nik.fuzz | 06.12.2020 13:42 | Murofet Weekly: Trojanerbefall wird durch Telekom per Brief mitgeteilt. Liste der Anhänge anzeigen (Anzahl: 2) Hallo,
Ich habe gestern einen Brief des Telekom Abuse-Teams bekommen: Sehr geehrte Damen und Herren,
...
Von externen Hinweisgebern haben wir zuverlässige Informationen erhalten, dass mindestens ein Rechner oder ein Endgerät... mit einem Schadprogramm/Malware infiziert ist. Nach Rückruf gab es die Info, dass es sich um den Virus Murofetweekly handeln soll.
Handlungsanweisung der Telekom: Virenscan.
Nachdem ich Kaspersky Rescue Disc laufen lassen habe konnten bereits zwei Datein entfernt werden: Murofetweekly wurde hier jedoch nicht aufgeführt.
Sicherheitshalber wende ich mich deshalb hier ans Forum.
Hier nun die Log-Datein: FRST und Addition
Hier FRST: Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 06-12-2020
durchgeführt von ng4600 (Administrator) auf NIK (MSI MS-7A70) (06-12-2020 13:26:32)
Gestartet von F:\Downloads
Geladene Profile: ng4600
Platform: Windows 10 Pro Version 1909 18363.1198 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) D:\Program Files\Adobe Premiere Elements 12\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Maintenance.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Geek Software GmbH -> Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <23>
(ICEpower a/s -> ICEpower) C:\Windows\System32\ICEsoundService64.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\DPC Latency Tuner\DPCLT_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\Mystic Light\Mystic Light.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Mystic Light\MysticLight_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO.,LTD.) C:\Program Files (x86)\MSI\Fast Boot\FastBoot.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279328 2018-09-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [1074600 2016-08-28] (Heidi Computers Ltd -> The Eraser Project)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 3.1 eXtensible Host Controller Driver\Application\iusb3mon.exe [299504 2016-08-18] (Intel(R) USB eXtensible Host Controller Drivers -> Intel Corporation)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [413832 2017-11-01] (Geek Software GmbH -> Geek Software GmbH)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [705728 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Program Files\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG -> Elaborate Bytes AG)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26037944 2018-10-02] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [835768 2018-09-07] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
HKLM-x32\...\Run: [Mystic Light] => C:\Program Files (x86)\MSI\Mystic Light\Mystic Light.exe [3098808 2018-04-16] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
HKLM-x32\...\Run: [Super Charger] => C:\Program Files (x86)\MSI\Super Charger\Super Charger.exe [1028280 2017-11-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
HKLM-x32\...\Run: [X_Boost] => C:\Program Files (x86)\MSI\MSI X Boost\X_Boost.exe [4260000 2018-08-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22256824 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2020-09-08] (Apple Inc. -> Apple Inc.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX430 series: c:\windows\system32\CNCALB1.DLL [302592 2011-09-21] (CANON INC.) [Datei ist nicht signiert]
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX430 series: c:\windows\system32\CNMLMB1.DLL [385024 2012-03-14] (CANON INC.) [Datei ist nicht signiert]
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX430 series XPS: c:\windows\system32\CNMXLMB1.DLL [385024 2012-03-14] (CANON INC.) [Datei ist nicht signiert]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\86.0.4240.198\Installer\chrmstp.exe [2020-11-12] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0202EE7B-FD3A-4271-A0E2-D427782AFD8E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {08760628-7EB9-4D8D-8EA9-B4C2A271C29C} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {093D9E70-7AAF-49F6-B8E7-53390FE904D6} - System32\Tasks\Overwolf Updater Task => C:\Users\ng4600\Desktop\Overwolf\OverwolfUpdater.exe
Task: {0E052179-F2B7-4277-9B3E-56A3A310EDF8} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950480 2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {165FD7CB-C11A-437E-8B21-3F066139DE11} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1349200 2020-11-03] (Adobe Inc. -> Adobe Inc.)
Task: {16C0C390-E0CA-419A-A33C-1C105669D5A9} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {21BD26F5-4324-45EE-B96B-441306D0D64A} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {26AC9D5E-CC8A-4AF3-8892-65EA3AF3C9E2} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [696016 2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {287961FA-6E93-4C5F-AF3C-A20C677FAA83} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {2A8C9C0B-188E-4E55-A079-B6652906B4F4} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2D4365E0-E6EF-4109-8585-EE856D464F91} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950480 2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2EE75A90-2D5A-4836-A782-B3B5F2901443} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855760 2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3CBE54E4-1F39-4696-A621-AB9AE82EF4A7} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1328392 2015-11-20] (Intel(R) Software -> Intel Corporation)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {498A0C04-B213-4919-9AD6-C51454264800} - System32\Tasks\RtlNetworkGenieVistaStart => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe [2047704 2015-07-09] (Realtek Semiconductor Corp -> Realtek Semiconductor)
Task: {4B337E8E-C2CB-4EBD-862C-300558052263} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {4F68498E-DD81-40AE-B28F-ACE801CB0B04} - System32\Tasks\Intel PTT EK Recertification => C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe [918288 2020-04-22] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {4F7DEEC8-6862-440F-9081-C50BD9BF4610} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-11-02] (Google Inc -> Google Inc.)
