| |
| |||||||
Log-Analyse und Auswertung: Trojaner und Viren über MBAM gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
Gestern, 22:46
| #1 |
| |  Trojaner und Viren über MBAM gefunden Ich habe mehrere Programme installiert darunter auch Torrents. Jetzt möchte nicht direkt ein Zurücksetzen von Win11 machen weil ich nicht alle meine Programme verlieren möchte. Hier ist mein FRST Scan FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2026 01
durchgeführt von admin (Administrator) auf DESKTOP-CHMVQ4P (21-02-2026 00:31:21)
Gestartet von C:\Users\admin\Downloads\FRST64.exe
Geladene Profile: admin
Plattform: Microsoft Windows 11 Pro Version 25H2 26200.7462 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1538.24070.0_x64__nzyj5cx40ttqa\AppleMobileDeviceProcess.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Windows\ImmersiveControlPanel\SystemSettings.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(Elaborate Bytes AG -> Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <29>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <8>
(services.exe ->) (AnyDesk Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_6baa580979143c3f\RstMwService.exe
(services.exe ->) (Locktime Software s.r.o. -> Locktime Software) C:\Program Files\Locktime Software\NetLimiter\NLSvc.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WSL\wslservice.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\vds.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_adc55ecfca814224\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) S:\Samsung\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) S:\Samsung\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Tonalio GmbH -> Sandboxie-Plus.com) C:\Program Files\Sandboxie-Plus\SbieSvc.exe
(svchost.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(svchost.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(svchost.exe ->) (Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [835136 2018-11-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319544 2019-01-04] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [105280 2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
HKLM\Software\Policies\...\system: [EnableCdp] 0
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [RiotClient] => S:\League\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (Keine Datei)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [electron.app.OP.GG] => C:\Users\admin\AppData\Local\Programs\OP.GG\OP.GG.exe (Keine Datei)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [Steam] => S:\Steam\steam.exe [5760152 2026-01-21] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [SandboxiePlus_AutoRun] => C:\Program Files\Sandboxie-Plus\SandMan.exe [4034568 2025-11-16] (Tonalio GmbH -> sandboxie-plus.com)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [Proton VPN] => C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe [18781032 2026-02-02] (Proton AG -> ProtonVPN)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [Discord] => C:\Users\admin\AppData\Local\Discord\Update.exe [1596344 2025-11-17] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter\nlclientapp.exe [1017232 2025-11-18] (Locktime Software s.r.o. -> Locktime Software)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Policies\Explorer: [HideSCAMeetNow] 1
HKLM\Software\Microsoft\Active Setup\Installed Components: [{49210152-871f-4ffa-961d-a172abcbc09d}] -> C:\Program Files (x86)\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [2026-01-30] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\145.0.7632.77\Installer\chrmstp.exe [2026-02-20] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\145.1.87.190\Installer\chrmstp.exe [2026-02-20] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proton Mail Bridge.lnk [2025-11-30]
ShortcutTarget: Proton Mail Bridge.lnk -> S:\proton-bridge.exe (Proton AG -> Proton AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2025-08-30]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {E8EBE4B8-F52F-4A53-89EF-513312FCB2DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {69EA9CA6-AD76-470C-8C19-F2988B7FD735} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{384C4E2F-2631-4401-9301-9B7F9AD11158} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-11-16] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {731703EC-C8D6-4E71-A524-9380CE2D8457} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{5131B5EC-6368-45A8-BF20-F78C80C27F08} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-11-16] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {9CFAE0D4-756D-4E33-808A-B9859215ED3E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem144.0.7547.0{529D877E-3737-4122-9CFB-0B00D58BD4D7} => C:\Program Files (x86)\Google\GoogleUpdater\144.0.7547.0\updater.exe [7056536 2025-11-26] (Google LLC -> Google LLC)
Task: {976B8DC7-AC50-44C3-B43A-711C9BFC4431} - System32\Tasks\Microsoft\Windows\Clip\ClipESU => %SystemRoot%\system32\clipesu.exe (Keine Datei)
Task: {06814D34-DFBB-48B0-88BB-AB8F779CEA39} - System32\Tasks\Microsoft\Windows\Clip\ClipESUConsumer => %SystemRoot%\system32\ClipESUConsumer.exe -evaluateEligibility (Keine Datei)
Task: {1953FECF-9F14-405C-8991-64B2E8F06EAE} - System32\Tasks\Microsoft\Windows\Clip\ClipEsuConsumerProcessPreOrder => %SystemRoot%\system32\ClipESUConsumer.exe -postProcessPreOrder (Keine Datei)
Task: {EA456A17-7FFB-458E-B4DB-2470331C8AEF} - System32\Tasks\Microsoft\Windows\Clip\ClipEsuConsumerProcessRefund => %SystemRoot%\system32\ClipESUConsumer.exe -processRefund (Keine Datei)
Task: {4DCDDB46-BE7F-479B-A06F-0E66FF74FDD2} - System32\Tasks\Microsoft\Windows\Clip\EnableClipESU => %SystemRoot%\system32\clipesu.exe -e (Keine Datei)
Task: {81B02794-CC5F-424F-A5AB-EB0129D8232A} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (Keine Datei)
Task: {882D4026-6E1A-4F3B-BB71-E6F05025F32E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Keine Datei)
Task: {A550811C-455F-4D01-88E1-6670C99314FD} - System32\Tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr => %windir%\System32\UNP\UpdateNotificationMgr.exe (Keine Datei)
Task: {FA2C875B-BC0F-412A-B9DE-DC72A8603FCC} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC EngagedRebootReminder (Keine Datei)
Task: {04BA1EA1-A691-4F8A-9196-CF9FC7B9DC4C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery EngagedRebootReminder (Keine Datei)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
Task: {BE1554D0-9810-43CE-B1C8-1865B4818F9E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe [1786528 2026-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FAB779F7-F1F6-495F-BEC5-1F5DE29CC726} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe [1786528 2026-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3768226D-D488-4D18-9DA0-7D6D918F487F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe [1786528 2026-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6F1CED75-04E4-4C03-A964-5F64D23FD945} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe [1786528 2026-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B772C9D1-DA55-48CF-9799-6DFDC3095A7E} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [Datei ist nicht signiert]
Task: {6D0F6C1A-B600-4C2E-8604-7CD6D398C2BE} - System32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\NVIDIA App.exe [3337328 2026-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CE869B09-925B-4B21-B097-6B6E9845F78B} - System32\Tasks\ZoomUpdateTaskUser-S-1-5-21-3437276495-2594823583-628811619-1001 => C:\Users\admin\AppData\Roaming\Zoom\bin\Zoom.exe [467384 2025-12-05] (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog5 06 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 06 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3bccc25a-7f0e-4a16-8bfd-babfa109b3eb}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3bccc25a-7f0e-4a16-8bfd-babfa109b3eb}: [DhcpNameServer] 192.168.100.100
Tcpip\..\Interfaces\{545d73d4-bc1c-48b0-986f-ac029a7e3564}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{a7e50183-b636-4f90-974c-0163da51397f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c73e33e2-acee-410a-84d9-bc3503b6fbba}: [DhcpNameServer] 192.168.100.100
Tcpip\..\Interfaces\{c8534117-7932-44ff-b8a5-488dfc5f9827}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{eab2262d-9ab1-5975-7d92-334d06f4972b}: [NameServer] 10.2.0.1
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.21 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [Keine Datei]
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default [2026-02-20]
Edge HomePage: Default -> hxxp://google.de/
Edge StartupUrls: Default -> "hxxp://google.de/"
Edge Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-12-21]
Edge Extension: (Edge relevant text changes) - C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-11-16]
Edge Extension: (uBlock Origin) - C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2026-02-17]
Chrome:
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2026-02-17]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (uBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2025-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2026-02-16]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-09-29]
Brave:
=======
BRA Profile: C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2026-02-20]
BRA Notifications: Default -> hxxps://meet.google.com
BRA Extension: (Manus AI Browser Operator) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cecngibhkljoiafhjfmcgbmikfogdiko [2026-02-17]
BRA Extension: (Brave Ad Block Updater (Brave First Party Adblock Filters (plaintext))) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2026-02-17]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2026-02-20]
BRA Extension: (Brave NTP background images) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2026-01-02]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2026-02-17]
BRA Extension: (Brave Ad Block Updater (Cookie notice blocker (plaintext))) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2026-02-20]
BRA Extension: (Brave Ads Resources) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\choggjlbfndjppfiidbhmefapnlhcdhe [2025-11-25]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2025-10-31]
BRA Extension: (Brave NTP sponsored images) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\dglngbgepdcmodilimpbpekobgiinpdg [2026-02-20]
BRA Extension: (Brave Ads Resources) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\fahflofbglhemnakgdmillobeencekne [2026-02-20]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2026-02-17]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2024-11-16]
BRA Extension: (Brave NTP sponsored images) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\hgokbmpjajigbckbjhklcifehhbkepnf [2025-12-01]
BRA Extension: (Brave Ad Block Updater (Brave Default Adblock Filters (plaintext))) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2026-02-20]
BRA Extension: (Brave Ad Block Updater (Brave Default Privacy Filters (plaintext))) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\kihnoaefogbkmblfimmibknnmkllbhlf [2026-02-20]
BRA Extension: (Brave Ad Block Updater (German website ad blocker (plaintext))) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\lfmefmifdjlfneapckmpkinmlofjehbp [2026-02-20]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2026-02-17]
BRA Extension: (Brave User Agent) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\nlpaeekllejnmhoonlpcefpfnpbajbpe [2026-02-20]
BRA Extension: (P3A Configuration) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\P3AConfig [2025-08-29]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [5631416 2026-01-22] (AnyDesk Software GmbH -> AnyDesk Software GmbH)
S2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [768408 2026-02-20] (ASUSTeK Computer Inc. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [18663720 2025-10-29] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-11-16] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\145.1.87.190\elevation_service.exe [3705936 2026-02-19] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-11-16] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [959216 2025-11-30] (EasyAntiCheat Oy -> Epic Games, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [11247960 2026-02-18] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-08-29] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpDefenderCoreService.exe [2067464 2026-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter\NLSvc.exe [26512 2025-11-18] (Locktime Software s.r.o. -> Locktime Software)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_adc55ecfca814224\Display.NvContainer\NVDisplay.Container.exe [1275624 2026-01-22] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ProtonVPN Service; C:\Program Files\Proton\VPN\v4.3.12\ProtonVPNService.exe [477424 2026-02-02] (Proton AG -> ProtonVPN)
S3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v4.3.12\ProtonVPN.WireGuardService.exe [476912 2026-02-02] (Proton AG -> ProtonVPN)
R2 SbieSvc; C:\Program Files\Sandboxie-Plus\SbieSvc.exe [452616 2025-11-16] (Tonalio GmbH -> Sandboxie-Plus.com)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [803088 2025-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; S:\Samsung\27_ssconn\conn\ss_conn_service.exe [752224 2024-10-18] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; S:\Samsung\28_ssconn2\conn\ss_conn_service2.exe [933432 2024-10-18] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 VSInstallerElevationService; C:\Program Files (x86)\Microsoft Visual Studio\Installer\VSInstallerElevationService.exe [43392 2025-12-15] (Microsoft Corporation -> Microsoft)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [163456 2025-08-12] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\NisSrv.exe [4435096 2026-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MsMpEng.exe [290744 2026-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S1 aehd; C:\WINDOWS\system32\DRIVERS\aehd.sys [403080 2025-08-30] (Google LLC -> Google LLC)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2018-07-20] (ASUSTeK Computer Inc. -> )
S3 AX88179; C:\WINDOWS\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_be76888d30e8464a\ax88179_178a.sys [79872 2024-04-01] (Microsoft Windows -> ASIX Electronics Corp.)
S3 AX88179A; C:\WINDOWS\System32\DriverStore\FileRepository\axusbeth.inf_amd64_fcd2bee5508b3c4d\AxUsbEth.sys [168072 2024-08-13] (WDKTestCert asix,133111579530933026 -> ASIX Electronics Corp.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [175824 2024-10-18] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2025-08-29] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2025-08-29] (Disc Soft Ltd -> Disc Soft Ltd)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [44208 2025-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [226688 2025-12-10] (Microsoft Windows -> Microsoft Corporation)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [82352 2026-02-16] (Microsoft Windows -> Microsoft Corporation)
S2 l1vhlwf; C:\WINDOWS\System32\drivers\l1vhlwf.sys [144768 2025-12-10] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234600 2026-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2025-08-29] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [245864 2026-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 nldrv; C:\WINDOWS\System32\drivers\nldrv.sys [218928 2025-11-18] (Locktime Software s.r.o. -> Locktime Software)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [81568 2025-08-01] (Nmap Software LLC -> Nmap Software LLC)
S3 pmdiskdriver; C:\WINDOWS\System32\pmdiskdriver.sys [33296 2025-07-08] (深圳牛学长科技有限公司 -> Tenorshare)
S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v4.3.12\Resources\ProtonVPN.CalloutDriver.sys [41416 2025-12-05] (Proton AG -> Proton AG)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2025-08-29] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2025-08-29] (MiniTool Solution Ltd -> )
S4 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [12435144 2024-10-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie-Plus\SbieDrv.sys [270016 2025-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Sandboxie-Plus.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174264 2024-10-18] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50896 2024-10-18] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 UsbNcm; C:\WINDOWS\System32\DriverStore\FileRepository\usbncm.inf_amd64_7761eb6a0dd50fde\UsbNcm.sys [204800 2025-12-10] (Microsoft Windows -> )
R3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [98304 2025-10-12] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21888 2026-02-16] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [635272 2026-02-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [102832 2026-02-16] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2025-11-29] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2024-10-14] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2026-02-21 00:31 - 2026-02-21 00:31 - 000030803 _____ C:\Users\admin\Downloads\FRST.txt
2026-02-21 00:31 - 2026-02-21 00:31 - 000000000 ____D C:\FRST
2026-02-21 00:30 - 2026-02-21 00:30 - 002444800 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2026-02-20 23:31 - 2026-02-20 23:31 - 000000000 ___HD C:\$SysReset
2026-02-20 23:16 - 2026-02-20 23:16 - 000000000 ____D C:\WINDOWS\Panther
2026-02-20 23:11 - 2026-02-20 23:11 - 000746734 _____ C:\WINDOWS\system32\perfh007.dat
2026-02-20 23:11 - 2026-02-20 23:11 - 000159334 _____ C:\WINDOWS\system32\perfc007.dat
2026-02-20 23:10 - 2026-02-20 23:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2026-02-18 21:33 - 2026-02-18 21:33 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2026-02-18 21:31 - 2026-01-20 17:42 - 000127208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2026-02-18 21:30 - 2026-01-16 18:37 - 000161912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap32v.dll
