| |
| |||||||
Log-Analyse und Auswertung: Amazon-Konto gehackt - Trojaner?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
31.05.2025, 10:48
| #1 |
 |  Amazon-Konto gehackt - Trojaner? Hallo, mein Amazon Konto wurde gehackt und ein AMD Ryzen Prozessor 9000 für 289 € an folgende Adresse bestellt: Adresse entfernt /cosinus Amazon habe ich bereits informiert, Passwort geändert (auch im Mail-Programm). Jetzt möchte ich noch wissen, ob ich einen Trojaner auf dem PC habe. Könnt Ihr mir dabei helfen? Frst habe ich ausgeführt - Hier die Log-Dateien: Frst.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-05-2025
Ran by Administrator (administrator) on FIREWALKER85 (LENOVO 80VR) (31-05-2025 11:39:13)
Running from C:\Users\el_uk\Downloads\FRST64.exe
Loaded Profiles: el_uk & Administrator
Platform: Microsoft Windows 10 Home Version 22H2 19045.5854 (X64) Language: Deutsch (Deutschland) -> Deutsch (Deutschland)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AO Kaspersky Lab -> AO Kaspersky Lab) C:\Users\Administrator\AppData\Local\Temp\{ccd5d27c-4e4c-4318-bbb2-86525d80ab34}\5661fa39.exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(LenovoGamingSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe ->) (LENOVO -> Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\HotkeyMonitor.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Mozilla Corporation -> Mozilla Foundation) C:\Program Files\Mozilla Firefox\crashhelper.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\NVIDIA Overlay.exe <5>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\ShadowPlay\nvsphelper64.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(DriverStore\FileRepository\igdlh64.inf_amd64_ba34b5e302b5992f\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ba34b5e302b5992f\igfxEM.exe
(explorer.exe ->) (LENOVO -> Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ba34b5e302b5992f\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ba34b5e302b5992f\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ba34b5e302b5992f\IntelCpHeciSvc.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (LENOVO -> Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe
(services.exe ->) (LENOVO -> Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderSVC.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe
(services.exe ->) (McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <4>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_4bd2a3580753f54d\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Qualcomm Atheros, Inc. -> ) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Shanghai Microvirt Software Technology Co., Ltd. -> ) C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(services.exe ->) (TomTom) [File not signed] C:\Program Files\TomTom HOME\TTHOMEService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NerveCenterTray] => C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe [258400 2017-09-29] (LENOVO -> Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [278440 2019-12-05] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [752208 2025-04-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\RunOnce: [84310deb-b913-4751-bf6b-86c29378722d] => "C:\Users\ADMINI~1\AppData\Local\Temp\{c770f825-5a2c-4882-9764-6610322f9424}\84310deb-b913-4751-bf6b-86c29378722d.cmd" (No File) <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-21-1123935005-352909213-1317991075-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4966712 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1123935005-352909213-1317991075-1001\...\Run: [DAEMON Tools Lite Automount] => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun (No File)
HKU\S-1-5-21-1123935005-352909213-1317991075-1001\...\Run: [AviraBrowserAutoLaunch_C9C9E7BB767937189177C746692513E8] => "C:\Program Files\Avira\Browser\Application\AviraBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default" (No File)
HKU\S-1-5-21-1123935005-352909213-1317991075-1001\...\Run: [MicrosoftEdgeAutoLaunch_5992695A0DC19CA3D53C8CD847E686A4] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4141096 2025-05-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1123935005-352909213-1317991075-1001\...\MountPoints2: {f55a2aff-389b-11f0-af41-8c1645441d97} - "E:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4966712 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\Run: [VLC] => C:\Program Files\VLC Plus Player\vlc-updater.exe [387992 2021-08-13] (Aller Media e.K. -> ) <==== ATTENTION
HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\Run: [MicrosoftEdgeAutoLaunch_98769996E24836F99EC8617644423B4C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4141096 2025-05-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (No File) <==== ATTENTION
HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\Run: [BackProtection Festplattenreiniger II] => C:\ProgramData\JMMG Communications\BackProtection Festplattenreiniger II\Festplattenreiniger.exe [1447424 2020-03-03] (JMMG Communications, Jochen Moschko) [File not signed]
HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME\TTHOMERunner.exe [902656 2025-03-21] (TomTom) [File not signed]
HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Windows x64\Print Processors\Canon TS7450i series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDHS.DLL [525824 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS7450i series: C:\Windows\system32\CNMLMHS.DLL [962560 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP 5D12 Status Monitor: C:\Windows\system32\hpinksts5D12LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\WINDOWS\system32\pxcpmL.dll [2187520 2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [116736 2019-03-26] (pdfforge GmbH) [File not signed]
HKLM\Software\...\AppCompatFlags\Custom\BLADE.EXE: [{55956d7b-35e0-49fa-8343-7adc8e1eb34b}.sdb] -> Games
HKLM\Software\...\AppCompatFlags\InstalledSDB\{55956d7b-35e0-49fa-8343-7adc8e1eb34b}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{55956d7b-35e0-49fa-8343-7adc8e1eb34b}.sdb [2020-02-01]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {6360983A-48D3-4CAD-B742-A6BA182F4115} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754472 2021-04-05] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {45481376-428F-4C9D-8577-96FAEC85DC7A} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [816960 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {317E35B3-5FAF-4CE0-9E97-06C43B09D447} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {31F1F533-5089-4B1C-B4E2-897E61819DAC} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {4E24C148-65EE-4B86-82E4-27FDC6A94D82} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {11E206A7-F2BC-4CFA-B457-D1B1EFE6A61D} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2302184 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation) -> C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalServiceStart
Task: {DB88C6B2-E763-4C2C-8C26-907BEB9C4D82} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> C:\Program Files (x86)\Intel\Thunderbolt Software\\start ThunderboltService
Task: {308D92A1-3143-4F7D-8204-39CF53FFA92A} - System32\Tasks\ITE HID monitor => C:\Program Files\HIDKB\IHC.exe [3820992 2017-03-10] (ITE Tech. Inc. -> ITE Tech. Inc)
Task: {3957B129-77E8-4C2C-A797-157955B8C8C8} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [94496 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {AEF34C77-0025-4ADF-B765-C76F702FD082} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {56AD7924-713E-4497-876A-C3FA11EF4712} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {4A3C0504-5282-4DFE-9830-56ED64DFE15B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b7535703-9d21-4518-8d91-0f597b5a5de4 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {FEE2B60B-E950-465F-B924-0735A6768B9B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c42c84f1-7055-4f94-8d49-6eeebe110a07 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {90B32B16-B821-46C8-97D2-942B60EC02DF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\def4f47e-a8fb-4945-a403-629182561e1e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {3BB7EA31-A97E-47A7-84E2-9E032D55B6CC} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {E43F1AFB-CC11-4B1B-8FD2-DD1AD39EBD97} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {772B07E8-8810-4C74-9FF4-348DBB372F47} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {73D343F6-C9A8-4CC2-A1BE-7E68ED8C5923} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {8E98EEE6-C90F-440B-897C-B7784EB2DE39} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {002114C4-665D-4D20-AA0D-F01EFF798B7A} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {9033549C-F03E-4FB2-8C81-AFD0DFCA18AD} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {B814943E-8B7F-47B0-A674-414F9AEBD9AC} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {43FA67F7-9939-4124-90F4-69DD1ED0DC6F} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBatteryPartSalesMonthlyToast => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {314C3C66-8D96-4A55-8C41-BC5750B82F50} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {399AE945-4CFC-4ACC-9E33-33E5EC221B40} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {0DCD87B2-1348-4514-AB0A-40806435C182} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe NotificationCenter (No File)
Task: {979D9FBF-EAEB-4385-9555-AAB31555F5B8} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {966B471E-FF0B-4905-B919-399C6FD53876} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {302B95B9-1214-4FCA-B53A-E1266E9A768C} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinIdleScheduleTask => C:\ProgramData\Lenovo\Vantage\Addins\VantageCoreAddin\1.0.0.190\x64\IdleScheduleEventAction.exe [143768 2025-01-17] (Lenovo -> )
Task: {67C17331-183C-4ACA-8996-79CA4432ABE6} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {1E3EB47D-B43E-45B7-A8E7-FE68290EF9EC} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (No File)
Task: {7DF6C6B4-238C-4169-88C3-84546AADAE76} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe /repair (No File)
Task: {9BB50AC0-9F74-4960-8294-1D7C47539215} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E5416A70-4108-44B2-A52C-A28C0FF9267F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E96AE9D8-2AF3-46CE-A6C6-9635B1C751A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BD79D65B-1A64-4EC2-989F-C1D8BAC85FEF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0605FAD8-8568-4EE1-B317-4013DD735945} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-05-30] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {E80C0B32-BE00-47DF-95FD-411C9480CA6B} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1123935005-352909213-1317991075-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-05-30] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {2EA9968D-AC51-4D1A-829F-3FE7646F912A} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1123935005-352909213-1317991075-500 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-05-30] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {1A1E0E3D-7029-46DA-A8AF-C027E78C126E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-05-30] (Mozilla Corporation -> Mozilla Foundation)
Task: {E1385361-8C06-45E1-8B3C-11A1FDF0D340} - System32\Tasks\NerveCenterUpdate => C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe [756064 2017-09-29] (LENOVO -> Lenovo(beijing) Limited)
Task: {65C14203-A4E3-431A-8348-C824A690AC8C} - System32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\NVIDIA App.exe [3275808 2025-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8F3BF8DC-568F-415D-8565-6EC90D43E7B5} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223792 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {893153A9-C4FC-4C92-8F63-04C03DD93F3A} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1123935005-352909213-1317991075-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223792 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {F6E7847C-1A57-4E7E-8375-31D9B7BD89EE} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1123935005-352909213-1317991075-500 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223792 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {5BE59266-6EB4-4CE7-B831-F0D5B434FF00} - System32\Tasks\OneDrive Startup Task-S-1-5-21-1123935005-352909213-1317991075-1001 => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\OneDriveLauncher.exe [684856 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {F2FC5947-DC4C-4850-ADBE-2C5AC4025A40} - System32\Tasks\OneDrive Startup Task-S-1-5-21-1123935005-352909213-1317991075-500 => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\OneDriveLauncher.exe [684856 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {68C304E7-EE25-4AD9-ABAD-18A3C7BC9E57} - System32\Tasks\Opera scheduled assistant Autoupdate 1716616574 => C:\Users\Administrator\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe -> --scheduledtask --productiscomponent --bypasslauncher --installdir="C:\Users\Administrator\AppData\Local\Programs\Opera\assistant" --producttype=assistant $(Arg0)
Task: {D5C4E121-ED6B-4DA5-9DD7-F497CD465AEE} - System32\Tasks\Opera scheduled Autoupdate 1716616565 => C:\Users\Administrator\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (No File)
Task: {9AF31BA0-C8B0-4EA2-BF63-20BEFF2474DE} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [10674072 2024-09-24] (Lespeed Technology Co., Ltd -> WiseCleaner.com) -> C:\Program Files (x86)\Wise\Wise Registry Cleaner\\$UAC
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{89daff19-49dc-417a-a37c-44beb2374838}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{89daff19-49dc-417a-a37c-44beb2374838}: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{89daff19-49dc-417a-a37c-44beb2374838}\64259445A51224F6870273639303024534D2548545: [DhcpNameServer] 192.168.168.1 192.168.168.1
Tcpip\..\Interfaces\{89daff19-49dc-417a-a37c-44beb2374838}\64259445A51225560756164756270213230303021485: [DhcpNameServer] 192.168.178.2
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}: [DhcpNameServer] 192.168.168.1 192.168.168.1
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\64259445A51224F68702735333030285A4: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\64259445A51224F68702735333030285A4: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\64259445A51224F6870273639303024534: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\64259445A51224F6870273639303024534: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\77962756C6563737F5234344341334: [DhcpNameServer] 192.168.168.1 192.168.168.1
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\8507562796160285A5130234F6D607163647F543665693: [DhcpNameServer] 192.168.43.110
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\F623D275C414E46393: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\F623D275C414E46393: [DhcpDomain] localdomain
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\F623D275C414E4D224934303: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\F623D275C414E4D224934303: [DhcpDomain] localdomain
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\F623D275C414E4D283633303: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\F623D275C414E4D283633303: [DhcpDomain] localdomain
Tcpip\..\Interfaces\{ff05cf5c-2494-49ff-842d-56f6e895b828}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ff05cf5c-2494-49ff-842d-56f6e895b828}: [DhcpDomain] localdomain
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-25]
Edge Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-26]
Edge Extension: (Edge relevant text changes) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-26]
FireFox:
========
FF DefaultProfile: 5vvu71o2.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5vvu71o2.default [2024-03-27]
FF Homepage: Mozilla\Firefox\Profiles\5vvu71o2.default -> hxxps://myfiresearch.com/homepage?hp=1&pId=CH210629&iDate=2024-03-27 07:30:22&bitmask=9996
FF NewTab: Mozilla\Firefox\Profiles\5vvu71o2.default -> hxxps://myfiresearch.com/homepage?hp=1&pId=CH210629&iDate=2024-03-27 07:30:22&bitmask=9996
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tnwddskx.default-release [2025-05-25]
FF Homepage: Mozilla\Firefox\Profiles\tnwddskx.default-release -> hxxps://myfiresearch.com/homepage?hp=1&pId=CH210629&iDate=2024-03-27 07:30:22&bitmask=9996
FF NewTab: Mozilla\Firefox\Profiles\tnwddskx.default-release -> hxxps://myfiresearch.com/homepage?hp=1&pId=CH210629&iDate=2024-03-27 07:30:22&bitmask=9996
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tnwddskx.default-release\searchplugins\My Firefox Search.xml [2024-03-27]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-02-22]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.9.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @vlc.de/vlc,version=3.0.11 -> C:\Program Files\VLC Plus Player\npvlc.dll [2021-08-13] (Aller Media e.K. -> VideoLAN)
FF Plugin: @vlc.de/vlc,version=3.0.16 -> C:\Program Files\VLC Plus Player\npvlc.dll [2021-08-13] (Aller Media e.K. -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.451.0 -> C:\Program Files (x86)\Java\jre1.8.0_451\bin\dtplugin\npDeployJava1.dll [2025-04-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.451.0 -> C:\Program Files (x86)\Java\jre1.8.0_451\bin\plugin2\npjp2.dll [2025-04-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1123935005-352909213-1317991075-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\el_uk\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1123935005-352909213-1317991075-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\el_uk\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1123935005-352909213-1317991075-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2023-12-27] (Ubisoft Entertainment Sweden AB -> )
FF Plugin HKU\S-1-5-21-1123935005-352909213-1317991075-500: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1123935005-352909213-1317991075-500: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1123935005-352909213-1317991075-500: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]
Opera:
=======
OPR DefaultProfile: Default
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2019-02-10] (Adobe Systems) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9880840 2023-10-31] (BattlEye Innovations e.K. -> )
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [18709600 2025-04-17] (Electronic Arts, Inc. -> Electronic Arts)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncHelper.exe [3610416 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1959776 2022-03-12] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6484832 2022-03-12] (GOG Sp. z o.o. -> GOG.com)
R3 GameRecorderSVC; C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderSVC.exe [458592 2017-09-29] (LENOVO -> Lenovo(beijing) Limited)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [460488 2024-04-03] (Canon Inc. -> )
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe [34816 2025-02-20] (Lenovo -> Lenovo)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [920656 2020-02-22] (McAfee, LLC -> McAfee, Inc.)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe [2050904 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MEmuSVC; C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe [85304 2019-07-02] (Shanghai Microvirt Software Technology Co., Ltd. -> )
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_4bd2a3580753f54d\Display.NvContainer\NVDisplay.Container.exe [1275016 2025-04-28] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.085.0504.0002\OneDriveUpdaterService.exe [3862840 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
R2 PluginLoaderSvc; C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe [1016672 2017-09-29] (LENOVO -> Lenovo(beijing) Limited)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [188736 2021-07-20] (Qualcomm Atheros, Inc. -> )
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2024-10-18] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [933432 2024-10-18] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 TTHOMEService; C:\Program Files\TomTom HOME\TTHOMEService.exe [437248 2025-03-21] (TomTom) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe [4525976 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe [278304 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U3 8a19351c; C:\WINDOWS\System32\Drivers\8a19351c.sys [377392 2025-05-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-09-25] (Bluestack Systems, Inc. -> Bluestack System Inc.)
R3 BtFilter; C:\WINDOWS\System32\drivers\btfilter.sys [65448 2018-01-08] (WDKTestCert aswbldsv,131431045756648395 -> Qualcomm)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [287744 2022-05-16] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [147968 2022-04-15] (Microsoft Corporation) [File not signed]
S3 Ch64PS2; C:\WINDOWS\System32\drivers\Ch64PS2.sys [149632 2010-01-21] (ZF Electronics GmbH) [File not signed]
S3 CH64PS2M; C:\WINDOWS\System32\drivers\CH64PS2M.sys [60288 2010-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Cherry GmbH)
R3 Ch64USB; C:\WINDOWS\System32\drivers\Ch64USB.sys [147584 2010-01-21] (Microsoft Windows Hardware Compatibility Publisher -> Cherry GmbH)
R3 Ch64USBM; C:\WINDOWS\System32\drivers\Ch64USBM.sys [66688 2007-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Cherry GmbH)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [175824 2024-10-18] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-02-01] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-02-01] (AVB Disc Soft, SIA -> Disc Soft Ltd)
U3 FBNetFilter; C:\Windows\system32\Drivers\FBNetFlt.sys [55256 2017-09-29] (Lenovo (Beijing) Co., Ltd. -> Lenovo(beijing) Limited)
R3 ITEHIDfilter; C:\WINDOWS\System32\drivers\ITEHIDfilter.sys [28104 2017-10-30] (ITE Tech. Inc. -> ITE Tech. Inc.)
U0 klupd_8a19351ca_arkmon; C:\WINDOWS\System32\Drivers\klupd_8a19351ca_arkmon.sys [412080 2025-05-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
U3 klupd_8a19351ca_arkmon_84FCBD88; C:\KVRT2020_Data\Temp\84FCBD88EC82AED75574C99DD7CA2538\klupd_8a19351ca_arkmon.sys [412080 2025-05-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
U3 klupd_8a19351ca_klark; C:\WINDOWS\System32\Drivers\klupd_8a19351ca_klark.sys [364584 2025-05-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
U0 klupd_8a19351ca_klbg; C:\WINDOWS\System32\Drivers\klupd_8a19351ca_klbg.sys [204480 2025-05-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
U3 klupd_8a19351ca_mark; C:\WINDOWS\System32\Drivers\klupd_8a19351ca_mark.sys [266488 2025-05-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
R2 libwamf; C:\WINDOWS\System32\DRIVERS\libwamf.sys [35400 2020-04-15] (Opswat Inc. -> OPSWAT, Inc.)
R2 libwasys; C:\WINDOWS\system32\DRIVERS\libwasys.sys [38472 2020-04-15] (Opswat Inc. -> OPSWAT, Inc.)
