Local\Discord
2025-04-05 19:52 - 2025-03-16 15:00 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-04-05 19:52 - 2025-03-16 15:00 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-04-05 19:05 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\USOPrivate
2025-04-05 19:02 - 2023-10-13 13:24 - 000002242 _____ C:\Users\Páll\Desktop\Discord.lnk
2025-04-05 18:47 - 2024-04-01 18:37 - 000000000 ____D C:\WINDOWS\InboxApps
2025-04-05 18:47 - 2024-04-01 18:37 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2025-04-05 18:47 - 2024-04-01 18:37 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\system32\UNP
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ___SD C:\WINDOWS\system32\F12
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\UUS
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemApps
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\setup
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2025-04-05 18:47 - 2024-04-01 09:26 - 000000000 ____D C:\Program Files\Common Files\System
2025-04-05 18:47 - 2024-04-01 09:21 - 000000000 ____D C:\WINDOWS\servicing
2025-04-05 11:17 - 2023-11-30 12:35 - 000000000 ____D C:\Users\Páll\AppData\Roaming\Microsoft\Word
2025-04-03 21:15 - 2025-03-16 14:00 - 000797220 ____N C:\WINDOWS\Minidump\040325-37312-01.dmp
2025-04-03 21:14 - 2024-11-29 21:35 - 000000000 ___RD C:\Users\Páll\Dropbox
2025-03-31 10:50 - 2025-03-16 14:08 - 000000000 ___DC C:\WINDOWS\Panther
2025-03-31 10:48 - 2025-03-16 14:00 - 001713386 ____N C:\WINDOWS\Minidump\033125-12390-01.dmp
2025-03-26 00:00 - 2024-03-07 20:59 - 000000000 ____D C:\Users\Páll\Zotero
2025-03-25 10:30 - 2023-10-16 00:10 - 000000000 ____D C:\Users\Páll\Desktop\Soundclips
2025-03-25 09:29 - 2023-12-27 08:42 - 000000000 ____D C:\Users\Páll\AppData\Roaming\Microsoft\Excel
2025-03-25 08:46 - 2023-10-16 11:03 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2025-03-25 08:46 - 2023-10-16 11:03 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2024-09-23 19:25 - 2024-09-23 19:25 - 000003469 _____ () C:\Users\Páll\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-04-2025
durchgeführt von Páll (24-04-2025 20:09:17)
Gestartet von C:\Users\Páll\Downloads
Microsoft Windows 11 Pro Version 24H2 26100.3775 (X64) (2025-03-16 13:01:01)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-2129917812-2419563499-1881424802-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2129917812-2419563499-1881424802-503 - Limited - Disabled)
Gast (S-1-5-21-2129917812-2419563499-1881424802-501 - Limited - Disabled)
Páll (S-1-5-21-2129917812-2419563499-1881424802-1001 - Administrator - Enabled) => C:\Users\Páll
WDAGUtilityAccount (S-1-5-21-2129917812-2419563499-1881424802-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 25.001.20435 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
AMD Install Manager (HKLM\...\{64763D96-BC41-442A-A10F-4C9EF1783BCB}) (Version: 24.30.25071.1901 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 25.3.1 - Advanced Micro Devices, Inc.)
Amped - Roots version 2.0.0 (HKLM\...\Amped - Roots_is1) (Version: 2.0.0 - )
Amped - Stevie T version 1.0.2 (HKLM\...\Amped - Stevie T_is1) (Version: 1.0.2 - )
AmpliTube 5 version 5.7.1 (HKLM\...\{D831D61F-EBF5-4158-AEE1-F58A7B8C04C8}_is1) (Version: 5.7.1 - IK Multimedia)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.15 - tippach engineering)
Audacity 3.0.0 (HKLM-x32\...\Audacity_is1) (Version: 3.0.0 - Audacity Team)
Audacity 3.7.3 (64 Bit) (HKLM\...\Audacity_is1) (Version: 3.7.3 - Audacity Team)
AusweisApp (HKLM\...\{780E63F7-FD7F-4FD4-8224-56C65E7BF2D8}) (Version: 2.2.2 - Governikus GmbH & Co. KG)
Banished (HKLM-x32\...\1207660783_is1) (Version: 1.0.7 - GOG.com)
Blackguards 2 (HKLM-x32\...\1207667233_is1) (Version: 2.2.0.5 - GOG.com)