2026-02-18 21:30 - 2026-01-16 18:37 - 000060568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2026-02-17 21:21 - 2026-02-20 23:10 - 000000000 ___RD C:\Users\admin\iCloudDrive
2026-02-17 21:21 - 2026-02-17 21:22 - 000000000 ____D C:\Users\admin\AppData\Local\Apple Inc
2026-02-17 21:21 - 2026-02-17 21:21 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2026-02-17 21:15 - 2026-02-17 21:38 - 000000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2026-02-17 21:15 - 2026-02-17 21:17 - 000000000 ____D C:\Users\admin\AppData\Local\Apple Computer
2026-02-17 21:15 - 2026-02-17 21:15 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2026-02-17 21:15 - 2026-02-17 21:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2026-02-17 21:15 - 2026-02-17 21:15 - 000000000 ____D C:\Users\admin\AppData\Local\Apple
2026-02-17 21:15 - 2026-02-17 21:15 - 000000000 ____D C:\Program Files\Common Files\Apple
2026-02-17 21:15 - 2026-02-17 21:15 - 000000000 ____D C:\Program Files\Bonjour
2026-02-17 21:15 - 2026-02-17 21:15 - 000000000 ____D C:\Program Files (x86)\Bonjour
2026-02-17 21:15 - 2026-02-17 21:15 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2026-02-07 03:40 - 2026-02-21 00:16 - 000000000 ____D C:\WINDOWS\CbsTemp
2026-01-28 03:42 - 2026-01-22 03:52 - 002421296 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2026-01-28 03:42 - 2026-01-22 03:52 - 002421296 _____ C:\WINDOWS\system32\vulkaninfo.exe
2026-01-28 03:42 - 2026-01-22 03:52 - 001923120 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2026-01-28 03:42 - 2026-01-22 03:52 - 001923120 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2026-01-28 03:42 - 2026-01-22 03:52 - 001625648 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2026-01-28 03:42 - 2026-01-22 03:52 - 001625648 _____ C:\WINDOWS\system32\vulkan-1.dll
2026-01-28 03:42 - 2026-01-22 03:52 - 001434672 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2026-01-28 03:42 - 2026-01-22 03:52 - 001434672 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2026-01-28 03:42 - 2026-01-22 03:52 - 000478952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2026-01-28 03:42 - 2026-01-22 03:52 - 000375016 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2026-01-28 03:42 - 2026-01-22 03:48 - 001344744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2026-01-28 03:42 - 2026-01-22 03:48 - 000675048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2026-01-28 03:42 - 2026-01-22 03:48 - 000509160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2026-01-28 03:42 - 2026-01-22 03:47 - 027559656 _____ C:\WINDOWS\system32\nvidia-pcc.exe
2026-01-28 03:42 - 2026-01-22 03:47 - 002319080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2026-01-28 03:42 - 2026-01-22 03:47 - 001716968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2026-01-28 03:42 - 2026-01-22 03:47 - 001616104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2026-01-28 03:42 - 2026-01-22 03:47 - 001574632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2026-01-28 03:42 - 2026-01-22 03:47 - 001224936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2026-01-28 03:42 - 2026-01-22 03:47 - 001055976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2026-01-28 03:42 - 2026-01-22 03:47 - 000812264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2026-01-28 03:42 - 2026-01-22 03:46 - 022613224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2026-01-28 03:42 - 2026-01-22 03:46 - 018277608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2026-01-28 03:42 - 2026-01-22 03:46 - 007908072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2026-01-28 03:42 - 2026-01-22 03:46 - 005925096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2026-01-28 03:42 - 2026-01-22 03:46 - 005687448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2026-01-28 03:42 - 2026-01-22 03:46 - 005586664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2026-01-28 03:42 - 2026-01-22 03:46 - 004288232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2026-01-28 03:42 - 2026-01-22 03:46 - 000469224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2026-01-28 03:42 - 2026-01-22 03:45 - 004975632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2026-01-28 03:42 - 2026-01-22 03:45 - 000853736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2026-01-28 03:42 - 2026-01-20 17:42 - 000153562 _____ C:\WINDOWS\system32\nvinfo.pb
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2026-02-21 00:31 - 2025-08-30 01:39 - 000000000 ____D C:\Users\admin\AppData\Local\Malwarebytes
2026-02-21 00:31 - 2024-04-01 10:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2026-02-21 00:25 - 2024-04-01 10:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2026-02-20 23:11 - 2025-10-13 02:40 - 001733126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2026-02-20 23:11 - 2024-04-01 10:24 - 000000000 ____D C:\WINDOWS\INF
2026-02-20 23:06 - 2024-04-01 10:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2026-02-20 22:34 - 2025-10-13 02:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2026-02-20 22:25 - 2024-08-09 21:32 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2026-02-20 22:24 - 2024-11-08 02:59 - 000002356 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2026-02-20 22:17 - 2024-09-16 03:29 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2026-02-20 22:17 - 2024-04-01 10:26 - 000000000 ___HD C:\Program Files\WindowsApps
2026-02-20 22:16 - 2025-10-25 00:43 - 000000500 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2026-02-20 22:16 - 2025-10-13 02:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2026-02-20 22:16 - 2025-10-13 02:39 - 000004672 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2026-02-20 22:16 - 2025-10-13 02:37 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2026-02-20 22:16 - 2025-08-30 23:17 - 000000000 ____D C:\ProgramData\AnyDesk
2026-02-20 22:16 - 2025-08-29 22:20 - 000807280 _____ C:\WINDOWS\system32\wpbbin.exe
2026-02-20 22:16 - 2025-08-29 22:20 - 000768408 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2026-02-20 22:16 - 2024-11-16 16:01 - 000000000 ____D C:\ProgramData\NVIDIA
2026-02-20 22:16 - 2024-08-09 21:31 - 000012288 ___SH C:\DumpStack.log.tmp
2026-02-19 00:10 - 2025-11-25 22:03 - 000000000 ____D C:\Users\admin\AppData\Roaming\discord
2026-02-19 00:10 - 2024-11-16 16:30 - 000000000 ____D C:\Users\admin\AppData\Local\D3DSCache
2026-02-18 23:28 - 2025-11-25 22:42 - 000000000 ____D C:\Users\admin\AppData\Local\Discord
2026-02-18 22:33 - 2026-01-12 13:52 - 000000000 ____D C:\ProgramData\PackerCrashCanary
2026-02-18 21:38 - 2025-12-01 02:25 - 000000000 ____D C:\Users\admin\AppData\Roaming\EasyAntiCheat
2026-02-18 21:38 - 2025-09-01 15:33 - 000000000 ____D C:\Users\admin\AppData\Local\NVIDIA
2026-02-18 21:33 - 2024-11-16 16:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2026-02-18 21:32 - 2024-10-14 07:01 - 000000000 ____D C:\Users\admin\AppData\LocalLow\NVIDIA
2026-02-18 21:30 - 2025-12-01 04:19 - 000003834 _____ C:\WINDOWS\system32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2026-02-18 21:30 - 2025-12-01 04:19 - 000000000 ____D C:\Users\admin\AppData\Local\NVIDIA Corporation
2026-02-18 21:30 - 2025-12-01 04:19 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2026-02-18 14:24 - 2025-08-30 01:38 - 000245864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2026-02-18 08:22 - 2025-10-31 21:00 - 000000000 ____D C:\Users\admin\AppData\Roaming\utorrent
2026-02-18 08:14 - 2024-04-01 10:26 - 000000000 ____D C:\WINDOWS\ServiceState
2026-02-18 08:14 - 2024-04-01 10:21 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2026-02-17 21:29 - 2025-12-01 02:25 - 000000000 ____D C:\ProgramData\Packer
2026-02-17 21:21 - 2025-10-13 02:13 - 000000000 ____D C:\Users\admin
2026-02-17 21:17 - 2025-11-24 02:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proton
2026-02-17 21:16 - 2025-11-18 01:52 - 000001352 _____ C:\WINDOWS\Sandboxie.ini
2026-02-17 21:14 - 2026-01-14 21:17 - 000000000 ____D C:\ProgramData\Apple
2026-02-16 21:46 - 2025-10-13 02:41 - 000003754 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2026-02-16 21:46 - 2025-10-13 02:41 - 000003658 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1db3827a5e5362c
2026-02-16 21:44 - 2024-11-16 16:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2026-01-29 22:43 - 2025-08-30 21:00 - 000000000 ____D C:\Users\admin\AppData\Roaming\AnyDesk
2026-01-22 03:54 - 2025-08-30 23:17 - 000000000 ____D C:\Program Files (x86)\AnyDesk
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2025-11-30 03:46 - 2025-11-30 03:46 - 000909851 _____ () C:\Users\admin\aoc.bat
2025-11-30 03:45 - 2025-11-01 22:32 - 000000111 _____ () C:\ProgramData\firefox.vbs
2025-11-07 18:20 - 2025-11-07 18:20 - 000002682 _____ () C:\ProgramData\script.bat
2025-10-27 23:54 - 2025-10-28 00:05 - 000000128 _____ () C:\Users\admin\AppData\Local\PUTTY.RND
2024-11-18 03:23 - 2024-11-18 03:23 - 000007606 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-02-2026 01
durchgeführt von admin (21-02-2026 00:32:17)
Gestartet von C:\Users\admin\Downloads
Microsoft Windows 11 Pro Version 25H2 26200.7462 (X64) (2025-10-12 23:41:18)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
admin (S-1-5-21-3437276495-2594823583-628811619-1001 - Administrators - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3437276495-2594823583-628811619-500 - Administrators - Disabled)
DefaultAccount (S-1-5-21-3437276495-2594823583-628811619-503 - Limited - Disabled)
Gast (S-1-5-21-3437276495-2594823583-628811619-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3437276495-2594823583-628811619-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 25.01 (x64) (HKLM\...\7-Zip) (Version: 25.01 - Igor Pavlov)
Android Studio (HKLM\...\Android Studio) (Version: 2025.1 - Google LLC)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 9.0.10 - AnyDesk Software GmbH)
Apple Application Support (32-Bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Application Verifier x64 External Package (DesktopEditions) (HKLM\...\{C0B0A1D9-9045-54FE-86F6-1B0F836E665E}) (Version: 10.1.26100.7175 - Microsoft) Hidden
Application Verifier x64 External Package (OnecoreUAP) (HKLM\...\{674C8368-9677-55A8-FAD9-A86A3073E60D}) (Version: 10.1.26100.7175 - Microsoft) Hidden
Audacity 3.7.5 (HKLM\...\Audacity_is1) (Version: 3.7.5 - Audacity Team)
AusweisApp (HKLM\...\{A8AAF0C7-5AC5-4890-8DEE-8973DA3ECA66}) (Version: 2.4.0 - Governikus GmbH & Co. KG)
Bitwarden (HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 2025.12.0 - Bitwarden Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 145.1.87.190 - Die Brave-Autoren)
CapCut (HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\CapCut) (Version: 7.7.0.3143 - Bytedance Pte. Ltd.)
Core Temp 1.18.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.18.1 - ALCPU)
DiagnosticsHub_CollectionService (HKLM\...\{C762588C-06DE-496A-8ADF-EBDBD49E37B5}) (Version: 17.14.36412 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Discord) (Version: 1.0.9224 - Discord Inc.)
DoNotSpy11 (HKLM-x32\...\{5010A14F-7E64-4982-B4ED-B3267BA7E6E9}_is1) (Version: 1.3.0.0 - pXc-coding.com)
FileZilla 3.69.3 (HKLM-x32\...\FileZilla Client) (Version: 3.69.3 - Tim Kosse)
Git (HKLM\...\Git_is1) (Version: 2.52.0 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 145.0.7632.77 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Honey Select 2: Libido (HKLM-x32\...\Honey Select 2: Libido_is1) (Version: - )
HoneySelect 2 DX Setup (HKLM-x32\...\{79F0CB8F-9EF8-4DB4-A01C-C674D6BC3865}) (Version: 1.0.0.0 - GameInstaller)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM\...\{C7CC96C7-C99C-40DD-BB6B-C7BFC2899979}) (Version: 10.1.17809.8096 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{09DAB6B6-FBEF-4AC5-AE93-BFF01A0B796D}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1846.12.0.1177 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{B557A9A1-D64B-43D7-B598-F7BAAE897CF3}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{3479FCE3-F7D2-4980-819A-767941440932}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.0.1.1075 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{A6890366-E2A4-4561-8A2E-50DD8EFE6255}) (Version: 17.0.1.1075 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{bd366c5e-00cd-46ed-b647-0b9874f32140}) (Version: 10.1.17809.8096 - Intel(R) Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{C80D774E-288D-423A-B5FF-97D2B7854C75}) (Version: 17.0.1.1075 - Intel Corporation)
Kits Configuration Installer (HKLM-x32\...\{30E4CDE6-CD8E-35CF-DA7E-6739F30709A8}) (Version: 10.1.26100.7175 - Microsoft) Hidden
Malwarebytes version 5.4.7.229 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.4.7.229 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 145.0.3800.65 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 144.0.3719.115 - Microsoft Corporation) Hidden
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.25.24601 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{B81577B2-3AD0-4AFD-A19C-87F673C09D0C}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{62678770-F459-4903-83E3-A2968F6CC242}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.44.35211 (HKLM-x32\...\{0b5169e3-39da-4313-808e-1f9c0407f3bf}) (Version: 14.44.35211.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.50.35719 (HKLM\...\{AECD4ED0-8A3B-41E9-92D1-6BEE0374CCAF}) (Version: 14.50.35719 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Debug Runtime - 14.44.35211 (HKLM\...\{FE85AA49-3522-4663-9F52-9CD9E9837189}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.50.35719 (HKLM\...\{61B44572-8722-4DAF-8ACF-8E742D30BCC5}) (Version: 14.50.35719 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.44.35211 (HKLM-x32\...\{C18FB403-1E88-43C8-AD8A-CED50F23DE8B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Debug Runtime - 14.44.35211 (HKLM-x32\...\{BC104582-4691-4D4C-8922-C215D941A2EB}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.44.35211 (HKLM-x32\...\{922480B5-CAEB-4B1B-AAA4-9716EFDCE26B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ v14 Redistributable (x64) - 14.50.35719 (HKLM-x32\...\{91ee571b-0e8a-4c65-9eaf-2e2f5fc60c00}) (Version: 14.50.35719.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 4.0.2167.44905 - Microsoft Corporation)
Microsoft Visual Studio Setup Configuration (HKLM-x32\...\{D07657AA-968C-4629-BD6C-1B52AF825EA7}) (Version: 3.12.2140.44225 - Microsoft Corporation) Hidden
Microsoft Visual Studio Setup WMI Provider (HKLM-x32\...\{49727420-70BA-4495-9405-31F8D711CB5A}) (Version: 3.12.2140.44225 - Microsoft Corporation) Hidden
MiniTool Partition Wizard 13 DEMO (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 13 - MiniTool Software Limited)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 142.0 - Mozilla)
Mozilla Thunderbird (x64 de) (HKLM\...\Mozilla Thunderbird 146.0 (x64 de)) (Version: 146.0 - Mozilla)
MSI Development Tools (HKLM-x32\...\{0EB12BFD-6929-FDA3-5C9B-A5BA3CC107F9}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
NetLimiter (HKLM\...\{6B725F8C-1FCE-49E4-A5A6-AE481A44E45C}) (Version: 5.3.26.0 - Locktime Software) Hidden
NetLimiter (HKLM-x32\...\NetLimiter 5.3.26.0) (Version: 5.3.26.0 - Locktime Software)
Nmap 7.98 (HKLM-x32\...\Nmap) (Version: 7.98 - Nmap Project)
Node.js (HKLM\...\{686EA7E1-608A-4B99-A50A-448A2B2A7E73}) (Version: 24.12.0 - Node.js Foundation)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.83 - Nmap Project)
NVIDIA App 11.0.6.383 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NvApp) (Version: 11.0.6.383 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.5.11821.36727370 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.5.11821.36727370 - NVIDIA Corporation)
NVIDIA Grafiktreiber 591.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 591.86 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.4.5.7 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.5.7 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
Proton Mail Bridge (HKLM\...\{8912F491-A531-4865-A479-2346ECA878F9}) (Version: 3.21.2 - Proton AG) Hidden
Proton Mail Bridge (HKLM\...\Proton Mail Bridge 3.21.2) (Version: 3.21.2 - Proton AG)
Proton VPN (HKLM\...\Proton VPN_is1) (Version: 4.3.12 - Proton AG)
Python 3.14.0 (64-bit) (HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\{a9c48b80-2c48-47ac-8c9e-32a1b0ec69e5}) (Version: 3.14.150.0 - Python Software Foundation)
Python 3.14.0 Add to Path (64-bit) (HKLM\...\{6EDF736F-CA9A-400A-9C0C-2B11B62E6AC0}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python 3.14.0 Core Interpreter (64-bit) (HKLM\...\{89B75A5B-F4F9-44B4-ABCF-C8A3DFEE1A27}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python 3.14.0 Development Libraries (64-bit) (HKLM\...\{0A6EDF73-71A4-4F2B-8BCA-91067F2F01C5}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python 3.14.0 Documentation (64-bit) (HKLM\...\{970CB7C4-1F70-4860-ABDE-6D682CAFB977}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python 3.14.0 Executables (64-bit) (HKLM\...\{BE522E46-7788-47C3-8D6A-B74AC8A651FA}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python 3.14.0 pip Bootstrap (64-bit) (HKLM\...\{69A09B9E-1AB6-4149-9417-AB1328275CF1}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python 3.14.0 Standard Library (64-bit) (HKLM\...\{85274239-67A0-46A4-8894-05E2B7992229}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python 3.14.0 Tcl/Tk Support (64-bit) (HKLM\...\{5C3ABD97-E8B3-440F-AD61-CCED4B913579}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python 3.14.0 Test Suite (64-bit) (HKLM\...\{B3F34206-BD7F-44A1-B56E-15C814D96300}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{87108F9B-23F3-4E96-8A88-E9CD5F46F008}) (Version: 3.14.150.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8573 - Realtek Semiconductor Corp.)
Riot Client (HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.9.0.0 - Samsung Electronics Co., Ltd.)