R1 MEmuDrv; C:\WINDOWS\system32\DRIVERS\MEmuDrv.sys [319448 2019-04-15] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174264 2024-10-18] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [19984 2025-05-23] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606568 2025-05-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100736 2025-05-23] (Microsoft Windows -> Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 LenovoDiagnosticsDriver; \??\C:\ProgramData\Lenovo\Vantage\Addins\LenovoHardwareScanAddin\3.7.0.16\LenovoDiagnosticsDriver.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-05-31 11:39 - 2025-05-31 11:40 - 000045487 _____ C:\Users\el_uk\Downloads\FRST.txt
2025-05-31 11:38 - 2025-05-31 11:39 - 000000000 ____D C:\FRST
2025-05-31 11:31 - 2025-05-31 11:31 - 002405888 _____ (Farbar) C:\Users\el_uk\Downloads\FRST64.exe
2025-05-31 11:07 - 2025-05-31 11:07 - 000000000 ____D C:\KVRT2020_Data
2025-05-31 11:06 - 2025-05-31 11:06 - 115177320 _____ (AO Kaspersky Lab) C:\Users\el_uk\Downloads\KVRT.exe
2025-05-30 12:39 - 2020-05-11 13:37 - 000000000 ____D C:\Users\el_uk\Downloads\T-MST10PDEUC
2025-05-30 12:37 - 2025-05-30 12:37 - 160756230 _____ C:\Users\el_uk\Downloads\T-MST10PDEUC_2010.0.exe
2025-05-30 12:35 - 2025-05-30 12:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-05-28 16:21 - 2025-05-28 16:21 - 000001273 _____ C:\WINDOWS\system32\Drivers\mozart_12338422546372_fw_dump.cmm
2025-05-28 16:08 - 2025-05-28 16:08 - 000001273 _____ C:\WINDOWS\system32\Drivers\mozart_12337689034039_fw_dump.cmm
2025-05-26 10:14 - 2025-05-26 10:16 - 1477584034 _____ C:\Users\el_uk\Downloads\Europe_Central_1145_12621_tmp_0.zip
2025-05-26 10:03 - 2025-05-26 10:03 - 001545614 _____ C:\Users\el_uk\Downloads\TTActivator-v1.20.rar
2025-05-26 09:03 - 2025-05-26 10:07 - 000000000 ____D C:\Program Files (x86)\MyDrive Connect
2025-05-26 09:03 - 2025-05-26 09:03 - 000000000 ____D C:\Users\el_uk\AppData\Local\TomTom
2025-05-26 09:03 - 2025-05-26 09:03 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TomTom
2025-05-26 09:02 - 2025-05-26 09:02 - 072346880 _____ (TomTom International B.V.) C:\Users\el_uk\Downloads\InstallTomTomMyDriveConnect.exe
2025-05-26 08:57 - 2025-05-26 08:57 - 000229002 _____ C:\Users\el_uk\Downloads\TTActivator-Anleitung.pdf
2025-05-25 19:23 - 2025-05-25 19:23 - 000000000 _____ C:\WINDOWS\RestPupils
2025-05-25 19:23 - 2025-05-25 19:23 - 000000000 _____ C:\WINDOWS\ProcessorsEntertaining
2025-05-25 19:16 - 2025-05-25 19:17 - 152244720 _____ (PortableApps.com) C:\Users\el_uk\Downloads\firefoxportable_138.0.4_german.paf.exe
2025-05-25 19:09 - 2025-05-25 19:09 - 001213959 _____ C:\Users\el_uk\Downloads\EasyUseTools.zip
2025-05-25 18:34 - 2025-05-25 18:34 - 000617982 _____ C:\Users\el_uk\Downloads\Activator_2019_Installer.rar
2025-05-25 17:56 - 2025-05-25 17:56 - 000000000 ____D C:\Users\el_uk\Desktop\TTactivator
2025-05-25 17:49 - 2025-05-25 17:49 - 091899157 _____ C:\Users\el_uk\Downloads\NAV3-Navi (Toolbox) Anleitungen mit Videos upd.12.07.2024.rar
2025-05-25 09:48 - 2024-10-18 04:14 - 000175824 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2025-05-25 09:48 - 2024-10-18 04:14 - 000174264 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2025-05-25 09:45 - 2025-05-25 09:45 - 000000000 ____D C:\Program Files\Samsung
2025-05-25 09:44 - 2025-05-25 09:44 - 037218768 _____ (Samsung Electronics Co., Ltd.) C:\Users\el_uk\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.9.0.0.exe
2025-05-25 09:35 - 2025-03-29 17:09 - 000000000 ____D C:\Users\el_uk\Desktop\scrcpy-win64-v3.2
2025-05-25 09:18 - 2025-05-25 09:18 - 007138793 _____ C:\Users\el_uk\Downloads\platform-tools-latest-windows.zip
2025-05-25 09:11 - 2025-05-25 09:11 - 006950959 _____ C:\Users\el_uk\Downloads\scrcpy-win64-v3.2.zip
2025-05-23 18:51 - 2025-05-23 18:51 - 000000000 ____D C:\Users\el_uk\AppData\Roaming\Samsung
2025-05-23 18:47 - 2025-05-25 10:30 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Samsung
2025-05-23 18:47 - 2025-05-23 18:50 - 000000000 ____D C:\ProgramData\Samsung
2025-05-23 18:47 - 2022-01-25 11:29 - 000144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2025-05-23 18:46 - 2025-05-25 10:30 - 000000000 ____D C:\Program Files (x86)\Samsung
2025-05-23 18:45 - 2025-05-23 18:45 - 005331520 _____ (CHIP Digital GmbH) C:\Users\el_uk\Downloads\Samsung Smart Switch - CHIP Installer _aQisv.exe
2025-05-23 12:08 - 2025-05-23 12:08 - 000001258 _____ C:\WINDOWS\system32\Drivers\mozart_123958425463_fw_dump.cmm
2025-05-23 11:52 - 2025-05-23 12:07 - 000000000 ____D C:\Users\el_uk\AppData\Local\TomTomUpgrade
2025-05-23 11:52 - 2025-05-23 11:52 - 000000000 ____D C:\Users\el_uk\TomTomUpgrade
2025-05-23 11:52 - 2025-05-23 11:52 - 000000000 ____D C:\Users\el_uk\Documents\TomTomUpgrade
2025-05-23 11:52 - 2025-05-23 11:52 - 000000000 ____D C:\Users\el_uk\AppData\Roaming\TomTomUpgrade
2025-05-23 11:52 - 2025-05-23 11:52 - 000000000 ____D C:\ProgramData\TomTom
2025-05-23 11:51 - 2025-05-23 11:51 - 000000723 _____ C:\Users\Administrator\Desktop\TomTom HOME.lnk
2025-05-23 11:51 - 2025-05-23 11:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TomTom Intl
2025-05-23 11:50 - 2025-05-23 11:50 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\H2CU_VCR
2025-05-23 11:50 - 2025-05-23 11:50 - 000000000 ____D C:\Program Files\TomTom HOME
2025-05-23 11:49 - 2025-05-23 11:49 - 112844144 _____ (TomTom International B.V.) C:\Users\el_uk\Downloads\TomTomHOME2win.exe
2025-05-18 10:33 - 2025-05-18 10:33 - 000022680 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-05-17 15:03 - 2025-05-17 15:03 - 000022680 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2025-05-17 14:45 - 2025-05-17 14:45 - 000000000 ___HD C:\$WinREAgent
2025-05-08 17:54 - 2025-05-08 17:54 - 000001273 _____ C:\WINDOWS\system32\Drivers\mozart_12333177617336_fw_dump.cmm
2025-05-06 17:05 - 2025-05-06 17:05 - 000001270 _____ C:\WINDOWS\system32\Drivers\mozart_12326033317713_fw_dump.cmm
2025-05-04 10:19 - 2025-05-04 10:19 - 000001258 _____ C:\WINDOWS\system32\Drivers\mozart_12314265062847_fw_dump.cmm
2025-05-03 08:36 - 2025-05-03 08:36 - 014549704 _____ C:\Users\el_uk\Downloads\technik-satt.pdf
2025-05-02 12:10 - 2025-05-02 12:10 - 000001270 _____ C:\WINDOWS\system32\Drivers\mozart_1234909489476_fw_dump.cmm
2025-05-02 10:31 - 2025-04-28 01:16 - 000125048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2025-05-02 10:30 - 2025-04-28 09:12 - 002072424 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2025-05-02 10:30 - 2025-04-28 09:12 - 002072424 _____ C:\WINDOWS\system32\vulkaninfo.exe
2025-05-02 10:30 - 2025-04-28 09:12 - 001614184 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2025-05-02 10:30 - 2025-04-28 09:12 - 001614184 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2025-05-02 10:30 - 2025-04-28 09:12 - 001576808 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2025-05-02 10:30 - 2025-04-28 09:12 - 001576808 _____ C:\WINDOWS\system32\vulkan-1.dll
2025-05-02 10:30 - 2025-04-28 09:12 - 001389928 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2025-05-02 10:30 - 2025-04-28 09:12 - 001389928 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2025-05-02 10:30 - 2025-04-28 09:12 - 000477832 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2025-05-02 10:30 - 2025-04-28 09:12 - 000374920 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2025-05-02 10:30 - 2025-04-28 09:09 - 001260184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2025-05-02 10:30 - 2025-04-28 09:09 - 000674968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2025-05-02 10:30 - 2025-04-28 09:09 - 000509080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2025-05-02 10:30 - 2025-04-28 09:08 - 026001520 _____ C:\WINDOWS\system32\nvidia-pcc.exe
2025-05-02 10:30 - 2025-04-28 09:08 - 002313880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2025-05-02 10:30 - 2025-04-28 09:08 - 001713824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2025-05-02 10:30 - 2025-04-28 09:08 - 001569432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2025-05-02 10:30 - 2025-04-28 09:08 - 001220768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2025-05-02 10:30 - 2025-04-28 09:08 - 001053832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2025-05-02 10:30 - 2025-04-28 09:08 - 000942216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2025-05-02 10:30 - 2025-04-28 09:08 - 000809608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2025-05-02 10:30 - 2025-04-28 09:07 - 023034016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2025-05-02 10:30 - 2025-04-28 09:07 - 020516976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2025-05-02 10:30 - 2025-04-28 09:07 - 007323272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2025-05-02 10:30 - 2025-04-28 09:07 - 005240448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2025-05-02 10:30 - 2025-04-28 09:07 - 003994248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2025-05-02 10:30 - 2025-04-28 09:07 - 000467592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2025-05-02 10:30 - 2025-04-28 09:06 - 005913712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2025-05-02 10:30 - 2025-04-28 09:06 - 005600456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2025-05-02 10:30 - 2025-04-28 09:06 - 004901640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2025-05-02 10:30 - 2025-04-28 09:06 - 000853128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2025-05-02 10:30 - 2025-04-28 01:16 - 000142952 _____ C:\WINDOWS\system32\nvinfo.pb
2025-05-02 10:15 - 2025-05-02 10:15 - 000001270 _____ C:\WINDOWS\system32\Drivers\mozart_12345672243774_fw_dump.cmm
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-05-31 11:40 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-05-31 11:30 - 2022-02-09 19:13 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-05-31 11:29 - 2019-04-03 15:49 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2025-05-31 11:04 - 2019-02-01 18:05 - 000000000 __SHD C:\Users\el_uk\IntelGraphicsProfiles
2025-05-31 10:56 - 2018-12-04 19:50 - 000000000 ____D C:\ProgramData\NVIDIA
2025-05-31 10:51 - 2021-12-17 19:57 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-05-31 09:52 - 2025-02-06 18:10 - 000003546 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-1123935005-352909213-1317991075-1001
2025-05-31 09:52 - 2025-02-06 18:10 - 000003540 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-1123935005-352909213-1317991075-500
2025-05-31 09:52 - 2023-01-17 23:45 - 000002285 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-05-31 09:52 - 2022-01-24 23:28 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1123935005-352909213-1317991075-500
2025-05-31 09:52 - 2021-12-11 10:07 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1123935005-352909213-1317991075-1001
2025-05-31 09:52 - 2021-09-12 09:29 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-05-31 09:52 - 2021-03-12 21:26 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-05-31 09:52 - 2020-06-24 09:07 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-05-31 09:52 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-05-31 09:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-05-31 09:52 - 2019-10-02 00:32 - 000002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-05-31 09:52 - 2019-02-01 18:05 - 000000000 ____D C:\Users\el_uk\AppData\Local\Packages
2025-05-30 16:20 - 2021-03-12 21:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-05-30 14:42 - 2021-10-10 11:07 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2025-05-30 14:42 - 2019-10-12 18:33 - 000001132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-05-26 09:03 - 2022-01-26 14:04 - 000000000 ____D C:\Users\el_uk\AppData\Local\cache
2025-05-26 09:03 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2025-05-25 21:02 - 2019-10-18 11:28 - 000000000 ____D C:\Users\el_uk\AppData\Local\Spotify
2025-05-25 19:42 - 2019-10-12 18:33 - 000000000 ____D C:\Users\el_uk\AppData\Roaming\Mozilla
2025-05-25 19:23 - 2019-10-18 11:27 - 000000000 ____D C:\Users\el_uk\AppData\Roaming\Spotify
2025-05-25 15:28 - 2021-03-12 21:30 - 001632024 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-05-25 15:28 - 2019-12-07 16:50 - 000707316 _____ C:\WINDOWS\system32\perfh007.dat
2025-05-25 15:28 - 2019-12-07 16:50 - 000142574 _____ C:\WINDOWS\system32\perfc007.dat
2025-05-25 14:45 - 2021-03-12 21:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-05-25 14:45 - 2021-03-12 21:18 - 000008192 ___SH C:\DumpStack.log.tmp
2025-05-25 14:45 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2025-05-25 10:32 - 2024-03-27 21:29 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Lavasoft
2025-05-25 10:32 - 2023-10-31 08:32 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\NVIDIA
2025-05-25 10:30 - 2019-02-01 19:14 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2025-05-25 10:08 - 2024-03-27 21:28 - 000800672 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2025-05-24 20:41 - 2019-02-01 18:08 - 000000000 ____D C:\Users\el_uk\AppData\Local\PlaceholderTileLogoFolder
2025-05-23 18:53 - 2019-02-02 00:14 - 000000000 ____D C:\ProgramData\Packages
2025-05-23 12:03 - 2018-04-17 21:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-05-23 11:53 - 2019-10-12 18:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-05-23 11:52 - 2021-03-12 18:49 - 000000000 ____D C:\Users\el_uk
2025-05-23 11:51 - 2019-12-07 11:03 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2025-05-21 15:12 - 2021-03-12 21:26 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-05-21 15:12 - 2021-03-12 21:26 - 000003630 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-05-18 10:57 - 2021-03-12 21:18 - 000269328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-05-18 10:56 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2025-05-18 10:42 - 2019-02-01 20:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-05-18 10:38 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-05-18 10:38 - 2019-02-01 20:35 - 214836568 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-05-17 15:02 - 2021-03-12 21:18 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-05-03 09:27 - 2025-01-28 17:36 - 000000000 ____D C:\ProgramData\CanonIJPLM
2025-05-02 10:28 - 2019-02-01 18:07 - 000000000 ____D C:\Users\el_uk\AppData\Local\NVIDIA Corporation
2025-05-02 10:21 - 2023-10-29 12:14 - 000000000 ____D C:\Users\el_uk\AppData\LocalLow\NVIDIA
2025-05-02 10:21 - 2018-12-04 19:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2025-05-02 10:08 - 2024-08-18 16:39 - 000003834 _____ C:\WINDOWS\system32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2025-05-02 10:08 - 2024-08-18 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2025-05-02 10:08 - 2018-12-04 19:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
==================== Files in the root of some directories ========
2019-12-11 15:51 - 2024-03-25 17:35 - 000007656 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Geändert von cosinus (31.05.2025 um 11:37 Uhr) |
|
31.05.2025, 10:58
| #2 |
| | Addition.txt Addition.txt:
__________________Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-05-2025
Ran by Administrator (31-05-2025 11:42:25)
Running from C:\Users\el_uk\Downloads
Microsoft Windows 10 Home Version 22H2 19045.5854 (X64) (2021-03-12 19:26:58)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1123935005-352909213-1317991075-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1123935005-352909213-1317991075-503 - Limited - Disabled)
el_uk (S-1-5-21-1123935005-352909213-1317991075-1001 - Administrator - Enabled) => C:\Users\el_uk
Gast (S-1-5-21-1123935005-352909213-1317991075-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1123935005-352909213-1317991075-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Bridge 1.0 (HKLM-x32\...\{B74D4E10-6884-0000-0000-000000000101}) (Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (HKLM-x32\...\{8EDBA74D-0686-4C99-BFDD-F894678E5101}) (Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Help Center 1.0 (HKLM-x32\...\{E9787678-119F-4D52-B551-6739B2B22101}) (Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (HKLM-x32\...\{786C5747-0C40-4930-9AFE-113BCE553101}) (Version: 1.0.1 - Adobe Systems) Hidden
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Avira Update Helper (HKLM-x32\...\{25A7DD46-F34D-4979-9C3D-BFB147368DD6}) (Version: 1.8.1695.6 - Avira) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield™ V (HKLM-x32\...\{e26b382f-e945-4f70-9318-121b683f1d61}) (Version: 1.0.64.43202 - Electronic Arts)
Blackmagic RAW Common Components (HKLM\...\{94C42023-ECF5-46E6-ACB4-2AED536B205D}) (Version: 2.2 - Blackmagic Design)
Blade Runner (HKLM-x32\...\1370811355_is1) (Version: 1.0 - GOG.com)
BlueStacks App Player (HKLM\...\BlueStacks) (Version: 4.130.10.1003 - BlueStack Systems, Inc.)
Canon IJ Network Scanner Selector EX2 (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX2) (Version: 2.0.15.2 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.90.3.36 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.6.1.2 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 6.6.0 - Canon Inc.)
Canon TS7450i series Driver (HKLM\...\{1199FAD5-9546-44F3-81CF-FFDB8040B7BF}_Canon_TS7450i_series) (Version: 1.02 - Canon Inc.)
CEWE Fotowelt (HKLM\...\CEWE Fotowelt) (Version: 8.0.2 - CEWE Stiftung u Co. KGaA)
DaVinci Resolve (HKLM\...\{E9983894-990A-4A5A-8DBF-8E4E0D3A058A}) (Version: 17.4.30010 - Blackmagic Design)
Diablo II Resurrected (HKLM-x32\...\Diablo II Resurrected) (Version: - Blizzard Entertainment)
Die Siedler 7 (HKLM-x32\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
Druckerregistrierung (HKLM-x32\...\Canon EISRegistration) (Version: 1.9.2 - Canon Inc.)
EA app (HKLM\...\{C2622085-ABD2-49E5-8AB9-D3D6A642C091}) (Version: 13.443.0.5956 - Electronic Arts) Hidden
EA app (HKLM-x32\...\{ed8a2f43-547f-432b-81a0-3bd1cf37bb83}) (Version: 13.443.0.5956 - Electronic Arts)
Epic Games Launcher (HKLM-x32\...\{9483ABD9-C772-487B-ADF8-09347CF8F2D2}) (Version: 1.3.93.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{57A956AB-4BCC-45C6-9B40-957E4E125568}) (Version: 2.0.44.0 - Epic Games, Inc.)
