Itx10000 | 12.02.2021 21:13 | Danke Matthias... Hier die Logfiles und die logfiles von malwarebytes die zwischenzeitlich einen Trojaner erkannt und blockiert haben. Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2021
durchgeführt von Thoma(Administrator) auf DESKTOP-OGLLRTL (LENOVO 20NE000JGE) (12-02-2021 20:59:24)
Gestartet von C:\Users\Thoma\OneDrive\Desktop
Geladene Profile: Thoma
Platform: Windows 10 Pro Version 1909 18363.1316 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adlice -> ) C:\Program Files\RogueKiller\RogueKiller64.exe
(Adlice -> ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361991.inf_amd64_21f0b4d7b4b1fcd4\B361684\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0361991.inf_amd64_21f0b4d7b4b1fcd4\B361684\atiesrxx.exe
(Conexant Systems LLC -> Conexant Systems, Inc.) C:\Windows\CxSvc\CxUtilSvc.exe
(Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_56f2d97d0eb4c03c\driver\tphkload.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN9A3B~1.INF\driver\shtctky.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN9A3B~1.INF\driver\tposd.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ApsInsSvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LITSSvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(McAfee, Inc. -> McAfee LLC.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc. -> McAfee, LLC) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc. -> McAfee, LLC) C:\Windows\System32\mfevtps.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\CSP\3.5.127.0\McCSPServiceHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe <2>
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\Common Files\McAfee\VSCore_20_3\mcapexe.exe
(McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, LLC -> McAfee, LLC.) C:\Program Files\Common Files\McAfee\Platform\MSM\McSmtFwk.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20566.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.13426.20566.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <8>
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Synaptics Hong Kong Limited, Taiwan Branch (H.K.)) C:\Program Files\WindowsApps\22094SynapticsIncorporate.SmartAudio3_1.0.83.0_x64__qt57b6kdvhcfw\AFA\CAudioFilterAgent64.exe
(Synaptics Hong Kong Limited, Taiwan Branch (H.K.)) C:\Program Files\WindowsApps\22094SynapticsIncorporate.SmartAudio3_1.0.83.0_x64__qt57b6kdvhcfw\Flow\Flow1\Flow.exe
(Synaptics Hong Kong Limited, Taiwan Branch (H.K.)) C:\Program Files\WindowsApps\22094SynapticsIncorporate.SmartAudio3_1.0.83.0_x64__qt57b6kdvhcfw\SA3\SmartAudio3.exe
(Synaptics Hong Kong Limited, Taiwan Branch (H.K.)) C:\Program Files\WindowsApps\22094SynapticsIncorporate.SmartAudio3_1.0.83.0_x64__qt57b6kdvhcfw\SACmd\SASrv.exe
(Synaptics Incorporated -> Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Synaptics Incorporated -> Conexant Systems LLC.) C:\Windows\CxSvc\CxAudioSvc.exe
(Synaptics Incorporated -> Conexant Systems, Inc.) C:\Windows\System32\CxUIUSvc64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPHelper.exe
(TEFINCOM S.A. -> ) C:\Program Files (x86)\NordVPN\nordvpn-service.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [WindowsDefender] => "%ProgramFiles%\Windows Defender\MSASCuiL.exe"
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [114273560 2020-10-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-762242832-1656469940-355921844-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3412696 2021-02-08] (Valve -> Valve Corporation)
HKU\S-1-5-21-762242832-1656469940-355921844-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5537448 2021-02-02] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-762242832-1656469940-355921844-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [1844688 2020-06-17] (TEFINCOM S.A. -> NordVPN)
HKU\S-1-5-21-762242832-1656469940-355921844-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Thoma\AppData\Local\Microsoft\Teams\Update.exe [2453688 2021-01-29] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-762242832-1656469940-355921844-1001\Environment: [Thoma] "powershell.exe" -windowstyle hidden -En "PAAjACAAYQBlAHoAaQB1AHMAcQBkAGcAbgB5AGUAYwB1ACAAIwA+ACQAdQA9ACQAZQBuAHYAOgBVAHMAZQByAE4AYQBtAGUAOwBmAG8AcgAgACgAJABpAD0AMAA7ACQAaQAgAC0AbABlACAAMQAzADAAMA (Der Dateneintrag hat 1251 mehr Zeichen). <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02E7BFEE-4897-45B4-B86F-731F0EEB347A} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgrInst.exe [59776 2019-11-12] (Lenovo -> )
Task: {05D9B4E7-55BA-4014-BC82-B5082AB07FB2} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {154B0FFB-2F7A-41D3-8D37-FF1C5827DFA3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {1B5961B5-420B-4B92-B967-8A186F383380} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4047464 2021-01-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {1F1FC69B-62E1-4EA4-A168-4C35F9745867} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [143888 2021-02-04] (Lenovo -> Lenovo Group Ltd.)