Task: {536BCDEE-ED49-464D-82B2-99CA15E408A0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {54DA8524-74B0-4833-B709-3E87A2FE941A} - System32\Tasks\AdobeAAMUpdater-1.0-NIK-ng4600 => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {57AAE158-CE2F-407C-947F-8A7722AA15F3} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5C0EB475-EB9F-4CCA-BB74-FA5CCDBC0F97} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {6495CB34-B691-46CC-9E04-CA9A579D14DA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6892CB43-F42E-4A6F-8EEF-1E813C8AEA14} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {6F7B1115-97D7-4F58-9E2D-DC0F61DE2E21} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [855760 2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7260B1D5-62BD-4C4A-9A3D-D916C313F272} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {7AFB5895-9AC9-488F-B460-E0674A59707F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616832 2019-09-04] (Apple Inc. -> Apple Inc.)
Task: {7B53A63A-147D-44EA-ACE9-D820EDEB8B61} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7DF7A4B5-B911-4217-8BF0-4C7F2FC99079} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {89CACF21-BFD2-4390-8916-800B0C3309CC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {945B1232-43B5-4A28-BC53-E8B7D164691F} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [30106496 2020-10-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {A461D626-8234-478F-B326-D4D711A31A30} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2649200 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B6C675F8-DFFB-4BB3-99FF-E928A65E6A41} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BA083B46-8832-4E63-AAC5-CE6BB92F6207} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [230632 2020-11-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {BA64757D-DAFA-4FCF-9DC0-C7BE824AE21A} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950480 2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C03E00C0-C7B1-4B6F-99B9-47371BC3AD59} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {C417B178-C2D4-4922-9F9F-624246662035} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D0F6F0BC-EA05-4573-922A-800E14B2916A} - System32\Tasks\TrackerAutoUpdate => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe [3976896 2017-08-10] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
Task: {D14AD154-65F8-4E0D-B180-C39DDE4CA3F5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [152216 2017-11-02] (Google Inc -> Google Inc.)
Task: {D1F31A88-FE34-471D-BF76-3095B11CC956} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [18233016 2020-02-28] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {D4DE4705-E301-409E-842F-607BACF44987} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {D73BCA5C-EACC-4D95-B18A-72D1FC81FF12} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D7A97D5F-35A6-4B6C-9232-110E1FB98A9C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DB1553D0-A079-4EC3-939E-73748A988FFC} - \Microsoft\Windows\Setup\EOSNotify -> Keine Datei <==== ACHTUNG
Task: {E501ABD6-B1F6-4214-A141-198A4BB55509} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {E6244920-1CEB-4B70-8C89-A576E6972089} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [950480 2018-11-13] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {EC5668B0-B014-4079-B1FE-69640B404E65} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {F1ECCED0-58F3-4DA2-B4FA-2586A0A8EB7C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F3B144E1-EA9F-4F5B-AC94-A14C4E2D9D9D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {F71F2B4F-94C5-40A4-AF17-FB8E2C961B1E} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\RtlNetworkGenieVistaStart.job => C:\Program Files (x86)\MSI\NetworkGenie\NetworkGenie.exe
Task: C:\WINDOWS\Tasks\TrackerAutoUpdate.job => C:\Program Files\Tracker Software\Update\TrackerUpdate.exe-CheckUpdate(Tracker Software Products (Canada) Ltd.Kee
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{1A54A8C4-C376-4C5C-95F2-F7673A859C29}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{7b64753f-6178-488f-9b68-87733fe2962c}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8dd977cf-0e39-4175-9e98-df5db7925f83}: [DhcpNameServer] 192.168.178.1
Edge:
======
DownloadDir: C:\Users\ng4600\Downloads
Edge Profile: C:\Users\ng4600\AppData\Local\Microsoft\Edge\User Data\Default [2020-11-25]
Edge DownloadDir: F:\Downloads
FireFox:
========
FF DefaultProfile: wzmjl5v0.default
FF ProfilePath: C:\Users\ng4600\AppData\Roaming\Mozilla\Firefox\Profiles\wzmjl5v0.default [2019-06-23]
FF ProfilePath: C:\Users\ng4600\AppData\Roaming\Mozilla\Firefox\Profiles\fzuyopdz.default-release [2020-12-06]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2017-08-10] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2017-08-10] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-08-10] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-08-10] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: Adobe Reader -> D:\Program Files\Adobe Acrobat\Reader\AIR\nppdf32.dll [2020-11-19] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1393509143-4016895142-1010486369-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-08-10] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default [2020-12-06]
CHR DownloadDir: F:\Downloads
CHR DefaultSearchURL: Default -> hxxps://ssl.gstatic.com/apps-notify/drive_96_1x.png
CHR Extension: (Präsentationen) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-02]
CHR Extension: (Google Drive) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\aghbiahbpaijignceidepookljebhfak [2019-12-11]
CHR Extension: (Docs) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-02]
CHR Extension: (Google Drive) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-26]
CHR Extension: (YouTube) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-02]
CHR Extension: (Elevate for Strava) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhiaggccakkgdfcadnklkbljcgicpckn [2020-07-02]
CHR Extension: (Adobe Acrobat) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-09-17]
CHR Extension: (Tabellen) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-02]
CHR Extension: (iCloud-Lesezeichen) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2017-11-28]
CHR Extension: (Google Docs Offline) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-11-20]