Sandboxie-Plus v1.16.7 (HKLM\...\Sandboxie-Plus_is1) (Version: 1.16.7 - hxxp://xanasoft.com/)
SDK ARM64 Additions (HKLM-x32\...\{7D0E0601-E6CC-870D-0002-C93DD14EDA30}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
SDK ARM64 Redistributables (HKLM-x32\...\{B5A82F3D-95CE-085A-5904-D2D16FD3AE4F}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TikTok (HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\fdf15575659c4d71782a707152afdc83) (Version: 1.0 - BraveSoftware\Brave-Browser)
Universal CRT Extension SDK (HKLM-x32\...\{17D838D5-F629-9E56-3F16-0EA48C3905F7}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{4848F8AA-19FC-351A-030B-7092A476AA52}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{91A9666E-74FD-E29C-73E1-F80224B8A1B1}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{9148976E-7F75-C671-E6BB-E2675C55CB43}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{84E32B8D-5471-246E-5E0A-E19954BD7D3D}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{70A5208E-B854-F943-DA13-8F5E14C2299E}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{B8D93870-98D1-4980-AFCA-E26563CDFB79}) (Version: 8.94.0.0 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{D06AA7C8-2F03-4208-AB3A-1EF2FDE03017}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.3.0 - Elaborate Bytes)
Visual Studio Build Tools 2022 (HKLM-x32\...\7dddf099) (Version: 17.14.22 (December 2025) - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN)
VS Script Debugging Common (HKLM\...\{F5796163-6EC6-488A-B2DE-E1E94477F6AD}) (Version: 17.0.157.0 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{928A1CB9-F19D-456B-81D5-D4D72F6BE711}) (Version: 17.14.36015 - Microsoft Corporation) Hidden
vs_communitysharedmsi (HKLM-x32\...\{71498EE6-F94E-4061-9DD5-55925CA8A74F}) (Version: 17.14.36025 - Microsoft Corporation) Hidden
vs_communityx64msi (HKLM\...\{3873679C-FA03-4101-97E9-107D67C568B8}) (Version: 17.14.36025 - Microsoft Corporation) Hidden
vs_CoreEditorFonts (HKLM-x32\...\{1851460E-0E63-4117-B5BA-25A2F045801B}) (Version: 17.7.40001 - Microsoft Corporation)
vs_filehandler_amd64 (HKLM-x32\...\{22EE1419-B47E-44B8-A635-868746946079}) (Version: 17.14.36024 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{6C7D0172-7367-4F0C-95DB-6021765B58EA}) (Version: 17.14.36024 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{D331F4E7-BC3B-47BE-BB56-5F33895F9347}) (Version: 17.14.36015 - Microsoft Corporation) Hidden
vs_githubprotocolhandlermsi (HKLM-x32\...\{29297AFE-9D24-4DFE-ACAF-D90090D905CF}) (Version: 17.14.36015 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{A2FDDC26-4232-4287-8839-2F53A01E1E97}) (Version: 17.14.36015 - Microsoft Corporation) Hidden
vs_minshellinteropsharedmsi (HKLM-x32\...\{537F07C8-0EC6-41A5-BB91-750FA3CAA110}) (Version: 17.14.36015 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{6AAEB5DD-FFFE-4CA1-9FE2-38A44B6B4477}) (Version: 17.14.36301 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{8EABA160-DBDD-4101-A9C2-B974F0DAE7F1}) (Version: 17.14.36015 - Microsoft Corporation) Hidden
vs_minshellsharedmsi (HKLM-x32\...\{F6E69DD8-7652-4CC6-8A4F-485A16012B5B}) (Version: 17.14.36024 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsi (HKLM-x32\...\{B4B3AA16-E828-4577-A9F2-629E1A95FE4A}) (Version: 17.14.36323 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsires (HKLM-x32\...\{BFE52258-5E70-4F87-83D8-4C599DDD7D0E}) (Version: 17.14.36323 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{6A42C143-7C8D-F97C-FC25-BBBDC160CC49}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows App Certification Kit Native Components (HKLM\...\{428D5353-2260-9FA3-C9D3-DF30655A1DB2}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows App Certification Kit SupportedApiList x86 (HKLM-x32\...\{907C021B-383E-837F-8213-B1C6714F48DA}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows App Certification Kit x64 (HKLM-x32\...\{8C92A051-F5CF-0258-AE17-567037FB8741}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows App Certification Kit x64 (OnecoreUAP) (HKLM-x32\...\{B750E36B-E18D-F0D4-9099-B1F531FB0F31}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows Desktop Extension SDK (HKLM-x32\...\{780A409F-FF4C-3361-372A-D97E456C1B9E}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows Desktop Extension SDK Contracts (HKLM-x32\...\{08CA91C8-29C9-527B-445F-A092F07E2E7A}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows IoT Extension SDK (HKLM-x32\...\{7C298756-AA56-7087-763F-AEF33AE569C3}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows IoT Extension SDK Contracts (HKLM-x32\...\{D732C721-14D9-43CF-21CD-9394F0912656}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows Mobile Extension SDK (HKLM-x32\...\{569126D6-2540-F73B-8F7F-09AFF1FC2CEF}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows Mobile Extension SDK Contracts (HKLM-x32\...\{76E2EA76-04AE-2CCD-4F8F-3E9F25B16034}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK (HKLM-x32\...\{BD8FDB18-B514-2FCD-A4F0-CC1D08941D4C}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{AFEDE556-1D76-4165-A1E8-34FF80126836}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows SDK ARM64 Desktop Tools (HKLM-x32\...\{0E7C147F-B447-5D34-A27B-F731EB5C5866}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers arm64 (HKLM-x32\...\{24A09BED-02FD-8FF8-46C1-76030D482B4F}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers x64 (HKLM-x32\...\{403033BA-0E91-DC0B-4368-EFCEE5ABC570}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers x86 (HKLM-x32\...\{DD870EAE-65A8-9AFC-2395-8EF4BD8588F2}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs arm64 (HKLM-x32\...\{6A4A9BCC-ECBE-C338-0CF8-1806767710FC}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs x64 (HKLM-x32\...\{B7DCB3D5-470C-5224-43E4-017B132735EF}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs x86 (HKLM-x32\...\{EDBF8086-745A-5300-12DB-4E22C2CC50E0}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Tools arm64 (HKLM-x32\...\{C2B82E29-6791-B430-46FC-B0E42D66D4D5}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Tools x64 (HKLM-x32\...\{606D574B-F0E5-9F8D-803C-C7A89573440F}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Tools x86 (HKLM-x32\...\{040203F6-1D53-CAD8-4856-5DB42936BCE4}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK DirectX x64 Remote (HKLM\...\{5F5EB296-B579-325A-26B8-318C4CC1B657}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK DirectX x86 Remote (HKLM-x32\...\{F4D0EBF2-E397-F743-122D-4F7E24D39E8A}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK EULA (HKLM-x32\...\{A62FF366-EE22-B0B8-727B-027421680FEE}) (Version: 10.1.26100.7175 - Microsoft Corporations) Hidden
Windows SDK Facade Windows WinMD Versioned (HKLM-x32\...\{978C5573-515E-3F58-37F7-458528F92495}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps (HKLM-x32\...\{076DDDE2-F8CB-F138-95FB-E958C6E497CF}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Contracts (HKLM-x32\...\{DFAC5BD2-7E53-6302-A784-38A168663931}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps DirectX x86 Remote (HKLM-x32\...\{D4E30DDE-077F-1652-B081-66BB1F98DF94}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Headers (HKLM-x32\...\{CBFB4481-A259-6F87-3ED3-ED679D68B90E}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Headers OnecoreUap (HKLM-x32\...\{3DB9B1DF-8209-0E7F-1A36-12F99736E384}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Libs (HKLM-x32\...\{E37FF7C3-0A25-CDB9-895B-4809A7C9AEDE}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Metadata (HKLM-x32\...\{E5430440-EE14-56B9-5A53-6955BC847BDB}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Tools (HKLM-x32\...\{4F4CE2FF-5300-5B48-75B7-92B869735A09}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Managed Apps Libs (HKLM-x32\...\{F6C8FA5D-F1D6-1333-0FE8-F258DAA03EAB}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Modern Non-Versioned Developer Tools (HKLM-x32\...\{D73FD6A9-F887-0E76-B9DC-7474A637D9A7}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Modern Versioned Developer Tools (HKLM-x32\...\{4D9BD000-A45D-1E33-FBBF-30B0B8094B3F}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK OnecoreUap Headers arm64 (HKLM-x32\...\{63991DD7-89E8-DC4E-9A54-695B07040D3E}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK OnecoreUap Headers x64 (HKLM-x32\...\{2B1FEEC7-7A01-0D73-AC29-3E32AB18670C}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK OnecoreUap Headers x86 (HKLM-x32\...\{DCF60599-EBD4-6565-2D12-CAB66B1C3FDC}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Redistributables (HKLM-x32\...\{54FA2EAA-3564-F73D-4C14-BA8A09144F45}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Signing Tools (HKLM-x32\...\{086287C2-689F-844D-E3DD-1C806001EC43}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows Software Development Kit - Windows 10.0.26100.7175 (HKLM-x32\...\{b5ab6bbd-62a1-45bd-af43-2ea6ac4c3486}) (Version: 10.1.26100.7175 - Microsoft Corporation)
Windows Subsystem for Linux (HKLM\...\{8705254B-3AE0-4CFA-93D5-F71DCDE9ED2B}) (Version: 2.6.1.0 - Microsoft Corporation) Hidden
Windows Team Extension SDK (HKLM-x32\...\{F0C7F3F4-8FE8-8ED2-5CA0-CFF9CDFA9DEA}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows Team Extension SDK Contracts (HKLM-x32\...\{A9B4A927-5520-B58D-C20A-249A720B2472}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{01933586-56BC-4722-D8AB-59F2A24C90EE}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{1495FD11-8AEB-75CA-4447-1C1CE340C630}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{C33A7DAA-9B59-467D-2C7C-08527F7B93D5}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{1EA346E3-BEBF-94FA-B36C-FD6AD9B187CC}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{00CD7BFC-A0C3-FBB2-2FA6-0BA72E4B6EE2}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{D141A569-DA59-20E2-EE50-A78544B46042}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{A11709BB-020F-9FD8-58B9-D61FB8F7A0BB}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{5C6BB60F-A809-2673-25D3-7E868F59D219}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{3F2B7565-3751-D3E4-24C5-B3C9FF4CC22B}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WireGuard (HKLM\...\{2FDB79CE-5193-4A39-82BB-E00158CC1533}) (Version: 0.5.3 - WireGuard LLC)
Zoom Workplace (HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\ZoomUMX) (Version: 6.6.11 (23272) - Zoom Communications, Inc.)
Packages:
=========
AppleInc.AppleDevices -> C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1538.24070.0_x64__nzyj5cx40ttqa [2026-01-15] (Apple Inc.) [Startup Task]
Dev Home (Preview) -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1801.640.0_x64__8wekyb3d8bbwe [2025-10-12] (Microsoft Corporation) [Startup Task]
GIMP -> C:\Program Files\WindowsApps\GIMP.43237F745459_3.0.82.0_x64__nq49gba4h4mx8 [2026-02-17] (GIMP)
Malwarebytes Anti-Malware -> C:\Program Files\Malwarebytes\Anti-Malware [2026-02-18] ()
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.969.0_x64__56jybvy8sckqj [2025-11-08] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.155.0_x64__dt26b99r8h8gj [2025-08-29] (Realtek Semiconductor Corp)
SandboxieShell -> C:\Program Files\Sandboxie-Plus [2025-11-17] (Sparse Package)
Screen ColorPicker -> C:\Program Files\WindowsApps\56935ikst.2277717F29C46_1.0.15.0_x64__t50q39cyngesc [2025-11-13] (ikst)
Ubuntu 22.04.5 LTS -> C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu22.04LTS_2204.5.10021.0_x64__79rhkp1fndgsc [2025-12-16] (Canonical Group Limited)
Wireless*Display*Adapter -> C:\Program Files\WindowsApps\Microsoft.SurfaceWirelessDisplayAdapter_4.232.137.0_x64__8wekyb3d8bbwe [2025-09-29] (Microsoft Corporation) [Startup Task]
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3437276495-2594823583-628811619-1001_Classes\CLSID\{227C9E8F-71A1-4B23-9076-682A1A8EAAED}\localserver32 -> "c:\program files\macrium\common\reflectmonitor.exe" -ToastActivated => Keine Datei
CustomCLSID: HKU\S-1-5-21-3437276495-2594823583-628811619-1001_Classes\CLSID\{37E76D51-6F67-4187-9C20-B23E5BB3899E}\localserver32 -> "c:\program files\musehub\current\musehub.exe" ----AppNotificationActivated: => Keine Datei
CustomCLSID: HKU\S-1-5-21-3437276495-2594823583-628811619-1001_Classes\CLSID\{50726f74-6f6e-2e56-504e-000000000000}\localserver32 -> C:\Program Files\Proton\VPN\v4.3.12\ProtonVPN.Client.exe (Proton AG -> ProtonVPN)
CustomCLSID: HKU\S-1-5-21-3437276495-2594823583-628811619-1001_Classes\CLSID\{79e39550-4c6e-83b6-9f7e-6d43d124e569}\localserver32 -> "C:\Users\admin\Downloads\FanControl_208_net_4_8\FanControl.exe" -ToastActivated => Keine Datei
CustomCLSID: HKU\S-1-5-21-3437276495-2594823583-628811619-1001_Classes\CLSID\{C52B9871-E5E9-41FD-B84D-C5ACADBEC7AE}\InprocServer32 -> C:/Users/admin/Downloads/NG222_Daughter Management! I Will Live! [JP]/### INSTALL IF YOU CAN'T RUN THE GAME/LEContextMenuHandler.DLL => Keine Datei
CustomCLSID: HKU\S-1-5-21-3437276495-2594823583-628811619-1001_Classes\CLSID\{DA444C31-5DFC-4646-BAEA-F93F63F3B0FC}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-3437276495-2594823583-628811619-1001_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files (x86)\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3437276495-2594823583-628811619-1001_Classes\CLSID\{EABAE40C-B27C-455A-B672-F234DD780948}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.25.24601\x64\Microsoft.Teams.MeetingAddin.DLL (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-28] () [Datei ist nicht signiert] [Datei wird verwendet]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Keine Datei
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2025-08-03] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2026-02-18] (Malwarebytes Inc -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-28] () [Datei ist nicht signiert] [Datei wird verwendet]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2025-08-03] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers5: [NvAppDesktopContext] -> {F2E8B4A1-9C7D-4F6E-B3A5-8D2C1F4E9B7A} => C:\Program Files\NVIDIA Corporation\NVIDIA App\NvCpl\nvui.dll [2026-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_adc55ecfca814224\nvshext.dll [2026-01-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2025-08-03] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2026-02-18] (Malwarebytes Inc -> Malwarebytes)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Web Applications\_crx_nlalbmkafgmoifbeooblidblkmlhhpnc\TikTok.lnk -> C:\Program Files\BraveSoftware\Brave-Browser\Application\chrome_proxy.exe (Brave Software, Inc.) -> --profile-directory=Default --app-id=nlalbmkafgmoifbeooblidblkmlhhpnc
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave-Apps\TikTok.lnk -> C:\Program Files\BraveSoftware\Brave-Browser\Application\chrome_proxy.exe (Brave Software, Inc.) -> --profile-directory=Default --app-id=nlalbmkafgmoifbeooblidblkmlhhpnc
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2025-08-31 05:48 - 2025-08-03 09:00 - 000101888 _____ (Igor Pavlov) [Datei ist nicht signiert] C:\Program Files\7-Zip\7-zip.dll
2018-12-28 18:46 - 2018-12-28 18:46 - 000126976 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2025-12-15 15:37 - 2025-12-15 15:37 - 003884544 _____ (Newtonsoft) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\41a55abf2bdf48b731de35f333cef6db\Newtonsoft.Json.ni.dll
2025-12-01 04:19 - 2026-02-18 21:30 - 000000000 ___JL (NVIDIA Corporation) [symlink -> C:\Program Files\NVIDIA Corporation\NVIDIA App\MessageBus\NvMessageBusBroadcast.dll] C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\NvMessageBusBroadcast.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ledger Live.lnk:F720486877 [6018]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) =============
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2025-10-09 00:18 - 2025-11-30 09:52 - 000004328 _____ C:\WINDOWS\system32\drivers\etc\hosts
192.168.100.150 nextcloud.sinankarateke.de
109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 fitgirl-repack.com # Fake FitGirl site
109.94.209.70 fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.cc # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.to # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks.website # Fake FitGirl site
109.94.209.70 ww9.fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repacks.xyz # Fake FitGirl site
109.94.209.70 fitgirl-repack.net # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
109.94.209.70 fitgirlpack.site # Fake FitGirl site
109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
109.94.209.70 fitgirl-repack.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repack.org # Fake FitGirl site
109.94.209.70 fitgirlrepacks.pro # Fake FitGirl site
109.94.209.70 www.fitgirlrepacks.pro # Fake FitGirl site
109.94.209.70 fitgirlrepack.games # Fake FitGirl site
109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
109.94.209.70 fitgirl-repacks-site.org # Fake FitGirl site
109.94.209.70 www.fitgirl-repacks-site.org # Fake FitGirl site
109.94.209.70 fitgirls-repacks.com # Fake FitGirl site
109.94.209.70 fitgirlrepack.cc # Fake FitGirl site
109.94.209.70 fitgirlrepacks.org # Fake FitGirl site
2025-10-25 00:43 - 2026-02-20 22:16 - 000000500 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.27.96.1 DESKTOP-CHMVQ4P.mshome.net # 2031 2 3 19 19 16 47 374
==================== Network ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
DNS Servers: 192.168.1.1
ist aktiviert.