Branding64 (HKLM\...\{492AEFBE-1B81-4C20-A111-E6974BB98EC5}) (Version: 1.00.0009 - Advanced Micro Devices, Inc.) Hidden
calibre 64bit (HKLM\...\{08B38F11-2B6D-434D-B5D5-8C2FE3D70A66}) (Version: 7.4.0 - Kovid Goyal)
Custom Shop 2.0.0 (HKLM\...\5b86c39c-6f2f-52a0-a1b0-9b9fc743254c) (Version: 2.0.0 - IK Multimedia)
Custom Shop version 2.0.0 (HKLM\...\{21BAD046-50EC-49E2-BE7B-F9729704F2C3}_is1) (Version: 2.0.0 - IK Multimedia)
DIE SIEDLER - Das Erbe der Könige (HKLM-x32\...\{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}) (Version: 1.00.0000 - Blue Byte)
Discord (HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\Discord) (Version: 1.0.9019 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 222.4.5042 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.983.1 - Dropbox, Inc.) Hidden
FortiClient VPN (HKLM\...\{FF46D152-9845-4ACE-8258-DBA7E3BE9785}) (Version: 7.0.9.0493 - Fortinet Technologies Inc)
GIMP 2.10.34 (HKLM\...\GIMP-2_is1) (Version: 2.10.34 - The GIMP Team)
HP LaserJet Pro MFP M127-M128 (HKLM-x32\...\{3b050369-8d19-413d-9dec-84ff278472eb}) (Version: 15.0.15309.1258 - Hewlett-Packard)
HP LaserJet Pro MFP M127-M128 Fax (HKLM\...\{C5835004-643A-4EB6-A280-706F9F62F985}) (Version: 32.0.44.0 - Hewlett-Packard Co.) Hidden
HP LaserJet Pro MFP M127-M128 Fax (HKLM-x32\...\{FAE97B40-E8E2-4B52-9A9E-219C3CCC0107}) (Version: 32.0.44.0 - Hewlett-Packard Co.) Hidden
HP LaserJet Pro MFP M127-M128 Fax Driver (HKLM\...\{65072E52-F51B-4280-9DA6-EA5F1EE72C3A}) (Version: 32.0.44.0 - Hewlett-Packard Co.) Hidden
HP LaserJet Pro MFP M127-M128 HP Device Toolbox (HKLM-x32\...\{612631AC-0D84-4116-9D8A-D2D63467B7BF}) (Version: 32.0.28.0 - Hewlett-Packard Co.) Hidden
HP LJ M127128 Scan HP Scan (HKLM-x32\...\{2F518061-89DB-4AF0-9A7A-2BF73B60E6F0}) (Version: 1.0.302.0 - Hewlett-Packard Co.) Hidden
HP Product FWUpdater (HKLM-x32\...\{1A8F20ED-C9CC-43FD-A678-20970BB83A9E}) (Version: 4.0.0.8895 - Hewlett-Packard Company) Hidden
HP Unified IO (HKLM\...\{5C76ED0D-0F6F-4985-8B34-F9AE7834848F}) (Version: 2.0.0.434 - HP) Hidden
HP Unified IO (HKLM-x32\...\{F1390872-2500-4408-A46C-CD16C960C661}) (Version: 2.0.0.434 - HP) Hidden
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPLJProMFPM127M128 (HKLM-x32\...\{B5409C23-DE0C-4B48-8C8A-50AE38694955}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (HKLM-x32\...\{B445502B-2F83-4873-90F1-06059F71A46A}) (Version: 014.000.0001 - HP) Hidden
HPLJUTM127_128 (HKLM-x32\...\{2C886751-51BD-4A8C-B33A-B4C513AB5B9A}) (Version: 008.000.0001 - HP) Hidden
hppM125LaserJetService (HKLM-x32\...\{18D5B189-DBDD-4E57-A84B-58C7700E9BB0}) (Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{7504A7B0-003E-4875-A454-B627E127E9D9}) (Version: 100.040.00218 - Hewlett Packard) Hidden
hpStatusAlertsM127-M128 (HKLM-x32\...\{10D7EBAF-A550-48CD-8511-7D947184EE44}) (Version: 080.046.00112 - Hewlett-Packard) Hidden
IK Product Manager (HKLM\...\a401809f-3509-5ed7-a6dc-34dc618bf372) (Version: 1.0.9 - IK Multimedia)
Inkulinati (HKLM-x32\...\1788295898_is1) (Version: 1.48.1.0 - GOG.com)
Java(TM) SE Development Kit 22 (64-bit) (HKLM\...\{0A90CDCF-216E-51BC-89BE-70E263109A25}) (Version: 22.0.0.0 - Oracle Corporation)
LibreOffice 7.6.2.1 (HKLM\...\{69CAC3E6-C2D7-4221-9351-1F27CCBA92F1}) (Version: 7.6.2.1 - The Document Foundation)
MAGIX Analogue Modelling Suite Plus (HKLM\...\{F485F2FE-1D3D-4F6D-AD4E-13FA5FB22A88}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Analogue Modelling Suite Plus (HKLM\...\MX.{F485F2FE-1D3D-4F6D-AD4E-13FA5FB22A88}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Vandal VST-PlugIn (HKLM\...\{24F96DED-7B99-49C4-B877-CDCDC37762FA}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Vandal VST-PlugIn (HKLM\...\MX.{24F96DED-7B99-49C4-B877-CDCDC37762FA}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX VariVerb II VST-PlugIn (HKLM\...\{7A97538C-6D3F-4BB5-B2A1-D0ECFB199A4C}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX VariVerb II VST-PlugIn (HKLM\...\MX.{7A97538C-6D3F-4BB5-B2A1-D0ECFB199A4C}) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Vintage Effects Suite (HKLM\...\{48978B41-9CD5-4274-9519-B622DD89727D}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Vintage Effects Suite (HKLM\...\MX.{48978B41-9CD5-4274-9519-B622DD89727D}) (Version: 1.0.0.0 - MAGIX Software GmbH)