Task: {24B75D85-53D7-4297-97CF-4D07DB9A2378} - System32\Tasks\McAfee\DAD.Execute.Updates => C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.5.132\DADUpdater.exe [4054696 2021-01-18] (McAfee, LLC -> McAfee, LLC)
Task: {35A44C28-2840-4F2A-A67A-3E2A3FF2F158} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {37183DBD-3E54-4391-9798-0692FD09D890} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {3A8DB0C2-0FF3-4BB1-9321-2103AB6D7B45} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142184 2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {46F1B490-BC28-45D3-8A7A-1AA61B86A5A5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\fd5b72fa-60e6-44dd-852c-74982115d6c1 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81840 2021-01-11] (Lenovo -> Lenovo Group Ltd.)
Task: {494DCDBE-3C64-440E-92BD-32436D7C9B4C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199272 2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {57EF8D42-BF28-4EFA-9DC3-0860966CAA66} - System32\Tasks\Lenovo Power Management Driver PnP Task => C:\Windows\System32\ibmpmsvc.exe [912584 2020-10-13] (Lenovo -> Lenovo.)
Task: {5E3A7067-8378-4865-BD2A-14D3FACBF954} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {73E53953-E189-4374-94B5-A75BE965F5F1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {754BFD77-4E5F-463D-BEB1-BA06A8507701} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1072968 2020-03-23] (McAfee, LLC -> McAfee, LLC)
Task: {79BE22FF-49D0-4BDB-842F-407180716033} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199272 2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {952B7CC2-261A-4F46-9118-F31A1D96F2A4} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5693f084-6ecb-4ffe-89af-49e780f1f593 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81840 2021-01-11] (Lenovo -> Lenovo Group Ltd.)
Task: {969386BF-C183-4AB0-891A-2A6582A650A6} - System32\Tasks\Lenovo\Lenovo ITS PnP Task => C:\Windows\System32\LITSSvc.exe [931520 2020-05-25] (Lenovo -> Lenovo.)
Task: {9CF07A8F-BA32-4CF0-AA34-BB2511357C0A} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [761528 2020-03-29] (McAfee, LLC -> McAfee, LLC.)
Task: {A7745E3A-55AE-45E2-BB04-3ACA29891EE4} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {B7004507-B3C7-4A59-B2D7-81411968EF9E} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [113024 2019-11-12] (Lenovo -> Lenovo)
Task: {C106A798-659C-499F-8C2D-158E0EA1140C} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142184 2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {C3B93FC3-891C-4526-AF6D-974DC9DC7672} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [61872 2021-01-11] (Lenovo -> Lenovo Group Ltd.)
Task: {D4CC951A-B3F1-415C-AB5F-7FF88D8A4CC4} - System32\Tasks\McAfee\McAfee Idle Detection Task => {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe [1072968 2020-03-23] (McAfee, LLC -> McAfee, LLC)
Task: {DD4D7890-9B8D-4E35-B558-416B166E0F04} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_330_Plugin.exe [1458232 2020-03-01] (Adobe Inc. -> Adobe)
Task: {E26231AA-9E9A-4CFF-BF11-62551033CED6} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5b4d6293-e8fb-4f44-b7f7-297cb0801985 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81840 2021-01-11] (Lenovo -> Lenovo Group Ltd.)