CHR Extension: (AdBlock*– der beste Ad-Blocker) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2020-11-20]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-11-24]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2020-10-03]
CHR Extension: (Chrome-Erweiterung für Google Notizen) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2020-12-03]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-01]
CHR Extension: (Google Mail) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-22]
CHR Extension: (Chrome Media Router) - C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-18]
CHR Profile: C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\Guest Profile [2020-11-25]
CHR Profile: C:\Users\ng4600\AppData\Local\Google\Chrome\User Data\System Profile [2020-11-25]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2017-11-06] (Adobe Systems) [Datei ist nicht signiert]
R2 AdobeActiveFileMonitor12.0; D:\Program Files\Adobe Premiere Elements 12\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [170056 2020-11-03] (Adobe Inc. -> Adobe Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1205960 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537472 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [483432 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [483432 2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [573960 2020-10-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636592 2020-11-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [384544 2020-10-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [246424 2020-11-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161376 2020-08-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8352184 2019-02-01] (BattlEye Innovations e.K. -> )
S3 FACEITService; E:\FACEIT AC\FACEITService.exe [20252512 2019-10-11] (FACE IT LIMITED -> )
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService_x64.exe [2669240 2018-01-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2343608 2018-01-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService_x64.exe [2725048 2017-12-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2255032 2018-08-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2507448 2018-07-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2136248 2018-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [2742968 2018-08-23] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [86688 2018-07-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_DPCLTSERVICE; C:\Program Files (x86)\MSI\DPC Latency Tuner\DPCLT_Service.exe [2166968 2018-09-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [113336 2017-12-21] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2190520 2018-09-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_MYSTICLIGHTSERVICE; C:\Program Files (x86)\MSI\Mystic Light\MysticLight_Service.exe [2048696 2017-11-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super Charger\ChargeService.exe [183992 2018-08-15] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 Origin Client Service; E:\Origin\OriginClientService.exe [2329392 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts)
S2 Origin Web Helper Service; E:\Origin\OriginWebHelperService.exe [3203888 2019-06-11] (Electronic Arts, Inc. -> Electronic Arts)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [413832 2017-11-01] (Geek Software GmbH -> Geek Software GmbH)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6153048 2020-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4098056 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [113992 2019-03-19] (Microsoft Corporation -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20640 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-17] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-02-28] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [207424 2020-11-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199752 2020-05-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-02-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-02-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-02-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-11] (Microsoft Corporation) [Datei ist nicht signiert]
S3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2735616 2015-06-02] (C-Media Inc) [Datei ist nicht signiert]
S3 ipadtst; C:\Program Files (x86)\MSI\Super Charger\ipadtst_64.sys [20464 2013-11-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> Windows (R) Win 7 DDK provider)
S3 ipadtst2; C:\Program Files (x86)\MSI\Super Charger\ipadtst2_64.sys [16336 2016-07-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrd.sys [32360 2011-09-14] (Realtek Semiconductor Corp -> NT Kernel Resources)
S3 NTIOLib_CC_Clock; C:\Program Files (x86)\MSI\Command Center\ClockGen\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_DPC; C:\Program Files (x86)\MSI\DPC Latency Tuner\NTIOLib_X64.sys [14288 2017-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [14288 2017-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\Mystic Light\Lib\NTIOLib_X64.sys [14288 2017-05-24] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] (MiniTool Solution Ltd -> )
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation -> Corel Corporation)
R2 speedfan; C:\Windows\SysWOW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46472 2019-03-19] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [333784 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [151184 2016-07-15] (NGO -> MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [62432 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-12-06 12:28 - 2020-12-06 12:28 - 000271524 _____ C:\WINDOWS\SysWOW64\tmp
2020-12-03 20:40 - 2020-12-03 20:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2020-12-03 08:55 - 2020-12-06 12:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2020-11-24 10:38 - 2020-11-24 10:38 - 000106952 _____ C:\Users\ng4600\Documents\Beihilfeantrag_internet_a (4).pdf
2020-11-12 17:58 - 2020-11-12 17:58 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2020-11-12 17:58 - 2020-11-12 17:58 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2020-11-12 17:57 - 2020-11-12 17:57 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2020-11-12 17:57 - 2020-11-12 17:57 - 000200704 _____ C:\WINDOWS\system32\IHDS.dll