Microsoft .NET Host - 8.0.8 (x64) (HKLM\...\{3BA242F8-BDB5-4096-9FBC-333CD663BBAD}) (Version: 64.32.18380 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 8.0.8 (x64) (HKLM\...\{7FE24458-0796-4428-99C2-9A0F8DAB93CC}) (Version: 64.32.18380 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 8.0.8 (x64) (HKLM\...\{9ACB23DB-4D32-49ED-A5E3-F4E2F8D9D2AA}) (Version: 64.32.18380 - Microsoft Corporation) Hidden
Microsoft 365 Apps for enterprise - da-dk (HKLM\...\O365ProPlusRetail - da-dk) (Version: 16.0.18623.20208 - Microsoft Corporation)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.18623.20208 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 135.0.3179.85 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 135.0.3179.85 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.060.0330.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34438 (HKLM-x32\...\{b49c10dd-4d54-45f8-ad13-fa25704456a4}) (Version: 14.42.34438.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34438 (HKLM-x32\...\{ba10fda9-f731-441f-a999-000bbb7ceec2}) (Version: 14.42.34438.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34438 (HKLM\...\{E528AD94-12D7-42C4-91A3-908BE28E9BD2}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34438 (HKLM\...\{2E15F519-4FDA-4834-B4EE-7EFCE7D8D4EE}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34438 (HKLM-x32\...\{A5592FEF-F948-4BA6-A066-8BBFC2DC7EE1}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34438 (HKLM-x32\...\{5D0C4511-3CA1-4FF8-A4BA-C0E1957ABEEA}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.8 (x64) (HKLM\...\{663E7053-3B36-4AE5-8223-234867FAEAE6}) (Version: 64.32.18376 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 8.0.8 (x64) (HKLM-x32\...\{33832ff3-5583-4b81-b270-d9fd42760e1a}) (Version: 8.0.8.33916 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 14.41.137.0 - Microsoft Corporation)
MODO DRUM version 1.5.0 (HKLM\...\{A795A974-32B1-421C-AA21-B03288C5C562}_is1) (Version: 1.5.0 - IK Multimedia)
Mount and Blade: Warband - Viking Conquest (HKLM-x32\...\1207666933_is1) (Version: 2.068 - GOG.com)
Mount and Blade: Warband (HKLM-x32\...\1207666913_is1) (Version: 2.064 (GOG) - GOG.com)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 137.0.2 (x64 de)) (Version: 137.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 137.0.2 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Native Access 3.12.1 (HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\c410b7d2-8fce-53b3-8332-e98b6e89a16a) (Version: 3.12.1 - Native Instruments)
Native Instruments Kontakt (HKLM-x32\...\Native Instruments Kontakt) (Version: 6.8.0.0 - Native Instruments)
Native Instruments Kontakt 7 (HKLM-x32\...\Native Instruments Kontakt 7) (Version: 7.10.5.0 - Native Instruments)
Native Instruments NTKDaemon (HKLM-x32\...\Native Instruments NTKDaemon) (Version: 1.19.0.0 - Native Instruments)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 30.1.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18623.20208 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0406-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.18623.20156 - Microsoft Corporation) Hidden
Old World (HKLM-x32\...\2010300617_is1) (Version: 76679 - GOG.com)
Old World Expansion 1 (HKLM-x32\...\1721325518_is1) (Version: 76679 - GOG.com)
OpenVPN 2.5.3-I601 amd64 (HKLM\...\{E5931AF4-2A8F-48A5-AFC8-460348F480E8}) (Version: 2.5.022 - OpenVPN, Inc.)