Network Binding:
=============
vEthernet (Default Switch): Hyper-V Virtual Ethernet Adapter ->
Ethernet 4: Realtek PCIe GBE Family Controller #2 -> rt640x64.sys
vms_vsf: Erweiterungsfilter für virtuellen Hyper-V-Switch
INSECURE_NPCAP: Npcap Packet Driver (NPCAP)
ms_l1vhlwf: Geschachtelte Netzwerkvirtualisierung
vms_vsp: Extension-Protokoll für virtuellen Hyper-V-Switch
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Python314\Scripts\;C:\Python314\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\WireGuard\;%JAVA_HOME%\bin;C:\Program Files\NVIDIA Corporation\NVIDIA App\NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;S:\nodejs\;C:\ProgramData\chocolatey\bin;C:\Program Files\Git\cmd
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\DesktopSpotlight\Assets\Images\image_2.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\admin\AppData\Local\Android\Sdk
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\admin\AppData\Local\Google\AndroidStudio2025.1.2
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\admin\.gradle
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\admin\Desktop\ChatGPT_App
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\admin\AndroidStudioProjects\App1
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\admin\AppData\Local\Google\AndroidStudio2025.1.4
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\admin\AppData\Local\Temp
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\Users\admin\AppData\Local
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\ProgramData\winrar.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths|C:\ProgramData
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|powershell.exe
HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes|IsCompleted.exe
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\StartupFolder: => "Proton Mail Bridge.lnk"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "ProtonVPN"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "RiotClient"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "electron.app.OP.GG"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "VLC Plus Player Updater"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "ut"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "NetLimiter"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "Proton VPN"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "SandboxiePlus_AutoRun"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "iCloudServices"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{37D27DB7-0134-4B83-9446-C169515912D8}] => (Allow) S:\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B0575FFF-8FC5-44B0-AF57-3E988C848FFF}] => (Allow) S:\Steam\steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B99ABA16-070F-49BA-93D2-73213B26E838}] => (Allow) S:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => Keine Datei
FirewallRules: [{C0E744D9-8C1E-4ECC-8D77-6B0D07E7579A}] => (Allow) S:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => Keine Datei
FirewallRules: [TCP Query User{B989E95A-389B-4C17-8C9B-DAF489FEFD05}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Block) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [UDP Query User{F8D3C982-B05E-47DF-8FE5-272D45B60C15}C:\program files\bravesoftware\brave-browser\application\brave.exe] => (Block) C:\program files\bravesoftware\brave-browser\application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [TCP Query User{C072F98B-17C7-4DE5-8979-EBCF67A4618C}S:\steam\steamapps\common\arc raiders\pioneergame\binaries\win64\pioneergame.exe] => (Allow) S:\steam\steamapps\common\arc raiders\pioneergame\binaries\win64\pioneergame.exe (Embark Studios AB -> Embark Studios AB)
FirewallRules: [UDP Query User{52F79C9A-734F-4EF6-8D47-9B98D46E4B93}S:\steam\steamapps\common\arc raiders\pioneergame\binaries\win64\pioneergame.exe] => (Allow) S:\steam\steamapps\common\arc raiders\pioneergame\binaries\win64\pioneergame.exe (Embark Studios AB -> Embark Studios AB)
FirewallRules: [{F81E0E5C-9DCA-4650-AF71-7DEB316F310B}] => (Allow) S:\Steam\steamapps\common\Urban Rivals\Urban Rivals.exe () [Datei ist nicht signiert]
FirewallRules: [{08FAC33C-7DF1-4FB0-9E9B-E77F128F2B5F}] => (Allow) S:\Steam\steamapps\common\Urban Rivals\Urban Rivals.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{675AEDA4-311F-46B9-A66B-D038647751C4}C:\users\admin\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\admin\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)
FirewallRules: [UDP Query User{95486780-27DD-4E6A-941E-9AEBDE22BC7F}C:\users\admin\appdata\roaming\zoom\bin\zoom.exe] => (Allow) C:\users\admin\appdata\roaming\zoom\bin\zoom.exe (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)
FirewallRules: [{F255474C-EF86-4D0E-B049-476385EFE94C}] => (Allow) S:\Steam\bin\cef\cef.win64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{09C78C3E-F4B3-4EF3-B3AC-E24B4A5BAD44}] => (Allow) S:\Steam\bin\cef\cef.win64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{631F4D7A-F294-4235-9A8D-94332CABE356}] => (Allow) C:\Program Files\AusweisApp\AusweisApp.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG)
FirewallRules: [{142D90D9-028C-4F87-826B-C77988CA1BEC}] => (Allow) C:\Program Files\AusweisApp\AusweisApp.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG)
FirewallRules: [{ED4B2330-D9C5-4DBC-9F1A-976E006B4AC0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1538.24070.0_x64__nzyj5cx40ttqa\AppleMobileDeviceLauncher.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{39132EF2-CE63-4FC2-A099-E233125684E6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1538.24070.0_x64__nzyj5cx40ttqa\AppleMobileDeviceLauncher.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{2021D705-E58A-449B-B9F0-58F2248F7E14}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1538.24070.0_x64__nzyj5cx40ttqa\AMPDevicesAgent.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{93BC94A6-2FEF-42CB-8458-278AEED1645D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1538.24070.0_x64__nzyj5cx40ttqa\AMPDevicesAgent.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{A0930395-40E5-4FB7-96A5-B958E1A2C50C}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BBEAD63A-49A9-4C8C-89F0-A23D8BBE3A70}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3E529175-9E65-4FD6-86C2-0C628390DC98}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C0743598-A043-4413-864D-BB395C7D3EF5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{56DB5AF6-ABA7-4935-9ED7-1732D929BBBC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{23392EA7-25D7-46B9-9619-6E5B85FA7413}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{9790264C-EC52-4267-8C46-394081321BA1}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{A3C1BE7B-278F-4E75-96D5-90BE674EBF03}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{312A798B-12E5-4F1C-B228-5F2F2FDAC2F2}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{1036E6BF-4C6C-45FB-91E4-1ED1A4954D68}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{4CBC72C9-0C8C-4E97-9293-AA6697DE0C4E}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{83EBD5D3-5FA3-4AA6-B80E-55A40370B615}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{678BE6C0-42B2-4A81-B140-456C438BA536}] => (Allow) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
==================== Wiederherstellungspunkte =========================
27-01-2026 19:19:09 Windows Update
06-02-2026 03:38:50 Geplanter Prüfpunkt
16-02-2026 21:37:09 Geplanter Prüfpunkt
20-02-2026 23:01:57 Windows Update
20-02-2026 23:01:57 Windows Update
20-02-2026 23:01:58 Windows Update
==================== Fehlerhafte Geräte im Gerätemanager ============
Name: USB Audio
Description: USB-Audiogerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-USB-Audio)
Service: usbaudio
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (01/15/2026 06:27:29 PM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Das Programm iTunes.exe Version 12.13.9.1 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.
Error: (01/15/2026 06:12:30 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-CHMVQ4P)
Description: Fehlerhafter Anwendungsname: AppleMobileBackup.exe, Version: 2899.0.11.22, Zeitstempel: 0x60020f0d
Fehlerhafter Modulname: ntdll.dll, Version: 10.0.26100.7462, Zeitstempel: 0x20848390
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000fc61f
Fehlerhafte Prozess-ID: 0x2990
Fehlerhafte Anwendungsstartzeit: 0x1dc86315654e363
Fehlerhafter Anwendungspfad: C:\Program Files\WindowsApps\AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa\AMDS32\AppleMobileBackup.exe
Fehlerhafter Modulpfad: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichts-ID: 05926ff6-9157-48e5-8857-edbf70eb8a22
Vollständiger Name des fehlerhaften Pakets: AppleInc.iTunes_12139.1.59021.0_x64__nzyj5cx40ttqa
Fehlerhafte paketbezogene Anwendungs-ID: iTunes
Error: (01/15/2026 06:06:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2125-12-22T15:06:08Z. Fehlercode: 0x800703F8.
Error: (01/15/2026 06:05:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2125-12-22T15:05:38Z. Fehlercode: 0x800703F8.
Error: (01/15/2026 06:05:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2125-12-22T15:05:08Z. Fehlercode: 0x800703F8.
Error: (01/15/2026 06:04:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2125-12-22T15:04:38Z. Fehlercode: 0x800703F8.
Error: (01/15/2026 06:04:08 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2125-12-22T15:04:08Z. Fehlercode: 0x800703F8.
Error: (01/15/2026 06:03:38 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: )
Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2125-12-22T15:03:38Z. Fehlercode: 0x800703F8.
Systemfehler:
=============
Error: (02/20/2026 10:21:37 PM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1801) (User: NT-AUTORITÄT)
Description: Secure Boot certificates have been updated but are not yet applied to the device firmware. Review the published guidance to complete the update and ensure full protection. This device signature information is included here.
DeviceAttributes: BaseBoardManufacturer:ASUSTeK COMPUTER INC.;FirmwareManufacturer:American Megatrends Inc.;FirmwareVersion:2603;OEMModelNumber:System Product Name;OEMModelBaseBoard:PRIME B360M-A;OEMModelSystemFamily:To be filled by O.E.M.;OEMManufacturerName:System manufacturer;OEMModelSKU:ASUS_MB_CNL;OSArchitecture:amd64;
BucketId: c41db8f0c67b35e5a15081e5389ef29e8c793acb905ebf003e16198a3711502c
BucketConfidenceLevel:
UpdateType:
For more information, please see https://go.microsoft.com/fwlink/?linkid=2301018.
Error: (02/20/2026 10:18:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (02/20/2026 10:18:40 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.
Error: (02/20/2026 10:16:36 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 19.02.2026 um 00:16:54 unerwartet heruntergefahren.
Error: (02/20/2026 10:16:20 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 3221225684A fatal error occurred processing the restoration data.
Error: (02/18/2026 11:05:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9MV0B5HZVK9Z-Microsoft.GamingApp
Error: (02/18/2026 08:19:44 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1801) (User: NT-AUTORITÄT)
Description: Secure Boot certificates have been updated but are not yet applied to the device firmware. Review the published guidance to complete the update and ensure full protection. This device signature information is included here.
DeviceAttributes: BaseBoardManufacturer:ASUSTeK COMPUTER INC.;FirmwareManufacturer:American Megatrends Inc.;FirmwareVersion:2603;OEMModelNumber:System Product Name;OEMModelBaseBoard:PRIME B360M-A;OEMModelSystemFamily:To be filled by O.E.M.;OEMManufacturerName:System manufacturer;OEMModelSKU:ASUS_MB_CNL;OSArchitecture:amd64;
BucketId: c41db8f0c67b35e5a15081e5389ef29e8c793acb905ebf003e16198a3711502c
BucketConfidenceLevel:
UpdateType:
For more information, please see https://go.microsoft.com/fwlink/?linkid=2301018.
Error: (02/18/2026 08:16:48 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Windows Defender:
================
Date: 2026-02-09 03:37:49
Description:
Microsoft Defender Antivirus šçàⁿ ђάş ъęзņ ѕтőρрēδ ъêƒόг℮ ¢òmρℓēтîòʼn.%и %τŜсäи ĮÐ:%ь{946C4A56-F261-4C1A-A7D3-A4CE0059B099}%π %ŧŜĉāñ Τýρε:%ьAntimalware%ή %ţŜçáʼn Рдґáměτéяѕ:%ьSchnellüberprüfung%ή %τЦѕеŗ:%ьNT-AUTORITÄT\SYSTEM%π %тŞτοφ Ŗēăşøŋ:%ьЅćн℮δύŀëđ ѕčåй щąš ŝķïρрĕδ ъеċǻúşε ťĥě łάѕτ śυсĉĕѕšƒџļ ѕ¢āη ώªŝ ẃĩτћïл ţħе ℓãşт 7 ďαуŝ
Date: 2026-02-08 03:37:49
Description:
Microsoft Defender Antivirus šçàⁿ ђάş ъęзņ ѕтőρрēδ ъêƒόг℮ ¢òmρℓēтîòʼn.%и %τŜсäи ĮÐ:%ь{D9A0760B-4F0C-44EE-980A-F534C0533AD0}%π %ŧŜĉāñ Τýρε:%ьAntimalware%ή %ţŜçáʼn Рдґáměτéяѕ:%ьSchnellüberprüfung%ή %τЦѕеŗ:%ьNT-AUTORITÄT\SYSTEM%π %тŞτοφ Ŗēăşøŋ:%ьЅćн℮δύŀëđ ѕčåй щąš ŝķïρрĕδ ъеċǻúşε ťĥě łάѕτ śυсĉĕѕšƒџļ ѕ¢āη ώªŝ ẃĩτћïл ţħе ℓãşт 7 ďαуŝ
Date: 2026-02-07 03:37:49
Description:
Microsoft Defender Antivirus šçàⁿ ђάş ъęзņ ѕтőρрēδ ъêƒόг℮ ¢òmρℓēтîòʼn.%и %τŜсäи ĮÐ:%ь{B5929302-8080-4BED-8643-5068A96E9C72}%π %ŧŜĉāñ Τýρε:%ьAntimalware%ή %ţŜçáʼn Рдґáměτéяѕ:%ьSchnellüberprüfung%ή %τЦѕеŗ:%ьNT-AUTORITÄT\SYSTEM%π %тŞτοφ Ŗēăşøŋ:%ьЅćн℮δύŀëđ ѕčåй щąš ŝķïρрĕδ ъеċǻúşε ťĥě łάѕτ śυсĉĕѕšƒџļ ѕ¢āη ώªŝ ẃĩτћïл ţħе ℓãşт 7 ďαуŝ
Date: 2026-02-06 03:37:49
Description:
Microsoft Defender Antivirus šçàⁿ ђάş ъęзņ ѕтőρрēδ ъêƒόг℮ ¢òmρℓēтîòʼn.%и %τŜсäи ĮÐ:%ь{E0FF0D98-6C29-4D68-A7AF-2930195BEED2}%π %ŧŜĉāñ Τýρε:%ьAntimalware%ή %ţŜçáʼn Рдґáměτéяѕ:%ьSchnellüberprüfung%ή %τЦѕеŗ:%ьNT-AUTORITÄT\SYSTEM%π %тŞτοφ Ŗēăşøŋ:%ьЅćн℮δύŀëđ ѕčåй щąš ŝķïρрĕδ ъеċǻúşε ťĥě łάѕτ śυсĉĕѕšƒџļ ѕ¢āη ώªŝ ẃĩτћïл ţħе ℓãşт 7 ďαуŝ
Date: 2026-02-05 03:37:49
Description:
Microsoft Defender Antivirus šçàⁿ ђάş ъęзņ ѕтőρрēδ ъêƒόг℮ ¢òmρℓēтîòʼn.%и %τŜсäи ĮÐ:%ь{E358F75C-DA27-4E42-9A87-C3A4E7581A27}%π %ŧŜĉāñ Τýρε:%ьAntimalware%ή %ţŜçáʼn Рдґáměτéяѕ:%ьSchnellüberprüfung%ή %τЦѕеŗ:%ьNT-AUTORITÄT\SYSTEM%π %тŞτοφ Ŗēăşøŋ:%ьЅćн℮δύŀëđ ѕčåй щąš ŝķïρрĕδ ъеċǻúşε ťĥě łάѕτ śυсĉĕѕšƒџļ ѕ¢āη ώªŝ ẃĩτћïл ţħе ℓãşт 7 ďαуŝ
Event[0]
Date: 2026-02-09 03:47:21
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.443.911.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.25110.1
Fehlercode: 0x80072ee7
Fehlerbeschreibung: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Date: 2026-02-09 03:47:21
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.443.911.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiSpyware
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.25110.1
Fehlercode: 0x80072ee7
Fehlerbeschreibung: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Date: 2026-02-09 03:47:21
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.443.911.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.25110.1
Fehlercode: 0x80072ee7
Fehlerbeschreibung: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Date: 2026-02-09 03:47:21
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.443.911.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.25110.1
Fehlercode: 0x80072ee7
Fehlerbeschreibung: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
Date: 2026-02-09 03:47:21
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.443.911.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiSpyware
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.25110.1
Fehlercode: 0x80072ee7
Fehlerbeschreibung: Der Servername oder die Serveradresse konnte nicht verarbeitet werden.