2020-11-12 17:57 - 2020-11-12 17:57 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2020-12-06 13:26 - 2020-10-07 05:56 - 000000000 ____D C:\FRST
2020-12-06 13:20 - 2019-07-30 18:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2020-12-06 13:20 - 2019-07-09 18:11 - 000000000 ____D C:\ProgramData\NVIDIA
2020-12-06 13:20 - 2019-04-16 20:54 - 000000000 ____D C:\Users\ng4600\AppData\Roaming\WTablet
2020-12-06 13:20 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2020-12-06 12:28 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2020-12-06 12:27 - 2017-11-03 15:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-12-06 12:22 - 2020-05-15 11:31 - 000000448 __RSH C:\ProgramData\ntuser.pol
2020-12-06 12:14 - 2019-07-30 18:54 - 001887728 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2020-12-06 12:14 - 2019-03-19 13:16 - 000785964 _____ C:\WINDOWS\system32\perfh007.dat
2020-12-06 12:14 - 2019-03-19 13:16 - 000167980 _____ C:\WINDOWS\system32\perfc007.dat
2020-12-06 12:14 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2020-12-06 12:09 - 2019-07-30 18:53 - 000004160 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{BCC0463F-66B3-4DDF-9D87-C1E9BAE32052}
2020-12-06 12:09 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2020-12-06 12:09 - 2017-12-20 11:46 - 000000000 ____D C:\Users\ng4600\AppData\Local\Adobe
2020-12-06 12:09 - 2017-11-03 15:09 - 000001213 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2020-12-06 12:09 - 2017-11-03 15:09 - 000000000 ____D C:\Users\ng4600\AppData\LocalLow\Mozilla
2020-12-05 17:09 - 2018-05-16 10:49 - 000000000 ____D C:\Users\ng4600\AppData\Roaming\WhatsApp
2020-12-05 16:59 - 2020-06-15 07:14 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2020-12-05 16:58 - 2019-07-30 18:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2020-12-05 11:09 - 2019-02-04 19:08 - 000000000 ____D C:\Users\ng4600\AppData\Local\WhatsApp
2020-12-05 11:09 - 2018-05-03 22:37 - 000000000 ____D C:\Users\ng4600\AppData\Local\SquirrelTemp
2020-12-04 17:53 - 2019-07-30 18:53 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2020-12-04 17:53 - 2019-07-30 18:53 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2020-12-04 16:56 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2020-12-04 16:53 - 2018-06-12 12:09 - 000000000 ____D C:\ProgramData\Riot Games
2020-12-04 16:53 - 2017-11-02 19:00 - 000000000 ____D C:\Users\ng4600\AppData\Local\Spotify
2020-12-04 16:53 - 2017-11-02 18:59 - 000000000 ____D C:\Users\ng4600\AppData\Roaming\Spotify
2020-12-03 20:40 - 2017-11-02 23:19 - 000000000 ____D C:\ProgramData\Package Cache
2020-11-30 21:06 - 2017-11-14 10:02 - 000000000 ____D C:\Users\ng4600\AppData\Local\ElevatedDiagnostics
2020-11-30 18:28 - 2020-06-15 07:14 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2020-11-30 18:28 - 2020-06-15 07:14 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2020-11-27 13:56 - 2020-09-04 07:13 - 000003690 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update
2020-11-25 20:35 - 2019-07-30 18:53 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2020-11-25 20:34 - 2018-11-14 20:34 - 000001722 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-11-24 10:37 - 2018-01-17 10:21 - 001045718 _____ C:\Users\ng4600\Documents\DBV_Erstattungsantrag_Nachbau_V3_ohneSummen.pdf
2020-11-22 11:38 - 2020-10-01 16:06 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2020-11-16 13:07 - 2017-11-04 20:17 - 000207424 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2020-11-13 07:54 - 2017-11-04 20:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2020-11-13 07:54 - 2017-11-04 20:39 - 000000000 ___RD C:\Users\ng4600\3D Objects
2020-11-13 07:54 - 2017-11-02 23:31 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-11-13 07:52 - 2019-07-30 18:44 - 003381688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2020-11-12 21:39 - 2019-03-19 13:19 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\TextInput
2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup
2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2020-11-12 21:39 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2020-11-12 18:03 - 2017-11-02 18:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2020-11-12 18:00 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2020-11-12 18:00 - 2017-11-02 18:09 - 133736600 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2020-11-12 17:57 - 2019-07-30 18:45 - 002876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2020-11-12 11:00 - 2020-10-01 16:06 - 000907064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2020-11-12 10:59 - 2020-10-01 16:06 - 000436536 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2020-11-10 21:09 - 2019-07-30 18:53 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2019-10-28 21:32 - 2019-10-28 21:32 - 000000218 _____ () C:\Users\ng4600\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
und hier Addition: Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 06-12-2020
durchgeführt von ng4600 (06-12-2020 13:28:13)
Gestartet von F:\Downloads
Windows 10 Pro Version 1909 18363.1198 (X64) (2019-07-30 17:53:53)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1393509143-4016895142-1010486369-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1393509143-4016895142-1010486369-503 - Limited - Disabled)
Gast (S-1-5-21-1393509143-4016895142-1010486369-501 - Limited - Disabled)
ng4600 (S-1-5-21-1393509143-4016895142-1010486369-1000 - Administrator - Enabled) => C:\Users\ng4600
WDAGUtilityAccount (S-1-5-21-1393509143-4016895142-1010486369-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 20.013.20066 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop Lightroom 4.2 64-bit (HKLM\...\{B71CCF77-38A2-4805-9759-A6F7D2C52F3A}) (Version: 4.2.1 - Adobe)
Adobe Premiere Elements 12 (HKLM\...\{4016464A-0C3E-4070-8293-5D7F0D8EAE3A}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 12 (HKLM\...\PremElem120) (Version: 12.0 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM-x32\...\{CCA8C50D-785B-4896-8675-FFE0C4ECCBC3}) (Version: 8.7 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{75BEF7E8-4370-4D42-94F3-B5AA77057965}) (Version: 8.7 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{A3985C05-7386-411F-A4BF-32A73F37EB44}) (Version: 2.6.3.1 - Apple Inc.)