Pathologic 2 (HKLM-x32\...\1076642617_is1) (Version: 1.5.30038-rel-dev-st + mn - GOG.com)
ProjectSAM The Free Orchestra (HKLM-x32\...\ProjectSAM The Free Orchestra) (Version: 2.0.0.1 - ProjectSAM)
Realms of Arkania 2 - Star Trail (HKLM-x32\...\1207661983_is1) (Version: 1.0 v2 - GOG.com)
RyzenMasterSDK (HKLM\...\{EA69F3F4-94A3-4B3D-8A87-08C1D6ED87B4}) (Version: 1.2.3.5 - Advanced Micro Devices, Inc.) Hidden
Samplitude Pro X2 Silver (HKLM\...\{C3A3C7A2-0118-4EAA-B51D-E8F26B22D320}) (Version: 13.1.3.176 - MAGIX Software GmbH) Hidden
Samplitude Pro X2 Silver (HKLM\...\MX.{C3A3C7A2-0118-4EAA-B51D-E8F26B22D320}) (Version: 13.1.3.176 - MAGIX Software GmbH)
Samplitude Pro X2 Silver Independence Free (HKLM\...\{E52AC3D4-3700-41D3-8E0E-2FD3C8A8CD3D}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Samplitude Pro X2 Silver Independence Free (HKLM\...\MX.{E52AC3D4-3700-41D3-8E0E-2FD3C8A8CD3D}) (Version: 1.0.0.0 - MAGIX Software GmbH)
Samplitude Pro X2 Silver Objekt-Synthesizer (HKLM\...\{0E9CFDBD-B513-42E5-B46F-D6CD1214FF77}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Samplitude Pro X2 Silver Objekt-Synthesizer (HKLM\...\MX.{0E9CFDBD-B513-42E5-B46F-D6CD1214FF77}) (Version: 1.0.0.0 - MAGIX Software GmbH)
Shadowrun Returns (HKLM-x32\...\1207660413_is1) (Version: 2.3.0.12 - GOG.com)
Soundpaint 3.1.2 (HKLM\...\{78841126-C6F3-4136-A6AF-DB43EB9DDF9F}_is1) (Version: 3.1.2 - 8Dio)
Spitfire Audio version 3.4.10 (HKLM-x32\...\{ABC5F486-25BD-4BAA-9FA1-A84152CBB563}_is1) (Version: 3.4.10 - Spitfire Audio Holdings Ltd)
STAR WARS Battlefront II (HKLM-x32\...\1421404701_is1) (Version: 1.1 - GOG.com)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stronghold HD (HKLM-x32\...\1207658712_is1) (Version: 1.41 - GOG.com)
Syntronik 2 version 2.1.1 (HKLM\...\{D1F669F8-F75C-442E-B303-107C052DD42C}_is1) (Version: 2.1.1 - IK Multimedia)
The Witcher Enhanced Edition Director's Cut (HKLM-x32\...\1207658924_is1) (Version: 2.1.0.15 - GOG.com)
TuxGuitar (HKLM\...\TuxGuitar 1.6.6) (Version: 1.6.6 - TuxGuitar)
TuxGuitar (HKLM-x32\...\TuxGuitar 1.5.6) (Version: 1.5.6 - TuxGuitar)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.20 - VideoLAN)
Zoom (HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\ZoomUMX) (Version: 5.17.11 (34827) - Zoom Video Communications, Inc.)
Zotero (HKLM-x32\...\Zotero 6.0.36 (x86 en-US)) (Version: 6.0.36 - Corporation for Digital Scholarship)
Packages:
=========
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3624.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-04-11] (Microsoft Windows)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2025-03-16] ()
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2025-04-17] (Dropbox Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_158.2.1134.0_x64__v10z8vjag6ke6 [2025-04-03] (HP Inc.)