Task: {E7E62CDF-0F16-491F-B727-DB67F37AB1D0} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {FA6A7CC6-B637-4257-AB0D-1300217A2D8D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [677344 2021-02-10] (Mozilla Corporation -> Mozilla Foundation)
Task: {FC0C6866-C3DB-47F3-BF51-AE0BEE383664} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993288 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {FD865550-F322-458E-907C-DF4F96D32520} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\42c06fe2-37f5-416c-aee6-04142b7f165b => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81840 2021-01-11] (Lenovo -> Lenovo Group Ltd.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{5ea45577-6c9c-4891-9deb-3292e089aca3}: [DhcpNameServer] 10.10.0.1
Tcpip\..\Interfaces\{ef451206-a4f3-4b33-a6a6-16b87c072ab1}: [DhcpNameServer] 192.168.178.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Thoma\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-10]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: gceiw7mu.default
FF ProfilePath: C:\Users\Thoma\AppData\Roaming\Mozilla\Firefox\Profiles\gceiw7mu.default [2020-03-02]
FF ProfilePath: C:\Users\Thoma\AppData\Roaming\Mozilla\Firefox\Profiles\q0rk520g.default-release [2021-02-12]
FF Homepage: Mozilla\Firefox\Profiles\q0rk520g.default-release -> google.com
FF Notifications: Mozilla\Firefox\Profiles\q0rk520g.default-release -> hxxps://www.holidaycheck.de; hxxps://www.stuttgarter-zeitung.de
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSKHKLM => nicht gefunden
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_330.dll [2020-03-01] (Adobe Inc. -> )
FF Plugin: @mcafee.com/MSC,version=10 -> C:\Program Files\McAfee\MSC\npMcSnFFPl64.dll [2020-04-18] (McAfee, LLC -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_330.dll [2020-03-01] (Adobe Inc. -> )
FF Plugin-x32: @mcafee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [2020-04-18] (McAfee, LLC -> )
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-02] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ApsInsSvc; C:\Windows\System32\ApsInsSvc.exe [150928 2019-01-09] (Lenovo -> Lenovo.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8902024 2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
R2 CxAudioSvc; C:\Windows\CxSvc\CxAudioSvc.exe [93664 2020-04-08] (Synaptics Incorporated -> Conexant Systems LLC.)
R2 CxAudMsg; C:\Windows\System32\CxAudMsg64.exe [243672 2020-04-08] (Synaptics Incorporated -> Conexant Systems Inc.)
R2 CxUIUSvc; C:\Windows\System32\CxUIUSvc64.exe [122328 2020-04-08] (Synaptics Incorporated -> Conexant Systems, Inc.)
R2 DolbyDAXAPI; C:\Windows\system32\dolbyaposvc\DAX3API.exe [1926600 2019-09-02] (Dolby Laboratories, Inc. -> )
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [81840 2021-01-11] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\Windows\System32\LITSSvc.exe [931520 2020-05-25] (Lenovo -> Lenovo.)