Avira (HKLM-x32\...\{161e6084-b0f5-43e8-86d8-09eda5c0893d}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden
Avira (HKLM-x32\...\{426D1710-5DFD-45E9-B11D-464792C5AD35}) (Version: 1.2.153.30452 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2011.2057 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.36.1.29260 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.0.41.13618 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;)
Avira Software Updater (HKLM-x32\...\{073825B9-FF06-4690-8CE4-3C0B72036122}) (Version: 2.0.6.37231 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.7.0.11017 - Avira Operations GmbH & Co. KG) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.64 - Piriform)
CopyTrans HEIC for Windows (HKLM\...\CopyTrans HEIC for Windows_is1) (Version: 1.0.0.6 - Ursa Minor Ltd)
CPUID CPU-Z MSI 1.78 (HKLM\...\CPUID CPU-Z MSI_is1) (Version: 1.78 - CPUID, Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 416.94 - NVIDIA Corporation) Hidden
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 6.4.3 - CEWE Stiftung u Co. KGaA)
Elements 12 Organizer (HKLM-x32\...\{9D80A7B7-DC01-485D-AE93-710D559B5C56}) (Version: 12.0 - Ihr Firmenname) Hidden
Eraser 6.2.0.2979 (HKLM\...\{C5900DE9-D199-4C27-B692-354C9A6A6C8B}) (Version: 6.2.2979 - The Eraser Project)
FIFA 18 (HKLM-x32\...\{213CC10A-B8CB-4EBA-B277-6B08B7C22A65}) (Version: 1.0.57.57320 - Electronic Arts)
Geeks3D FurMark 1.17.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
Golden Cheetah v3.4 (64bit) (HKLM-x32\...\Golden Cheetah) (Version: v3.4 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 86.0.4240.198 - Google LLC)
Google Drive (HKLM-x32\...\{A8DC81F2-D365-4248-892A-FA3B5951F731}) (Version: 2.34.9392.7803 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.36.51 - Google LLC) Hidden
HearthArena Companion (HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\Overwolf_eldaohcjmecjpkpdhhoiolhhaeapcldppbdgbnbc) (Version: 1.5.0.2 - Overwolf app)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
iCloud (HKLM\...\{8808B208-87D1-4725-8192-76D257E9DEAE}) (Version: 7.21.0.23 - Apple Inc.)
Inkscape 0.92.3 (HKLM-x32\...\Inkscape) (Version: 0.92.3 - Inkscape Project)
Intel Extreme Tuning Utility (HKLM-x32\...\{79E98F35-0524-446C-8EF5-4E863C4D87E2}) (Version: 6.2.0.24 - Intel Corporation) Hidden
Intel Extreme Tuning Utility (HKLM-x32\...\{7afa48c7-9901-40fa-8f9b-f0707e2bc5b6}) (Version: 6.2.0.24 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1068 - Intel Corporation)
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{df682aff-4294-4ad1-aaa7-276931d5781f}) (Version: 1.49.166.0 - Intel Corporation) Hidden
Intel(R) USB 3.0\3.1 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 5.0.0.32 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{44ded3eb-1686-46a6-9770-fd79096c29f7}) (Version: 10.1.1.45 - Intel(R) Corporation) Hidden
IrfanView 4.50 (64-bit) (HKLM\...\IrfanView64) (Version: 4.50 - Irfan Skiljan)
League of Legends (HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
Logitech Gaming Software 9.02 (HKLM\...\Logitech Gaming Software) (Version: 9.02.65 - Logitech Inc.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 87.0.664.55 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.139.59 - )
Microsoft OneDrive (HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\OneDriveSetup.exe) (Version: 20.169.0823.0008 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.3 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version: - MiniTool Solution Ltd.)