Microsoft.StartExperiencesApp -> C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.1.296.0_x64__8wekyb3d8bbwe [2025-03-19] (Microsoft Corporation)
MuseHub -> C:\Program Files\WindowsApps\Muse.MuseHub_2.2.1.13_x64__rb9pth70m6nz6 [2025-04-21] (Muse) [Startup Task]
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE16 [2025-04-23] ()
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.52.354.0_x64__dt26b99r8h8gj [2025-03-16] (Realtek Semiconductor Corp)
SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0 [2025-04-14] (Spotify AB) [Startup Task]
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-04-11] (Microsoft Windows)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001_Classes\CLSID\{04271989-C4D2-DB05-E5F6-C88623FBD62F} -> [OneDrive] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001_Classes\CLSID\{41AD5CCC-26E6-46CC-821E-81569059CA8D} -> [Dropbox] => C:\Users\Páll\Dropbox [2024-11-29 21:35]
CustomCLSID: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> "C:\Users\Páll\AppData\Local\Microsoft\Teams\current\Teams.exe" --toast => Keine Datei
CustomCLSID: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Páll\Dropbox [2024-11-29 21:35]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.060.0330.0003\FileSyncShell64.dll [2025-04-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2025-02-25] (Advanced Micro Devices -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.78.0.dll [2025-04-02] (Dropbox, Inc -> Dropbox, Inc.)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2009-09-16 18:44 - 2009-09-16 18:44 - 000153088 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\hptcpmib.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000331264 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 11:44 - 2009-09-16 11:44 - 000132096 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\hpzjrd01.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000317440 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\WINDOWS\System32\HPTcpMUI.dll
2023-07-18 15:12 - 2023-07-18 15:12 - 000155648 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Fortinet\FortiClient\legacy.DLL
2023-07-18 15:12 - 2023-07-18 15:12 - 006030336 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Fortinet\FortiClient\libcrypto-3-x64.dll
2023-07-18 15:12 - 2023-07-18 15:12 - 000776192 _____ (The OpenSSL Project, hxxps://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Fortinet\FortiClient\libssl-3-x64.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) =============
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-04-07] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\...\sharepoint.com -> hxxps://cmsa3-files.sharepoint.com
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-12-07 11:14 - 2025-04-24 20:07 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Calibre2\;C:\Program Files\dotnet\
HKU\S-1-5-21-2129917812-2419563499-1881424802-1001\Control Panel\Desktop\\Wallpaper -> D:\Bilder\2017 Dansk på Askov\20170825_063400.jpg
DNS Servers: 217.69.224.73 - 213.187.64.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
ist aktiviert.
Network Binding:
=============
Ethernet 2: Fortinet Virtual Ethernet Adapter (NDIS 6.30) -> ftvnic.sys
OpenVPN Wintun: Wintun Userspace Tunnel -> wintun.sys
LAN-Verbindung: TAP-Windows Adapter V9 -> tap0901.sys
Ethernet: Realtek PCIe GbE Family Controller -> rt640x64.sys
Ethernet 3: Fortinet SSL VPN Virtual Ethernet Adapter -> ftsvnic.sys
ft_fortifilter: FortiClient NDIS 6.3 Packet Filter Driver
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{8E0434B3-06C2-478E-92F3-D7EC27A8694C}C:\gog games\pathologic 2\pathologic.exe] => (Block) C:\gog games\pathologic 2\pathologic.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{D252EC65-5FB1-49E6-B3F9-0558F3BD8B32}C:\gog games\pathologic 2\pathologic.exe] => (Block) C:\gog games\pathologic 2\pathologic.exe () [Datei ist nicht signiert]
FirewallRules: [{ABBBC7D4-DC9D-4E8E-BC6E-2959BC0070E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Landnama\Landnama.exe (Godot Engine) [Datei ist nicht signiert]
FirewallRules: [{4865745D-3ABD-4530-86A0-BF58BE78B16F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Landnama\Landnama.exe (Godot Engine) [Datei ist nicht signiert]
FirewallRules: [{DA20D4E1-623E-467D-8AA6-DE0B6A331CA6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BEAST\Beast.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [{4668507F-5438-4821-8FBD-F63C451D5C37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BEAST\Beast.exe (Epic Games, Inc.) [Datei ist nicht signiert]
FirewallRules: [AusweisApp-Firewall-Rule] => (Allow) C:\Program Files\AusweisApp\AusweisApp.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG)
FirewallRules: [{CC0F8CD2-D0B7-4493-9AC2-D3DF80FF5A2E}] => (Allow) C:\Program Files\AusweisApp\AusweisApp.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG)
FirewallRules: [{BDBBAADB-1430-4E1C-B344-402B87CF1041}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{8180F412-8620-4E3E-98A5-8BE0FB4D9BB6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW-BI.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{88D99470-889D-45D0-AF4B-890C29DE0DF5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{CFE9C114-F537-4C00-A06A-41031B8FB60A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rome Total War Gold\RomeTW.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{ED347C13-0891-49A4-B11A-2FD993CA76F7}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{515836BE-5504-42BC-A00F-6A56C8C4D78E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\2KLauncher\LauncherPatcher.exe => Keine Datei