Games (HKLM\...\{55956d7b-35e0-49fa-8343-7adc8e1eb34b}.sdb) (Version: - )
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
GoodGame (HKLM-x32\...\GoodGame.de) (Version: 1.0 - GoodGame) <==== ATTENTION
Helicon Focus 8.2.0.0 (HKLM\...\Helicon Focus 8_is1) (Version: - Helicon Soft Ltd.)
HIDKB 1.0.7.8 (HKLM\...\HIDKB_is1) (Version: 1.0.7.8 - ITE, Inc.)
Intel(R) Chipset Device Software (HKLM\...\{7FB35D08-C75C-4A18-B593-1D7C3E8970AD}) (Version: 10.1.1.45 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1054 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{7B3B60EB-197B-4B06-ADFF-D0B50E755D4F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{EC465D35-92DC-4DAE-9EA8-01215688F709}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{E5B5A486-C7F5-429C-9324-13835620F2FD}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{246c6cc0-9810-4728-9a29-28474de2eec5}) (Version: 1.47.866.0 - Intel Corporation) Hidden
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
Intel® Processor Identification Utility (HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\Intel® Programm für die Prozessorerkennung 6.1.0731) (Version: 6.1.0731 - Intel Corporation)
Intel® Programm für die Prozessorerkennung (HKLM-x32\...\{909744AA-EECD-4786-9624-93C146B68D92}) (Version: 6.1.0731 - Intel Corporation) Hidden
IrfanView 4.57 (64-bit) (HKLM\...\IrfanView64) (Version: 4.57 - Irfan Skiljan)
Java 8 Update 451 (HKLM-x32\...\{71024AE4-039E-4CA4-87B4-2F32180451F0}) (Version: 8.0.4510.10 - Oracle Corporation)
Kodi (HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\Kodi) (Version: - XBMC Foundation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Lenovo Nerve Center Core Component (HKLM\...\{DCB4DFB5-93CA-4BDD-9D08-CE880626B46E}_is1) (Version: 3.0.14.13 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 4.3.21.0 - Lenovo Group Ltd.)
Lost Horizon (HKLM-x32\...\1196011241_is1) (Version: 1.00 - GOG.com)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.72 - McAfee, LLC.)
MEmu (HKLM-x32\...\MEmu) (Version: 6.5.1.0 - Microvirt Software Technology Co. Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 137.0.3296.52 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 136.0.3240.92 - Microsoft Corporation) Hidden
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.085.0504.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1123935005-352909213-1317991075-1001\...\Teams) (Version: 1.5.00.28361 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{D3531D7A-B6FA-44A5-A024-E2A14F325F90}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{985F7F32-5BE4-4CDA-9582-F7AEA40D1974}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34438 (HKLM-x32\...\{b49c10dd-4d54-45f8-ad13-fa25704456a4}) (Version: 14.42.34438.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34438 (HKLM-x32\...\{ba10fda9-f731-441f-a999-000bbb7ceec2}) (Version: 14.42.34438.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34438 (HKLM\...\{E528AD94-12D7-42C4-91A3-908BE28E9BD2}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34438 (HKLM\...\{2E15F519-4FDA-4834-B4EE-7EFCE7D8D4EE}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34438 (HKLM-x32\...\{A5592FEF-F948-4BA6-A066-8BBFC2DC7EE1}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34438 (HKLM-x32\...\{5D0C4511-3CA1-4FF8-A4BA-C0E1957ABEEA}) (Version: 14.42.34438 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 139.0.1 (x64 de)) (Version: 139.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 69.0.3 - Mozilla)
MyHarmony (HKLM-x32\...\{2AD8F8A1-ECE5-4890-BCC2-B4396370A0D4}) (Version: 1.0.308 - Logitech)
NVIDIA FrameView SDK 1.5.10920.35420203 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.5.10920.35420203 - NVIDIA Corporation)
NVIDIA Grafiktreiber 576.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 576.28 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.4.3.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.3.2 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
NVIDIA-App 11.0.3.232 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NvApp) (Version: 11.0.3.232 - NVIDIA Corporation)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 3.4.0 - pdfforge GmbH)
PDF-XChange Editor (HKLM\...\{EDBD74BD-2F22-465A-955C-13841D34D67F}) (Version: 8.0.331.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{a2a519c9-19be-469b-9146-b5b4e763d1f6}) (Version: 8.0.331.0 - Tracker Software Products (Canada) Ltd.)
Pontifex (HKLM-x32\...\Pontifex) (Version: - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8555 - Realtek Semiconductor Corp.)
RemoteControl for Winamp (HKLM-x32\...\RemoteControl for Winamp1.00) (Version: 1.00 - Martin Schlodinski)
Riot - Radical Image Optimization Tool (HKLM-x32\...\Riot) (Version: - )
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.9.0.0 - Samsung Electronics Co., Ltd.)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
SoulseekQt Version 2017.2.20 (HKLM-x32\...\{8A4E1646-488C-4E5B-AC31-F784400E8D2D}_is1) (Version: 2017.2.20 - Soulseek LLC)
Spotify (HKU\S-1-5-21-1123935005-352909213-1317991075-1001\...\Spotify) (Version: 1.2.64.408.g0a9b557c - Spotify AB)
Startfenster Symbol (HKLM-x32\...\Startfenster.de) (Version: 1.1 - Startfenster Symbol) <==== ATTENTION
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp)
Thunderbolt™ Software (HKLM-x32\...\{B43DE90F-2638-4FCC-982E-383200E80797}) (Version: 17.3.74.400 - Intel Corporation)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
TomTom HOME 2.25.1.14 (HKLM\...\TomTom HOME) (Version: 2.25.1.14 - TomTom)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 7.1.4 - UltraDefrag Development Team)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
VLC Plus Player (HKLM\...\VLC Plus Player) (Version: 3.0.16 - Aller Media e.K.) <==== ATTENTION
Winamp (HKLM-x32\...\Winamp) (Version: 5.8 - Winamp SA)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinRAR 5.80 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
Wise Registry Cleaner (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 11.1.7 - Lespeed Technology Co., Ltd.)
XnConvert 1.79 (HKLM\...\XnConvert_is1) (Version: 1.79 - Gougelet Pierre-e)
Zoom (HKU\S-1-5-21-1123935005-352909213-1317991075-1001\...\ZoomUMX) (Version: 5.10.0 (4306) - Zoom Video Communications, Inc.)
Packages:
=========
Lenovo Nerve Center -> C:\Program Files\WindowsApps\E0469640.NerveCenter_3.0.14.0_x64__5grkq8ppsgwt4 [2019-02-01] (LENOVO INC)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-1123935005-352909213-1317991075-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\el_uk\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayActiveX-x64.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1123935005-352909213-1317991075-1001_Classes\CLSID\{FE2EC208-BECF-4E83-8BF4-E35DBA4EB6A1}\localserver32 -> C:\Users\el_uk\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\GatewayVersion-x64.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => C:\Program Files\PDFCreator\PDFCreatorShell.DLL [2018-11-13] (pdfforge GmbH -> pdfforge GmbH)
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ba34b5e302b5992f\igfxDTCM.dll [2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_4bd2a3580753f54d\nvshext.dll [2025-04-28] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxps://www.startfenster.de
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxps://www.startfenster.de
==================== Loaded Modules (Whitelisted) =============
2025-01-28 18:12 - 2019-12-05 17:17 - 000009216 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_DEU.DLL
2025-01-28 18:12 - 2019-12-05 17:17 - 000104448 _____ (CANON INC.) [File not signed] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNS2_IMG.dll
2025-05-02 10:08 - 2025-05-02 10:08 - 000000000 ____L (NVIDIA Corporation) [symlink -> C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\PlugIns\NVIDIA App\MessageBusRouter.dll] C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\PlugIns\NVIDIA Overlay\MessageBusRouter.dll
2024-08-18 16:39 - 2025-05-02 10:08 - 000000000 ____L (NVIDIA Corporation) [symlink -> C:\Program Files\NVIDIA Corporation\NVIDIA App\MessageBus\NvMessageBusBroadcast.dll] C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\NvMessageBusBroadcast.dll
2019-03-26 11:40 - 2019-03-26 11:40 - 000116736 _____ (pdfforge GmbH) [File not signed] C:\WINDOWS\System32\pdfcmon.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:ADF211B1 [100]
AlternateDataStreams: C:\Users\el_uk\AppData\Local\Temp:$DATA [16]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\8a19351c.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\8a19351c.sys => ""="Driver"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1123935005-352909213-1317991075-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1123935005-352909213-1317991075-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1123935005-352909213-1317991075-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-1123935005-352909213-1317991075-500\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1123935005-352909213-1317991075-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-1123935005-352909213-1317991075-500\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-1123935005-352909213-1317991075-1001 -> DefaultScope {0E5829F4-885D-4E96-B655-2BD8DD44AB85} URL =
SearchScopes: HKU\S-1-5-21-1123935005-352909213-1317991075-1001 -> {0E5829F4-885D-4E96-B655-2BD8DD44AB85} URL =
BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-02-22] (McAfee, LLC -> McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_451\bin\ssv.dll [2025-04-05] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-02-22] (McAfee, LLC -> McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_451\bin\jp2ssv.dll [2025-04-05] (Oracle America, Inc. -> Oracle Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1123935005-352909213-1317991075-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-04-12 01:38 - 2018-04-12 01:36 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\java8path;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\iCLS\;C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Common Files\Adobe\AGL;C:\Program Files\NVIDIA Corporation\NVIDIA app\NvDLISR
HKU\S-1-5-21-1123935005-352909213-1317991075-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\el_uk\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
HKU\S-1-5-21-1123935005-352909213-1317991075-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 1) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Ethernet: Realtek PCIe GBE Family Controller -> rt640x64.sys
WLAN: Qualcomm Atheros QCA61x4A Wireless Network Adapter -> Qcamain10x64.sys
LAN-Verbindung: Xbox Wireless Adapter for Windows -> mt7612US_bc.sys
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKU\S-1-5-21-1123935005-352909213-1317991075-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-1123935005-352909213-1317991075-1001\...\StartupApproved\Run: => "Steam"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{3040BF61-F7DE-4A71-A00C-E93D7C41CF7B}C:\users\el_uk\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\el_uk\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7C3DC8BD-1674-487F-85AC-80AF2C77072E}C:\users\el_uk\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\el_uk\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F1742535-4787-4EA0-B73F-C2CEC7547C6A}] => (Allow) C:\Users\el_uk\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1481171A-B964-40A9-BE14-0D700052DE06}] => (Allow) C:\Users\el_uk\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{221E8D1A-A836-4ED3-8144-69D83781C2DB}] => (Allow) C:\Users\el_uk\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{448F5D37-25C9-4384-8384-589EDA207EEB}] => (Allow) D:\Games\steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B25BF952-18CE-4A3B-86D8-D8839B0CE4D7}] => (Allow) D:\Games\steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{52651B50-C542-4D80-B899-1DA5C1E89CF1}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Entertainment Sweden AB -> Ubisoft)
FirewallRules: [{71319A58-DC95-4C9D-B19A-7DA593F24212}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe (Ubisoft Entertainment Sweden AB -> Ubisoft)
FirewallRules: [{CC7086FE-FB89-49D2-BDA7-467D87E13FE0}] => (Allow) D:\Games\Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe (Blue Byte GmbH -> Blue Byte GmbH)
FirewallRules: [{A30EF698-4D7F-4830-87D3-AFDD69A08DB8}] => (Allow) D:\Games\Siedler 7\Data\Base\_Dbg\Bin\Release\Settlers7R.exe (Blue Byte GmbH -> Blue Byte GmbH)
FirewallRules: [{3C167571-F3DB-4CF9-AC28-735AA48CEC59}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [{9368AAB4-FB0D-41DB-84DA-5C425556A519}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe (Winamp SA -> Winamp SA)
FirewallRules: [TCP Query User{B589056B-A852-43B5-B36E-C7D3884D1D62}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [UDP Query User{D02E6262-9672-4A17-A6B2-38A7BFF08A7D}C:\program files (x86)\soulseekqt\soulseekqt.exe] => (Allow) C:\program files (x86)\soulseekqt\soulseekqt.exe () [File not signed]
FirewallRules: [TCP Query User{80545744-D0F8-4EBE-8586-8508A3036BF0}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{5FC0349F-3667-42E7-96F6-C1088A95C90F}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [{72BC4052-E374-466E-BB57-4DDFBB440C42}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
FirewallRules: [{16479B77-CC96-4A40-8261-5C65919F3949}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{FCCE4365-4C63-4B73-A67A-263B6DB5C68C}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{44BDA1FE-77AA-496C-B5C3-724906428D44}C:\users\el_uk\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\el_uk\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{F731ACC0-8B1E-44BC-A6D4-F8FA2DFF9C63}C:\users\el_uk\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\el_uk\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{EE0C89C2-226E-4CCB-BE28-00DF67C4C766}C:\users\el_uk\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\el_uk\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{A6F1694F-DF59-414A-93C4-5CD7917E56AA}C:\users\el_uk\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\el_uk\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{47DBF5F8-D6C1-4294-9139-850127BE5B17}] => (Allow) D:\Games\Battlefield 5\Battlefield V\bfvTrial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{8ADC387E-2B76-4468-B45F-33B1740EADB2}] => (Allow) D:\Games\Battlefield 5\Battlefield V\bfvTrial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{9E3B955F-3909-4B4C-A760-6EA358975D0F}] => (Allow) D:\Games\Battlefield 5\Battlefield V\bfv.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{35774DA2-057B-42D0-8F00-5FD1EC478AE8}] => (Allow) D:\Games\Battlefield 5\Battlefield V\bfv.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [TCP Query User{0ABF339E-AE81-43CC-8E3E-777381D2779E}D:\games\siedler 7\data\base\_dbg\bin\release\settlers7r.exe] => (Allow) D:\games\siedler 7\data\base\_dbg\bin\release\settlers7r.exe (Blue Byte GmbH -> Blue Byte GmbH)
FirewallRules: [UDP Query User{3A702DD3-E6BB-42C1-8A8A-7BFACD895276}D:\games\siedler 7\data\base\_dbg\bin\release\settlers7r.exe] => (Allow) D:\games\siedler 7\data\base\_dbg\bin\release\settlers7r.exe (Blue Byte GmbH -> Blue Byte GmbH)
FirewallRules: [{91AAEA17-E336-4DC1-A526-4407EA82411D}] => (Allow) D:\Games\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{2C4EB4B8-CF45-46A1-ACD2-4BFC88BF7960}] => (Allow) D:\Games\steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EDA4A747-07A1-4580-9766-9C58639C6141}] => (Allow) D:\Games\steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe (GHI Media LLC -> Croteam)
FirewallRules: [{B24D26E7-D023-4E8E-AB33-0C81EE655300}] => (Allow) D:\Games\steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe (GHI Media LLC -> Croteam)
FirewallRules: [{E01F0B77-9286-4761-A9FD-E90DCDC706D0}] => (Allow) D:\Games\steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe (GHI Media LLC -> Croteam)
FirewallRules: [{6D5C5E66-E89D-4B3D-88AC-F0B0771027F0}] => (Allow) D:\Games\steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe (GHI Media LLC -> Croteam)
FirewallRules: [TCP Query User{C327D5CD-DA39-4BE4-9586-A47F9FF29016}D:0\game\aoe2de.exe] => (Allow) D:0\game\aoe2de.exe => No File
FirewallRules: [UDP Query User{29180285-537F-4EA0-9851-D863593FFC63}D:0\game\aoe2de.exe] => (Allow) D:0\game\aoe2de.exe => No File
FirewallRules: [TCP Query User{4760E32E-D9D4-47A0-B1E8-4FB60912D938}D:0\game\battleserver\battleserver.exe] => (Allow) D:0\game\battleserver\battleserver.exe => No File
FirewallRules: [UDP Query User{60593964-83D6-4288-A0AE-5B374C766ADD}D:0\game\battleserver\battleserver.exe] => (Allow) D:0\game\battleserver\battleserver.exe => No File
FirewallRules: [{F98F65E1-51D4-4437-9580-E63B87A144C2}] => (Allow) D:\Games\steam\steamapps\common\RISK Global Domination\RISK.exe () [File not signed]
FirewallRules: [{7C4218B4-1E77-47AD-B950-358E8D94E346}] => (Allow) D:\Games\steam\steamapps\common\RISK Global Domination\RISK.exe () [File not signed]
FirewallRules: [{5582B0A1-F72E-427F-8C9B-1FBFA2A3A52E}] => (Allow) D:\Games\Battlefield 5\Battlefield V\bfvTrial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{92F52E02-9734-4FBF-AAC9-32495B5CF7C6}] => (Allow) D:\Games\Battlefield 5\Battlefield V\bfvTrial.exe (Electronic Arts, Inc. -> EA Digital Illusions CE AB)
FirewallRules: [{0793E8D7-0BF4-43FF-8138-01FF301D65C6}] => (Allow) D:\Games\Battlefield 5\Battlefield V\bfv.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{E278EFFB-36F0-4B78-8CC2-043B88D34E4B}] => (Allow) D:\Games\Battlefield 5\Battlefield V\bfv.exe (EA Digital Illusions CE AB) [File not signed]
FirewallRules: [{626C6DB1-55B6-433A-8A9B-017652CCCB3E}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [{9B0F024A-7A80-4695-9432-C23FFAA135C9}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{BB3AD505-060D-4A1C-AC19-895852D971BE}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DaVinciPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{26AA66B1-49D4-4C0E-AECB-5E58EA915D39}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{357ABD6D-79DB-4197-9F4E-9ECAED9868A2}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{5EC9B69B-DC5B-463D-99D2-2EA0D29FB9C6}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe (Blackmagic Design Pty Ltd -> )
FirewallRules: [{96A99FC3-8256-4441-A3C0-DBF4E66C32CF}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{5970C28D-F799-4ECE-8D39-FA9F1A3E9E6D}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{5BC5F62D-3361-4751-BD38-22BE36CD2C2C}C:\program files\blackmagic design\davinci resolve\resolve.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\resolve.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{C3206E9C-5DD4-4C77-9CA5-65353AFE10CE}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [UDP Query User{EFDA7CF1-3EBC-428E-8FF4-A7C4B44CF3FE}C:\program files\blackmagic design\davinci resolve\fuscript.exe] => (Allow) C:\program files\blackmagic design\davinci resolve\fuscript.exe (Blackmagic Design Pty Ltd -> Blackmagic Design Pty. Ltd.)