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [898760 2020-10-13] (Lenovo -> Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_20_3\McApExe.exe [765184 2020-04-24] (McAfee, LLC -> McAfee, LLC)
S3 McAWFwk; c:\program files\common files\McAfee\ActWiz\McAWFwk.exe [458688 2018-11-14] (McAfee, Inc. -> McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\3.5.127.0\\McCSPServiceHost.exe [2687592 2020-04-10] (McAfee, LLC -> McAfee, LLC)
S3 McSecDashboardService; C:\Program Files\McAfeeDashboard\McSecDashboardService.exe [1295000 2020-07-27] (McAfee, LLC -> McAfee, LLC)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-02-20] (McAfee, Inc. -> McAfee, LLC)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-02-20] (McAfee, Inc. -> McAfee, LLC)
R3 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [644200 2020-02-20] (McAfee, Inc. -> McAfee, LLC)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1738176 2020-03-24] (McAfee, LLC -> McAfee, LLC)
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [244176 2020-06-17] (TEFINCOM S.A. -> )
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21304 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21304 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2533952 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3479624 2021-02-02] (Electronic Arts, Inc. -> Electronic Arts)
R2 PEFService; C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe [1371456 2020-04-01] (McAfee, LLC -> McAfee, LLC)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2020-09-16] (Even Balance, Inc. -> )
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [13686080 2021-01-13] (Adlice -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6264144 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TPHKLOAD; C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_56f2d97d0eb4c03c\driver\TPHKLOAD.exe [426920 2019-06-10] (Lenovo -> Lenovo Group Limited)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [231936 2020-02-28] (Microsoft Corporation) [Datei ist nicht signiert]
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [75704 2020-04-21] (McAfee, Inc. -> McAfee, LLC)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [159600 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [153312 2021-02-12] (Malwarebytes Corporation -> Malwarebytes)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [226496 2020-03-23] (McAfee, LLC -> McAfee, Inc.)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220616 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2021-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [198248 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [77496 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [142416 2021-02-12] (Malwarebytes Inc -> Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [528824 2020-04-21] (McAfee, Inc. -> McAfee, LLC)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [381360 2020-04-21] (McAfee, Inc. -> McAfee, LLC)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [86144 2020-04-21] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, LLC)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522168 2020-04-21] (McAfee, Inc. -> McAfee, LLC)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [999352 2020-04-21] (McAfee, Inc. -> McAfee, LLC)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [595592 2020-05-01] (McAfee, Inc. -> McAfee LLC.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [108168 2020-05-01] (McAfee, Inc. -> McAfee LLC.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [116872 2020-04-21] (McAfee, Inc. -> McAfee, LLC)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252344 2020-04-21] (McAfee, Inc. -> McAfee, LLC)
R3 nlwt; C:\Windows\system32\DRIVERS\nlwt.sys [39360 2020-06-10] (TEFINCOM S.A. -> WireGuard LLC)
R1 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [37976 2020-10-13] (Lenovo -> Lenovo.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [38032 2021-02-12] (Adlice -> )