FirewallRules: [{DDA9C3CB-1214-405C-8F43-7778B04F77D3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\2KLauncher\LauncherPatcher.exe => Keine Datei
FirewallRules: [{9759CA40-9F76-4B65-8266-56D922F7EEF3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hellish Quart\Hellish Quart.exe () [Datei ist nicht signiert]
FirewallRules: [{0BE84599-DE6B-4F26-AE1D-5676CC0E34E3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hellish Quart\Hellish Quart.exe () [Datei ist nicht signiert]
FirewallRules: [{3E1E8D2D-7CA2-486F-A152-FB4D098521FB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2D22D465-F739-4BFB-A589-4E4E36591D58}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{653D25F2-8128-4C65-A0B2-B1DD1662C147}] => (Allow) C:\Users\Páll\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{CF0C24E2-88A0-4E63-A29E-F7258BCBF912}C:\gog games\wolfenstein the new order\wolfneworder_x64.exe] => (Block) C:\gog games\wolfenstein the new order\wolfneworder_x64.exe => Keine Datei
FirewallRules: [TCP Query User{69B489DB-1687-4AE8-8A85-838F05BE4BA3}C:\gog games\wolfenstein the new order\wolfneworder_x64.exe] => (Block) C:\gog games\wolfenstein the new order\wolfneworder_x64.exe => Keine Datei
FirewallRules: [{987BC49B-EEDA-435A-AAC8-82C2F48F89B3}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E7CBD212-B228-4F8D-BB4C-D5E909A18BE4}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{865DA2EE-A25A-48FB-83CE-4EC558825E08}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{0C024BD2-9EDD-4EE5-9BCF-EA34CDC8AF51}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C2F85DDE-953A-4CD9-A87B-745FA43A294E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8A3E397D-76C2-47B6-98F9-5FB5947FB0B9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{509E010C-D013-4F0C-8CE6-E086ABCD3F02}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{56C42688-41D4-4BE4-BDC2-28BAA9A1BDB8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.107.3215.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4FAE47C1-E782-4A46-B7DA-91C6873B7F5B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{55D95518-5C71-44F7-8970-DBAE7809AA98}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Empire Total War\Empire.exe (The Creative Assembly Ltd) [Datei ist nicht signiert]
FirewallRules: [{2D3030DD-EF64-4FC7-BDA7-FDE25248E9A7}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\bin\EWSProxy.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{5B025E77-A240-43CF-BC62-F9DAD010FF13}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\Bin\HPNetworkCommunicatorCom.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{E8C6460E-4795-4838-AB7E-B9814D33B8F0}] => (Allow) C:\Program Files (x86)\HP\HP LaserJet Pro MFP M127-M128\bin\FaxApplications.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{8C08937A-7C68-4CCA-A23A-7B4A1096083C}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\bin\FaxPrinterUtility.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{0B7EB188-E76E-4B0E-B817-ED13317B62D5}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\Bin\HPNetworkCommunicatorCom.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{9CEBF324-1973-40DA-B06B-3AF196ABE28D}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M127-M128\bin\SendAFax.exe (VistaName -> Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{F6BBA465-91D1-45CD-8D1D-A7672EE76FA0}C:\gog games\wolfenstein the new order\wolfneworder_x64.exe] => (Block) C:\gog games\wolfenstein the new order\wolfneworder_x64.exe => Keine Datei
FirewallRules: [TCP Query User{6217295B-2F67-49A2-AB27-D51FFF71866F}C:\gog games\wolfenstein the new order\wolfneworder_x64.exe] => (Block) C:\gog games\wolfenstein the new order\wolfneworder_x64.exe => Keine Datei
FirewallRules: [{E9F8D213-418C-4F2B-955E-7B7BF91790BD}] => (Block) D:\magix\music maker\27\musicmaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [{003CAFAC-FAE9-468F-AA31-8D156FDA42D1}] => (Block) D:\magix\music maker\27\musicmaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [UDP Query User{2A943D1A-DFF0-4C80-A43C-203537D3B9F6}D:\magix\music maker\27\musicmaker.exe] => (Allow) D:\magix\music maker\27\musicmaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [TCP Query User{69301664-18C9-4D38-A1D0-B99AA383262A}D:\magix\music maker\27\musicmaker.exe] => (Allow) D:\magix\music maker\27\musicmaker.exe (MAGIX Software GmbH -> MAGIX Software GmbH)
FirewallRules: [{FBC110EF-9276-48CF-BA74-3D0122E339F4}] => (Block) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => Keine Datei
FirewallRules: [{7EC0AD71-7242-4391-B865-F7CE2A9D2998}] => (Block) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => Keine Datei
FirewallRules: [UDP Query User{C6CEBF84-964E-4388-BBC8-BAFCDAF31BEA}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => Keine Datei
FirewallRules: [TCP Query User{6EC3D20E-992E-4F5B-906A-A81B4CE8B33F}C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe] => (Allow) C:\gog games\kingdom come deliverance\bin\win64\kingdomcome.exe => Keine Datei
FirewallRules: [{5A5052CB-CD91-45E4-AEE9-D37B50180822}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{628858A9-CBAF-4B47-AC6F-8F0E608F6533}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2E1B84F5-986C-4758-B49E-2DE145C9A6EC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{A85B0E3E-7CA8-4C4B-80E4-43DB4CE407AC}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{728FD8CD-E9AE-46AC-BB29-0114B5895CD3}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1C8BB13F-EA68-49FF-A50D-2AD349590884}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-V2] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-NoScope] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [TCP Query User{B859FD5D-817A-4F19-8190-432318E883AC}C:\gog games\old world\oldworld.exe] => (Block) C:\gog games\old world\oldworld.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{FC29BE39-F928-4D8C-811C-DF80A3A69034}C:\gog games\old world\oldworld.exe] => (Block) C:\gog games\old world\oldworld.exe () [Datei ist nicht signiert]