FirewallRules: [TCP Query User{A5D4C6F2-9B89-4182-A4A9-E22AD8B38607}C:\users\el_uk\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\el_uk\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{6BCE3035-5D15-44DD-90A1-49349AA466D7}C:\users\el_uk\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\el_uk\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{90C18C04-0DBE-4BCE-8294-BEEA9E077844}] => (Allow) D:\Games\steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe (GHI Media LLC -> Croteam)
FirewallRules: [{2BC5D266-CA77-434B-B753-AABCCA1CBE07}] => (Allow) D:\Games\steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe (GHI Media LLC -> Croteam)
FirewallRules: [{542D7F10-C02B-4C0F-AC90-A2D833988B26}] => (Allow) D:\Games\steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe (GHI Media LLC -> Croteam)
FirewallRules: [{186DA908-0C72-40FA-BCEF-5E7786EEE8B1}] => (Allow) D:\Games\steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe (GHI Media LLC -> Croteam)
FirewallRules: [{DFCFA601-EBAD-426B-BBB5-6BAC5EF53BD6}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{0C5B41BA-6BC5-4D0D-ADF0-CAF0543C3868}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{3008B899-AD1E-4DFE-B97D-335A809FFBB1}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{C2FFE571-32E7-420F-AB0F-E54E1A28B755}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{FE80EE20-6998-4738-99D6-8E31E3E38BE6}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{44CFD4F6-AA95-429B-B7AD-BD2CBBE29BD5}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EADesktop.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{4F781D65-36A9-4B49-A482-FD0142BB7875}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{FA457E11-2292-45FE-8412-629BA4667B84}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAGEP.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{CA01A92B-3ECE-4EDB-9F79-C7BC6421D9F9}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{F3AA2EBC-D9C1-45CE-9A1C-B870214DD14D}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALocalHostSvc.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{113DC681-F6AC-45AE-8167-3C6E130A73F3}] => (Allow) C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALaunchHelper.exe (Electronic Arts, Inc. -> Electronic Arts)
FirewallRules: [{A3882D04-C0BB-400D-8448-83BFCB5D0764}] => (Allow) D:\Games\steam\steamapps\common\Pioneers of Pagonia\Pioneers of Pagonia.exe (Envision Entertainment GmbH) [File not signed]
FirewallRules: [{CF024FBE-D21B-495B-BBB7-44BC1D03E7F5}] => (Allow) D:\Games\steam\steamapps\common\Pioneers of Pagonia\Pioneers of Pagonia.exe (Envision Entertainment GmbH) [File not signed]
FirewallRules: [{C620D37E-62AE-4355-B9E3-1940A9DE3149}] => (Allow) D:\Games\steam\steamapps\common\Outcast - A New Beginning\O2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{052AAC31-8A32-4BF4-B853-F733A02022A0}] => (Allow) D:\Games\steam\steamapps\common\Outcast - A New Beginning\O2.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{08B83D2D-6BD2-4B37-9B71-D4A0BA1C1333}] => (Allow) D:\Games\steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{9FA07653-AEEB-4D22-B5BD-EE61EC31903F}] => (Allow) D:\Games\steam\steamapps\common\American Truck Simulator\bin\win_x64\amtrucks.exe => No File
FirewallRules: [{79205296-A800-42D2-A2F6-26D8153DB162}] => (Allow) D:\Games\steam\steamapps\common\Planet Coaster\PlanetCoaster.exe (Frontier Developments) [File not signed]
FirewallRules: [{C2CA8E16-95BB-44D5-A967-C14CB650C931}] => (Allow) D:\Games\steam\steamapps\common\Planet Coaster\PlanetCoaster.exe (Frontier Developments) [File not signed]
FirewallRules: [TCP Query User{B466517F-7944-49D0-B9C7-ABBA80117B6C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{914BF92B-07F8-4901-A421-B1F0D947A0DA}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9A7337B9-51CD-4396-BA36-802A51A311AB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.Office.Desktop.Outlook_16051.18730.20168.0_x86__8wekyb3d8bbwe\Office16\OUTLOOK.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{89E403DD-0DAA-4D57-AB6A-4E193FCAF347}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\136.0.3240.92\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{8774404A-5949-4314-AC52-6E366C8D8D17}D:\onedrive\backup\downloads\scrcpy-win64\scrcpy-win64-v3.2\adb.exe] => (Allow) D:\onedrive\backup\downloads\scrcpy-win64\scrcpy-win64-v3.2\adb.exe (Google LLC -> )
FirewallRules: [UDP Query User{33238482-C2DD-41C8-A923-EA322E54A6B4}D:\onedrive\backup\downloads\scrcpy-win64\scrcpy-win64-v3.2\adb.exe] => (Allow) D:\onedrive\backup\downloads\scrcpy-win64\scrcpy-win64-v3.2\adb.exe (Google LLC -> )
FirewallRules: [TCP Query User{133A5C38-0BE8-4D6B-A7E5-A19A8A5A39BC}C:\users\el_uk\desktop\scrcpy-win64-v3.2\adb.exe] => (Allow) C:\users\el_uk\desktop\scrcpy-win64-v3.2\adb.exe (Google LLC -> )
FirewallRules: [UDP Query User{4D3A55CB-7B62-4C9C-8ACA-D5644A4CD1F8}C:\users\el_uk\desktop\scrcpy-win64-v3.2\adb.exe] => (Allow) C:\users\el_uk\desktop\scrcpy-win64-v3.2\adb.exe (Google LLC -> )
==================== Restore Points =========================
==================== Faulty Device Manager Devices ============
Name: High Definition Audio-Controller
Description: High Definition Audio-Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: ========================
Application errors:
==================
Error: (05/25/2025 02:44:47 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren..
Error: (05/25/2025 02:44:47 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.]
Error: (05/25/2025 10:09:12 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: FIREWALKER85)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).
Error: (05/24/2025 07:41:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\el_uk\AppData\Roaming\Zoom\bin\Zoom.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.5794_none_a86a0a08866ea142.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.5794_none_60bcd33171f2783c.manifest.
Error: (05/24/2025 07:41:31 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\el_uk\AppData\Roaming\Zoom\bin\Zoom.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.5794_none_a86a0a08866ea142.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.5794_none_60bcd33171f2783c.manifest.
Error: (05/23/2025 11:51:41 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.]
Error: (05/17/2025 02:47:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\el_uk\AppData\Roaming\Zoom\bin\Zoom.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_a865f0c28672571c.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16.manifest.
Error: (05/17/2025 02:47:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\el_uk\AppData\Roaming\Zoom\bin\Zoom.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_a865f0c28672571c.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.4355_none_60b8b9eb71f62e16.manifest.
System errors:
=============
Error: (05/31/2025 10:56:01 AM) (Source: DCOM) (EventID: 10010) (User: FIREWALKER85)
Description: Der Server "Microsoft.Windows.ContentDeliveryManager_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.1" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (05/31/2025 10:56:01 AM) (Source: DCOM) (EventID: 10010) (User: FIREWALKER85)
Description: Der Server "Microsoft.Windows.ContentDeliveryManager_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.1" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (05/31/2025 10:56:01 AM) (Source: DCOM) (EventID: 10010) (User: FIREWALKER85)
Description: Der Server "Microsoft.Windows.ContentDeliveryManager_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.1" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (05/31/2025 10:56:01 AM) (Source: DCOM) (EventID: 10010) (User: FIREWALKER85)
Description: Der Server "Microsoft.Windows.ContentDeliveryManager_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.1" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (05/31/2025 10:56:00 AM) (Source: DCOM) (EventID: 10010) (User: FIREWALKER85)
Description: Der Server "Microsoft.Windows.ContentDeliveryManager_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.1" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (05/31/2025 10:56:00 AM) (Source: DCOM) (EventID: 10010) (User: FIREWALKER85)
Description: Der Server "Microsoft.Windows.ContentDeliveryManager_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.1" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (05/31/2025 10:56:00 AM) (Source: DCOM) (EventID: 10010) (User: FIREWALKER85)
Description: Der Server "Microsoft.Windows.ContentDeliveryManager_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy!Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.1" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (05/31/2025 10:56:00 AM) (Source: DCOM) (EventID: 10010) (User: FIREWALKER85)
Description: Der Server "Microsoft.AAD.BrokerPlugin_1000.19041.4239.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Windows Defender:
================
Date: 2025-05-25 19:24:40
Description:
Microsoft Defender Antivirus Überprüfung wurde vor Abschluss abgebrochen.
Überprüfungs-ID: {251D28BF-6C4A-42BB-B5C3-13C4A32590B9}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Benutzerdefinierte Überprüfung
Benutzer: FIREWALKER85\el_uk
Abbruchgrund: Unbekannt
Date: 2025-05-25 19:24:40
Description:
Microsoft Defender Antivirus Überprüfung wurde vor Abschluss abgebrochen.
Überprüfungs-ID: {1524A5E9-EF28-4D99-AAFE-1094069DA93C}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Benutzerdefinierte Überprüfung
Benutzer: FIREWALKER85\el_uk
Abbruchgrund: Unbekannt
Date: 2025-05-25 19:24:40
Description:
Microsoft Defender Antivirus Überprüfung wurde vor Abschluss abgebrochen.
Überprüfungs-ID: {B656A1B7-78E5-42DE-8AB4-5FBDD919CD8F}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Benutzerdefinierte Überprüfung
Benutzer: FIREWALKER85\el_uk
Abbruchgrund: Unbekannt
Date: 2025-05-25 19:24:40
Description:
Microsoft Defender Antivirus Überprüfung wurde vor Abschluss abgebrochen.
Überprüfungs-ID: {7FCFD43A-7902-42DB-BCBD-56653CF53B0B}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Benutzerdefinierte Überprüfung
Benutzer: FIREWALKER85\el_uk
Abbruchgrund: Unbekannt
Date: 2025-05-25 19:24:40
Description:
Microsoft Defender Antivirus Überprüfung wurde vor Abschluss abgebrochen.
Überprüfungs-ID: {2F3A3648-25A9-45C2-9E37-404A6DCAA99B}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Benutzerdefinierte Überprüfung
Benutzer: FIREWALKER85\el_uk
Abbruchgrund: Unbekannt
Event[0]:
Date: 2025-04-25 20:38:12
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren.
Security Intelligence versucht: Current
Fehlercode: 0x80501102
Fehlerbeschreibung: An unexpected problem occurred. Install any available updates, and then try to start the program again. For information on installing updates, see Help and Support.
Security Intelligence-Version: 1.427.442.0;1.427.442.0
Modulversion: 1.1.25030.1
Date: 2024-04-07 20:11:57
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren.
Security Intelligence versucht: Aktuell
Fehlercode: 0x80501102
Fehlerbeschreibung: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support".
Security Intelligence-Version: 1.409.88.0;1.409.88.0
Modulversion: 1.1.24030.4
Date: 2024-04-07 19:08:10
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.409.66.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.24030.4
Fehlercode: 0x8024402c
Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".
Date: 2024-01-11 23:56:36
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren.
Security Intelligence versucht: Aktuell
Fehlercode: 0x80501102
Fehlerbeschreibung: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support".
Security Intelligence-Version: 1.403.1995.0;1.403.1995.0
Modulversion: 1.1.23110.2
Date: 2023-10-15 20:22:34
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren.
Security Intelligence versucht: Aktuell
Fehlercode: 0x80501102
Fehlerbeschreibung: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support".
Security Intelligence-Version: 1.399.686.0;1.399.686.0
Modulversion: 1.1.23090.2007
CodeIntegrity:
===============
Date: 2025-04-01 15:23:16
Description:
Code Integrity determined that a process (\Device\HarddiskVolume5\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ba34b5e302b5992f\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO 4GCN38WW 07/18/2018
Motherboard: LENOVO LNVNB161216
Processor: Intel(R) Core(TM) i5-7300HQ CPU @ 2.50GHz
Percentage of memory in use: 48%
Total physical RAM: 16244.16 MB
Available physical RAM: 8404.35 MB
Total Virtual: 20212.16 MB
Available Virtual: 10175.62 MB
==================== Drives ================================
Drive c: (Windows-SSD) (Fixed) (Total:118 GB) (Free:9.21 GB) (Model: SAMSUNG MZVLW128HEGR-000L2) NTFS
Drive d: (Data) (Fixed) (Total:931.5 GB) (Free:311.41 GB) (Model: WDC WD10SPZX-24Z10) NTFS
\\?\Volume{af418fa2-77dd-431d-9b54-ebf72e0e65d8}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.3 GB) NTFS
\\?\Volume{887d8d0e-ff22-42e4-b598-02fbcb640c19}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 812AFDE5)
Partition: GPT.
==========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 4D0A948F)
Partition: GPT.
==================== End of Addition.txt =======================
|
|
31.05.2025, 11:40
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Amazon-Konto gehackt - Trojaner?Zitat:
Windows 10 ist bald EOL und für Windows 11 ist diese CPU eine Generation zu alt. Du brauchst spätestens ab Oktober einen neuen PC oder du behälst diesen und ersetzt das Windows 10 durch Linux. Gelesen und verstanden?
__________________ |
|
31.05.2025, 12:11
| #4 | |
| | Amazon-Konto gehackt - Trojaner? Das Kaspersky virus removal tool habe ich auch schon laufen lassen: Er hat im SystemMemory den "HEUR:Trojan.Multi.Misslink.a gefunden. Ich habe die Disinfection ausgeführt und neu gestartet. Zitat:
|
|
31.05.2025, 12:28
| #5 |
| /// TB-Ausbilder | Amazon-Konto gehackt - Trojaner? Servus, ich springe hier mal kurz ein, bis cosinus wieder kommt. Wie siehts mit der Logdatei von Kaspersky aus? Hellsehen ist nicht so unsere Stärke... Wir lassen erst mal ein paar Tools laufen... Schritt 1 Führe Malwarebytes' AntiMalware (MBAM) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Schritt 2 Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Schritt 3 Bitte downloade dir DoesNotBelong (DNB) auf deinen Desktop.
Falls der Smartscreenfilter DNB blockieren sollte, kannst du den hier deaktivieren: Start > Einstellungen > Datenschutz und Sicherheit > Windows-Sicherheit > App- und Browsersteuerung > Zuverlässigkeitsbasierter Schutz |
|
31.05.2025, 14:52
| #6 | |
| | Kaspersky-Reports Hallo, vielen Dank für die Hilfe. Zitat:
Zwei Dateien: "report_2025.05.31_11.07.40.klr.enc1" und "report_2025.05.31_12.38.39.klr.enc1" Hier der Code: Code:
ATTFilter Ó½ŠŸ€›ÑâåÏÏÏÏÓ¢Š›Ž‹Ž›ŽÏ¹Šœ†€ÒÍÞÍÏ¿¬¦«ÒÍ”ÙÜ*ÝÚ×ÖªÂÙÝÖ¬Â*Ö¬*Â×ܪÖ«ªÞ¬ªÖÜØ«ª©Ö’ÍÏ£Žœ›¢€‹†‰†ŒŽ›†€ÒÍÝßÝÚÁßÚÁÜÞÏÞÝÕÜÙÕÞÛÁÖÜØÍÏÀÑâåÏÏÏÏÓª™Š›*ƒ€Œ„œÑâåÏÏÏÏÏÏÏÏÓ*ƒ€Œ„ßÏ»–ŸŠÒͼŒŽÍÏ¿€ŒŠœœŠ‹ÒÍÞÍÏ©€š‹ÒÍßÍÏ¡Šš›Žƒ†•Š‹ÒÍßÍÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ßÏ®Œ›†€ÒͼŒŽÍÏ»†‚ŠÒÍÞÜÜÖÜÞÚÙÞßÖßÙ×Ü×ÛÜÍÏ*…ŠŒ›ÒÍÍϦ‰€Òͼ›Ž›Š‹ÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÞÏ®Œ›†€ÒͼŒŽÍÏ»†‚ŠÒÍÞÜÜÖÜÞÚÙÞÝÜÛÚØÖÙÞØÍÏ*…ŠŒ›ÒÍÍϦ‰€ÒÍ©††œ‡Š‹ÍÏÀÑâåÏÏÏÏÏÏÏÏÓÀ*ƒ€Œ„ßÑâåÏÏÏÏÏÏÏÏÓ*ƒ€Œ„ÞÏ»–ŸŠÒͼŒŽÍÏ¿€ŒŠœœŠ‹ÒÍÞßÞØÜ××ÍÏ©€š‹ÒÍÜÍÏ¡Šš›Žƒ†•Š‹ÒÍÜÍÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ßÏ®Œ›†€ÒͼŒŽÍÏ»†‚ŠÒÍÞÜÜÖÜÞÚÙÞÜ×ÞÞ×ØÙÚÝÍÏ*…ŠŒ›ÒÍÍϦ‰€Òͼ›Ž›Š‹ÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÞÏ®Œ›†€ÒÍ«Š›ŠŒ›ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÚÙÜÜÜÛÛÚÛÛÞÙÍÏ*…ŠŒ›Òͬճ¿€ˆŽ‚«Ž›Ž³¢†Œ€œ€‰›³¸†‹€˜œ³¼›Ž›Ï¢Šš³¿€ˆŽ‚œ³©†Š‰€—Áƒ„ÍϦ‰€ÒÍ€›ÂŽÂ™†šœÕ§ªº½Õ®‹¸ŽŠÁ¸†£¡¤Á¼›Ž›¿ŽˆŠÁˆŠÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÝÏ®Œ›†€ÒÍ«Š›ŠŒ›ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÚÙÜÜÛÖÖÝÛßÜØÍÏ*…ŠŒ›ÒͬճºœŠœ³®‹‚††œ›Ž›€³®ŸŸ«Ž›Ž³½€Ž‚†ˆ³¢†Œ€œ€‰›³¦›ŠŠ›Ïª—Ÿƒ€Š³¾š†Œ„Ï£ŽšŒ‡³ºœŠÏ¿†Š‹³»Žœ„*Ž³©†Š‰€—Áƒ„ÍϦ‰€ÒÍ€›ÂŽÂ™†šœÕ§ªº½Õ®‹¸ŽŠÁ¸†£¡¤Á¼›Ž›¿ŽˆŠÁˆŠÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÜÏ®Œ›†€ÒÍ«Š›ŠŒ›ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÚ××ÖÚÙÜÛÜÙÞßÍÏ*…ŠŒ›ÒͬճºœŠœ³Šƒ°š„³«€˜ƒ€Ž‹œ³¼Ž‚œšˆÏ¼‚Ž›Ï¼˜†›Œ‡ÏÂϬ§¦¿Ï¦œ›ŽƒƒŠÏ°Ž¾†œ™ÁŠ—ŠÍϦ‰€ÒÍ€›ÂŽÂ™†šœÕ®‹¸ŽŠÁ¸†ÙÛÁ®ˆŠ›ÁŒ–ÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÛÏ®Œ›†€ÒͼŒŽÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙßÙÚ×Ø×ÛÜßÝÞÍÏ*…ŠŒ›ÒÍÍϦ‰€ÒÍ©††œ‡Š‹ÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÚÏ®Œ›†€ÒͼŠƒŠŒ›ÏŽŒ›†€ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙß×ßÚÞÖÚÚÚÖÞÍÏ*…ŠŒ›Òͬճ¿€ˆŽ‚«Ž›Ž³¢†Œ€œ€‰›³¸†‹€˜œ³¼›Ž›Ï¢Šš³¿€ˆŽ‚œ³©†Š‰€—Áƒ„ÍϦ‰€ÒÍ«ŠƒŠ›ŠÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÙÏ®Œ›†€ÒͼŠƒŠŒ›ÏŽŒ›†€ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙß×ßÚÞÖÚÚÚÖÞÍÏ*…ŠŒ›ÒͬճºœŠœ³®‹‚††œ›Ž›€³®ŸŸ«Ž›Ž³½€Ž‚†ˆ³¢†Œ€œ€‰›³¦›ŠŠ›Ïª—Ÿƒ€Š³¾š†Œ„Ï£ŽšŒ‡³ºœŠÏ¿†Š‹³»Žœ„*Ž³©†Š‰€—Áƒ„ÍϦ‰€ÒÍ«ŠƒŠ›ŠÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ØÏ®Œ›†€ÒͼŠƒŠŒ›ÏŽŒ›†€ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙß×ßÚÞÖÚÚÚÖÞÍÏ*…ŠŒ›ÒͬճºœŠœ³Šƒ°š„³«€˜ƒ€Ž‹œ³¼Ž‚œšˆÏ¼‚Ž›Ï¼˜†›Œ‡ÏÂϬ§¦¿Ï¦œ›ŽƒƒŠÏ°Ž¾†œ™ÁŠ—ŠÍϦ‰€ÒÍ«ŠƒŠ›ŠÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›×Ï®Œ›†€ÒÍ«†œ†‰ŠŒ›†€ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙß×ß×ÙÙ×ßÛÞ×ÍÏ*…ŠŒ›ÒÍÍϦ‰€Òͼ›Ž›Š‹ÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÖÏ®Œ›†€Ò;šŽŽ›†Š‹ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙß×ßÖÙ×ØßßÖØÍÏ*…ŠŒ›Òͬճ¿€ˆŽ‚«Ž›Ž³¢†Œ€œ€‰›³¸†‹€˜œ³¼›Ž›Ï¢Šš³¿€ˆŽ‚œ³©†Š‰€—Áƒ„ÍϦ‰€ÒÍÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÞßÏ®Œ›†€Ò;šŽŽ›†Š‹ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙß×ÞßÜÜØÞÚÙÞÍÏ*…ŠŒ›ÒͬճºœŠœ³®‹‚††œ›Ž›€³®ŸŸ«Ž›Ž³½€Ž‚†ˆ³¢†Œ€œ€‰›³¦›ŠŠ›Ïª—Ÿƒ€Š³¾š†Œ„Ï£ŽšŒ‡³ºœŠÏ¿†Š‹³»Žœ„*Ž³©†Š‰€—Áƒ„ÍϦ‰€ÒÍÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÞÞÏ®Œ›†€Ò;šŽŽ›†Š‹ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙß×ÞßÜÙØÙÚØÖÍÏ*…ŠŒ›ÒͬճºœŠœ³Šƒ°š„³«€˜ƒ€Ž‹œ³¼Ž‚œšˆÏ¼‚Ž›Ï¼˜†›Œ‡ÏÂϬ§¦¿Ï¦œ›ŽƒƒŠÏ°Ž¾†œ™ÁŠ—ŠÍϦ‰€ÒÍÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÞÝÏ®Œ›†€ÒÍ«ŠƒŠ›Š‹ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙß×ÞØÖ×Ù×ÜÝÙÍÏ*…ŠŒ›Òͬճ¿€ˆŽ‚«Ž›Ž³¢†Œ€œ€‰›³¸†‹€˜œ³¼›Ž›Ï¢Šš³¿€ˆŽ‚œ³©†Š‰€—Áƒ„ÍϦ‰€ÒÍÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÞÜÏ®Œ›†€ÒÍ«ŠƒŠ›Š‹ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙß×Þ×ßÞßß×ßÙÍÏ*…ŠŒ›ÒͬճºœŠœ³®‹‚††œ›Ž›€³®ŸŸ«Ž›Ž³½€Ž‚†ˆ³¢†Œ€œ€‰›³¦›ŠŠ›Ïª—Ÿƒ€Š³¾š†Œ„Ï£ŽšŒ‡³ºœŠÏ¿†Š‹³»Žœ„*Ž³©†Š‰€—Áƒ„ÍϦ‰€ÒÍÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÞÛÏ®Œ›†€ÒÍ«ŠƒŠ›Š‹ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙß×Þ×ßÞßß×ßÙÍÏ*…ŠŒ›ÒͬճºœŠœ³Šƒ°š„³«€˜ƒ€Ž‹œ³¼Ž‚œšˆÏ¼‚Ž›Ï¼˜†›Œ‡ÏÂϬ§¦¿Ï¦œ›ŽƒƒŠÏ°Ž¾†œ™ÁŠ—ŠÍϦ‰€ÒÍÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÞÚÏ®Œ›†€ÒÍ«†œ†‰ŠŒ›†€ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙß×Þ×ßÝ×ØÝÞÛÍÏ*…ŠŒ›ÒÍÍϦ‰€ÒÍ©††œ‡Š‹ÍÏÀÑâåÏÏÏÏÏÏÏÏÓÀ*ƒ€Œ„ÞÑâåÏÏÏÏÏÏÏÏÓ*ƒ€Œ„ÝÏ»–ŸŠÒͼŒŽÏ®«ÍÏ¿€ŒŠœœŠ‹ÒÍÜÖ×ÛÍÏ©€š‹ÒÍÞÍÏ¡Šš›Žƒ†•Š‹ÒÍÞÍÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ßÏ®Œ›†€ÒͼŒŽÏ®«ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙß×Þ×ÛÚÞÚÖÜßÍÏ*…ŠŒ›ÒÍÍϦ‰€Òͼ›Ž›Š‹ÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÞÏ®Œ›†€ÒÍ«Š›ŠŒ›ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙßÖÜßÜØØØÙÞÝÍÏ*…ŠŒ›Òͼ–œ›Š‚Ï¢Š‚€–ÍϦ‰€Òͧªº½Õ»€…ŽÁ¢šƒ›†Á¢†œœƒ†„ÁŽÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÝÏ®Œ›†€ÒͼŒŽÏ®«ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙÞÝÛÝÜÜÛßÛÖÖÍÏ*…ŠŒ›ÒÍÍϦ‰€ÒÍ©††œ‡Š‹ÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÜÏ®Œ›†€ÒͼŠƒŠŒ›ÏŽŒ›†€ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙÞÝØÚÖßÛÚÞÜßÍÏ*…ŠŒ›Òͼ–œ›Š‚Ï¢Š‚€–ÍϦ‰€ÒͬšŠÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÛÏ®Œ›†€ÒÍ«†œ†‰ŠŒ›†€ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙÞÝØÚÖßÛÚÞÜßÍÏ*…ŠŒ›ÒÍÍϦ‰€Òͼ›Ž›Š‹ÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÚÏ®Œ›†€ÒͬšŠ‹ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙÞÜØß×ØÜÙÝÞÛÍÏ*…ŠŒ›Òͼ–œ›Š‚Ï¢Š‚€–ÍϦ‰€ÒÍÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÙÏ®Œ›†€ÒÍ«†œ†‰ŠŒ›†€ÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙÞÜØßÖÜÝÜÜÚÞÍÏ*…ŠŒ›ÒÍÍϦ‰€ÒÍ©††œ‡Š‹ÍÏÀÑâåÏÏÏÏÏÏÏÏÓÀ*ƒ€Œ„ÝÑâåÏÏÏÏÓÀª™Š›*ƒ€Œ„œÑâåÓÀ½ŠŸ€›Ñâå
Code:
ATTFilter Ó½ŠŸ€›ÑâåÏÏÏÏÓ¢Š›Ž‹Ž›ŽÏ¹Šœ†€ÒÍÞÍÏ¿¬¦«ÒÍ”ÙÜ*ÝÚ×ÖªÂÙÝÖ¬Â*Ö¬*Â×ܪÖ«ªÞ¬ªÖÜØ«ª©Ö’ÍÏ£Žœ›¢€‹†‰†ŒŽ›†€ÒÍÝßÝÚÁßÚÁÜÞÏÞÚÕß×ÕÝÜÁÝÙ×ÍÏÀÑâåÏÏÏÏÓª™Š›*ƒ€Œ„œÑâåÏÏÏÏÏÏÏÏÓ*ƒ€Œ„ßÏ»–ŸŠÒͼŒŽÍÏ¿€ŒŠœœŠ‹ÒÍÞßÞ×ÙÞ×ÍÏ©€š‹ÒÍßÍÏ¡Šš›Žƒ†•Š‹ÒÍßÍÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ßÏ®Œ›†€ÒͼŒŽÍÏ»†‚ŠÒÍÞÜÜÖÜÞÙÞÚÜÝßÖ××ÜÖ×ÍÏ*…ŠŒ›ÒÍÍϦ‰€Òͼ›Ž›Š‹ÍÏÀÑâåÏÏÏÏÏÏÏÏÏÏÏÏÓª™Š›ÞÏ®Œ›†€ÒͼŒŽÍÏ»†‚ŠÒÍÞÜÜÖÜÞØßÝÛ×ÞÜ×ÙÛÞØÍÏ*…ŠŒ›ÒÍÍϦ‰€ÒÍ©††œ‡Š‹ÍÏÀÑâåÏÏÏÏÏÏÏÏÓÀ*ƒ€Œ„ßÑâåÏÏÏÏÓÀª™Š›*ƒ€Œ„œÑâåÓÀ½ŠŸ€›Ñâå
Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 31.05.2025
Scan-Zeit: 15:17
Protokolldatei: a514031a-3e21-11f0-b677-8c1645441d97.json
-Softwaredaten-
Version: 5.3.2.195
Komponentenversion: 134.0.5279
Version des Aktualisierungspakets: 1.0.99605
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 19045.5854)
CPU: x64
Dateisystem: NTFS
Benutzer: Firewalker85\el_uk
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 260694
Erkannte Bedrohungen: 99
In die Quarantäne verschobene Bedrohungen: 99
Abgelaufene Zeit: 6 Min., 18 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 7
PUP.Optional.GoodGame.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\GoodGame.de, In Quarantäne, 3082, 401580, 1.0.99605, , ame, , ,
PUP.Optional.StartFenster.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Startfenster.de, In Quarantäne, 2753, 401569, 1.0.99605, , ame, , ,
PUP.Optional.QuickDriverUpdater, HKLM\SOFTWARE\qdu-pr, In Quarantäne, 5188, 814062, 1.0.99605, , ame, , ,
PUP.Optional.StartFenster.ShrtCln, HKU\S-1-5-21-1123935005-352909213-1317991075-500\SOFTWARE\AM, In Quarantäne, 2753, 401432, 1.0.99605, , ame, , ,
PUP.Optional.StartFenster.ShrtCln, HKU\S-1-5-21-1123935005-352909213-1317991075-1001\SOFTWARE\AM, In Quarantäne, 2753, 401432, 1.0.99605, , ame, , ,
PUP.Optional.StartFenster, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Startfenster-Replace.exe, In Quarantäne, 2754, 350115, 1.0.99605, , ame, , ,
PUP.Optional.StartFenster, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Startfenster-Replace.exe, In Quarantäne, 2754, 350115, 1.0.99605, , ame, , ,
Registrierungswert: 5
Backdoor.Bot, HKU\S-1-5-21-1123935005-352909213-1317991075-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|VLC, In Quarantäne, 144, 210172, 1.0.99605, , ame, , ,
PUP.Optional.StartFenster.ShrtCln, HKU\S-1-5-21-1123935005-352909213-1317991075-500\SOFTWARE\AM|STARTFENSTER-REPLACE, In Quarantäne, 2753, 401432, 1.0.99605, , ame, , ,
PUP.Optional.StartFenster.ShrtCln, HKU\S-1-5-21-1123935005-352909213-1317991075-500\SOFTWARE\AM|STARTFENSTER SYMBOL, In Quarantäne, 2753, 401432, 1.0.99605, , ame, , ,
PUP.Optional.GoodGame.ShrtCln, HKU\S-1-5-21-1123935005-352909213-1317991075-500\SOFTWARE\AM|GOODGAME, In Quarantäne, 3082, 401601, 1.0.99605, , ame, , ,
PUP.Optional.StartFenster.ShrtCln, HKU\S-1-5-21-1123935005-352909213-1317991075-1001\SOFTWARE\AM|STARTFENSTER-REPLACE, In Quarantäne, 2753, 401432, 1.0.99605, , ame, , ,
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 13
PUP.Optional.GoodGame.ShrtCln, C:\PROGRAM FILES (X86)\GOODGAME, In Quarantäne, 3082, 401580, 1.0.99605, , ame, , ,
PUP.Optional.StartFenster.ShrtCln, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTFENSTER-REPLACE, In Quarantäne, 2753, 401566, 1.0.99605, , ame, , ,
PUP.Optional.StartFenster.ShrtCln, C:\USERS\EL_UK\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTFENSTER-REPLACE, In Quarantäne, 2753, 401566, 1.0.99605, , ame, , ,
PUP.Optional.StartFenster, C:\PROGRAM FILES (X86)\STARTFENSTER-REPLACE, In Quarantäne, 2754, 350112, 1.0.99605, , ame, , ,
PUP.Optional.StartFenster.ShrtCln, C:\PROGRAM FILES (X86)\STARTFENSTER SYMBOL, In Quarantäne, 2753, 401569, 1.0.99605, , ame, , ,
PUP.Optional.StartFenster.ShrtCln, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTFENSTER SYMBOL, In Quarantäne, 2753, 460730, 1.0.99605, , ame, , ,
PUP.Optional.QuickDriverUpdater, C:\USERS\EL_UK\APPDATA\ROAMING\DIGITAL PROTECTION SERVICES S.R.L.\QUICK DRIVER UPDATER, whitelisted, 5188, 814057, 1.0.99605, , ame, , ,
PUP.Optional.QuickDriverUpdater, C:\Users\el_uk\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\DrvBackups\2024.05.26 08.43.09, In Quarantäne, 5188, 814057, 1.0.99605, , ame, , ,
PUP.Optional.QuickDriverUpdater, C:\Users\el_uk\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\DrvBackups, In Quarantäne, 5188, 814057, 1.0.99605, , ame, , ,
PUP.Optional.QuickDriverUpdater, C:\Users\el_uk\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\smico, In Quarantäne, 5188, 814057, 1.0.99605, , ame, , ,
PUP.Optional.StartFenster, C:\USERS\EL_UK\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Sync Data\LevelDB, In Quarantäne, 2754, 455286, 1.0.99605, , ame, , ,
PUP.Optional.StartFenster, C:\USERS\EL_UK\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Sync Data\LevelDB, In Quarantäne, 2754, 455286, 1.0.99605, , ame, , ,
PUP.Optional.StartFenster, C:\USERS\EL_UK\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Sync Data\LevelDB, In Quarantäne, 2754, 455286, 1.0.99605, , ame, , ,
Datei: 75
PUP.Optional.GoodGame.ShrtCln, C:\PROGRAM FILES (X86)\GOODGAME\SETUP.ICO, In Quarantäne, 3082, 401580, 1.0.99605, , ame, , 58E4B64420F84EFA71F0CE29CD50429E, BA306550D41BE6E77BB836384504AC1979F467320295E6BE2A2F39433DF7A7A6
PUP.Optional.GoodGame.ShrtCln, C:\Program Files (x86)\GoodGame\bigfarm.ico, In Quarantäne, 3082, 401580, 1.0.99605, , ame, , 45B821EB95557B6B7E00289F22C1BA24, 4C02D9BF5497A4CCA25F054311C0C12E64495E9AC2EA235A6E8787029ED99CBF
PUP.Optional.GoodGame.ShrtCln, C:\Program Files (x86)\GoodGame\empire.ico, In Quarantäne, 3082, 401580, 1.0.99605, , ame, , 58A5323B66D3334572DA30572A369CE9, AE64EBDD1309C30F4778244330EEC7ED6EEEB96A363426586519E3C4356CC67A
PUP.Optional.GoodGame.ShrtCln, C:\Program Files (x86)\GoodGame\uninstall.exe, In Quarantäne, 3082, 401580, 1.0.99605, , ame, , 48FF80E435CDE88CE8640F836CBBA91D, 9BEB37DF3BD5974ABC51B7BF35F0A38D6B6F7C94026238F58815E95CCE55CBE4
Backdoor.Bot, C:\PROGRAM FILES\VLC PLUS PLAYER\VLC-UPDATER.EXE, In Quarantäne, 144, 210172, 1.0.99605, , ame, , DC4CFD3DBF4A9A9BE27794CEDE82F068, E8CEAAF4A25E3988305A58526F5E5B0434900430CE89AF9D1127B0FA59AA6359
PUP.Optional.GoodGame.ShrtCln, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\GOODGAME\GoodGame BigFarm spielen.lnk, In Quarantäne, 3082, 401581, 1.0.99605, , ame, , EA120EBBF3C266CAC8EFD91C524A74E1, CF72108120A7831F4210E149C6973D8C0343D286A4391693FFAC9094A8CC6C9C
PUP.Optional.StartFenster.ShrtCln, C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startfenster-Replace\Startfenster.lnk, In Quarantäne, 2753, 401566, 1.0.99605, , ame, , 7A24E4B10B76CB959E5E4064E1B87757, 6C4E5E46CC70B27A1336626A50FE92CC5C720F045112D1C74F1DC5AE67B122A7
PUP.Optional.GoodGame.ShrtCln, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\GOODGAME\GoodGame Empire spielen.lnk, In Quarantäne, 3082, 401581, 1.0.99605, , ame, , 30D7D37DA3C02E97A295E72191EEBFBE, 354D9C3E0CD86706FA59045EE6441CF57A97B7A413FE2D80C40CB4063814E63E
PUP.Optional.GoodGame.ShrtCln, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\GoodGame BigFarm spielen.lnk, In Quarantäne, 3082, 401585, 1.0.99605, , ame, , EA120EBBF3C266CAC8EFD91C524A74E1, CF72108120A7831F4210E149C6973D8C0343D286A4391693FFAC9094A8CC6C9C
PUP.Optional.GoodGame.ShrtCln, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\GoodGame Empire spielen.lnk, In Quarantäne, 3082, 401585, 1.0.99605, , ame, , 30D7D37DA3C02E97A295E72191EEBFBE, 354D9C3E0CD86706FA59045EE6441CF57A97B7A413FE2D80C40CB4063814E63E
PUP.Optional.GoodGame.ShrtCln, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\GOODGAME.LNK, In Quarantäne, 3082, 401586, 1.0.99605, , ame, , EA120EBBF3C266CAC8EFD91C524A74E1, CF72108120A7831F4210E149C6973D8C0343D286A4391693FFAC9094A8CC6C9C
PUP.Optional.GoodGame.ShrtCln, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\GoodGame BigFarm spielen.lnk, In Quarantäne, 3082, 401587, 1.0.99605, , ame, , EA120EBBF3C266CAC8EFD91C524A74E1, CF72108120A7831F4210E149C6973D8C0343D286A4391693FFAC9094A8CC6C9C
PUP.Optional.GoodGame.ShrtCln, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\GoodGame Empire spielen.lnk, In Quarantäne, 3082, 401587, 1.0.99605, , ame, , 30D7D37DA3C02E97A295E72191EEBFBE, 354D9C3E0CD86706FA59045EE6441CF57A97B7A413FE2D80C40CB4063814E63E
PUP.Optional.StartFenster.ShrtCln, C:\Users\el_uk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startfenster-Replace\Startfenster.lnk, In Quarantäne, 2753, 401566, 1.0.99605, , ame, , 1F0FFCD941BEC47D7D9186C34F6C97B4, 116B1FDBB69A3731B244036A455D252140D75F4C09D1BA9F74AA404EBEB1F1D0
PUP.Optional.StartFenster.ShrtCln, C:\USERS\ADMINISTRATOR\FAVORITES\STARTFENSTER.LNK, In Quarantäne, 2753, 349859, 1.0.99605, , ame, , 72E50585634CBE31A20D3A4041AC7022, BE9ABC40E1BE9B7A90EB7309DA0E331D6276445A0EF4B462F460DD31DA10A5E6
PUP.Optional.StartFenster, C:\PROGRAM FILES (X86)\STARTFENSTER-REPLACE\LOGO.ICO, In Quarantäne, 2754, 350112, 1.0.99605, , ame, , BDCF63C89B22A44CDF5B1BE184714A26, C333C15AC24C7820F8E613E6878F1823514E15618CBBFE16161405CDE5270A39
PUP.Optional.StartFenster.ShrtCln, C:\USERS\ADMINISTRATOR\FAVORITES\LINKS\STARTFENSTER.LNK, In Quarantäne, 2753, 349856, 1.0.99605, , ame, , 72E50585634CBE31A20D3A4041AC7022, BE9ABC40E1BE9B7A90EB7309DA0E331D6276445A0EF4B462F460DD31DA10A5E6
PUP.Optional.GoodGame.ShrtCln, C:\USERS\ADMINISTRATOR\FAVORITES\LINKS\GoodGame BigFarm spielen.lnk, In Quarantäne, 3082, 401583, 1.0.99605, , ame, , EA120EBBF3C266CAC8EFD91C524A74E1, CF72108120A7831F4210E149C6973D8C0343D286A4391693FFAC9094A8CC6C9C
PUP.Optional.GoodGame.ShrtCln, C:\USERS\ADMINISTRATOR\FAVORITES\LINKS\GoodGame Empire spielen.lnk, In Quarantäne, 3082, 401583, 1.0.99605, , ame, , 30D7D37DA3C02E97A295E72191EEBFBE, 354D9C3E0CD86706FA59045EE6441CF57A97B7A413FE2D80C40CB4063814E63E
PUP.Optional.StartFenster.ShrtCln, C:\Program Files (x86)\Startfenster Symbol\logo.ico, In Quarantäne, 2753, 401569, 1.0.99605, , ame, , BDCF63C89B22A44CDF5B1BE184714A26, C333C15AC24C7820F8E613E6878F1823514E15618CBBFE16161405CDE5270A39
PUP.Optional.StartFenster.ShrtCln, C:\Program Files (x86)\Startfenster Symbol\uninstall.exe, In Quarantäne, 2753, 401569, 1.0.99605, , ame, , 05D1C57AC74D443DC810D7017C08D6FB, 327F7F183688A0DCCCE1C1F485A2DD7CE863DFE51F56258EC0E461190B29AD0E
PUP.Optional.StartFenster.ShrtCln, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\STARTFENSTER.LNK, In Quarantäne, 2753, 349850, 1.0.99605, , ame, , 705B6EF22CF09503FCD84C87BDE8614D, 5342BDB9A3B72B0870D475840C825904995287597B256B838464D02B8C6277CC
PUP.Optional.StartFenster.ShrtCln, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startfenster Symbol\Software deinstallieren.lnk, In Quarantäne, 2753, 460730, 1.0.99605, , ame, , 5CEEC7C349FDF2943DBA580315C635A0, 59C5A1978F3C4612E2819EB7FDFB5F365884B59420BD8C8338C9306A840109DE
PUP.Optional.StartFenster.ShrtCln, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startfenster Symbol\Startfenster.lnk, In Quarantäne, 2753, 460730, 1.0.99605, , ame, , AAB7871094306698B22967D64C38551C, A60E11026FD3C28E7171B390EC70BBFB0A5858A88CFE0F303C889A067DA23E6D
PUP.Optional.StartFenster.ShrtCln, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\STARTFENSTER.LNK, In Quarantäne, 2753, 349853, 1.0.99605, , ame, , AF388855D2264546E3C332ADB25A22D9, 145F6A3FB58A8EB6392C59BD5BEE69E05A6D1E5AD49EC22AFB82D9BD04B9A1D0
PUP.Optional.StartFenster, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\USER PINNED\TASKBAR\STARTFENSTER SYMBOL.LNK, In Quarantäne, 2754, 350108, 1.0.99605, , ame, , 4335E2A9C86EAF6F50605D66F53C0CD5, 42B6DAAEAA4448DB13BAE495105AD122C368B30972E064A681220DAFC04BBE0C
PUP.Optional.GoodGame.ShrtCln, C:\USERS\ADMINISTRATOR\FAVORITES\GoodGame BigFarm spielen.lnk, In Quarantäne, 3082, 401584, 1.0.99605, , ame, , EA120EBBF3C266CAC8EFD91C524A74E1, CF72108120A7831F4210E149C6973D8C0343D286A4391693FFAC9094A8CC6C9C
PUP.Optional.GoodGame.ShrtCln, C:\USERS\ADMINISTRATOR\FAVORITES\GoodGame Empire spielen.lnk, In Quarantäne, 3082, 401584, 1.0.99605, , ame, , 30D7D37DA3C02E97A295E72191EEBFBE, 354D9C3E0CD86706FA59045EE6441CF57A97B7A413FE2D80C40CB4063814E63E
PUP.Optional.QuickDriverUpdater, C:\Users\el_uk\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\DrvBackups\2024.05.26 08.43.09\Qualcomm_Atheros_QCA61x4A_Wireless_Network_Adapter.zip, In Quarantäne, 5188, 814057, 1.0.99605, , ame, , 38BAF20FD7C5EBF92236501866722B0C, 4CDC7EDFCEBDDE352BA2836E29DD375CD25B005E62125AE2A07F968EA961262F
PUP.Optional.QuickDriverUpdater, C:\Users\el_uk\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\DrvBackups\2024.05.26 08.43.09\Reports.xml, In Quarantäne, 5188, 814057, 1.0.99605, , ame, , 86736EAB555DE359AC3008AE096C1B0A, 30FCD29334AD368D4B385C4603E43A3AD970D1F06BB8445284845F31F98A1306
PUP.Optional.QuickDriverUpdater, C:\Users\el_uk\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\smico\aw5tfxwb.png, In Quarantäne, 5188, 814057, 1.0.99605, , ame, , 2B5233EA3765839BCA71EEC73ADD3895, 8E7D5AC39915488DD12262AAE13A2CA8C18E2234ABF73DA2618C27348058B303
PUP.Optional.QuickDriverUpdater, C:\Users\el_uk\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\smico\ntoy523r.png, In Quarantäne, 5188, 814057, 1.0.99605, , ame, , 2B5233EA3765839BCA71EEC73ADD3895, 8E7D5AC39915488DD12262AAE13A2CA8C18E2234ABF73DA2618C27348058B303
PUP.Optional.QuickDriverUpdater, C:\Users\el_uk\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\Errorlog.txt, In Quarantäne, 5188, 814057, 1.0.99605, , ame, , FD894136979F81CB6062A83E42AE1967, 893875CA88584464ECD567CDB511FDD372CE874D2D74C3457680F7E1AC93E9BE
PUP.Optional.QuickDriverUpdater, C:\Users\el_uk\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\Logs.txt, In Quarantäne, 5188, 814057, 1.0.99605, , ame, , 459E0208B311070B46DD3DA02ED9F256, A86AE92982E0BEC94B81A05B04C9EB771D330CD19DCA8E5AA56C067F2DD291E4
PUP.Optional.QuickDriverUpdater, C:\Users\el_uk\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\Mydb.sqlite, In Quarantäne, 5188, 814057, 1.0.99605, , ame, , 95FFBC84219E249A04364D865FF92579, 27A75C9E904E652229FA8CE498788AFF5078247FD9C9E9045009440DED7ECE12
PUP.Optional.QuickDriverUpdater, C:\Users\el_uk\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\notifier.xml, In Quarantäne, 5188, 814057, 1.0.99605, , ame, , 26E054943B8E6E4F49520FF61AC394C8, B49D86FE7C17E78C5726ADF45201EF67CC86418FC4063D17BC808F63EF261C31
PUP.Optional.QuickDriverUpdater, C:\Users\el_uk\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\res.bin, In Quarantäne, 5188, 814057, 1.0.99605, , ame, , 426002EAD15A944435E1FF6325183EA7, 91A872E09E3DF2BA215B04E8959F003B0E1ECE68836A59399A2A1F73E86DC20B
PUP.Optional.QuickDriverUpdater, C:\Users\el_uk\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\Result.cb, In Quarantäne, 5188, 814057, 1.0.99605, , ame, , F9546A4EF3CD7769ED2114C2369525A1, DF77AEA5371AB02C9C7538015674BA84DF273C2B93C09F59819F9517BEBE05FD
PUP.Optional.QuickDriverUpdater, C:\Users\el_uk\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\update.xml, In Quarantäne, 5188, 814057, 1.0.99605, , ame, , 5CBB31284526FF98484B045374F18201, 18646FA5EE7AAB4D93814908A0B8ED8391EAE93D2C2970EE1A9B9D4720FA2EE2
PUP.Optional.QuickDriverUpdater, C:\Users\el_uk\AppData\Roaming\Digital Protection Services S.R.L\Quick Driver Updater\Updatelog.txt, In Quarantäne, 5188, 814057, 1.0.99605, , ame, , 454FCC66A01C6E478D9744FF62C8508A, B3E7FD5E2134FF8B20250E27B2663FD163BB62E55B4EF61CE5DED0B37659FBC4
PUP.Optional.MyFireSearch, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5VVU71O2.DEFAULT\PREFS.JS, Ersetzt, 5528, 914864, 1.0.99605, , ame, , 469727306221110F4DAC6D434417227F, A9453FBBBAEC9D088A9995ED7E02D41D44C68F49A994A3DF0F0BD6E26F91C5F5
PUP.Optional.MyFireSearch, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5VVU71O2.DEFAULT\PREFS.JS, Ersetzt, 5528, 914865, 1.0.99605, , ame, , 469727306221110F4DAC6D434417227F, A9453FBBBAEC9D088A9995ED7E02D41D44C68F49A994A3DF0F0BD6E26F91C5F5
PUP.Optional.MyFireSearch, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5VVU71O2.DEFAULT\PREFS.JS, Ersetzt, 5528, 914868, 1.0.99605, , ame, , 469727306221110F4DAC6D434417227F, A9453FBBBAEC9D088A9995ED7E02D41D44C68F49A994A3DF0F0BD6E26F91C5F5
PUP.Optional.MyFireSearch, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TNWDDSKX.DEFAULT-RELEASE\SEARCHPLUGINS\MY FIREFOX SEARCH.XML, In Quarantäne, 5528, 910806, 1.0.99605, , ame, , 976E5E3D27CC82B243D5EC8E4958B072, 40F1A264F28A1D8FC2B3299B1DC62AABDDB3E9600844E66EEC94606FE259A0C5
PUP.Optional.MyFireSearch, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TNWDDSKX.DEFAULT-RELEASE\PREFS.JS, Ersetzt, 5528, 914864, 1.0.99605, , ame, , 4832DE1C88546092E0F1153767F65826, 5C2893DA6482C3D7D6E907F9F4D251716041F748890CBAE92216E0E22325E5CE
PUP.Optional.MyFireSearch, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TNWDDSKX.DEFAULT-RELEASE\PREFS.JS, Ersetzt, 5528, 914865, 1.0.99605, , ame, , 4832DE1C88546092E0F1153767F65826, 5C2893DA6482C3D7D6E907F9F4D251716041F748890CBAE92216E0E22325E5CE
PUP.Optional.MyFireSearch, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TNWDDSKX.DEFAULT-RELEASE\PREFS.JS, Ersetzt, 5528, 914866, 1.0.99605, , ame, , 4832DE1C88546092E0F1153767F65826, 5C2893DA6482C3D7D6E907F9F4D251716041F748890CBAE92216E0E22325E5CE
PUP.Optional.MyFireSearch, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TNWDDSKX.DEFAULT-RELEASE\PREFS.JS, Ersetzt, 5528, 914867, 1.0.99605, , ame, , 4832DE1C88546092E0F1153767F65826, 5C2893DA6482C3D7D6E907F9F4D251716041F748890CBAE92216E0E22325E5CE
PUP.Optional.MyFireSearch, C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TNWDDSKX.DEFAULT-RELEASE\PREFS.JS, Ersetzt, 5528, 914868, 1.0.99605, , ame, , 4832DE1C88546092E0F1153767F65826, 5C2893DA6482C3D7D6E907F9F4D251716041F748890CBAE92216E0E22325E5CE
Malware.AI.2412708142, C:\USERS\EL_UK\DOWNLOADS\TTACTIVATOR-V1.20.RAR, In Quarantäne, 1000000, 0, 1.0.99605, D52766F8F711E6948FCF012E, dds, 03373213, 7AB2CF9923ADA9530AC02373414DC464, 44B6A12F2A9FBFCDDDBC56B78A7D29142BE5F37896D220E1E58C24AED1512E4A
Malware.AI.2412708142, C:\USERS\EL_UK\APPDATA\ROAMING\Microsoft\Windows\Recent\TTActivator-v1.20.rar.lnk, In Quarantäne, 1000000, 0, 1.0.99605, D52766F8F711E6948FCF012E, dds, 03373213, 52F9CC57067A683EFDD15B237C814AB8, EEB5835475B909A859CB825DC497FBDF239440D592ECC03171CA3A17BFBB2CF6
Generic.Malware.AI.DDS, C:\USERS\EL_UK\DOWNLOADS\ACTIVATOR_2019_INSTALLER.RAR, In Quarantäne, 1000002, 0, 1.0.99605, 8CA2ADE95884EB3D45F0A331, dds, 03373213, 3DA767221359C0EFAA9D9BE4C933D084, F509C36214D429112A33DD0C309AE24582E18BC3600944D4B9E65D2FE2F4C1EA
Generic.Malware.AI.DDS, C:\USERS\EL_UK\APPDATA\ROAMING\Microsoft\Windows\Recent\Activator_2019_Installer.rar.lnk, In Quarantäne, 1000002, 0, 1.0.99605, 8CA2ADE95884EB3D45F0A331, dds, 03373213, 311BD03DF876DA4FCF8C4CA0C3802A7B, B006FC61ECAF11D03CB736EF12C15B6534299D64578A4EFF599332037D5D6DA7
Generic.Malware.AI.DDS, C:\$RECYCLE.BIN\S-1-5-21-1123935005-352909213-1317991075-1001\$RZ8866M\ACTIVATOR_2019_INSTALLER.EXE, In Quarantäne, 1000002, 0, 1.0.99605, 8CA2ADE95884EB3D45F0A331, dds, 03373213, 6DEB202CBF61EB20AE848DD24149492F, 31ADD07CADD120AE66E70718AA0C8C29944F5F910094A4AC76ED037C6AB31103
Generic.Malware.AI.DDS, C:\$RECYCLE.BIN\S-1-5-21-1123935005-352909213-1317991075-1001\$RTZ8VF2.EXE, In Quarantäne, 1000002, 0, 1.0.99605, 8CA2ADE95884EB3D45F0A331, dds, 03373213, 6DEB202CBF61EB20AE848DD24149492F, 31ADD07CADD120AE66E70718AA0C8C29944F5F910094A4AC76ED037C6AB31103
Generic.Malware.AI.DDS, C:\$RECYCLE.BIN\S-1-5-21-1123935005-352909213-1317991075-1001\$RLDPRQJ\ACTIVATOR_2019_INSTALLER.EXE, In Quarantäne, 1000002, 0, 1.0.99605, 8CA2ADE95884EB3D45F0A331, dds, 03373213, 6DEB202CBF61EB20AE848DD24149492F, 31ADD07CADD120AE66E70718AA0C8C29944F5F910094A4AC76ED037C6AB31103
Trojan.MisplacedLegit.AutoIt, C:\USERS\EL_UK\APPDATA\LOCAL\TEMP\105949\FORGOT.COM, In Quarantäne, 9932, 1305595, 1.0.99605, , ame, , 62D09F076E6E0240548C2F837536A46A, 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
Trojan.MisplacedLegit.AutoIt, C:\USERS\ADMINISTRATOR\APPDATA\LOCAL\TEMP\105949\FORGOT.COM, In Quarantäne, 9932, 1305595, 1.0.99605, , ame, , 62D09F076E6E0240548C2F837536A46A, 1300262A9D6BB6FCBEFC0D299CCE194435790E70B9C7B4A651E202E90A32FD49