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49552 2021-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [419040 2021-02-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-12] (Microsoft Windows -> Microsoft Corporation)
S3 mfeavfk01; \Device\mfeavfk01.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-12 20:47 - 2021-02-12 20:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-02-12 20:47 - 2021-02-12 20:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2021-02-12 20:24 - 2021-02-12 20:24 - 000000000 ____D C:\Users\Thoma\AppData\LocalLow\IGDump
2021-02-12 20:24 - 2021-02-12 20:24 - 000000000 ____D C:\Users\Thoma\AppData\LocalLow\IGDump
2021-02-12 20:05 - 2021-02-12 16:08 - 099090432 _____ C:\Windows\system32\config\SOFTWARE
2021-02-12 19:59 - 2021-02-12 20:05 - 000000000 ____D C:\Windows\Microsoft Antimalware
2021-02-12 17:00 - 2021-02-12 17:06 - 000007597 _____ C:\Users\Thoma\AppData\Local\Resmon.ResmonCfg
2021-02-12 17:00 - 2021-02-12 17:06 - 000007597 _____ C:\Users\Thoma\AppData\Local\Resmon.ResmonCfg
2021-02-12 16:13 - 2021-02-12 16:13 - 000038032 _____ C:\Windows\system32\Drivers\truesight.sys
2021-02-12 16:13 - 2021-02-12 16:13 - 000000906 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2021-02-12 16:13 - 2021-02-12 16:13 - 000000906 _____ C:\ProgramData\Desktop\RogueKiller.lnk
2021-02-12 16:13 - 2021-02-12 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-02-12 16:13 - 2021-02-12 16:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2021-02-12 16:13 - 2021-02-12 16:13 - 000000000 ____D C:\Program Files\RogueKiller
2021-02-12 16:12 - 2021-02-12 16:18 - 000000000 ____D C:\ProgramData\RogueKiller
2021-02-12 16:12 - 2021-02-12 16:18 - 000000000 ____D C:\ProgramData\RogueKiller
2021-02-12 16:12 - 2021-02-12 16:12 - 040487584 _____ (Adlice Software ) C:\Users\Thoma\Downloads\setup1484.exe
2021-02-12 16:12 - 2021-02-12 16:12 - 040487584 _____ (Adlice Software ) C:\Users\Thoma\Downloads\setup1484.exe
2021-02-12 16:08 - 2021-02-12 16:08 - 000198248 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2021-02-12 16:08 - 2021-02-12 16:08 - 000142416 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2021-02-12 16:08 - 2021-02-12 16:08 - 000077496 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2021-02-12 16:02 - 2021-02-12 16:02 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-02-12 16:02 - 2021-02-12 16:02 - 000220616 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2021-02-12 16:02 - 2021-02-12 16:02 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-12 16:02 - 2021-02-12 16:02 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-12 16:02 - 2021-02-12 16:02 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-12 16:02 - 2021-02-12 16:02 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-12 16:02 - 2021-02-12 16:02 - 000000000 ____D C:\Users\Thoma\AppData\Local\mbam
2021-02-12 16:02 - 2021-02-12 16:02 - 000000000 ____D C:\Users\Thoma\AppData\Local\mbam
2021-02-12 16:02 - 2021-02-12 16:02 - 000000000 ____D C:\Users\Thoma\AppData\Local\CrashDumps
2021-02-12 16:02 - 2021-02-12 16:02 - 000000000 ____D C:\Users\Thoma\AppData\Local\CrashDumps
2021-02-12 16:02 - 2021-02-12 16:01 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2021-02-12 16:02 - 2021-02-12 16:01 - 000019912 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamElam.sys
2021-02-12 16:01 - 2021-02-12 16:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-12 16:01 - 2021-02-12 16:01 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-02-12 16:01 - 2021-02-12 16:01 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-12 16:00 - 2021-02-12 16:00 - 002086424 _____ (Malwarebytes) C:\Users\Thoma\Downloads\MBSetup.exe
2021-02-12 16:00 - 2021-02-12 16:00 - 002086424 _____ (Malwarebytes) C:\Users\Thoma\Downloads\MBSetup.exe
2021-02-12 12:52 - 2021-02-12 20:59 - 000000000 ____D C:\FRST
2021-02-12 10:04 - 2021-02-12 10:04 - 000208047 _____ C:\Users\Thoma\Downloads\Lebenslauf.docx(1).pdf
2021-02-12 10:04 - 2021-02-12 10:04 - 000208047 _____ C:\Users\Thoma\Downloads\Lebenslauf.docx(1).pdf
2021-02-12 09:27 - 2021-02-12 09:27 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\Thoma\AppData\Roaming\Thoma.exe