CodeIntegrity:
===============
Date: 2026-02-21 00:33:01
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpDefenderCoreService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2026-02-20 23:32:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. 2603 10/11/2019
Hauptplatine: ASUSTeK COMPUTER INC. PRIME B360M-A
Prozessor: Intel(R) Core(TM) i5-9400F CPU @ 2.90GHz
Prozentuale Nutzung des RAM: 48%
Installierter physikalischer RAM: 16294.45 MB
Verfügbarer physikalischer RAM: 8393.37 MB
Summe virtueller Speicher: 17318.45 MB
Verfügbarer virtueller Speicher: 8733.9 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:317.26 GB) (Free:52.13 GB) (Model: WD_BLACK SN7100 1TB) NTFS
Drive s: (Volume) (Fixed) (Total:612.82 GB) (Free:280.16 GB) (Model: WD_BLACK SN7100 1TB) NTFS
\\?\Volume{45b11e4f-8457-4377-a351-262aa50509e6}\ () (Fixed) (Total:0.76 GB) (Free:0.12 GB) NTFS
\\?\Volume{852fc7e5-57c2-4ef2-ae0a-d6ef576a605b}\ () (Fixed) (Total:0.56 GB) (Free:0.54 GB) NTFS
\\?\Volume{ecb9f301-41ac-4550-9598-8f32e95489f8}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt =======================
Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 18.02.2026
Scan-Zeit: 08:22 Uhr
Protokolldatei: d659420a-0c89-11f1-939c-d45d6403754b.json
-Softwaredaten-
Version: 5.4.6.227
Komponentenversion: 147.0.5453
Version des Aktualisierungspakets: 1.0.107379
Lizenz: Kostenlos
-Systemdaten-
Betriebssystem: Windows 11 (Build 26200.7462)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-CHMVQ4P\admin
-Scan-Übersicht-
Scan-Typ: Benutzerdefinierter Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 931748
Erkannte Bedrohungen: 1
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 27 Min., 9 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 1
PUP.Optional.BundleInstaller, S:\UTORRENT_INSTALLER.EXE, Keine Aktion durch Benutzer, 153, 1127518, 1.0.107379, , ame, , B1790918820DDCF6DA3172E267B19722, 51650CFDAE68EA027CC3A8F395D6F3D1B6E3681629FA8E3CD0BB2D2E945CE929
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 18.02.2026
Scan-Zeit: 08:17 Uhr
Protokolldatei: 22ff9ab0-0c89-11f1-b9ac-d45d6403754b.json
-Softwaredaten-
Version: 5.4.6.227
Komponentenversion: 147.0.5453
Version des Aktualisierungspakets: 1.0.107393
Lizenz: Kostenlos
-Systemdaten-
Betriebssystem: Windows 11 (Build 26200.7462)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-CHMVQ4P\admin
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 214796
Erkannte Bedrohungen: 25
In die Quarantäne verschobene Bedrohungen: 25
Abgelaufene Zeit: 2 Min., 5 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 7
Trojan.Crypt.MSIL, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\IsCompleted, In Quarantäne, 3065, 1360683, 1.0.107393, E3C26EAB3B4BF187FDE07AF6, dds, 03751204, ,
Trojan.Crypt.MSIL, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F54560A0-0012-4D4F-8077-FE4C9855A532}, In Quarantäne, 3065, 1360683, 1.0.107393, E3C26EAB3B4BF187FDE07AF6, dds, 03751204, ,
Trojan.Crypt.MSIL, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{F54560A0-0012-4D4F-8077-FE4C9855A532}, In Quarantäne, 3065, 1360683, 1.0.107393, E3C26EAB3B4BF187FDE07AF6, dds, 03751204, ,
PUP.Optional.Bittorrent, HKU\S-1-5-21-3437276495-2594823583-628811619-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\uTorrent, In Quarantäne, 7608, 1365044, 1.0.107393, , ame, , ,
PUP.Optional.FakeVLC.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\VLC Plus Player Updater, In Quarantäne, 10546, 1376926, 1.0.107393, , ame, , ,
PUP.Optional.FakeVLC.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{30A61B4B-FD33-4230-90D4-8DEA14691F8B}, In Quarantäne, 10546, 1376926, 1.0.107393, , ame, , ,
PUP.Optional.FakeVLC.E, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{30A61B4B-FD33-4230-90D4-8DEA14691F8B}, In Quarantäne, 10546, 1376926, 1.0.107393, , ame, , ,
Registrierungswert: 3
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, In Quarantäne, 3894, 676880, 1.0.107393, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, In Quarantäne, 3894, 676880, 1.0.107393, , ame, , ,
PUP.Optional.Bittorrent, HKU\S-1-5-21-3437276495-2594823583-628811619-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|ut, In Quarantäne, 7608, 1365044, 1.0.107393, , ame, , ,
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 2
PUP.Optional.FakeVLC, C:\USERS\ADMIN\APPDATA\LOCAL\VLC PLUS PLAYER UPDATER, In Quarantäne, 10545, 1376922, 1.0.107393, , ame, , ,
PUP.Optional.FakeVLC, C:\USERS\ADMIN\APPDATA\LOCAL\VLC PLUS PLAYER DOWNLOADER, In Quarantäne, 10545, 1376923, 1.0.107393, , ame, , ,
Datei: 13
Trojan.Crypt.MSIL, C:\USERS\ADMIN\APPDATA\LOCAL\TARGET\MGGFOIH\ISCOMPLETED.EXE, In Quarantäne, 3065, 1360683, 1.0.107393, E3C26EAB3B4BF187FDE07AF6, dds, 03751204, BB357DDE1E809C1E6C2148DC6B8D9D0F, A48C1F8101A8C3F60DC7B9EB340A78746BE8E047D2C3FBC6490B26BFD0682B9D
Trojan.Crypt.MSIL, C:\WINDOWS\SYSTEM32\TASKS\IsCompleted, In Quarantäne, 3065, 1360683, 1.0.107393, E3C26EAB3B4BF187FDE07AF6, dds, 03751204, 0A8D4826D461A05EB1DB200609BB5DE5, 7D35DF2E4AA43300EC8801C934CEFC87D4547E29619E3CBB14332E33CA7960C5
PUP.Optional.Bittorrent, C:\USERS\ADMIN\APPDATA\ROAMING\UTORRENT\UTORRENT.EXE, In Quarantäne, 7608, 1365044, 1.0.107393, , ame, , CBDE3231207103EB7EEA48406FEA8FD8, 250378064F55063BFFBC36280C807E1CAE867FCDA413076D95E1DB369F25C7A9
PUP.Optional.Bittorrent, C:\USERS\ADMIN\APPDATA\ROAMING\Microsoft\Internet Explorer\Quick Launch\\u00c2\u00b5Torrent.lnk, In Quarantäne, 7608, 1365044, 1.0.107393, , ame, , EF64B37D41810E811CE0E066028EEB41, B1E61488F907E4884DD91529F5F171368CE0F2E1A3BDF5CB8C60D614546028D1
PUP.Optional.Bittorrent, C:\USERS\ADMIN\APPDATA\ROAMING\Microsoft\Windows\Start Menu\\u00c2\u00b5Torrent.lnk, In Quarantäne, 7608, 1365044, 1.0.107393, , ame, , AE7A00F4B08B1306EA131B20F3250F3B, 68D0075E790CD93B8EDDFAD6454A3E561CFBF47B6F97A710EB55B1020448226C
PUP.Optional.FakeVLC.E, C:\WINDOWS\SYSTEM32\TASKS\VLC Plus Player Updater, In Quarantäne, 10546, 1376926, 1.0.107393, , ame, , 3DEB035C1AB48C56EEBD399B52887203, 68C1630EC896D1B98F83622C1C9CA62E6B7297C3AD3FC1BD0684A9A6FD91AD95
Trojan.Crypt.MSIL, C:\PROGRAMDATA\FIREFOX.EXE, In Quarantäne, 3065, 1360683, 1.0.107393, E3C26EAB3B4BF187FDE07AF6, dds, 03751204, BB357DDE1E809C1E6C2148DC6B8D9D0F, A48C1F8101A8C3F60DC7B9EB340A78746BE8E047D2C3FBC6490B26BFD0682B9D
PUP.Optional.Bittorrent, C:\USERS\ADMIN\APPDATA\ROAMING\UTORRENT\UPDATES\UTORRENT.EXE, In Quarantäne, 7608, 1365044, 1.0.107393, , ame, , CBDE3231207103EB7EEA48406FEA8FD8, 250378064F55063BFFBC36280C807E1CAE867FCDA413076D95E1DB369F25C7A9
PUP.Optional.Utorrent, C:\USERS\ADMIN\APPDATA\ROAMING\UTORRENT\UPDATES\3.6.0_47222.EXE, In Quarantäne, 8480, 1359172, 1.0.107393, , ame, , 540A51B67B85B83D08D93171FCC42962, A3C302BD098812E3A6B68D43233EB845682BACB721D8803F43A08241FCB887B3
PUP.Optional.BundleInstaller, C:\USERS\ADMIN\APPDATA\ROAMING\UTORRENT\UPDATES\3.6.0_47178.EXE, In Quarantäne, 81, 1301130, 1.0.107393, , ame, , CBDB9A7AB738A9DB5D7DAC92FDC5F412, A2DDAF2BFFE582232FAF1DB05E8E376D8B65472286109034C25664627E5EBD87
Generic.Malware/Suspicious, C:\USERS\ADMIN\APPDATA\LOCAL\TEMP\UEYKZNZ.EXE, In Quarantäne, 0, 392686, 1.0.107393, , shuriken, , 2835F40DD66747DE47484188CA9FCFA2, C56C0063D0EED6A41EAE672BCDF5C32D1B51264229144B2830324B3324E0CF55
PUP.Optional.Bittorrent, C:\USERS\ADMIN\APPDATA\ROAMING\UTORRENT\UPDATES\3.6.0_47224.EXE, In Quarantäne, 7608, 1365044, 1.0.107393, , ame, , 4A4B3A162ABF4ACB46B6BCA41D093DA2, 514DF1E3D2367F738DA9DD225EB645B0DD189D9D5CDA062FAA37C24AD4831B1B
Malware.AI.3565538941, C:\USERS\ADMIN\ICLOUDDRIVE\ROOKIE_2.34.1_PORTABLE.ZIP, In Quarantäne, 1000000, 0, 1.0.107393, C974A845D4304AFFD485CE7D, dds, 03751204, F036FCDB20B031D103DDC48A7D4E3FDE, A329B31B2FDA9F72C907B2688F6EE6D64B2E1A9A0D8EFD186B3D64B930550800
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.7.1.626
# -------------------------------
# Build: 02-20-2026
# Database: 2025-12-16.1 (Local)
# Support: https://help.malwarebytes.com/
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-21-2026
# Duration: 00:00:00
# OS: Windows 11 (Build 26200.7462)
# Cleaned: 3
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\SOFTWARE\A11124EA8FB22009250B
Deleted HKCU\SOFTWARE\A27D7A8D0DAA1461E41B
Deleted HKCU\SOFTWARE\CF6E512911B25540E0B136DD47F33312
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1594 octets] - [21/02/2026 00:52:59]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Geändert von Koolman (Gestern um 23:16 Uhr) |
|
Gestern, 22:56
| #2 |
| /// TB-Ausbilder   | Trojaner und Viren über MBAM gefunden Mein Name ist Matthias und ich werde dir bei der Analyse und Bereinigung deines Systems helfen. Ich analysiere dein System und melde mich später nochmal. |
|
Gestern, 23:20
| #3 | |
| /// TB-Ausbilder | Trojaner und Viren über MBAM gefunden Servus,
__________________warum hast du diese Ausschlüsse zum Windows Defender hinzugefügt? Zitat:
Reparatur mit FRST Bitte gedulde dich, sobald du die Reparatur gestartet hast. Je nach Art und Umfang der notwendigen Reparaturen kann dies einige Minuten dauern. Eventuell erhältst du während der Reparatur auch die Information "keine Rückmeldung" von FRST. Das ist normal, du musst nichts weiter tun, nur abwarten. HINWEIS AN ALLE MITLESER: Dieses FRST-Skript ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System verwendet werden!
|
|
Heute, 09:34
| #4 | |
| | Rückmeldung FRST fix log Hallo und danke dir !  Es kann sein das die Einträge falsch bzw. auch zu viel sind, weil ich ne Zeit lang Androidstudio verwendet habe. Werde ich aber nicht mehr nutzen, sollen die Einträge raus? Der fix log ist sehr groß und besteht fast nur aus Zahlen und Buchstaben Wirrwarr wie kann ich es am besten hier rein posten? Ich denke 11 posts hintereinander ist keine Lösung :/ Das sind 0.99 MB :S Außerdem meine Frage, wäre eine PC Zurücksetzung eine Lösung? ich möchte halt nicht alles neu installieren bzw. habe etwas auch Angst das was Wichtiges gelöscht wird. LG Koolman Zitat:
Geändert von Koolman (Heute um 04:09 Uhr) Grund: info |
|
Heute, 10:55
| #5 | ||
| /// TB-Ausbilder | Trojaner und Viren über MBAM gefunden Servus, vielen Dank für die Logdatei und das Bereitstellen bei jumpshare.  Die Malware hat ihren Code sehr gut verschleiert. Die Infektion geht auf November 2025 zurück. Die Fixlog von FRST sieht aber schon mal gut aus.  Zitat:
> Start > Einstellungen > Datenschutz und Sicherheit > Windows-Sicherheit > Viren- und Bedrohungsschutz > Einstellungen verwalten > Ausschlüsse Zitat:
Sobald du die Ausschlüsse alle entfernt hast, führe bitte einen neuen FRST-Scan zur Kontrolle durch.
Geändert von M-K-D-B (Heute um 11:10 Uhr) |
|
Heute, 11:11
| #6 |
| | Trojaner und Viren über MBAM gefunden Ich habe alle Ausschlüsse entfernt. Ich lass mal das erstmal mit dem PC Zurücksetzen, wenn die Viren weg sind brauch ich das glaub ich garnicht mehr oder? FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2026 01
durchgeführt von admin (Administrator) auf DESKTOP-CHMVQ4P (21-02-2026 12:59:38)
Gestartet von C:\Users\admin\Downloads\FRST64.exe
Geladene Profile: admin
Plattform: Microsoft Windows 11 Pro Version 25H2 26200.7462 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1538.24070.0_x64__nzyj5cx40ttqa\AppleMobileDeviceProcess.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
(Brave Software, Inc. -> BraveSoftware Inc.) C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(Elaborate Bytes AG -> Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <9>
(Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2510.14.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoNotificationUx.exe
(services.exe ->) (AnyDesk Software GmbH -> AnyDesk Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_6baa580979143c3f\RstMwService.exe
(services.exe ->) (Locktime Software s.r.o. -> Locktime Software) C:\Program Files\Locktime Software\NetLimiter\NLSvc.exe
(services.exe ->) (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WSL\wslservice.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_adc55ecfca814224\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) S:\Samsung\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) S:\Samsung\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Tonalio GmbH -> Sandboxie-Plus.com) C:\Program Files\Sandboxie-Plus\SbieSvc.exe
(svchost.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(svchost.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(svchost.exe ->) (Apple Inc. -> Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.29510.1001.0_x64__8wekyb3d8bbwe\SecHealthUI.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealth\10.0.29510.1001-0\SecurityHealthHost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [835136 2018-11-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [319544 2019-01-04] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [105280 2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [Steam] => S:\Steam\steam.exe [5760152 2026-01-21] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [SandboxiePlus_AutoRun] => C:\Program Files\Sandboxie-Plus\SandMan.exe [4034568 2025-11-16] (Tonalio GmbH -> sandboxie-plus.com)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [Proton VPN] => C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe [18781032 2026-02-02] (Proton AG -> ProtonVPN)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [Discord] => C:\Users\admin\AppData\Local\Discord\Update.exe [1596344 2025-11-17] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [NetLimiter] => C:\Program Files\Locktime Software\NetLimiter\nlclientapp.exe [1017232 2025-11-18] (Locktime Software s.r.o. -> Locktime Software)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2020-09-08] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2020-09-08] (Apple Inc. -> Apple Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{49210152-871f-4ffa-961d-a172abcbc09d}] -> C:\Program Files (x86)\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe [2026-01-30] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\145.0.7632.77\Installer\chrmstp.exe [2026-02-20] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\145.1.87.190\Installer\chrmstp.exe [2026-02-20] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.96\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Proton Mail Bridge.lnk [2025-11-30]
ShortcutTarget: Proton Mail Bridge.lnk -> S:\proton-bridge.exe (Proton AG -> Proton AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2025-08-30]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {E8EBE4B8-F52F-4A53-89EF-513312FCB2DD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {69EA9CA6-AD76-470C-8C19-F2988B7FD735} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore{384C4E2F-2631-4401-9301-9B7F9AD11158} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-11-16] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {731703EC-C8D6-4E71-A524-9380CE2D8457} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA{5131B5EC-6368-45A8-BF20-F78C80C27F08} => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-11-16] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {9CFAE0D4-756D-4E33-808A-B9859215ED3E} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem144.0.7547.0{529D877E-3737-4122-9CFB-0B00D58BD4D7} => C:\Program Files (x86)\Google\GoogleUpdater\144.0.7547.0\updater.exe [7056536 2025-11-26] (Google LLC -> Google LLC)
Task: {BE1554D0-9810-43CE-B1C8-1865B4818F9E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe [1786528 2026-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FAB779F7-F1F6-495F-BEC5-1F5DE29CC726} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe [1786528 2026-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3768226D-D488-4D18-9DA0-7D6D918F487F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe [1786528 2026-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6F1CED75-04E4-4C03-A964-5F64D23FD945} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpCmdRun.exe [1786528 2026-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B772C9D1-DA55-48CF-9799-6DFDC3095A7E} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [Datei ist nicht signiert]
Task: {6D0F6C1A-B600-4C2E-8604-7CD6D398C2BE} - System32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\NVIDIA App.exe [3337328 2026-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CE869B09-925B-4B21-B097-6B6E9845F78B} - System32\Tasks\ZoomUpdateTaskUser-S-1-5-21-3437276495-2594823583-628811619-1001 => C:\Users\admin\AppData\Roaming\Zoom\bin\Zoom.exe [467384 2025-12-05] (Zoom Video Communications, Inc. -> Zoom Communications, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog5 06 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 06 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{3bccc25a-7f0e-4a16-8bfd-babfa109b3eb}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3bccc25a-7f0e-4a16-8bfd-babfa109b3eb}: [DhcpNameServer] 192.168.100.100
Tcpip\..\Interfaces\{545d73d4-bc1c-48b0-986f-ac029a7e3564}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{a7e50183-b636-4f90-974c-0163da51397f}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c73e33e2-acee-410a-84d9-bc3503b6fbba}: [DhcpNameServer] 192.168.100.100
Tcpip\..\Interfaces\{c8534117-7932-44ff-b8a5-488dfc5f9827}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{eab2262d-9ab1-5975-7d92-334d06f4972b}: [NameServer] 10.2.0.1
FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.21 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [Keine Datei]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [Keine Datei]
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default [2026-02-21]
Edge HomePage: Default -> hxxp://google.de/
Edge StartupUrls: Default -> "hxxp://google.de/"
Edge Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-12-21]
Edge Extension: (Edge relevant text changes) - C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-11-16]
Edge Extension: (uBlock Origin) - C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2026-02-17]
Chrome:
=======
CHR Profile: C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default [2026-02-21]
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (uBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\epcnnfbjfcgphgdmggkamkmgojdagdnn [2025-09-29]
CHR Extension: (Google Docs Offline) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2026-02-16]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2025-09-29]
Brave:
=======
BRA Profile: C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2026-02-21]
BRA Notifications: Default -> hxxps://meet.google.com
BRA Extension: (Manus AI Browser Operator) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\cecngibhkljoiafhjfmcgbmikfogdiko [2026-02-17]
BRA Extension: (Brave Ad Block Updater (Brave First Party Adblock Filters (plaintext))) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2026-02-17]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2026-02-20]
BRA Extension: (Brave NTP background images) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2026-01-02]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2026-02-17]
BRA Extension: (Brave Ad Block Updater (Cookie notice blocker (plaintext))) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2026-02-20]
BRA Extension: (Brave Ads Resources) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\choggjlbfndjppfiidbhmefapnlhcdhe [2025-11-25]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2025-10-31]
BRA Extension: (Brave NTP sponsored images) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\dglngbgepdcmodilimpbpekobgiinpdg [2026-02-21]
BRA Extension: (Brave Ads Resources) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\fahflofbglhemnakgdmillobeencekne [2026-02-20]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2026-02-17]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2024-11-16]
BRA Extension: (Brave NTP sponsored images) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\hgokbmpjajigbckbjhklcifehhbkepnf [2025-12-01]
BRA Extension: (Brave Ad Block Updater (Brave Default Adblock Filters (plaintext))) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2026-02-21]
BRA Extension: (Brave Ad Block Updater (Brave Default Privacy Filters (plaintext))) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\kihnoaefogbkmblfimmibknnmkllbhlf [2026-02-21]
BRA Extension: (Brave Ad Block Updater (German website ad blocker (plaintext))) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\lfmefmifdjlfneapckmpkinmlofjehbp [2026-02-21]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2026-02-17]
BRA Extension: (Brave User Agent) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\nlpaeekllejnmhoonlpcefpfnpbajbpe [2026-02-20]
BRA Extension: (P3A Configuration) - C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\P3AConfig [2025-08-29]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [5631416 2026-01-22] (AnyDesk Software GmbH -> AnyDesk Software GmbH)
S2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [768408 2026-02-21] (ASUSTeK Computer Inc. -> )
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [18663720 2025-10-29] (BattlEye Innovations e.K. -> )
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-11-16] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveElevationService; C:\Program Files\BraveSoftware\Brave-Browser\Application\145.1.87.190\elevation_service.exe [3705936 2026-02-19] (Brave Software, Inc. -> Brave Software, Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [167440 2024-11-16] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [959216 2025-11-30] (EasyAntiCheat Oy -> Epic Games, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [11247960 2026-02-18] (Malwarebytes Inc -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-08-29] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpDefenderCoreService.exe [2067464 2026-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 nlsvc; C:\Program Files\Locktime Software\NetLimiter\NLSvc.exe [26512 2025-11-18] (Locktime Software s.r.o. -> Locktime Software)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_adc55ecfca814224\Display.NvContainer\NVDisplay.Container.exe [1275624 2026-01-22] (NVIDIA Corporation -> NVIDIA Corporation)
S3 ProtonVPN Service; C:\Program Files\Proton\VPN\v4.3.12\ProtonVPNService.exe [477424 2026-02-02] (Proton AG -> ProtonVPN)
S3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v4.3.12\ProtonVPN.WireGuardService.exe [476912 2026-02-02] (Proton AG -> ProtonVPN)
R2 SbieSvc; C:\Program Files\Sandboxie-Plus\SbieSvc.exe [452616 2025-11-16] (Tonalio GmbH -> Sandboxie-Plus.com)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [803088 2025-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; S:\Samsung\27_ssconn\conn\ss_conn_service.exe [752224 2024-10-18] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; S:\Samsung\28_ssconn2\conn\ss_conn_service2.exe [933432 2024-10-18] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
S3 VSInstallerElevationService; C:\Program Files (x86)\Microsoft Visual Studio\Installer\VSInstallerElevationService.exe [43392 2025-12-15] (Microsoft Corporation -> Microsoft)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [163456 2025-08-12] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\NisSrv.exe [4435096 2026-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MsMpEng.exe [290744 2026-02-16] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S1 aehd; C:\WINDOWS\system32\DRIVERS\aehd.sys [403080 2025-08-30] (Google LLC -> Google LLC)
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2018-07-20] (ASUSTeK Computer Inc. -> )
S3 AX88179; C:\WINDOWS\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_be76888d30e8464a\ax88179_178a.sys [79872 2024-04-01] (Microsoft Windows -> ASIX Electronics Corp.)