Generic.Malware.AI.DDS, C:\USERS\EL_UK\DESKTOP\TTACTIVATOR\DOWNLOADER_NAV3-SPEEDCAM_NORMAL & PREMIUM-TTPKG\DOWNLODER_NAV3-SPEEDCAM_NORMAL & PREMIUM-TTPKG.EXE, In Quarantäne, 1000002, 0, 1.0.99605, F0168E8D80F7CC4D454B2DEB, dds, 03373213, 5884C50F6DE1DC19B0FB9C3BAA4EE7DD, E34FD6295688DF96713ADF661EB9D9C9C41364B2DA7D061F2AF519187E6CCCFF
Generic.Malware.AI.DDS, C:\USERS\EL_UK\DESKTOP\TTACTIVATOR\R-LINK EXPLORER & MICROSD-KARTE VORBEREITEN\MICROSD_KARTE IN DER GR\u00c3\u00b6\u00c3\u009fE VON 32 GB MIT DEM R-LINK_EXPLORER VERWENDEN\(MICRO-)SD-KARTE_FIX.EXE, In Quarantäne, 1000002, 0, 1.0.99605, 631EF47AF5D1EF85176BE38B, dds, 03373213, 075325C10F59A17038D38AE0DFFE21A1, 64E99ACBF1A2CCE91F9B53F09508C787578B0BDB5F0DF39E69B752D75BCD6F41
Malware.AI.2412708142, C:\USERS\EL_UK\DESKTOP\TTACTIVATOR\TTACTIVATOR-V1.20\TTACTIVATOR.EXE, In Quarantäne, 1000000, 0, 1.0.99605, D52766F8F711E6948FCF012E, dds, 03373213, 0B9B61FEE8D6E88A8B125BE35B051C41, 9386D0F0C7A787850F5622664E4D08F0C1DD988CE1679112CB05BA444B29D7F0
Generic.Malware.AI.DDS, C:\USERS\EL_UK\DESKTOP\TTACTIVATOR\R-LINK EXPLORER & MICROSD-KARTE VORBEREITEN\R-LINK EXPLORER 1.4.1 + 32GB_SD-UNTERST\u00c3\u00bcTZUNG\(MICRO-)SD-KARTE MANIPULIEREN.EXE, In Quarantäne, 1000002, 0, 1.0.99605, 631EF47AF5D1EF85176BE38B, dds, 03373213, 075325C10F59A17038D38AE0DFFE21A1, 64E99ACBF1A2CCE91F9B53F09508C787578B0BDB5F0DF39E69B752D75BCD6F41
PUP.Optional.StartFenster, C:\USERS\EL_UK\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Web Data, Ersetzt, 2754, 455286, 1.0.99605, , ame, , 1A799DE8F8369B04A029E40192EEA2F2, 8138F7840F787A2ED6650A2DBA36355DBE407C14CE54AA3A3186D2C0373D467C
PUP.Optional.StartFenster, C:\Users\el_uk\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000005.ldb, In Quarantäne, 2754, 455286, 1.0.99605, , ame, , 71389C38E7EF8318E3DC813F55DCEC56, B9EB1D6C15158FE9069AEAFF8CA2A33F9245CC28AAC3FCE1B8EFDFF947B4A02C
PUP.Optional.StartFenster, C:\Users\el_uk\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000034.ldb, In Quarantäne, 2754, 455286, 1.0.99605, , ame, , 4F794A2410DEA81D00BAFCABF5A43928, 84AF3A5DE16CDDBF8F7AF235A7024D5B8DAB24AE72042E75CF4079AF4ED377B1
PUP.Optional.StartFenster, C:\Users\el_uk\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000037.ldb, In Quarantäne, 2754, 455286, 1.0.99605, , ame, , B05272D26FA46CF7D2A471E15C85E58D, E0AE7C8946A27C78F0F184AC8CF4CE26175C54EBE537141FFE582B2693DD916A
PUP.Optional.StartFenster, C:\Users\el_uk\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000039.log, In Quarantäne, 2754, 455286, 1.0.99605, , ame, , 79AAFA929DEC142B4A4AEB671AE53D74, 5BA879E6EE87F52E7A858E3FABF9604E4E9734524A45249DB97928D1BF507B9A
PUP.Optional.StartFenster, C:\Users\el_uk\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\000040.ldb, In Quarantäne, 2754, 455286, 1.0.99605, , ame, , 3279816BC7977129AE80A8C0E9C57811, 2055CB53F6C193C9A87DD978D835B51311361A8630CA1387DC07E616871C3E4C
PUP.Optional.StartFenster, C:\Users\el_uk\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\CURRENT, In Quarantäne, 2754, 455286, 1.0.99605, , ame, , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.StartFenster, C:\Users\el_uk\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOCK, In Quarantäne, 2754, 455286, 1.0.99605, , ame, , ,
PUP.Optional.StartFenster, C:\Users\el_uk\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG, In Quarantäne, 2754, 455286, 1.0.99605, , ame, , D868CE61333C9CE035F59C4F8F85500F, 550089CA4FEC55447915723B9E883F5B8D6F0B5603958EA114917B6B6BDC68CA
PUP.Optional.StartFenster, C:\Users\el_uk\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG.old, In Quarantäne, 2754, 455286, 1.0.99605, , ame, , EC0585B4FDE1A19209E0B5E5F98957F2, 670E4E69F8BF4E2A6482D1553879277CAD7B9DB34A1F8917EE5EA6DE87DE1A3A
PUP.Optional.StartFenster, C:\Users\el_uk\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, In Quarantäne, 2754, 455286, 1.0.99605, , ame, , 747C839E5E2B9AD698CD64864DFBD1CA, C3A9472096CFE084B055BC4E9E4159F5C33AEFCE39583622E4EB6782C8FAAD0E
PUP.Optional.StartFenster, C:\USERS\EL_UK\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Web Data, Ersetzt, 2754, 455286, 1.0.99605, , ame, , 1A799DE8F8369B04A029E40192EEA2F2, 8138F7840F787A2ED6650A2DBA36355DBE407C14CE54AA3A3186D2C0373D467C
PUP.Optional.StartFenster, C:\USERS\EL_UK\APPDATA\LOCAL\MICROSOFT\EDGE\USER DATA\Default\Web Data, Ersetzt, 2754, 455286, 1.0.99605, , ame, , 1A799DE8F8369B04A029E40192EEA2F2, 8138F7840F787A2ED6650A2DBA36355DBE407C14CE54AA3A3186D2C0373D467C
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.5.1.601
# -------------------------------
# Build: 03-26-2025
# Database: 2025-04-04.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 05-31-2025
# Duration: 00:00:02
# OS: Windows 10 (Build 19045.5854)
# Cleaned: 24
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files\VLC Plus Player
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodGame
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VLC Plus Player
Deleted C:\Users\Administrator\AppData\Local\Temp\DMR
Deleted C:\Users\el_uk\AppData\Roaming\Digital Protection Services S.R.L
***** [ Files ] *****
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startfenster.lnk
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Lavasoft\Web Companion
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted HKLM\Software\VLCPP
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
Deleted Mysearchdial
Deleted Mysearchdial
Deleted Websuche
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
Deleted https://myfiresearch.com/homepage?hp=1&pId=CH210629&iDate=2024-03-27 07:30:22&bitmask=9996
Deleted https://myfiresearch.com/homepage?hp=1&pId=CH210629&iDate=2024-03-27 07:30:22&bitmask=9996
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Users\el_uk\AppData\Local\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
Deleted Preinstalled.SamsungSmartSwitch Folder C:\Users\el_uk\AppData\Roaming\SAMSUNG\SMART SWITCH PC
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [3454 octets] - [31/05/2025 15:32:46]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Code:
ATTFilter # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
# DoesNotBelong v7.9.0
# Furtivex Computer Solutions - https://furtivex.net
# OS: Microsoft Windows 10 Home x64 22H2 Deutsch (German) - 0407 - 1252 - 850
# Benutzername: Administrator (S-1-5-21-1123935005-352909213-1317991075-500)
# Datum: 2025_05_31__15_45_06
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
# Prozesse:
# Treiber:
# Dienste:
HKLM\SYSTEM\CurrentControlSet\services\McAfee WebAdvisor
# Dateien:
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
C:\Program Files\McAfee\WebAdvisor\browserhost.exe
C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
C:\Program Files\McAfee\WebAdvisor\e10ssbffplg.xpi
C:\Program Files\McAfee\WebAdvisor\e10swbffplg.xpi
C:\Program Files\McAfee\WebAdvisor\eventmanager.dll
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-cs-CZ.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-da-DK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-de-DE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-el-GR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-en-AU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-en-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-en-GB.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-en-US.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-es-ES.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-es-MX.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fi-FI.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fr-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-fr-FR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-hr-HR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-hu-HU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-it-IT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ja-JP.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ko-KR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-nb-NO.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-nl-NL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pl-PL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pt-BR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-pt-PT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-ru-RU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sk-SK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sr-Latn-CS.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-sv-SE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-tr-TR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-zh-CN.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-checklist-zh-TW.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-cs-CZ.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-da-DK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-de-DE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-el-GR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-en-AU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-en-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-en-GB.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-en-US.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-es-ES.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-es-MX.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fi-FI.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fr-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-fr-FR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-hr-HR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-hu-HU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-it-IT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ja-JP.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ko-KR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-nb-NO.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-nl-NL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pl-PL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pt-BR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-pt-PT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-ru-RU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sk-SK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sr-Latn-CS.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-sv-SE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-tr-TR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-zh-CN.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-dialog-balloon-zh-TW.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-cs-CZ.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-da-DK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-de-DE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-el-GR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-en-AU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-en-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-en-GB.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-en-US.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-es-ES.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-es-MX.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fi-FI.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fr-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-fr-FR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-hr-HR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-hu-HU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-it-IT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ja-JP.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ko-KR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-nb-NO.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-nl-NL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pl-PL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pt-BR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-pt-PT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-ru-RU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-sk-SK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-sr-Latn-CS.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-sv-SE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-tr-TR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-zh-CN.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-options-zh-TW.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-cs-CZ.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-da-DK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-de-DE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-el-GR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-en-AU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-en-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-en-GB.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-en-US.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-es-ES.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-es-MX.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fi-FI.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fr-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-fr-FR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-hr-HR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-hu-HU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-it-IT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ja-JP.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ko-KR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-nb-NO.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-nl-NL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pl-PL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pt-BR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-pt-PT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-ru-RU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sk-SK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sr-Latn-CS.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-sv-SE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-tr-TR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-zh-CN.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-shared-zh-TW.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-cs-CZ.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-da-DK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-de-DE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-el-GR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-en-AU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-en-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-en-GB.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-en-US.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-es-ES.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-es-MX.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-fi-FI.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-fr-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-fr-FR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-hr-HR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-hu-HU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-it-IT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-ja-JP.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-ko-KR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-nb-NO.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-nl-NL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-pl-PL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-pt-BR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-pt-PT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-ru-RU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sk-SK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sr-Latn-CS.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-sv-SE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-tr-TR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-zh-CN.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-adblock-zh-TW.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-cs-CZ.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-da-DK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-de-DE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-el-GR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-en-AU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-en-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-en-GB.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-en-US.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-es-ES.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-es-MX.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fi-FI.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fr-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-fr-FR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-hr-HR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-hu-HU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-it-IT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-ja-JP.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-ko-KR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-nb-NO.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-nl-NL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pl-PL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pt-BR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-pt-PT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-ru-RU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-sk-SK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-sr-Latn-CS.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-sv-SE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-tr-TR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-zh-CN.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-bing-zh-TW.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-cs-CZ.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-da-DK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-de-DE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-cs-CZ.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-da-DK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-de-DE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-el-GR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-en-AU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-en-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-en-GB.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-en-US.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-es-ES.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-es-MX.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-fi-FI.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-fr-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-fr-FR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-hr-HR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-hu-HU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-it-IT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-ja-JP.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-ko-KR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-nb-NO.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-nl-NL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pl-PL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pt-BR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-pt-PT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-ru-RU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sk-SK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sr-Latn-CS.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-sv-SE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-tr-TR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-zh-CN.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-duckduckgo-zh-TW.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-el-GR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-en-AU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-en-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-en-GB.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-en-US.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-es-ES.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-es-MX.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fi-FI.