Mozilla Firefox 67.0.4 (x64 de) (HKLM\...\Mozilla Firefox 67.0.4 (x64 de)) (Version: 67.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 67.0.4 - Mozilla)
Mozilla Thunderbird 78.5.1 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 78.5.1 (x86 de)) (Version: 78.5.1 - Mozilla)
MSI Command Center (HKLM-x32\...\{85A2564E-9ED9-448A-91E4-B9211EE58A08}_is1) (Version: 3.0.0.78 - MSI)
MSI DPC Latency Tuner (HKLM-x32\...\{1AAC56F3-3F60-47DB-BE6B-088F36ADFDC5}_is1) (Version: 1.0.0.36 - MSI)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.15 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.2.0.44 - MSI)
MSI Mystic Light (HKLM-x32\...\{B798CF0A-F060-4054-9095-52B067C723C6}}_is1) (Version: 1.0.0.46 - MSI)
MSI Smart Tool (HKLM-x32\...\{DDCCA038-DAB1-4D09-B85C-848020AA75D6}}_is1) (Version: 1.0.0.36 - MSI)
MSI Super Charger (HKLM-x32\...\{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1) (Version: 1.3.0.26 - MSI)
MSI X Boost (HKLM-x32\...\{515143BB-7A11-4D85-B941-D520AAAA099C}_is1) (Version: 1.0.0.46 - MSI)
MTP Porting Kit (HKLM-x32\...\{353B1E6D-7073-4450-8C80-699BD8FCFB49}) (Version: 12.0.0 - Microsoft Corp)
NetworkGenie (HKLM-x32\...\{B416A23D-C2BD-4956-8BAE-5C3BAFF1AC1E}) (Version: 1.0.0.11 - MSI)
NVIDIA 3D Vision Controller-Treiber 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA Grafiktreiber 432.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 432.00 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.38.16 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.38.16 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.18.0907 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.18.0907 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.4 (HKLM-x32\...\{5E9128B1-0AB8-40F5-9F71-69089C490855}) (Version: 4.14.9788 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.41.27263 - Electronic Arts, Inc.)
Paradox Launcher v2 (HKLM\...\{986898D9-7C26-4E7F-814C-9B5472FA3209}) (Version: 2.0.0.0 - Paradox Interactive)
PDF24 Creator 8.2.4 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.322.7 - Tracker Software Products Ltd)
PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu)
PRE12 STI 64Installer (HKLM-x32\...\{06934A7E-D27F-4C5C-9D93-9715E274D736}) (Version: 12.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.25.119.2018 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8531 - Realtek Semiconductor Corp.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\Spotify) (Version: 1.1.47.684.g136419d9 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.5.0 - TeamSpeak Systems GmbH)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F14FB68A-9188-4036-AD0D-D054BC9C9291}) (Version: 2.59.0.0 - Microsoft Corporation)
VALORANT (HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\Riot Game valorant.live) (Version: - Riot Games, Inc)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VSDC Free Video Editor Version 6.1.1.899 (HKLM\...\VSDC Free Video Editor_is1) (Version: 6.1.1.899 - Flash-Integro LLC)
Wacom Tablett (HKLM\...\Wacom Tablet Driver) (Version: 6.3.33-3 - Wacom Technology Corp.)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
WhatsApp (HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\WhatsApp) (Version: 2.2047.13 - WhatsApp)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Zwift version 1.0.39 (HKLM-x32\...\{E4DA422A-82AB-44A4-B3A5-0AF60F47B7AB}_is1) (Version: 1.0.39 - Zwift, LLC)
Packages:
=========
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_2.9.0.1_neutral__6e5tt8cgb93ep [2020-03-08] (Canon Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_121.1.193.0_x64__v10z8vjag6ke6 [2020-11-05] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa [2020-11-19] (Apple Inc.) [Startup Task]
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-01-17] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-04] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2020-10-26] (Microsoft Studios) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_20.11020.5479.0_x64__8wekyb3d8bbwe [2020-11-19] (Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1393509143-4016895142-1010486369-1000_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [Datei ist nicht signiert]
CustomCLSID: HKU\S-1-5-21-1393509143-4016895142-1010486369-1000_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [Datei ist nicht signiert]
CustomCLSID: HKU\S-1-5-21-1393509143-4016895142-1010486369-1000_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [Datei ist nicht signiert]
CustomCLSID: HKU\S-1-5-21-1393509143-4016895142-1010486369-1000_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation) [Datei ist nicht signiert]
CustomCLSID: HKU\S-1-5-21-1393509143-4016895142-1010486369-1000_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation) [Datei ist nicht signiert]
CustomCLSID: HKU\S-1-5-21-1393509143-4016895142-1010486369-1000_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation) [Datei ist nicht signiert]
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers1: [PhotoStreamsExt] -> {89D984B3-813B-406A-8298-118AFA3A22AE} => C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll [2020-09-08] (Apple Inc. -> Apple Inc.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-09-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => D:\Program Files\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers2: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => D:\Program Files\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG -> Elaborate Bytes AG)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers4: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2018-04-23] (Google Inc -> Google)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-09-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> Keine Datei
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2019-10-02] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-09-21] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [Eraser] -> {BC9B776A-90D7-4476-A791-79D835F30650} => C:\Program Files\Eraser\Eraser.Shell.dll [2016-08-28] (Heidi Computers Ltd -> The Eraser Project)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2020-10-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Drivers32: [vidc.i420] => lvcod64.dll