2021-02-12 09:27 - 2021-02-12 09:27 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\Thoma\AppData\Roaming\Thoma.exe
2021-02-11 18:10 - 2021-02-11 18:11 - 040712581 _____ C:\Users\Thoma\Downloads\Klimakrise - Soziale Bewegung(1).pdf
2021-02-11 18:10 - 2021-02-11 18:11 - 040712581 _____ C:\Users\Thoma\Downloads\Klimakrise - Soziale Bewegung(1).pdf
2021-02-11 18:08 - 2021-02-11 18:09 - 040712581 _____ C:\Users\Thoma\Downloads\Klimakrise - Soziale Bewegung.pdf
2021-02-11 18:08 - 2021-02-11 18:09 - 040712581 _____ C:\Users\Thoma\Downloads\Klimakrise - Soziale Bewegung.pdf
2021-02-11 11:13 - 2021-02-11 11:13 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Archeotec
2021-02-11 11:13 - 2021-02-11 11:13 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Archeotec
2021-02-11 11:09 - 2021-02-11 14:50 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Texte
2021-02-11 11:09 - 2021-02-11 14:50 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Texte
2021-02-11 11:09 - 2021-02-11 11:13 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\ANUMITARBEIT
2021-02-11 11:09 - 2021-02-11 11:13 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\ANUMITARBEIT
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Wohnung Lange Gasse
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Wohnung Lange Gasse
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Uni
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Uni
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Übersetzungen
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Übersetzungen
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\text
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\text
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Tabellen
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Tabellen
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Rechnungen_Hancorp
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Rechnungen_Hancorp
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\AKNeueRechte
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\AKNeueRechte
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\AkAsyl
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\AkAsyl
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\abitur
2021-02-11 11:09 - 2021-02-11 11:09 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\abitur
2021-02-11 11:09 - 2017-08-08 11:50 - 000100468 _____ C:\Users\Thoma\OneDrive\Dokumente\AnuRechnung2017.pdf
2021-02-11 11:09 - 2017-08-08 11:50 - 000100468 _____ C:\Users\Thoma\OneDrive\Dokumente\AnuRechnung2017.pdf
2021-02-11 11:09 - 2016-11-18 16:45 - 000055608 _____ C:\Users\Thoma\OneDrive\Dokumente\Cafeteliste.pdf
2021-02-11 11:09 - 2016-11-18 16:45 - 000055608 _____ C:\Users\Thoma\OneDrive\Dokumente\Cafeteliste.pdf
2021-02-11 11:09 - 2016-05-10 12:12 - 000106289 _____ C:\Users\Thoma\OneDrive\Dokumente\New OpenDocument Präsentation (2).odp
2021-02-11 11:09 - 2016-05-10 12:12 - 000106289 _____ C:\Users\Thoma\OneDrive\Dokumente\New OpenDocument Präsentation (2).odp
2021-02-11 11:09 - 2015-10-05 15:46 - 000063653 _____ C:\Users\Thoma\OneDrive\Dokumente\fledermaeuse.pdf
2021-02-11 11:09 - 2015-10-05 15:46 - 000063653 _____ C:\Users\Thoma\OneDrive\Dokumente\fledermaeuse.pdf
2021-02-11 11:08 - 2021-02-11 11:08 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Pdf
2021-02-11 11:08 - 2021-02-11 11:08 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Pdf
2021-02-11 11:08 - 2021-02-11 11:08 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Luginsland
2021-02-11 11:08 - 2021-02-11 11:08 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Luginsland
2021-02-11 11:08 - 2021-02-11 11:08 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\InstitutZdM
2021-02-11 11:08 - 2021-02-11 11:08 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\InstitutZdM
2021-02-11 11:08 - 2021-02-11 11:08 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Codes
2021-02-11 11:08 - 2021-02-11 11:08 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Codes