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fr-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-fr-FR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-hr-HR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-hu-HU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-it-IT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-ja-JP.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-ko-KR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-nb-NO.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-nl-NL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pl-PL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-cs-CZ.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-da-DK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-de-DE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-el-GR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-en-AU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-en-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-en-GB.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-en-US.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-es-ES.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-es-MX.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-fi-FI.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-fr-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-fr-FR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-hr-HR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-hu-HU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-it-IT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ja-JP.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ko-KR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-nb-NO.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-nl-NL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-pl-PL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-pt-BR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-pt-PT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-ru-RU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sk-SK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sr-Latn-CS.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-sv-SE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-tr-TR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-zh-CN.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pps-zh-TW.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pt-BR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-pt-PT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-ru-RU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sk-SK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sr-Latn-CS.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-sv-SE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-tr-TR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-zh-CN.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-sstoast-zh-TW.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-cs-CZ.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-da-DK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-de-DE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-el-GR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-en-AU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-en-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-en-GB.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-en-US.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-es-ES.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-es-MX.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fi-FI.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fr-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-fr-FR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-hr-HR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-hu-HU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-it-IT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ja-JP.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ko-KR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-nb-NO.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-nl-NL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-pl-PL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-pt-BR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-pt-PT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-ru-RU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-sk-SK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-sr-Latn-CS.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-sv-SE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-tr-TR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-zh-CN.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-uninstall-zh-TW.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-cs-CZ.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-da-DK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-de-DE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-el-GR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-en-AU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-en-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-en-GB.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-en-US.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-es-ES.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-es-MX.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fi-FI.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fr-CA.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-fr-FR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-hr-HR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-hu-HU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-it-IT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-ja-JP.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-ko-KR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-nb-NO.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-nl-NL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pl-PL.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pt-BR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-pt-PT.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-ru-RU.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sk-SK.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sr-Latn-CS.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-sv-SE.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-tr-TR.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-zh-CN.js
C:\Program Files\McAfee\WebAdvisor\jslang\wa-res-webboost-zh-TW.js
C:\Program Files\McAfee\WebAdvisor\logic\base_provider.luc
C:\Program Files\McAfee\WebAdvisor\logic\logic_loader.luc
C:\Program Files\McAfee\WebAdvisor\logic\miscutils.luc
C:\Program Files\McAfee\WebAdvisor\logic\oem_business_logic.luc
C:\Program Files\McAfee\WebAdvisor\logic\providers\bing.luc
C:\Program Files\McAfee\WebAdvisor\logic\providers\duckduckgo.luc
C:\Program Files\McAfee\WebAdvisor\logic\providers\yahoo.luc
C:\Program Files\McAfee\WebAdvisor\logic\providers\yandex.luc
C:\Program Files\McAfee\WebAdvisor\logic\providers_selector.luc
C:\Program Files\McAfee\WebAdvisor\logic\ss_logic.luc
C:\Program Files\McAfee\WebAdvisor\logicmodule.dll
C:\Program Files\McAfee\WebAdvisor\lookupmanager.dll
C:\Program Files\McAfee\WebAdvisor\MFW\core\class.luc
C:\Program Files\McAfee\WebAdvisor\MFW\core\dkjson.luc
C:\Program Files\McAfee\WebAdvisor\MFW\core\handlers.luc
C:\Program Files\McAfee\WebAdvisor\MFW\core\init.luc
C:\Program Files\McAfee\WebAdvisor\MFW\core\json.luc
C:\Program Files\McAfee\WebAdvisor\MFW\core\logger.luc
C:\Program Files\McAfee\WebAdvisor\MFW\core\postinit.luc
C:\Program Files\McAfee\WebAdvisor\MFW\core\priorityqueue.luc
C:\Program Files\McAfee\WebAdvisor\MFW\core\triggeracceptor.luc
C:\Program Files\McAfee\WebAdvisor\MFW\core\uiarbitratorhelper.luc
C:\Program Files\McAfee\WebAdvisor\MFW\core\uihandler.luc
C:\Program Files\McAfee\WebAdvisor\MFW\core\uithreadexithandler.luc
C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\browserutils.luc
C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\packageutils.luc
C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\settingsdb.luc
C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\stringutils.luc
C:\Program Files\McAfee\WebAdvisor\MFW\core\utils\telemetry.luc
C:\Program Files\McAfee\WebAdvisor\MFW\core\win32helper.luc
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\balloon-arrow.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\dialog-balloon-logo.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\green_check.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\icn_mshield.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\installer_background.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\jquery-1.9.0.min.js
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\loading-spinner.gif
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\main_close.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo-lg.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee-logo.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\mcafee_pc_install_icon.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\msac.ico
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\spinner_large.gif
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-checklist.css
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-common.css
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-core.js
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ui-checklist.js
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-ui-dialog.js
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-uninstall-icon.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa-utils.js
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_check.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_close.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_install_error.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\wa_logo.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_check.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_downchevron.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_exclamation.gif
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_questionmark.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\builtin\white_timer.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\mwbhandler.luc
C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\stop-video-alert-icon.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wa-controller-mwb-checklist.js
C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wa-mwb-checklist.html
C:\Program Files\McAfee\WebAdvisor\MFW\packages\mwb\wb-rocket-icon.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\clipboard.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\info-16.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\npshandler.luc
C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\wa-controller-nps-checklist.js
C:\Program Files\McAfee\WebAdvisor\MFW\packages\nps\wa-nps-checklist.html
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\about-icon-selected.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\about-icon.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\active_tab.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\checklisthandler.luc
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\close_button.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\cryptojack-icon.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\facebook.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-noxup.gif
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-top.gif
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\inst-warningbackground.gif
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\mcafee_shield_logo.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\mfe_logo.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\securesearchhandler.luc
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-close.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-icon-selected.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\settings-icon.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\switch_off.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\switch_on.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\twitter.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist-risk.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist-status.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-checklist.html
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-controller-checklist.js
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dialog-balloon.css
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dialog-balloon.html
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dwtoast.css
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-dwtoast.html
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-edge-experience.css
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-edge-experience.html
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-options.css
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-options.html
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-adblock-main.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-adblock-tick.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-adblock.css
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-adblock.html
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-adblock.js
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-bing.css
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-bing.html
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-duckduckgo.css
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-duckduckgo.html
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-pps-main.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-pps.css
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-pps.html
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast-pps.js
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast.css
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-sstoast.html
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-dialog-balloon.js
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-dwtoast.js
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-edge-experience.js
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-options.js
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-sstoast-bing.js
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-sstoast-duckduckgo.js
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa-ui-sstoast.js
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wa_sstoast_ddg_main.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wac_banner.png
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\wacsecuresearchl10n.luc
C:\Program Files\McAfee\WebAdvisor\MFW\packages\webadvisor\warning-icon-toast.png
C:\Program Files\McAfee\WebAdvisor\resource.dll
C:\Program Files\McAfee\WebAdvisor\servicehost.exe
C:\Program Files\McAfee\WebAdvisor\settingmanager.dll
C:\Program Files\McAfee\WebAdvisor\taskmanager.dll
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\dimensionconfig.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\dimensionhandler.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\dimensionprocessor.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\baseaffidlookup.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\bingpartnercode.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\chromebasedbrowserversion.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\currentbrowserversion.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\dayssincesettingsdblookup.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\defaultbrowser.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\eventsupplied.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\externalutilityfunction.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\featuretrackingfeature.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\firefoxversion.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\installdate.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\isbissecuresearch.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\lastbrowserused.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\lastoemcheck.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\locale.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\osflavour.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\percentagehandler.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\postupdatereboottimelookup.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\profilescounter.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\proxysubtypehandler.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\proxytypehandler.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\registrylookup.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\searchannotations.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\securesearchprovider.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\sequencenumber.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\settingsdblookup.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\staticvalue.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\suitestatus.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\telemetryversion.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\updatepending.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\updatependingversion.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wssaffid.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsscspid.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsseuladate.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsspackagetype.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsssetting.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wsssettingexpiry.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\handlers\wssversion.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\dimensions\version.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\eventformatter.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\eventhandler.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\eventtransmitter.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\formatters\eventformatter_ga.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\formatters\eventformatter_json.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handleonnavigate.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\adblockcounter.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\blockpage.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\browser_host_launchers_handler.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\browsernavigate.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\commonlogicloader.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\dailycounters.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\dailyping.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\downloadscan.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\ipc_stats_handler.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\logicscripterror.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\metriccounter.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\navigatedtoday.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\searchterm.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\securesearchhit.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\sendimmediately.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\smareputationcounter.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\wabadgenotificationcounter.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\wssanalytics.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\handlers\wssanalyticsraw.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\sendonping.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\telemetryconfig.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\telemetryhandler.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmit_azure.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmit_ga.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmittimeout_azure.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\transmitters\transmittimeout_ga.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\events\version.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\download_scan_ui.js