HKLM\...\Drivers32: [msacm.voxacm160] => c:\windows\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [Datei ist nicht signiert]
HKLM\...\Drivers32: [msacm.scg726] => c:\windows\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [Datei ist nicht signiert]
HKLM\...\Drivers32: [msacm.alf2cd] => c:\windows\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [Datei ist nicht signiert]
HKLM\...\Drivers32: [msacm.ac3acm] => c:\windows\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [Datei ist nicht signiert]
HKLM\...\Drivers32: [msacm.lame] => c:\windows\system32\lame.ax [245760 2005-08-01] () [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.dvsd] => c:\windows\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.mpg4] => c:\windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.mp42] => c:\windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.mp43] => c:\windows\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.xvid] => c:\windows\system32\xvidvfw.dll [139264 2004-07-03] () [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.DIVX] => c:\windows\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.VP60] => c:\windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.VP61] => c:\windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.VP62] => c:\windows\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.LAGS] => c:\windows\system32\lagarith.dll [216064 2011-12-07] () [Datei ist nicht signiert]
HKLM\...\Drivers32-x32: [vidc.i420] => lvcodec2.dll
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\ng4600\Desktop\Progamme\Google Drive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\ng4600\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Google Drive.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\ng4600\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\aeea6001c9fdcab9\Click&Clean.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=ghgabhipcejejjmhhchfonmamedcbeod
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2018-10-06 13:14 - 2005-07-18 12:43 - 000160256 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\MSI\Live Update\unrar.dll
2017-11-22 11:50 - 2011-09-21 05:00 - 000302592 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNCALB1.DLL
2017-11-04 21:47 - 2012-03-14 05:00 - 000385024 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNMLMB1.DLL
2017-11-22 11:28 - 2012-03-14 05:00 - 000385024 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNMXLMB1.DLL
2018-04-06 19:29 - 2018-04-06 19:29 - 002286747 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Logitech Gaming Software\LIBEAY32.dll
2018-04-06 19:29 - 2018-04-06 19:29 - 000416627 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files\Logitech Gaming Software\ssleay32.dll
2018-10-06 13:18 - 2016-10-03 12:43 - 000399872 _____ (TODO: <公司名稱>) [Datei ist nicht signiert] C:\Program Files (x86)\MSI\Mystic Light\Lib\SDKDLL.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2018-04-12 00:38 - 2009-06-10 22:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> c:\program files (x86)\intel\intel(r) management engine components\icls\;c:\program files\intel\intel(r) management engine components\icls\;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;c:\program files (x86)\common files\adobe\agl;c:\windows\system32\openssh\;c:\program files (x86)\intel\intel(r) management engine components\dal;c:\program files\intel\intel(r) management engine components\dal;c:\program files (x86)\intel\intel(r) management engine components\ipt;c:\program files\intel\intel(r) management engine components\ipt;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\ng4600\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\_IGP5152.JPG
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Keine Datei)
ist aktiviert.
Network Binding:
=============
Ethernet: WinpkFilter LightWeight Filter -> nt_ndisrd (enabled)
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run32: => "X_Boost"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "PDFPrint"
HKLM\...\StartupApproved\Run32: => "VirtualCloneDrive"
HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\StartupApproved\Run: => "FACEIT"
HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1393509143-4016895142-1010486369-1000\...\StartupApproved\Run: => "World of Tanks"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [TCP Query User{A916DB42-7D1E-4CD1-8AA7-E2D0272B2D05}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{D3CB079B-6EA8-492F-8C74-CE67714A7704}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [TCP Query User{06437C4C-7A00-474A-9D9D-284B50A23509}C:\users\ng4600\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ng4600\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{F1C5E837-5DDD-4A0B-A638-2EDF95C543D0}C:\users\ng4600\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ng4600\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{F9991B82-345E-4275-AC93-090C9F089DFB}C:\users\ng4600\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ng4600\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{C4E06962-9AF8-4F90-8FF3-D7BF9DE6D59B}C:\users\ng4600\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ng4600\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{88337948-16FB-441A-AA37-B197A3841089}E:\steam\steam.exe] => (Allow) E:\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [UDP Query User{3B09CFD5-E985-4992-9DE4-198F3A2463F9}E:\steam\steam.exe] => (Allow) E:\steam\steam.exe (Valve -> Valve Corporation)
FirewallRules: [{01EE29EC-E6FB-4170-B38B-D123EDA70DCC}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{2FBE130D-3735-4F92-8489-6D312ADFA5A0}] => (Allow) E:\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{4AF39ACE-B602-46BC-9A1D-B1E15332322C}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [{570F2649-6388-4CFF-AA8D-3D1717781458}] => (Allow) E:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe (Valve -> )
FirewallRules: [TCP Query User{570BF443-C57B-4DA7-A5BA-66763D117FEE}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [UDP Query User{F8E46936-E5E4-4D52-8104-48984F57AF96}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe (Logitech Inc -> Logitech Inc.)