S3 AX88179A; C:\WINDOWS\System32\DriverStore\FileRepository\axusbeth.inf_amd64_fcd2bee5508b3c4d\AxUsbEth.sys [168072 2024-08-13] (WDKTestCert asix,133111579530933026 -> ASIX Electronics Corp.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [175824 2024-10-18] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2025-08-29] (Disc Soft Ltd -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2025-08-29] (Disc Soft Ltd -> Disc Soft Ltd)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [44208 2025-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [226688 2025-12-10] (Microsoft Windows -> Microsoft Corporation)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [82352 2026-02-16] (Microsoft Windows -> Microsoft Corporation)
S2 l1vhlwf; C:\WINDOWS\System32\drivers\l1vhlwf.sys [144768 2025-12-10] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234600 2026-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2025-08-29] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [245864 2026-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R0 nldrv; C:\WINDOWS\System32\drivers\nldrv.sys [218928 2025-11-18] (Locktime Software s.r.o. -> Locktime Software)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [81568 2025-08-01] (Nmap Software LLC -> Nmap Software LLC)
S3 pmdiskdriver; C:\WINDOWS\System32\pmdiskdriver.sys [33296 2025-07-08] (深圳牛学长科技有限公司 -> Tenorshare)
S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v4.3.12\Resources\ProtonVPN.CalloutDriver.sys [41416 2025-12-05] (Proton AG -> Proton AG)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2025-08-29] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2025-08-29] (MiniTool Solution Ltd -> )
R3 SbieDrv; C:\Program Files\Sandboxie-Plus\SbieDrv.sys [270016 2025-11-16] (Microsoft Windows Hardware Compatibility Publisher -> Sandboxie-Plus.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174264 2024-10-18] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50896 2024-10-18] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 UsbNcm; C:\WINDOWS\System32\DriverStore\FileRepository\usbncm.inf_amd64_7761eb6a0dd50fde\UsbNcm.sys [204800 2025-12-10] (Microsoft Windows -> )
R3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [98304 2025-10-12] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21888 2026-02-16] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [635272 2026-02-16] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [102832 2026-02-16] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2025-11-29] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2024-10-14] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2026-02-21 06:22 - 2026-02-21 11:29 - 000000000 ____D C:\WINDOWS\CbsTemp
2026-02-21 06:21 - 2026-02-21 06:22 - 000000000 ___HD C:\$WinREAgent
2026-02-21 06:03 - 2026-02-21 06:03 - 000629526 _____ C:\Users\admin\Downloads\Fixlog.7z
2026-02-21 05:54 - 2026-02-21 05:54 - 000745338 _____ C:\WINDOWS\system32\perfh007.dat
2026-02-21 05:54 - 2026-02-21 05:54 - 000157938 _____ C:\WINDOWS\system32\perfc007.dat
2026-02-21 05:47 - 2026-02-21 05:47 - 000000008 _____ C:\ProgramData\ntuser.pol
2026-02-21 05:42 - 2026-02-21 05:47 - 001048062 _____ C:\Users\admin\Downloads\Fixlog.txt
2026-02-21 00:50 - 2026-02-21 01:14 - 000000000 ____D C:\AdwCleaner
2026-02-21 00:50 - 2026-02-21 00:50 - 009633776 _____ (Malwarebytes) C:\Users\admin\Downloads\adwcleaner.exe
2026-02-21 00:47 - 2026-02-21 00:47 - 000006610 _____ C:\Users\admin\Desktop\Malwarebytes Scan-Bericht 2026-02-18 081736.txt
2026-02-21 00:47 - 2026-02-21 00:47 - 000001624 _____ C:\Users\admin\Desktop\Malwarebytes Scan-Bericht 2026-02-18 082237.txt
2026-02-21 00:32 - 2026-02-21 00:33 - 000065785 _____ C:\Users\admin\Downloads\Addition.txt
2026-02-21 00:31 - 2026-02-21 13:00 - 000027048 _____ C:\Users\admin\Downloads\FRST.txt
2026-02-21 00:31 - 2026-02-21 13:00 - 000000000 ____D C:\FRST
2026-02-21 00:30 - 2026-02-21 00:30 - 002444800 _____ (Farbar) C:\Users\admin\Downloads\FRST64.exe
2026-02-20 23:31 - 2026-02-21 00:58 - 000000000 ___HD C:\$SysReset
2026-02-20 23:16 - 2026-02-20 23:16 - 000000000 ____D C:\WINDOWS\Panther
2026-02-20 23:10 - 2026-02-20 23:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2026-02-18 21:31 - 2026-01-20 17:42 - 000127208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2026-02-18 21:30 - 2026-01-16 18:37 - 000161912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap32v.dll
2026-02-18 21:30 - 2026-01-16 18:37 - 000060568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2026-02-17 21:21 - 2026-02-21 05:48 - 000000000 ___RD C:\Users\admin\iCloudDrive
2026-02-17 21:21 - 2026-02-17 21:22 - 000000000 ____D C:\Users\admin\AppData\Local\Apple Inc
2026-02-17 21:21 - 2026-02-17 21:21 - 000000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2026-02-17 21:15 - 2026-02-17 21:38 - 000000000 ____D C:\Users\admin\AppData\Roaming\Apple Computer
2026-02-17 21:15 - 2026-02-17 21:17 - 000000000 ____D C:\Users\admin\AppData\Local\Apple Computer
2026-02-17 21:15 - 2026-02-17 21:15 - 000002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2026-02-17 21:15 - 2026-02-17 21:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\Apple
2026-02-17 21:15 - 2026-02-17 21:15 - 000000000 ____D C:\Users\admin\AppData\Local\Apple
2026-02-17 21:15 - 2026-02-17 21:15 - 000000000 ____D C:\Program Files\Common Files\Apple
2026-02-17 21:15 - 2026-02-17 21:15 - 000000000 ____D C:\Program Files\Bonjour
2026-02-17 21:15 - 2026-02-17 21:15 - 000000000 ____D C:\Program Files (x86)\Bonjour
2026-02-17 21:15 - 2026-02-17 21:15 - 000000000 ____D C:\Program Files (x86)\Apple Software Update
2026-01-28 03:42 - 2026-01-22 03:52 - 002421296 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2026-01-28 03:42 - 2026-01-22 03:52 - 002421296 _____ C:\WINDOWS\system32\vulkaninfo.exe
2026-01-28 03:42 - 2026-01-22 03:52 - 001923120 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2026-01-28 03:42 - 2026-01-22 03:52 - 001923120 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2026-01-28 03:42 - 2026-01-22 03:52 - 001625648 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2026-01-28 03:42 - 2026-01-22 03:52 - 001625648 _____ C:\WINDOWS\system32\vulkan-1.dll
2026-01-28 03:42 - 2026-01-22 03:52 - 001434672 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2026-01-28 03:42 - 2026-01-22 03:52 - 001434672 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2026-01-28 03:42 - 2026-01-22 03:52 - 000478952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2026-01-28 03:42 - 2026-01-22 03:52 - 000375016 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2026-01-28 03:42 - 2026-01-22 03:48 - 001344744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2026-01-28 03:42 - 2026-01-22 03:48 - 000675048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2026-01-28 03:42 - 2026-01-22 03:48 - 000509160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2026-01-28 03:42 - 2026-01-22 03:47 - 027559656 _____ C:\WINDOWS\system32\nvidia-pcc.exe
2026-01-28 03:42 - 2026-01-22 03:47 - 002319080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2026-01-28 03:42 - 2026-01-22 03:47 - 001716968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2026-01-28 03:42 - 2026-01-22 03:47 - 001616104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2026-01-28 03:42 - 2026-01-22 03:47 - 001574632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2026-01-28 03:42 - 2026-01-22 03:47 - 001224936 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2026-01-28 03:42 - 2026-01-22 03:47 - 001055976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2026-01-28 03:42 - 2026-01-22 03:47 - 000812264 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2026-01-28 03:42 - 2026-01-22 03:46 - 022613224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2026-01-28 03:42 - 2026-01-22 03:46 - 018277608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2026-01-28 03:42 - 2026-01-22 03:46 - 007908072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2026-01-28 03:42 - 2026-01-22 03:46 - 005925096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2026-01-28 03:42 - 2026-01-22 03:46 - 005687448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2026-01-28 03:42 - 2026-01-22 03:46 - 005586664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2026-01-28 03:42 - 2026-01-22 03:46 - 004288232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2026-01-28 03:42 - 2026-01-22 03:46 - 000469224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2026-01-28 03:42 - 2026-01-22 03:45 - 004975632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2026-01-28 03:42 - 2026-01-22 03:45 - 000853736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2026-01-28 03:42 - 2026-01-20 17:42 - 000153562 _____ C:\WINDOWS\system32\nvinfo.pb
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2026-02-21 13:00 - 2025-08-30 01:39 - 000000000 ____D C:\Users\admin\AppData\Local\Malwarebytes
2026-02-21 12:31 - 2024-04-01 10:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2026-02-21 11:29 - 2025-08-30 23:17 - 000000000 ____D C:\ProgramData\AnyDesk
2026-02-21 06:30 - 2024-11-16 19:59 - 000000000 ____D C:\WINDOWS\system32\MRT
2026-02-21 06:30 - 2024-04-01 10:26 - 000000000 ___HD C:\Program Files\WindowsApps
2026-02-21 06:30 - 2024-04-01 10:26 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2026-02-21 06:30 - 2024-04-01 10:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2026-02-21 06:30 - 2024-04-01 10:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2026-02-21 06:30 - 2024-04-01 10:24 - 000000000 ____D C:\WINDOWS\INF
2026-02-21 06:28 - 2024-11-16 19:59 - 221154392 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2026-02-21 05:54 - 2025-10-13 02:40 - 001727442 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2026-02-21 05:47 - 2025-10-25 00:43 - 000000500 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2026-02-21 05:47 - 2025-10-13 02:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2026-02-21 05:47 - 2025-10-13 02:39 - 000004818 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2026-02-21 05:47 - 2025-10-13 02:37 - 000001607 _____ C:\WINDOWS\system32\config\VSMIDK
2026-02-21 05:47 - 2025-08-29 22:20 - 000807280 _____ C:\WINDOWS\system32\wpbbin.exe
2026-02-21 05:47 - 2025-08-29 22:20 - 000768408 _____ C:\WINDOWS\system32\AsusUpdateCheck.exe
2026-02-21 05:47 - 2024-11-16 16:01 - 000000000 ____D C:\ProgramData\NVIDIA
2026-02-21 05:47 - 2024-08-09 21:31 - 000012288 ___SH C:\DumpStack.log.tmp
2026-02-21 05:46 - 2024-08-15 15:43 - 000000000 ____D C:\Users\admin\AppData\LocalLow\Temp
2026-02-21 05:46 - 2024-04-01 10:21 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2026-02-21 05:45 - 2025-08-31 23:57 - 000000000 ____D C:\ProgramData\temp
2026-02-21 05:42 - 2025-10-13 02:13 - 000000000 ____D C:\Users\admin
2026-02-21 05:42 - 2024-11-16 15:50 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2026-02-20 22:34 - 2025-10-13 02:37 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2026-02-20 22:25 - 2024-08-09 21:32 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2026-02-20 22:24 - 2024-11-08 02:59 - 000002356 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2026-02-20 22:17 - 2024-09-16 03:29 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2026-02-19 00:10 - 2025-11-25 22:03 - 000000000 ____D C:\Users\admin\AppData\Roaming\discord
2026-02-19 00:10 - 2024-11-16 16:30 - 000000000 ____D C:\Users\admin\AppData\Local\D3DSCache
2026-02-18 23:28 - 2025-11-25 22:42 - 000000000 ____D C:\Users\admin\AppData\Local\Discord
2026-02-18 22:33 - 2026-01-12 13:52 - 000000000 ____D C:\ProgramData\PackerCrashCanary
2026-02-18 21:38 - 2025-12-01 02:25 - 000000000 ____D C:\Users\admin\AppData\Roaming\EasyAntiCheat
2026-02-18 21:38 - 2025-09-01 15:33 - 000000000 ____D C:\Users\admin\AppData\Local\NVIDIA
2026-02-18 21:33 - 2024-11-16 16:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2026-02-18 21:32 - 2024-10-14 07:01 - 000000000 ____D C:\Users\admin\AppData\LocalLow\NVIDIA
2026-02-18 21:30 - 2025-12-01 04:19 - 000003834 _____ C:\WINDOWS\system32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2026-02-18 21:30 - 2025-12-01 04:19 - 000000000 ____D C:\Users\admin\AppData\Local\NVIDIA Corporation
2026-02-18 21:30 - 2025-12-01 04:19 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2026-02-18 14:24 - 2025-08-30 01:38 - 000245864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2026-02-18 08:22 - 2025-10-31 21:00 - 000000000 ____D C:\Users\admin\AppData\Roaming\utorrent
2026-02-18 08:14 - 2024-04-01 10:26 - 000000000 ____D C:\WINDOWS\ServiceState
2026-02-17 21:29 - 2025-12-01 02:25 - 000000000 ____D C:\ProgramData\Packer
2026-02-17 21:17 - 2025-11-24 02:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proton
2026-02-17 21:16 - 2025-11-18 01:52 - 000001352 _____ C:\WINDOWS\Sandboxie.ini
2026-02-17 21:14 - 2026-01-14 21:17 - 000000000 ____D C:\ProgramData\Apple
2026-02-16 21:46 - 2025-10-13 02:41 - 000003754 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2026-02-16 21:46 - 2025-10-13 02:41 - 000003658 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1db3827a5e5362c
2026-02-16 21:44 - 2024-11-16 16:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2026-01-29 22:43 - 2025-08-30 21:00 - 000000000 ____D C:\Users\admin\AppData\Roaming\AnyDesk
2026-01-22 03:54 - 2025-08-30 23:17 - 000000000 ____D C:\Program Files (x86)\AnyDesk
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2025-10-27 23:54 - 2025-10-28 00:05 - 000000128 _____ () C:\Users\admin\AppData\Local\PUTTY.RND
2024-11-18 03:23 - 2024-11-18 03:23 - 000007606 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Addtion: FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 19-02-2026 01
durchgeführt von admin (21-02-2026 13:01:18)
Gestartet von C:\Users\admin\Downloads
Microsoft Windows 11 Pro Version 25H2 26200.7462 (X64) (2025-10-12 23:41:18)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
admin (S-1-5-21-3437276495-2594823583-628811619-1001 - Administrators - Enabled) => C:\Users\admin
Administrator (S-1-5-21-3437276495-2594823583-628811619-500 - Administrators - Disabled)
DefaultAccount (S-1-5-21-3437276495-2594823583-628811619-503 - Limited - Disabled)
Gast (S-1-5-21-3437276495-2594823583-628811619-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3437276495-2594823583-628811619-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 25.01 (x64) (HKLM\...\7-Zip) (Version: 25.01 - Igor Pavlov)
Android Studio (HKLM\...\Android Studio) (Version: 2025.1 - Google LLC)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 9.0.10 - AnyDesk Software GmbH)
Apple Application Support (32-Bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Application Verifier x64 External Package (DesktopEditions) (HKLM\...\{C0B0A1D9-9045-54FE-86F6-1B0F836E665E}) (Version: 10.1.26100.7175 - Microsoft) Hidden
Application Verifier x64 External Package (OnecoreUAP) (HKLM\...\{674C8368-9677-55A8-FAD9-A86A3073E60D}) (Version: 10.1.26100.7175 - Microsoft) Hidden
Audacity 3.7.5 (HKLM\...\Audacity_is1) (Version: 3.7.5 - Audacity Team)
AusweisApp (HKLM\...\{A8AAF0C7-5AC5-4890-8DEE-8973DA3ECA66}) (Version: 2.4.0 - Governikus GmbH & Co. KG)
Bitwarden (HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\173a9bac-6f0d-50c4-8202-4744c69d091a) (Version: 2025.12.0 - Bitwarden Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 145.1.87.190 - Die Brave-Autoren)
CapCut (HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\CapCut) (Version: 7.7.0.3143 - Bytedance Pte. Ltd.)