FirewallRules: [{D071D613-CB54-473F-98E6-40183666A56E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D2FF42E4-0404-4664-AD0D-038BB62D902C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8E4B3347-F708-4111-9396-08564815351F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7760D861-68DF-4852-9E34-0AAA6125A7DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{3023554F-AD3D-4D7D-BF74-0868550055D0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D1192CE2-0F54-43FA-B500-B46C5F25AC6D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{931FF170-4203-4C59-B9C7-E99F68D843DA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{76DB5BDE-35AF-44D3-9D57-7EBE9F2CDFC5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E4EB7055-8E99-4D46-81AD-074FF44612F0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D2DDD469-8E0B-4BFF-8E60-B5713A35B19D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.261.443.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BEB3177F-FCA6-4E5A-8FFC-D1F3FF1D7FE6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{DF652755-783A-42D9-8FB0-13452EC3B625}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CEF517E2-C432-421E-A113-480156B20916}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{981F76D3-53FC-4CD6-94B6-6045B094BC2F}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{5026CF2C-2111-4A49-A183-2A2411CD49C8}] => (Allow) C:\Program Files\WindowsApps\Muse.MuseHub_2.2.1.13_x64__rb9pth70m6nz6\Muse.exe (Musecy SM Ltd. -> Muse)
FirewallRules: [{3328610D-4F95-4802-B363-44692434DF76}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\135.0.3179.85\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
14-04-2025 17:28:00 Windows Update
16-04-2025 15:59:46 Removed Sitala
21-04-2025 14:38:19 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager ============
Name: Fortinet SSL VPN Virtual Ethernet Adapter
Description: Fortinet SSL VPN Virtual Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Fortinet Inc
Service: ftsvnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (04/24/2025 08:05:30 PM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) Das Handle ist ungültig.
Error: (04/24/2025 08:33:09 AM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) Das Handle ist ungültig.
Error: (04/23/2025 10:27:44 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "QueryFullProcessImageNameW" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070006, Das Handle ist ungültig..
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (04/23/2025 10:27:30 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert.Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {02072af9-1f2c-4497-8e33-6443b0b90304}
Error: (04/23/2025 10:03:48 PM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) Das Handle ist ungültig.
Error: (04/23/2025 03:57:39 PM) (Source: DbxSvc) (EventID: 322) (User: )
Description: Failed to get driver message: (-2147024890) Das Handle ist ungültig.
Error: (04/21/2025 02:32:57 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren..
Error: (04/21/2025 02:32:57 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.]
Systemfehler:
=============
Error: (04/24/2025 08:06:48 PM) (Source: Microsoft-Windows-DeviceAssociationService) (EventID: 3503) (User: NT-AUTORITÄT)
Description: Der Gerätezuordnungsdienst hat einen Fehler bei der Endpunktermittlung erkannt.
Error: (04/24/2025 08:06:47 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Der Dienst Windows Update konnte nach dem Empfang eines Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
Error: (04/24/2025 08:57:42 AM) (Source: Microsoft-Windows-DeviceAssociationService) (EventID: 3503) (User: NT-AUTORITÄT)
Description: Der Gerätezuordnungsdienst hat einen Fehler bei der Endpunktermittlung erkannt.
Error: (04/24/2025 08:57:29 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8H8CSAR)
Description: Der Server "{FD06603A-2BDF-4BB1-B7DF-5DC68F353601}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (04/24/2025 08:34:33 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (04/24/2025 08:34:33 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (04/23/2025 11:23:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8H8CSAR)
Description: Der Server "Microsoft.AAD.BrokerPlugin_1000.19580.1000.2_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (04/23/2025 11:23:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-8H8CSAR)
Description: Der Server "Microsoft.AAD.BrokerPlugin_1000.19580.1000.2_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Windows Defender:
================
Date: 2025-04-16 19:38:25
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-15 21:12:24
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-15 20:28:30
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-14 09:06:09
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-04-11 17:43:03
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]
Date: 2025-04-17 10:11:14
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.427.296.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.25030.1
Error code: 0x8007043c
Error description: Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Date: 2025-04-17 10:01:12
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2025-04-17 09:32:21
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x8007043c
Error description: Der Dienst kann nicht im abgesicherten Modus gestartet werden.
Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
CodeIntegrity:
===============
Date: 2025-04-24 20:07:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\Dropbox.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Dropbox\Client\222.4.5042\vulkan-1.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends International, LLC. A.B0 08/11/2022
Hauptplatine: Micro-Star International Co., Ltd. B550-A PRO (MS-7C56)
Prozessor: AMD Ryzen 5 5600X 6-Core Processor
Prozentuale Nutzung des RAM: 36%
Installierter physikalischer RAM: 16310.09 MB
Verfügbarer physikalischer RAM: 10399.14 MB
Summe virtueller Speicher: 20918.09 MB
Verfügbarer virtueller Speicher: 11991.42 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:930.71 GB) (Free:562.34 GB) (Model: Samsung SSD 980 PRO 1TB) NTFS
Drive d: (Archiv) (Fixed) (Total:931.39 GB) (Free:251.77 GB) (Model: TOSHIBA HDWD110) NTFS
Drive e: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
\\?\Volume{5dd90591-b645-4434-8eb7-f8172c484e0d}\ () (Fixed) (Total:0.69 GB) (Free:0.11 GB) NTFS
\\?\Volume{0152c4ad-1b08-4590-88a8-cb263ce40039}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 84543A49)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt =======================
|
|
24.04.2025, 19:17
| #8 |
| /// TB-Ausbilder | PUP.Adware.Heuristic / bcnexum Sehr gut. Gibt es noch Probleme oder kann ich dir noch ein paar Tipps mit auf den Weg geben? |
|
24.04.2025, 19:53
| #9 |
| | PUP.Adware.Heuristic / bcnexum Das mit den Installern hast du ja erklärt, sonst fällt mir spontan nichts ein. Vielen lieben Dank für die Hilfe, das hat mir einige Kopfschmerzen beseitigt! |
|
24.04.2025, 19:57
| #10 |
| /// TB-Ausbilder | PUP.Adware.Heuristic / bcnexum Entfernung der verwendeten Tools Führe KpRm gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Dann wären wir durch! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Wenn Du möchtest, kannst Du hier sagen, ob du mit uns und unserer Hilfe zufrieden warst... Vielleicht möchtest du das Forum mit einer kleinen Spende  unterstützen.  Zum Schluss bitte unbedingt die Sicherheitsmaßnahmen lesen und umsetzen: Hinweis: Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
24.04.2025, 20:03
| #11 |
| | PUP.Adware.Heuristic / bcnexum Und keine weiteren Fragen Code:
ATTFilter # Run at 24.04.2025 21:01:17
# KpRm (Kernel-panik) version 2.19.0
# Website https://kernel-panik.me/tool/kprm/
# Run by Páll from C:\Users\Páll\Downloads
# Computer Name: DESKTOP-8H8CSAR
# OS: Windows 11 X64 (26100) (10.0.26100.3775)
# Number of passes: 1
- Checked options -
~ Delete Tools
~ Delete Quarantines
- Delete Tools -
## AdwCleaner
[OK] C:\Users\Páll\Downloads\adwcleaner(1).exe deleted
[OK] C:\Users\Páll\Downloads\adwcleaner(2).exe deleted
[OK] C:\Users\Páll\Downloads\adwcleaner.exe deleted
[OK] C:\AdwCleaner deleted
## FRST
[OK] C:\Users\Páll\Downloads\Addition.txt deleted
[OK] C:\Users\Páll\Downloads\Fixlog.txt deleted
[OK] C:\Users\Páll\Downloads\FRST-OlderVersion deleted
[OK] C:\Users\Páll\Downloads\FRST.txt deleted
[OK] C:\Users\Páll\Downloads\FRST64.exe deleted
[OK] C:\FRST deleted
-- KPRM finished in 3.23s --
|
|
24.04.2025, 20:09
| #12 |
| /// TB-Ausbilder | PUP.Adware.Heuristic / bcnexum Wir sind froh, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Jeder andere bitte hier klicken und ein eigenes Thema erstellen. |
|
| Themen zu PUP.Adware.Heuristic / bcnexum |
| adobe, antivirus, computer, defender, entfernen, failed, google, internet, internet explorer, mozilla, openvpn, performance, port, problem, prozesse, realtek, registry, scan, services.exe, software, svchost.exe, system, udp, updates, vista, windows |
Linear-Darstellung