FirewallRules: [{CA80F2EF-7AAD-4176-8DF9-E328FF5E027F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{35F3ECAB-6682-4FC6-9EF5-25B660BFA31D}] => (Allow) E:\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{58915293-07F7-4AFE-93A6-307385C5EE6A}] => (Allow) E:\Steam\steamapps\common\Cities_Skylines\dowser.exe (Paradox Interactive Ab (Publ) -> )
FirewallRules: [{00A9A9F0-2407-45F2-AC2B-F738E08F7B85}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E2F79F90-D638-43F3-BBA5-8CFF91687A1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{11CE5104-BD2B-451F-B7A7-247D9183C72A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{873D82E0-7014-4FD2-92DC-CEE5FC295885}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{97611751-1DF1-4701-A304-2C72F6284334}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{32EE8670-0601-425C-A01C-2A400BD3605D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D7C18109-F3BD-41C9-8B5D-2D46DEDB25FC}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A7A068E4-88E2-48A7-98D3-BC3694A62F07}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7B5D38F9-C267-4D82-A809-0208BD922C86}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{564F9171-3EAB-47B4-9122-618501A3B802}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6B062A25-61CB-44CE-B00E-1513BF3E7D86}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{3A614CAD-F74C-49DC-AD35-EFD69A2F03BD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2114BC39-DF9C-4E19-A5D9-E3C97F0A6D66}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12110.26.53016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{43190F47-8AB2-4EE7-8A7F-541715407434}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{7CF0E774-079E-47BD-8992-A876FFF24D2C}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{162EFEB8-E965-48E4-9E67-6B3363A029F1}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert (Total:111.56 GB) (Free:24.53 GB) (22%)
==================== Fehlerhafte Geräte im Gerätemanager ============
Name: Audiocontroller für Multimedia
Description: Audiocontroller für Multimedia
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (12/06/2020 01:20:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Nik.local already in use; will try Nik-2.local instead
Error: (12/06/2020 01:20:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Nik.local. Addr 192.168.178.21
Error: (12/06/2020 01:20:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.21:5353 16 Nik.local. AAAA 2003:00EF:0F12:EA00:C452:7C51:08A1:F524
Error: (12/06/2020 01:20:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 Nik.local. AAAA FE80:0000:0000:0000:C452:7C51:08A1:F524
Error: (12/06/2020 01:20:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.21:5353 16 Nik.local. AAAA 2003:00EF:0F12:EA00:C452:7C51:08A1:F524
Error: (12/06/2020 01:20:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 4 Nik.local. Addr 192.168.178.21
Error: (12/06/2020 01:20:38 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.21:5353 16 Nik.local. AAAA 2003:00EF:0F12:EA00:C452:7C51:08A1:F524
Error: (12/06/2020 12:20:49 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7500,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Systemfehler:
=============
Error: (12/06/2020 01:22:15 PM) (Source: DCOM) (EventID: 10010) (User: NIK)
Description: Der Server "Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/06/2020 01:20:32 PM) (Source: volmgr) (EventID: 45) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.
Error: (12/06/2020 01:20:30 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (12/06/2020 01:20:30 PM) (Source: volmgr) (EventID: 45) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.
Error: (12/06/2020 12:27:43 PM) (Source: volmgr) (EventID: 45) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.
Error: (12/06/2020 12:27:40 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (12/06/2020 12:27:40 PM) (Source: volmgr) (EventID: 45) (User: )
Description: Das System konnte den Treiber für das Speicherabbild nicht laden.
Error: (12/06/2020 12:07:53 PM) (Source: DCOM) (EventID: 10010) (User: NIK)
Description: Der Server "Microsoft.SkypeApp_15.66.77.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
CodeIntegrity:
===================================
Date: 2020-10-01 13:15:01.692
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-09-11 01:14:38.604
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-08-09 13:24:58.500
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-08-09 11:22:00.817
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-07-14 16:08:49.406
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-07-10 15:35:41.712
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2020-05-30 09:26:44.608
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\browser_broker.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll that did not meet the Microsoft signing level requirements.
Date: 2020-05-18 18:11:37.439
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\AviraSecurityCenterAgent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. A.30 04/06/2017
Hauptplatine: MSI B250M PRO-VDH (MS-7A70)
Prozessor: Intel(R) Core(TM) i5-7500 CPU @ 3.40GHz
Prozentuale Nutzung des RAM: 27%
Installierter physikalischer RAM: 16349.02 MB
Verfügbarer physikalischer RAM: 11865.38 MB
Summe virtueller Speicher: 32733.02 MB
Verfügbarer virtueller Speicher: 26206.41 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:111.56 GB) (Free:24.53 GB) NTFS
Drive d: (Programme) (Fixed) (Total:499.9 GB) (Free:477.21 GB) NTFS
Drive e: (Games) (Fixed) (Total:207.11 GB) (Free:98.2 GB) NTFS
Drive f: (Volume) (Fixed) (Total:224.5 GB) (Free:194.97 GB) NTFS
Drive s: (System-reserviert) (Fixed) (Total:0.23 GB) (Free:0.19 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 754DEFCD)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)
==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 292892D8)
Partition 1: (Active) - (Size=232 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.6 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt =======================
Beste Grüße und vielen Danke im Voraus. |