Core Temp 1.18.1 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.18.1 - ALCPU)
DiagnosticsHub_CollectionService (HKLM\...\{C762588C-06DE-496A-8ADF-EBDBD49E37B5}) (Version: 17.14.36412 - Microsoft Corporation) Hidden
Discord (HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Discord) (Version: 1.0.9224 - Discord Inc.)
DoNotSpy11 (HKLM-x32\...\{5010A14F-7E64-4982-B4ED-B3267BA7E6E9}_is1) (Version: 1.3.0.0 - pXc-coding.com)
FileZilla 3.69.3 (HKLM-x32\...\FileZilla Client) (Version: 3.69.3 - Tim Kosse)
Git (HKLM\...\Git_is1) (Version: 2.52.0 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 145.0.7632.77 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Honey Select 2: Libido (HKLM-x32\...\Honey Select 2: Libido_is1) (Version: - )
HoneySelect 2 DX Setup (HKLM-x32\...\{79F0CB8F-9EF8-4DB4-A01C-C674D6BC3865}) (Version: 1.0.0.0 - GameInstaller)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM\...\{C7CC96C7-C99C-40DD-BB6B-C7BFC2899979}) (Version: 10.1.17809.8096 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{09DAB6B6-FBEF-4AC5-AE93-BFF01A0B796D}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1846.12.0.1177 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{B557A9A1-D64B-43D7-B598-F7BAAE897CF3}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{3479FCE3-F7D2-4980-819A-767941440932}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.0.1.1075 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{A6890366-E2A4-4561-8A2E-50DD8EFE6255}) (Version: 17.0.1.1075 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{99ee3c29-c7cd-450f-8db9-d43cc49de1c7}) (Version: 1.50.638.1 - Intel Corporation) Hidden
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{bd366c5e-00cd-46ed-b647-0b9874f32140}) (Version: 10.1.17809.8096 - Intel(R) Corporation) Hidden
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{C80D774E-288D-423A-B5FF-97D2B7854C75}) (Version: 17.0.1.1075 - Intel Corporation)
Kits Configuration Installer (HKLM-x32\...\{30E4CDE6-CD8E-35CF-DA7E-6739F30709A8}) (Version: 10.1.26100.7175 - Microsoft) Hidden
Malwarebytes version 5.4.7.229 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.4.7.229 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 145.0.3800.65 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 144.0.3719.115 - Microsoft Corporation) Hidden
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.25.24601 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{B81577B2-3AD0-4AFD-A19C-87F673C09D0C}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{62678770-F459-4903-83E3-A2968F6CC242}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.44.35211 (HKLM-x32\...\{0b5169e3-39da-4313-808e-1f9c0407f3bf}) (Version: 14.44.35211.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.50.35719 (HKLM\...\{AECD4ED0-8A3B-41E9-92D1-6BEE0374CCAF}) (Version: 14.50.35719 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Debug Runtime - 14.44.35211 (HKLM\...\{FE85AA49-3522-4663-9F52-9CD9E9837189}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.50.35719 (HKLM\...\{61B44572-8722-4DAF-8ACF-8E742D30BCC5}) (Version: 14.50.35719 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.44.35211 (HKLM-x32\...\{C18FB403-1E88-43C8-AD8A-CED50F23DE8B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Debug Runtime - 14.44.35211 (HKLM-x32\...\{BC104582-4691-4D4C-8922-C215D941A2EB}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.44.35211 (HKLM-x32\...\{922480B5-CAEB-4B1B-AAA4-9716EFDCE26B}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
Microsoft Visual C++ v14 Redistributable (x64) - 14.50.35719 (HKLM-x32\...\{91ee571b-0e8a-4c65-9eaf-2e2f5fc60c00}) (Version: 14.50.35719.0 - Microsoft Corporation)
Microsoft Visual Studio Installer (HKLM\...\{6F320B93-EE3C-4826-85E0-ADF79F8D4C61}) (Version: 4.0.2167.44905 - Microsoft Corporation)
Microsoft Visual Studio Setup Configuration (HKLM-x32\...\{D07657AA-968C-4629-BD6C-1B52AF825EA7}) (Version: 3.12.2140.44225 - Microsoft Corporation) Hidden
Microsoft Visual Studio Setup WMI Provider (HKLM-x32\...\{49727420-70BA-4495-9405-31F8D711CB5A}) (Version: 3.12.2140.44225 - Microsoft Corporation) Hidden
MiniTool Partition Wizard 13 DEMO (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: 13 - MiniTool Software Limited)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 142.0 - Mozilla)
Mozilla Thunderbird (x64 de) (HKLM\...\Mozilla Thunderbird 146.0 (x64 de)) (Version: 146.0 - Mozilla)
MSI Development Tools (HKLM-x32\...\{0EB12BFD-6929-FDA3-5C9B-A5BA3CC107F9}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
NetLimiter (HKLM\...\{6B725F8C-1FCE-49E4-A5A6-AE481A44E45C}) (Version: 5.3.26.0 - Locktime Software) Hidden
NetLimiter (HKLM-x32\...\NetLimiter 5.3.26.0) (Version: 5.3.26.0 - Locktime Software)
Nmap 7.98 (HKLM-x32\...\Nmap) (Version: 7.98 - Nmap Project)
Node.js (HKLM\...\{686EA7E1-608A-4B99-A50A-448A2B2A7E73}) (Version: 24.12.0 - Node.js Foundation)
Npcap (HKLM-x32\...\NpcapInst) (Version: 1.83 - Nmap Project)
NVIDIA App 11.0.6.383 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NvApp) (Version: 11.0.6.383 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.5.11821.36727370 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.5.11821.36727370 - NVIDIA Corporation)
NVIDIA Grafiktreiber 591.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 591.86 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.4.5.7 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.4.5.7 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.23.1019 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.23.1019 - NVIDIA Corporation)
Proton Mail Bridge (HKLM\...\{8912F491-A531-4865-A479-2346ECA878F9}) (Version: 3.21.2 - Proton AG) Hidden
Proton Mail Bridge (HKLM\...\Proton Mail Bridge 3.21.2) (Version: 3.21.2 - Proton AG)
Proton VPN (HKLM\...\Proton VPN_is1) (Version: 4.3.12 - Proton AG)
Python 3.14.0 (64-bit) (HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\{a9c48b80-2c48-47ac-8c9e-32a1b0ec69e5}) (Version: 3.14.150.0 - Python Software Foundation)
Python 3.14.0 Add to Path (64-bit) (HKLM\...\{6EDF736F-CA9A-400A-9C0C-2B11B62E6AC0}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python 3.14.0 Core Interpreter (64-bit) (HKLM\...\{89B75A5B-F4F9-44B4-ABCF-C8A3DFEE1A27}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python 3.14.0 Development Libraries (64-bit) (HKLM\...\{0A6EDF73-71A4-4F2B-8BCA-91067F2F01C5}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python 3.14.0 Documentation (64-bit) (HKLM\...\{970CB7C4-1F70-4860-ABDE-6D682CAFB977}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python 3.14.0 Executables (64-bit) (HKLM\...\{BE522E46-7788-47C3-8D6A-B74AC8A651FA}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python 3.14.0 pip Bootstrap (64-bit) (HKLM\...\{69A09B9E-1AB6-4149-9417-AB1328275CF1}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python 3.14.0 Standard Library (64-bit) (HKLM\...\{85274239-67A0-46A4-8894-05E2B7992229}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python 3.14.0 Tcl/Tk Support (64-bit) (HKLM\...\{5C3ABD97-E8B3-440F-AD61-CCED4B913579}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python 3.14.0 Test Suite (64-bit) (HKLM\...\{B3F34206-BD7F-44A1-B56E-15C814D96300}) (Version: 3.14.150.0 - Python Software Foundation) Hidden
Python Launcher (HKLM-x32\...\{87108F9B-23F3-4E96-8A88-E9CD5F46F008}) (Version: 3.14.150.0 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8573 - Realtek Semiconductor Corp.)
Riot Client (HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\Riot Game Riot_Client.) (Version: - Riot Games, Inc)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.9.0.0 - Samsung Electronics Co., Ltd.)
Sandboxie-Plus v1.16.7 (HKLM\...\Sandboxie-Plus_is1) (Version: 1.16.7 - hxxp://xanasoft.com/)
SDK ARM64 Additions (HKLM-x32\...\{7D0E0601-E6CC-870D-0002-C93DD14EDA30}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
SDK ARM64 Redistributables (HKLM-x32\...\{B5A82F3D-95CE-085A-5904-D2D16FD3AE4F}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TikTok (HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\fdf15575659c4d71782a707152afdc83) (Version: 1.0 - BraveSoftware\Brave-Browser)
Universal CRT Extension SDK (HKLM-x32\...\{17D838D5-F629-9E56-3F16-0EA48C3905F7}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{4848F8AA-19FC-351A-030B-7092A476AA52}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{91A9666E-74FD-E29C-73E1-F80224B8A1B1}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{9148976E-7F75-C671-E6BB-E2675C55CB43}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{84E32B8D-5471-246E-5E0A-E19954BD7D3D}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{70A5208E-B854-F943-DA13-8F5E14C2299E}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{B8D93870-98D1-4980-AFCA-E26563CDFB79}) (Version: 8.94.0.0 - Microsoft Corporation)
vcpp_crt.redist.clickonce (HKLM-x32\...\{D06AA7C8-2F03-4208-AB3A-1EF2FDE03017}) (Version: 14.44.35211 - Microsoft Corporation) Hidden
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.3.0 - Elaborate Bytes)
Visual Studio Build Tools 2022 (HKLM-x32\...\7dddf099) (Version: 17.14.22 (December 2025) - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN)
VS Script Debugging Common (HKLM\...\{F5796163-6EC6-488A-B2DE-E1E94477F6AD}) (Version: 17.0.157.0 - Microsoft Corporation) Hidden
vs_communitymsires (HKLM-x32\...\{928A1CB9-F19D-456B-81D5-D4D72F6BE711}) (Version: 17.14.36015 - Microsoft Corporation) Hidden
vs_communitysharedmsi (HKLM-x32\...\{71498EE6-F94E-4061-9DD5-55925CA8A74F}) (Version: 17.14.36025 - Microsoft Corporation) Hidden
vs_communityx64msi (HKLM\...\{3873679C-FA03-4101-97E9-107D67C568B8}) (Version: 17.14.36025 - Microsoft Corporation) Hidden
vs_CoreEditorFonts (HKLM-x32\...\{1851460E-0E63-4117-B5BA-25A2F045801B}) (Version: 17.7.40001 - Microsoft Corporation)
vs_filehandler_amd64 (HKLM-x32\...\{22EE1419-B47E-44B8-A635-868746946079}) (Version: 17.14.36024 - Microsoft Corporation) Hidden
vs_filehandler_x86 (HKLM-x32\...\{6C7D0172-7367-4F0C-95DB-6021765B58EA}) (Version: 17.14.36024 - Microsoft Corporation) Hidden
vs_FileTracker_Singleton (HKLM-x32\...\{D331F4E7-BC3B-47BE-BB56-5F33895F9347}) (Version: 17.14.36015 - Microsoft Corporation) Hidden
vs_githubprotocolhandlermsi (HKLM-x32\...\{29297AFE-9D24-4DFE-ACAF-D90090D905CF}) (Version: 17.14.36015 - Microsoft Corporation) Hidden
vs_minshellinteropmsi (HKLM-x32\...\{A2FDDC26-4232-4287-8839-2F53A01E1E97}) (Version: 17.14.36015 - Microsoft Corporation) Hidden
vs_minshellinteropsharedmsi (HKLM-x32\...\{537F07C8-0EC6-41A5-BB91-750FA3CAA110}) (Version: 17.14.36015 - Microsoft Corporation) Hidden
vs_minshellmsi (HKLM-x32\...\{6AAEB5DD-FFFE-4CA1-9FE2-38A44B6B4477}) (Version: 17.14.36301 - Microsoft Corporation) Hidden
vs_minshellmsires (HKLM-x32\...\{8EABA160-DBDD-4101-A9C2-B974F0DAE7F1}) (Version: 17.14.36015 - Microsoft Corporation) Hidden
vs_minshellsharedmsi (HKLM-x32\...\{F6E69DD8-7652-4CC6-8A4F-485A16012B5B}) (Version: 17.14.36024 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsi (HKLM-x32\...\{B4B3AA16-E828-4577-A9F2-629E1A95FE4A}) (Version: 17.14.36323 - Microsoft Corporation) Hidden
vs_vswebprotocolselectormsires (HKLM-x32\...\{BFE52258-5E70-4F87-83D8-4C599DDD7D0E}) (Version: 17.14.36323 - Microsoft Corporation) Hidden
WinAppDeploy (HKLM-x32\...\{6A42C143-7C8D-F97C-FC25-BBBDC160CC49}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows App Certification Kit Native Components (HKLM\...\{428D5353-2260-9FA3-C9D3-DF30655A1DB2}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows App Certification Kit SupportedApiList x86 (HKLM-x32\...\{907C021B-383E-837F-8213-B1C6714F48DA}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows App Certification Kit x64 (HKLM-x32\...\{8C92A051-F5CF-0258-AE17-567037FB8741}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows App Certification Kit x64 (OnecoreUAP) (HKLM-x32\...\{B750E36B-E18D-F0D4-9099-B1F531FB0F31}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows Desktop Extension SDK (HKLM-x32\...\{780A409F-FF4C-3361-372A-D97E456C1B9E}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows Desktop Extension SDK Contracts (HKLM-x32\...\{08CA91C8-29C9-527B-445F-A092F07E2E7A}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows IoT Extension SDK (HKLM-x32\...\{7C298756-AA56-7087-763F-AEF33AE569C3}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows IoT Extension SDK Contracts (HKLM-x32\...\{D732C721-14D9-43CF-21CD-9394F0912656}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows Mobile Extension SDK (HKLM-x32\...\{569126D6-2540-F73B-8F7F-09AFF1FC2CEF}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows Mobile Extension SDK Contracts (HKLM-x32\...\{76E2EA76-04AE-2CCD-4F8F-3E9F25B16034}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK (HKLM-x32\...\{BD8FDB18-B514-2FCD-A4F0-CC1D08941D4C}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{AFEDE556-1D76-4165-A1E8-34FF80126836}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows SDK ARM64 Desktop Tools (HKLM-x32\...\{0E7C147F-B447-5D34-A27B-F731EB5C5866}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers arm64 (HKLM-x32\...\{24A09BED-02FD-8FF8-46C1-76030D482B4F}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers x64 (HKLM-x32\...\{403033BA-0E91-DC0B-4368-EFCEE5ABC570}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Headers x86 (HKLM-x32\...\{DD870EAE-65A8-9AFC-2395-8EF4BD8588F2}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs arm64 (HKLM-x32\...\{6A4A9BCC-ECBE-C338-0CF8-1806767710FC}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs x64 (HKLM-x32\...\{B7DCB3D5-470C-5224-43E4-017B132735EF}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Libs x86 (HKLM-x32\...\{EDBF8086-745A-5300-12DB-4E22C2CC50E0}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Tools arm64 (HKLM-x32\...\{C2B82E29-6791-B430-46FC-B0E42D66D4D5}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Tools x64 (HKLM-x32\...\{606D574B-F0E5-9F8D-803C-C7A89573440F}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Desktop Tools x86 (HKLM-x32\...\{040203F6-1D53-CAD8-4856-5DB42936BCE4}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK DirectX x64 Remote (HKLM\...\{5F5EB296-B579-325A-26B8-318C4CC1B657}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK DirectX x86 Remote (HKLM-x32\...\{F4D0EBF2-E397-F743-122D-4F7E24D39E8A}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK EULA (HKLM-x32\...\{A62FF366-EE22-B0B8-727B-027421680FEE}) (Version: 10.1.26100.7175 - Microsoft Corporations) Hidden
Windows SDK Facade Windows WinMD Versioned (HKLM-x32\...\{978C5573-515E-3F58-37F7-458528F92495}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps (HKLM-x32\...\{076DDDE2-F8CB-F138-95FB-E958C6E497CF}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Contracts (HKLM-x32\...\{DFAC5BD2-7E53-6302-A784-38A168663931}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps DirectX x86 Remote (HKLM-x32\...\{D4E30DDE-077F-1652-B081-66BB1F98DF94}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Headers (HKLM-x32\...\{CBFB4481-A259-6F87-3ED3-ED679D68B90E}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Headers OnecoreUap (HKLM-x32\...\{3DB9B1DF-8209-0E7F-1A36-12F99736E384}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Libs (HKLM-x32\...\{E37FF7C3-0A25-CDB9-895B-4809A7C9AEDE}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Metadata (HKLM-x32\...\{E5430440-EE14-56B9-5A53-6955BC847BDB}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Apps Tools (HKLM-x32\...\{4F4CE2FF-5300-5B48-75B7-92B869735A09}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK for Windows Store Managed Apps Libs (HKLM-x32\...\{F6C8FA5D-F1D6-1333-0FE8-F258DAA03EAB}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Modern Non-Versioned Developer Tools (HKLM-x32\...\{D73FD6A9-F887-0E76-B9DC-7474A637D9A7}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Modern Versioned Developer Tools (HKLM-x32\...\{4D9BD000-A45D-1E33-FBBF-30B0B8094B3F}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK OnecoreUap Headers arm64 (HKLM-x32\...\{63991DD7-89E8-DC4E-9A54-695B07040D3E}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK OnecoreUap Headers x64 (HKLM-x32\...\{2B1FEEC7-7A01-0D73-AC29-3E32AB18670C}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK OnecoreUap Headers x86 (HKLM-x32\...\{DCF60599-EBD4-6565-2D12-CAB66B1C3FDC}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Redistributables (HKLM-x32\...\{54FA2EAA-3564-F73D-4C14-BA8A09144F45}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows SDK Signing Tools (HKLM-x32\...\{086287C2-689F-844D-E3DD-1C806001EC43}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows Software Development Kit - Windows 10.0.26100.7175 (HKLM-x32\...\{b5ab6bbd-62a1-45bd-af43-2ea6ac4c3486}) (Version: 10.1.26100.7175 - Microsoft Corporation)
Windows Subsystem for Linux (HKLM\...\{8705254B-3AE0-4CFA-93D5-F71DCDE9ED2B}) (Version: 2.6.1.0 - Microsoft Corporation) Hidden
Windows Team Extension SDK (HKLM-x32\...\{F0C7F3F4-8FE8-8ED2-5CA0-CFF9CDFA9DEA}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
Windows Team Extension SDK Contracts (HKLM-x32\...\{A9B4A927-5520-B58D-C20A-249A720B2472}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{01933586-56BC-4722-D8AB-59F2A24C90EE}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{1495FD11-8AEB-75CA-4447-1C1CE340C630}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{C33A7DAA-9B59-467D-2C7C-08527F7B93D5}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{1EA346E3-BEBF-94FA-B36C-FD6AD9B187CC}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense Mobile - en-us (HKLM-x32\...\{00CD7BFC-A0C3-FBB2-2FA6-0BA72E4B6EE2}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{D141A569-DA59-20E2-EE50-A78544B46042}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{A11709BB-020F-9FD8-58B9-D61FB8F7A0BB}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{5C6BB60F-A809-2673-25D3-7E868F59D219}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{3F2B7565-3751-D3E4-24C5-B3C9FF4CC22B}) (Version: 10.1.26100.7175 - Microsoft Corporation) Hidden
WireGuard (HKLM\...\{2FDB79CE-5193-4A39-82BB-E00158CC1533}) (Version: 0.5.3 - WireGuard LLC)
Zoom Workplace (HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\ZoomUMX) (Version: 6.6.11 (23272) - Zoom Communications, Inc.)