C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\fw_av_warning.js
C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\onboardingballoon.js
C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\optionsdialog.js
C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\secure_search_toast.js
C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\securesearchstatechange.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\survey.js
C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\survey_ui.js
C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\toastcheckcompleted.js
C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\toastcheckcompleted.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\toastchecktriggered.luc
C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\user_welcome.js
C:\Program Files\McAfee\WebAdvisor\telemetry\serializers\webboost_upsell.js
C:\Program Files\McAfee\WebAdvisor\uihost.exe
C:\Program Files\McAfee\WebAdvisor\uimanager.dll
C:\Program Files\McAfee\WebAdvisor\uninstaller.exe
C:\Program Files\McAfee\WebAdvisor\updater.exe
C:\Program Files\McAfee\WebAdvisor\wa-ui-uninstall.js
C:\Program Files\McAfee\WebAdvisor\wa-uninstall.css
C:\Program Files\McAfee\WebAdvisor\wa-uninstall.html
C:\Program Files\McAfee\WebAdvisor\wactoast.dll
C:\Program Files\McAfee\WebAdvisor\wataskmanager.dll
C:\Program Files\McAfee\WebAdvisor\webadvisor.ico
C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.chrome.extension.json
C:\Program Files\McAfee\WebAdvisor\webadvisor.mcafee.firefox.extension.json
C:\Program Files\McAfee\WebAdvisor\win32\downloadscan.dll
C:\Program Files\McAfee\WebAdvisor\win32\ieplugin.dll
C:\Program Files\McAfee\WebAdvisor\win32\wssdep.dll
C:\Program Files\McAfee\WebAdvisor\x64\downloadscan.dll
C:\Program Files\McAfee\WebAdvisor\x64\ieplugin.dll
C:\Program Files\McAfee\WebAdvisor\x64\wssdep.dll
C:\WINDOWS\Installer\MSIB1EE.tmp-\DIFxAPI.dll
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM222F.tmp
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM23711.tmp
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2461.tmp
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM24A7A.tmp
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM255A6.tmp
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM25FA5.tmp
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2815C.tmp
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM281B9.tmp
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM285F2.tmp
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2AC09.tmp
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2BA31.tmp
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2C19A.tmp
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CM2E84A.tmp
C:\WINDOWS\System32\config\systemprofile\AppData\Local\tw-293c-3fec-2b9425.tmp
C:\WINDOWS\System32\perfc007.dat
C:\WINDOWS\System32\perfc009.dat
C:\WINDOWS\System32\perfh007.dat
C:\WINDOWS\System32\perfh009.dat
# Ordner:
C:\Program Files\McAfee\WebAdvisor
C:\Users\defaultuser100000
C:\WINDOWS\Installer\MSI24B4.tmp-
C:\WINDOWS\Installer\MSI2580.tmp-
C:\WINDOWS\Installer\MSI261D.tmp-
C:\WINDOWS\Installer\MSI30B0.tmp-
C:\WINDOWS\Installer\MSI56B6.tmp-
C:\WINDOWS\Installer\MSI5CD2.tmp-
C:\WINDOWS\Installer\MSI5DDC.tmp-
C:\WINDOWS\Installer\MSI5EA9.tmp-
C:\WINDOWS\Installer\MSI600C.tmp-
C:\WINDOWS\Installer\MSI8D66.tmp-
C:\WINDOWS\Installer\MSI8F4B.tmp-
C:\WINDOWS\Installer\MSI9D23.tmp-
C:\WINDOWS\Installer\MSIAC2F.tmp-
C:\WINDOWS\Installer\MSIAC9D.tmp-
C:\WINDOWS\Installer\MSIB1EE.tmp-
C:\WINDOWS\Installer\MSICB35.tmp-
C:\WINDOWS\Installer\MSICBAC.tmp-
C:\WINDOWS\Installer\MSICC97.tmp-
C:\WINDOWS\Installer\MSID2CC.tmp-
C:\WINDOWS\Installer\MSID473.tmp-
C:\WINDOWS\Installer\MSIE1D4.tmp-
C:\WINDOWS\Installer\MSIE427.tmp-
C:\WINDOWS\Installer\MSIE67A.tmp-
# Aufgaben:
Agent Activation Runtime\S-1-5-21-1123935005-352909213-1317991075-1001
BlueStacksHelper
Intel PTT EK Recertification
Intel\Thunderbolt\Start Thunderbolt application on login if service is up
Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up
Intel\Thunderbolt\Start Thunderbolt application when hardware is detected
Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up
Intel\Thunderbolt\Start Thunderbolt service when hardware is detected
ITE HID monitor
Lenovo\ImController\Lenovo iM Controller Monitor
Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance
Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask
Lenovo\ImController\TimeBasedEvents\b7535703-9d21-4518-8d91-0f597b5a5de4
Lenovo\ImController\TimeBasedEvents\c42c84f1-7055-4f94-8d49-6eeebe110a07
Lenovo\ImController\TimeBasedEvents\def4f47e-a8fb-4945-a403-629182561e1e
Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance
Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask
Lenovo\Vantage\Schedule\DailyTelemetryTransmission
Lenovo\Vantage\Schedule\GenericMessagingAddin
Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask
Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent
Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport
Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan
Lenovo\Vantage\Schedule\LenovoBatteryPartSalesMonthlyToast
Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask
Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask
Lenovo\Vantage\Schedule\NotificationCenter
Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask
Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder
Lenovo\Vantage\Schedule\VantageCoreAddinIdleScheduleTask
Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask
Lenovo\Vantage\Schedule\VantageTelemetryAddinTask
Lenovo\Vantage\StartupFixPlan
Microsoft\Windows\AppID\EDP Policy Manager
Microsoft\Windows\Application Experience\MareBackup
Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
Microsoft\Windows\Application Experience\PcaPatchDbTask
Microsoft\Windows\Application Experience\PcaWallpaperAppDetect
Microsoft\Windows\Application Experience\ProgramDataUpdater
Microsoft\Windows\Application Experience\StartupAppTask
Microsoft\Windows\ApplicationData\appuriverifierdaily
Microsoft\Windows\ApplicationData\appuriverifierinstall
Microsoft\Windows\ApplicationData\DsSvcCleanup
Microsoft\Windows\Autochk\Proxy
Microsoft\Windows\Chkdsk\ProactiveScan
Microsoft\Windows\Clip\ClipESU
Microsoft\Windows\CloudExperienceHost\CreateObjectTask
Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask
Microsoft\Windows\Customer Experience Improvement Program\Consolidator
Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
Microsoft\Windows\Defrag\ScheduledDefrag
Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback
Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner
Microsoft\Windows\Diagnosis\Scheduled
Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
Microsoft\Windows\DiskFootprint\Diagnostics
Microsoft\Windows\DiskFootprint\StorageSense
Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask
Microsoft\Windows\Feedback\Siuf\DmClient
Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload
Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
Microsoft\Windows\Flighting\FeatureConfig\UsageDataFlushing
Microsoft\Windows\Flighting\FeatureConfig\UsageDataReporting
Microsoft\Windows\Flighting\OneSettings\RefreshCache
Microsoft\Windows\HelloFace\FODCleanupTask
Microsoft\Windows\InstallService\ScanForUpdates
Microsoft\Windows\InstallService\ScanForUpdatesAsUser
Microsoft\Windows\InstallService\SmartRetry
Microsoft\Windows\InstallService\WakeUpAndContinueUpdates
Microsoft\Windows\InstallService\WakeUpAndScanForUpdates
Microsoft\Windows\Location\Notifications
Microsoft\Windows\Maintenance\WinSAT
Microsoft\Windows\Maps\MapsToastTask
Microsoft\Windows\Maps\MapsUpdateTask
Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Microsoft\Windows\PushToInstall\LoginCheck
Microsoft\Windows\PushToInstall\Registration
Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
Microsoft\Windows\SettingSync\BackgroundUploadTask
Microsoft\Windows\SettingSync\NetworkStateChangeTask
Microsoft\Windows\Shell\CreateObjectTask
Microsoft\Windows\Shell\FamilySafetyMonitor
Microsoft\Windows\Shell\FamilySafetyMonitorToastTask
Microsoft\Windows\Shell\FamilySafetyRefreshTask
Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Microsoft\Windows\Shell\ThemesSyncedImageDownload
Microsoft\Windows\Subscription\EnableLicenseAcquisition
Microsoft\Windows\Subscription\LicenseAcquisition
Microsoft\Windows\User Profile Service\HiveUploadTask
Microsoft\Windows\Windows Media Sharing\UpdateLibrary
Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache
Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler
Microsoft\Windows\WindowsUpdate\Scheduled Start
Microsoft\Windows\WindowsUpdate\sihpostreboot
Microsoft\Windows\WlanSvc\CDSSync
Microsoft\Windows\WOF\WIM-Hash-Management
Microsoft\Windows\WOF\WIM-Hash-Validation
Microsoft\Windows\WwanSvc\NotificationTask
Microsoft\Windows\WwanSvc\OobeDiscovery
Microsoft\XblGameSave\XblGameSaveTask
MicrosoftEdgeUpdateTaskMachineCore
MicrosoftEdgeUpdateTaskMachineUA
Mozilla\Firefox Background Update 308046B0AF4A39CB
Mozilla\Firefox Background Update S-1-5-21-1123935005-352909213-1317991075-1001 308046B0AF4A39CB
Mozilla\Firefox Background Update S-1-5-21-1123935005-352909213-1317991075-500 308046B0AF4A39CB
Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB
NerveCenterUpdate
NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
OneDrive Per-Machine Standalone Update Task
OneDrive Reporting Task-S-1-5-21-1123935005-352909213-1317991075-1001
OneDrive Reporting Task-S-1-5-21-1123935005-352909213-1317991075-500
OneDrive Startup Task-S-1-5-21-1123935005-352909213-1317991075-1001
OneDrive Startup Task-S-1-5-21-1123935005-352909213-1317991075-500
Opera scheduled assistant Autoupdate 1716616574
Opera scheduled Autoupdate 1716616565
S-1-5-21-1123935005-352909213-1317991075-1001\DataSenseLiveTileTask
WiseCleaner\WRCSkipUAC
# Registrierung:
HKLM\Software\Policies\Mozilla\Firefox
HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\\SubscribedContent-338388Enabled
HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\\SubscribedContent-338389Enabled
HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\\SubscribedContent-353696Enabled
HKCU\Software\Microsoft\Windows\CurrentVersion\ContentDeliveryManager\\SystemPaneSuggestionsEnabled [1] => [0]
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\MicrosoftEdgeAutoLaunch_98769996E24836F99EC8617644423B4C
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\TomTomHOME.exe
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OneDrive
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OneDrive
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1481171A-B964-40A9-BE14-0D700052DE06}
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6DDE2E80-E929-43D2-A4F0-AFF3E45E4F79}
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{89E403DD-0DAA-4D57-AB6A-4E193FCAF347}
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A7337B9-51CD-4396-BA36-802A51A311AB}
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F1742535-4787-4EA0-B73F-C2CEC7547C6A}
# Caches:
C:\ProgramData\Blizzard Entertainment\Battle.net\Cache (256)
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex (737)
C:\Users\Administrator\AppData\Local\D3DSCache (3)
C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data (0)
C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js (136)
C:\Users\Administrator\AppData\Local\Microsoft\TokenBroker\Cache (8)
C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE (4)
C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\<Profile>\cache2\entries (2885)
C:\Users\Administrator\AppData\Local\Opera Software\Opera Stable\Default\Cache\Cache_Data (0)
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\<Profile>\shader-cache (17)
C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Default\Code Cache\js (10)
C:\WINDOWS\System32\config\systemprofile\AppData\Local (2853)
C:\WINDOWS\System32\config\systemprofile\AppData\Local\D3DSCache (4)
# Verschiedenes:
AntiVirus Software: Malwarebytes
AntiVirus Software: Windows Defender
Wiederherstellungspunkt: Does Not Belong PRESCAN - Erstellt
HKLM\Software\Microsoft\Windows Defender\Exclusions\Extensions
HKLM\Software\Microsoft\Windows Defender\Exclusions\IpAddresses
HKLM\Software\Microsoft\Windows Defender\Exclusions\Paths
HKLM\Software\Microsoft\Windows Defender\Exclusions\Processes
HKLM\Software\Microsoft\Windows Defender\Exclusions\TemporaryPaths
Event[0]:
Log Name: Microsoft-Windows-Windows Defender/Operational
Source: Microsoft-Windows-Windows Defender
Date: 2025-05-31T15:26:12.3120000Z
Event ID: 3002
Task: N/A
Level: Fehler
Opcode: Info
Keyword: N/A
User: S-1-5-18
User Name: NT-AUTORITÄT\SYSTEM
Computer: Firewalker85
Description:
Fehler des Microsoft Defender Antivirus-Echtzeitschutz-Features.
Feature: Netzwerkinspektionssystem
Fehlercode: 0x8007045b
Fehlerbeschreibung: Der Computer wird heruntergefahren.
Ursache: Dem System fehlen erforderliche Updates zum Ausführen des Netzwerkinspektionssystems. Installieren Sie die erforderlichen Updates, und starten Sie das Gerät neu.
C:\Users\Administrator\AppData\Local\CrashDumps\msiexec.exe.3184.dmp <5634689> <2023-08-21 12:44:57>
C:\Users\Administrator\AppData\Local\CrashDumps\pontifex.exe.12676.dmp <17199335> <2021-05-24 08:04:49>
C:\Users\Administrator\AppData\Local\CrashDumps\ProcID.exe(1).19628.dmp <25623379> <2019-10-01 09:18:56>
C:\Users\Administrator\AppData\Local\CrashDumps\ProcID.exe.19628.dmp <25623755> <2019-10-01 09:18:54>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\Lenovo.Vantage.AddinInstaller.exe.13448.dmp <15197806> <2023-01-17 21:49:44>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\Microsoft.SharePoint.exe.12188.dmp <3098091> <2023-01-28 10:26:25>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\NVDisplay.Container.exe.364.dmp <4158724> <2023-11-08 16:19:37>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\NVDisplay.Container.exe.5208.dmp <5239944> <2023-11-08 16:17:34>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\NVDisplay.Container.exe.7204.dmp <4261508> <2023-11-08 16:20:31>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\svchost.exe.24308.dmp <462877> <2024-04-28 04:56:18>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\svchost.exe.3368.dmp <460402> <2024-01-01 10:08:07>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\svchost.exe.6788.dmp <467214> <2023-01-05 07:02:35>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\wuauclt.exe.16388.dmp <1188530> <2023-07-31 07:19:58>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\wuauclt.exe.7684.dmp <1087849> <2024-07-23 11:32:25>
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
Code:
ATTFilter # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
# DoesNotBelong v7.9.0
# Furtivex Computer Solutions - https://furtivex.net
# OS: Microsoft Windows 10 Home x64 22H2 Deutsch (German) - 0407 - 1252 - 850
# Benutzername: Administrator (S-1-5-21-1123935005-352909213-1317991075-500)
# Datum: 2025_05_31__15_48_56
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
# Prozesse:
# Treiber:
# Dienste:
# Dateien:
C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
# Ordner:
C:\Program Files\McAfee\WebAdvisor
# Aufgaben:
Mozilla\Firefox Background Update S-1-5-21-1123935005-352909213-1317991075-1001 308046B0AF4A39CB
# Registrierung:
# Caches:
C:\ProgramData\Blizzard Entertainment\Battle.net\Cache (0)
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex (2)
C:\Users\Administrator\AppData\Local\D3DSCache (0)
C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data (0)
C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js (0)
C:\Users\Administrator\AppData\Local\Microsoft\TokenBroker\Cache (0)
C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE (0)
C:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\<Profile>\cache2\entries (0)
C:\Users\Administrator\AppData\Local\Opera Software\Opera Stable\Default\Cache\Cache_Data (0)
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\<Profile>\shader-cache (0)
C:\Users\Administrator\AppData\Roaming\Opera Software\Opera Stable\Default\Code Cache\js (0)
C:\WINDOWS\System32\config\systemprofile\AppData\Local (0)
C:\WINDOWS\System32\config\systemprofile\AppData\Local\D3DSCache (0)
# Verschiedenes:
AntiVirus Software: Malwarebytes
AntiVirus Software: Windows Defender
Wiederherstellungspunkt: Does Not Belong PRESCAN - Erstellt
HKLM\Software\Microsoft\Windows Defender\Exclusions\Extensions
HKLM\Software\Microsoft\Windows Defender\Exclusions\IpAddresses
HKLM\Software\Microsoft\Windows Defender\Exclusions\Paths
HKLM\Software\Microsoft\Windows Defender\Exclusions\Processes
HKLM\Software\Microsoft\Windows Defender\Exclusions\TemporaryPaths
Event[0]:
Log Name: Microsoft-Windows-Windows Defender/Operational
Source: Microsoft-Windows-Windows Defender
Date: 2025-05-31T15:26:12.3120000Z
Event ID: 3002
Task: N/A
Level: Fehler
Opcode: Info
Keyword: N/A
User: S-1-5-18
User Name: NT-AUTORITÄT\SYSTEM
Computer: Firewalker85
Description:
Fehler des Microsoft Defender Antivirus-Echtzeitschutz-Features.
Feature: Netzwerkinspektionssystem
Fehlercode: 0x8007045b
Fehlerbeschreibung: Der Computer wird heruntergefahren.
Ursache: Dem System fehlen erforderliche Updates zum Ausführen des Netzwerkinspektionssystems. Installieren Sie die erforderlichen Updates, und starten Sie das Gerät neu.
C:\Users\Administrator\AppData\Local\CrashDumps\explorer.exe.13220.dmp <37117566> <2025-05-31 13:46:43>
C:\Users\Administrator\AppData\Local\CrashDumps\msiexec.exe.3184.dmp <5634689> <2023-08-21 12:44:57>
C:\Users\Administrator\AppData\Local\CrashDumps\pontifex.exe.12676.dmp <17199335> <2021-05-24 08:04:49>
C:\Users\Administrator\AppData\Local\CrashDumps\ProcID.exe(1).19628.dmp <25623379> <2019-10-01 09:18:56>
C:\Users\Administrator\AppData\Local\CrashDumps\ProcID.exe.19628.dmp <25623755> <2019-10-01 09:18:54>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\Lenovo.Vantage.AddinInstaller.exe.13448.dmp <15197806> <2023-01-17 21:49:44>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\Microsoft.SharePoint.exe.12188.dmp <3098091> <2023-01-28 10:26:25>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\NVDisplay.Container.exe.364.dmp <4158724> <2023-11-08 16:19:37>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\NVDisplay.Container.exe.5208.dmp <5239944> <2023-11-08 16:17:34>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\NVDisplay.Container.exe.7204.dmp <4261508> <2023-11-08 16:20:31>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\svchost.exe.24308.dmp <462877> <2024-04-28 04:56:18>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\svchost.exe.3368.dmp <460402> <2024-01-01 10:08:07>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\svchost.exe.6788.dmp <467214> <2023-01-05 07:02:35>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\wuauclt.exe.16388.dmp <1188530> <2023-07-31 07:19:58>
C:\WINDOWS\System32\config\systemprofile\AppData\Local\CrashDumps\wuauclt.exe.7684.dmp <1087849> <2024-07-23 11:32:25>
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
|
|
31.05.2025, 16:41
| #7 | |
| /// TB-Ausbilder | Amazon-Konto gehackt - Trojaner? Servus, vielen Dank für die Logdateien. Welche Software wird illegal verwendet? Zitat:
Cracks, Keygens und andere illegale Software Geändert von M-K-D-B (31.05.2025 um 17:00 Uhr) |
|
| Themen zu Amazon-Konto gehackt - Trojaner? |
| administrator, browser, defender, desktop, festplatte, firefox, google, home, homepage, installation, internet, kaspersky, mozilla, port, prozessor, registry, scan, services.exe, software, svchost.exe, temp, trojaner, trojaner?, usb, windows |
Linear-Darstellung