Packages:
=========
AppleInc.AppleDevices -> C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1538.24070.0_x64__nzyj5cx40ttqa [2026-01-15] (Apple Inc.) [Startup Task]
Dev Home (Preview) -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1801.640.0_x64__8wekyb3d8bbwe [2025-10-12] (Microsoft Corporation) [Startup Task]
GIMP -> C:\Program Files\WindowsApps\GIMP.43237F745459_3.0.82.0_x64__nq49gba4h4mx8 [2026-02-17] (GIMP)
Malwarebytes Anti-Malware -> C:\Program Files\Malwarebytes\Anti-Malware [2026-02-18] ()
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.969.0_x64__56jybvy8sckqj [2025-11-08] (NVIDIA Corp.)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.2.155.0_x64__dt26b99r8h8gj [2025-08-29] (Realtek Semiconductor Corp)
SandboxieShell -> C:\Program Files\Sandboxie-Plus [2025-11-17] (Sparse Package)
Screen ColorPicker -> C:\Program Files\WindowsApps\56935ikst.2277717F29C46_1.0.15.0_x64__t50q39cyngesc [2025-11-13] (ikst)
Ubuntu 22.04.5 LTS -> C:\Program Files\WindowsApps\CanonicalGroupLimited.Ubuntu22.04LTS_2204.5.10021.0_x64__79rhkp1fndgsc [2025-12-16] (Canonical Group Limited)
Wireless*Display*Adapter -> C:\Program Files\WindowsApps\Microsoft.SurfaceWirelessDisplayAdapter_4.232.137.0_x64__8wekyb3d8bbwe [2025-09-29] (Microsoft Corporation) [Startup Task]
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3437276495-2594823583-628811619-1001_Classes\CLSID\{50726f74-6f6e-2e56-504e-000000000000}\localserver32 -> C:\Program Files\Proton\VPN\v4.3.12\ProtonVPN.Client.exe (Proton AG -> ProtonVPN)
CustomCLSID: HKU\S-1-5-21-3437276495-2594823583-628811619-1001_Classes\CLSID\{DA444C31-5DFC-4646-BAEA-F93F63F3B0FC}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-3437276495-2594823583-628811619-1001_Classes\CLSID\{DFF20505-B08F-455B-AD70-4FBD055088E0}\localserver32 -> C:\Program Files (x86)\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe (Google LLC -> Google LLC)
CustomCLSID: HKU\S-1-5-21-3437276495-2594823583-628811619-1001_Classes\CLSID\{EABAE40C-B27C-455A-B672-F234DD780948}\InprocServer32 -> C:\Users\admin\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.25.24601\x64\Microsoft.Teams.MeetingAddin.DLL (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-28] () [Datei ist nicht signiert] [Datei wird verwendet]
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2025-08-03] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2020-02-23] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2026-02-18] (Malwarebytes Inc -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2018-12-28] () [Datei ist nicht signiert] [Datei wird verwendet]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2025-08-03] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers5: [NvAppDesktopContext] -> {F2E8B4A1-9C7D-4F6E-B3A5-8D2C1F4E9B7A} => C:\Program Files\NVIDIA Corporation\NVIDIA App\NvCpl\nvui.dll [2026-01-16] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_adc55ecfca814224\nvshext.dll [2026-01-22] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2025-08-03] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2026-02-18] (Malwarebytes Inc -> Malwarebytes)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Web Applications\_crx_nlalbmkafgmoifbeooblidblkmlhhpnc\TikTok.lnk -> C:\Program Files\BraveSoftware\Brave-Browser\Application\chrome_proxy.exe (Brave Software, Inc.) -> --profile-directory=Default --app-id=nlalbmkafgmoifbeooblidblkmlhhpnc
ShortcutWithArgument: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave-Apps\TikTok.lnk -> C:\Program Files\BraveSoftware\Brave-Browser\Application\chrome_proxy.exe (Brave Software, Inc.) -> --profile-directory=Default --app-id=nlalbmkafgmoifbeooblidblkmlhhpnc
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2018-12-28 18:46 - 2018-12-28 18:46 - 000126976 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Program Files\Intel\OptaneShellExtensions\iaStorAfsServiceApi.dll
2025-12-15 15:37 - 2025-12-15 15:37 - 003884544 _____ (Newtonsoft) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Newtonsoft.Json\41a55abf2bdf48b731de35f333cef6db\Newtonsoft.Json.ni.dll
2025-12-01 04:19 - 2026-02-18 21:30 - 000000000 ___JL (NVIDIA Corporation) [symlink -> C:\Program Files\NVIDIA Corporation\NVIDIA App\MessageBus\NvMessageBusBroadcast.dll] C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\NvMessageBusBroadcast.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) =============
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2025-10-09 00:18 - 2026-02-21 05:45 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
2025-10-25 00:43 - 2026-02-21 05:47 - 000000500 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
172.28.128.1 DESKTOP-CHMVQ4P.mshome.net # 2031 2 4 20 2 47 19 788
==================== Network ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
DNS Servers: 192.168.1.1
ist aktiviert.
Network Binding:
=============
Ethernet 4: Realtek PCIe GBE Family Controller #2 -> rt640x64.sys
vEthernet (Default Switch): Hyper-V Virtual Ethernet Adapter ->
vms_vsf: Erweiterungsfilter für virtuellen Hyper-V-Switch
INSECURE_NPCAP: Npcap Packet Driver (NPCAP)
ms_l1vhlwf: Geschachtelte Netzwerkvirtualisierung
vms_vsp: Extension-Protokoll für virtuellen Hyper-V-Switch
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Python314\Scripts\;C:\Python314\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\WireGuard\;%JAVA_HOME%\bin;C:\Program Files\NVIDIA Corporation\NVIDIA App\NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;S:\nodejs\;C:\ProgramData\chocolatey\bin;C:\Program Files\Git\cmd
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\DesktopSpotlight\Assets\Images\image_2.jpg
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 0)
HKLM\SOFTWARE\Microsoft\Windows Defender\Features => (TamperProtection: 1) (TamperProtectionSource: 5)
HKLM\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection => (DpaDisabled: 0)
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\StartupFolder: => "Proton Mail Bridge.lnk"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "ProtonVPN"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "RiotClient"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_29EBC4579851B72EE312C449CF839B1A"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "electron.app.OP.GG"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "NetLimiter"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "Proton VPN"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "SandboxiePlus_AutoRun"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "iCloudPhotos"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3437276495-2594823583-628811619-1001\...\StartupApproved\Run: => "iCloudServices"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{41BC6B77-81E8-4871-99B3-B7E78F961A85}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{DC470970-135A-40A7-9E5E-01AD1AD0CAA4}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{A53C9074-4544-4A69-A771-50EA06A50684}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{BE620A71-6CAD-40D4-A82F-B7FC656E0DF8}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{D6747EBA-E3B0-4F77-8C50-246BF0D62A9F}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
FirewallRules: [{925C4D8F-5F33-40AE-A94B-DC3715CB75B7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (AnyDesk Software GmbH -> AnyDesk Software GmbH)
==================== Wiederherstellungspunkte =========================
06-02-2026 03:38:50 Geplanter Prüfpunkt
16-02-2026 21:37:09 Geplanter Prüfpunkt
20-02-2026 23:01:57 Windows Update
20-02-2026 23:01:57 Windows Update
20-02-2026 23:01:58 Windows Update
21-02-2026 05:42:14 Restore Point Created by FRST
21-02-2026 06:04:18 Windows Modules Installer
==================== Fehlerhafte Geräte im Gerätemanager ============
Name: USB Audio
Description: USB-Audiogerät
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-USB-Audio)
Service: usbaudio
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (02/21/2026 06:30:09 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1005) (User: NT-AUTORITÄT)
Description: Fehler beim Suchen der Open-Prozedur "OpenLsaPerformanceData" in der DLL "C:\Windows\System32\Secur32.dll" für den "Lsa"-Dienst mit dem Win32-Fehlercode 127. Für diesen Dienst sind keine Systemleistungsdaten verfügbar.
Systemfehler:
=============
Error: (02/21/2026 05:52:12 AM) (Source: Microsoft-Windows-TPM-WMI) (EventID: 1801) (User: NT-AUTORITÄT)
Description: Secure Boot certificates have been updated but are not yet applied to the device firmware. Review the published guidance to complete the update and ensure full protection. This device signature information is included here.
DeviceAttributes: BaseBoardManufacturer:ASUSTeK COMPUTER INC.;FirmwareManufacturer:American Megatrends Inc.;FirmwareVersion:2603;OEMModelNumber:System Product Name;OEMModelBaseBoard:PRIME B360M-A;OEMModelSystemFamily:To be filled by O.E.M.;OEMManufacturerName:System manufacturer;OEMModelSKU:ASUS_MB_CNL;OSArchitecture:amd64;
BucketId: c41db8f0c67b35e5a15081e5389ef29e8c793acb905ebf003e16198a3711502c
BucketConfidenceLevel:
UpdateType:
For more information, please see https://go.microsoft.com/fwlink/?linkid=2301018.
Error: (02/21/2026 05:49:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (02/21/2026 05:49:15 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.
CodeIntegrity:
===============
Date: 2026-02-21 12:44:44
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\ProgramData\Microsoft\Windows Defender\Platform\4.18.26010.5-0\MpDefenderCoreService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2026-02-21 12:39:22
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
Date: 2026-02-21 11:34:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. 2603 10/11/2019
Hauptplatine: ASUSTeK COMPUTER INC. PRIME B360M-A
Prozessor: Intel(R) Core(TM) i5-9400F CPU @ 2.90GHz
Prozentuale Nutzung des RAM: 37%
Installierter physikalischer RAM: 16294.45 MB
Verfügbarer physikalischer RAM: 10130.61 MB
Summe virtueller Speicher: 17318.45 MB
Verfügbarer virtueller Speicher: 10549.62 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:317.26 GB) (Free:48.81 GB) (Model: WD_BLACK SN7100 1TB) NTFS
Drive s: (Volume) (Fixed) (Total:612.82 GB) (Free:244.22 GB) (Model: WD_BLACK SN7100 1TB) NTFS
\\?\Volume{45b11e4f-8457-4377-a351-262aa50509e6}\ () (Fixed) (Total:0.76 GB) (Free:0.12 GB) NTFS
\\?\Volume{852fc7e5-57c2-4ef2-ae0a-d6ef576a605b}\ () (Fixed) (Total:0.56 GB) (Free:0.54 GB) NTFS
\\?\Volume{ecb9f301-41ac-4550-9598-8f32e95489f8}\ () (Fixed) (Total:0.09 GB) (Free:0.06 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Protective MBR) (Size: 111.8 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 1 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt =======================
|
|
Heute, 13:50
| #7 | ||
| | Trojaner und Viren über MBAM gefundenCode:
ATTFilter 21.02.2026 15:48:47 Uhr
Geprüfte Dateien: 822035
Erkannte Dateien: 8
Gesäuberte Dateien: 8
Scandauer gesamt 02:22:58
Scanstatus: Abgeschlossen
C:\FRST\Quarantine\C\ProgramData\script.bat.xBAD BAT/Runner.PG trojan cleaned by deleting
C:\Program Files\MiniTool Partition Wizard 13\fvformatsupport.dll a variant of Win64/MiniTool.A potentially unwanted application cleaned by deleting
C:\Program Files\MiniTool Partition Wizard 13\PowerDataRecoveryUI.dll a variant of Win64/MiniTool.B potentially unwanted application cleaned by deleting
C:\Program Files (x86)\HoneySelect 2 DX Setup\script.bat BAT/Runner.PG trojan cleaned by deleting
C:\Program Files (x86)\Nmap\ncat.exe a variant of Win32/NetTool.Ncat.C potentially unsafe application cleaned by deleting
C:\ProgramData\firefox_480429725.zip PowerShell/Agent.DRC trojan cleaned by deleting
C:\Users\admin\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Cache\Cache_Data\f_00003b BAT/Runner.PG trojan cleaned by deleting
S:\$RECYCLE.BIN\S-1-5-21-3437276495-2594823583-628811619-1001\$R4D09BO.exe a variant of Win32/NetTool.Ncat.C potentially unsafe application cleaned by deleting
Zitat:
Zitat:
Geändert von Koolman (Heute um 13:55 Uhr) |
|
Heute, 16:04
| #8 | |
| /// TB-Ausbilder | Trojaner und Viren über MBAM gefunden Servus, Zitat:
 Aktive Malware hat ESET nicht mehr gefunden, nur noch unerwünschte Software und eine zip Datei, von der aus die Malware vermutlich gestartet wurde. Wenn es keine offenen Fragen mehr deinerseits gibt, wären wir fertig. Entfernung der verwendeten Tools Führe KpRm gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Dann wären wir durch! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Wenn Du möchtest, kannst Du hier sagen, ob du mit uns und unserer Hilfe zufrieden warst...  Vielleicht möchtest du das Forum mit einer kleinen Spende  unterstützen.  Zum Schluss bitte unbedingt die Sicherheitsmaßnahmen lesen und umsetzen: Hinweis: Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
Heute, 16:09
| #9 | |
| | Trojaner und Viren über MBAM gefunden Ok, alles klar vielen Dank nochmal!! Ich denke ich habe keine offenen Fragen mehr. Zitat:
Code:
ATTFilter # Run at 21.02.2026 18:07:08' U18r'
# KpRm (Kernel-panik) version 2.21.0
# Website https://kernel-panik.me/tool/kprm/
# Run by admin from S:\icloud
# Computer Name: DESKTOP-CHMVQ4P
# OS: Windows 11 X64 (26200) (10.0.26200.7462)
# Number of passes: 1
- Checked options -
~ Delete Tools
~ Delete Quarantines
- Delete Tools -
## AdwCleaner
[OK] C:\Users\admin\Downloads\adwcleaner.exe deleted
[OK] C:\AdwCleaner deleted
## ESET Online Scanner
[OK] C:\Users\admin\Desktop\ESET Online Scanner.lnk deleted
[OK] C:\Users\admin\Downloads\esetonlinescanner.exe deleted
[OK] C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk deleted
[OK] C:\Users\admin\AppData\Local\ESET\ESETOnlineScanner deleted
## FRST
[OK] C:\Users\admin\Downloads\Addition.txt deleted
[OK] C:\Users\admin\Downloads\Fixlog.txt deleted
[OK] C:\Users\admin\Downloads\FRST.txt deleted
[OK] C:\Users\admin\Downloads\FRST64.exe deleted
[OK] C:\FRST deleted
## Malwarebytes (log)
[OK] C:\Users\admin\Desktop\Malwarebytes Scan-Bericht 2026-02-18 081736.txt deleted
[OK] C:\Users\admin\Desktop\Malwarebytes Scan-Bericht 2026-02-18 082237.txt deleted
-- KPRM finished in 2.92s --
|
|
Heute, 16:44
| #10 |
| /// TB-Ausbilder | Trojaner und Viren über MBAM gefunden Wir sind froh, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Jeder andere bitte hier klicken und ein eigenes Thema erstellen. |
|
| Themen zu Trojaner und Viren über MBAM gefunden |
| administrator, autorun, bonjour, computer, dateien, defender, google, homepage, internet, malwarebytes, microsoft, nvidia, opera, ordner, programme, prozesse, realtek, registry, services.exe, software, svchost.exe, treiber, trojaner, viren, windows |
Lesestoff:
Hybrid-Darstellung