2021-02-11 09:48 - 2021-02-11 09:48 - 019380117 _____ C:\Users\Thoma\Downloads\Jaeggi, R._Entfremdung I Kap.pdf
2021-02-11 09:48 - 2021-02-11 09:48 - 019380117 _____ C:\Users\Thoma\Downloads\Jaeggi, R._Entfremdung I Kap.pdf
2021-02-10 21:10 - 2021-02-10 21:10 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-02-10 09:49 - 2021-02-12 11:05 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-02-09 16:44 - 2021-02-09 16:44 - 000208047 _____ C:\Users\Thoma\Downloads\Lebenslauf.docx.pdf
2021-02-09 16:44 - 2021-02-09 16:44 - 000208047 _____ C:\Users\Thoma\Downloads\Lebenslauf.docx.pdf
2021-02-09 16:36 - 2021-02-09 16:36 - 000544930 _____ C:\Users\Thoma\Downloads\IMG-20200820-WA0006(1).jpeg
2021-02-09 16:36 - 2021-02-09 16:36 - 000544930 _____ C:\Users\Thoma\Downloads\IMG-20200820-WA0006(1).jpeg
2021-02-09 15:44 - 2021-02-09 15:44 - 000544930 _____ C:\Users\Thoma\Downloads\IMG-20200820-WA0006.jpeg
2021-02-09 15:44 - 2021-02-09 15:44 - 000544930 _____ C:\Users\Thoma\Downloads\IMG-20200820-WA0006.jpeg
2021-02-07 16:11 - 2021-02-07 16:32 - 000047636 _____ C:\Users\Thoma\OneDrive\Dokumente\MeinProjekt.sedprj
2021-02-07 16:11 - 2021-02-07 16:32 - 000047636 _____ C:\Users\Thoma\OneDrive\Dokumente\MeinProjekt.sedprj
2021-02-07 15:56 - 2021-02-07 15:56 - 000000000 _____ C:\Users\Thoma\Downloads\Terror und Traum 10.12.2020(1).zip
2021-02-07 15:56 - 2021-02-07 15:56 - 000000000 _____ C:\Users\Thoma\Downloads\Terror und Traum 10.12.2020(1).zip
2021-02-07 15:17 - 2021-02-07 15:56 - 520674498 _____ C:\Users\Thoma\Downloads\Terror und Traum 10.12.2020.zip
2021-02-07 15:17 - 2021-02-07 15:56 - 520674498 _____ C:\Users\Thoma\Downloads\Terror und Traum 10.12.2020.zip
2021-02-07 15:03 - 2021-02-07 16:32 - 000000000 ____D C:\Users\Thoma\AppData\Roaming\Ashampoo Slideshow Studio 2019
2021-02-07 15:03 - 2021-02-07 16:32 - 000000000 ____D C:\Users\Thoma\AppData\Roaming\Ashampoo Slideshow Studio 2019
2021-02-07 15:03 - 2021-02-07 15:03 - 000001427 _____ C:\ProgramData\Desktop\Ashampoo Slideshow Studio 2019.lnk
2021-02-07 15:03 - 2021-02-07 15:03 - 000001427 _____ C:\ProgramData\Desktop\Ashampoo Slideshow Studio 2019.lnk
2021-02-07 15:03 - 2021-02-07 15:03 - 000000000 ____D C:\Users\Thoma\AppData\Local\ashampoo
2021-02-07 15:03 - 2021-02-07 15:03 - 000000000 ____D C:\Users\Thoma\AppData\Local\ashampoo
2021-02-07 15:03 - 2021-02-07 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2021-02-07 15:03 - 2021-02-07 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
2021-02-07 15:02 - 2021-02-07 15:03 - 000000000 ____D C:\ProgramData\Ashampoo
2021-02-07 15:02 - 2021-02-07 15:03 - 000000000 ____D C:\ProgramData\Ashampoo
2021-02-07 15:02 - 2021-02-07 15:02 - 055092592 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Thoma\Downloads\ashampoo_slideshow_studio_2019_30325.exe
2021-02-07 15:02 - 2021-02-07 15:02 - 055092592 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Thoma\Downloads\ashampoo_slideshow_studio_2019_30325.exe
2021-02-07 15:02 - 2021-02-07 15:02 - 000000000 ____D C:\Program Files (x86)\Ashampoo
2021-02-02 14:48 - 2021-02-02 14:48 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Benutzerdefinierte Office-Vorlagen
2021-02-02 14:48 - 2021-02-02 14:48 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Benutzerdefinierte Office-Vorlagen
2021-01-31 11:19 - 2021-01-31 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTG Arena
2021-01-31 11:19 - 2021-01-31 11:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTG Arena
2021-01-30 20:38 - 2021-01-20 21:56 - 019822904 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPRes.dll
2021-01-30 20:38 - 2021-01-20 21:56 - 004310336 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPEnh.exe
2021-01-30 20:38 - 2021-01-20 21:56 - 000780096 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\SynTP.sys
2021-01-30 20:38 - 2021-01-20 21:56 - 000247088 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPHelper.exe
2021-01-30 20:38 - 2021-01-20 21:55 - 004042544 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPCpl.dll
2021-01-30 20:38 - 2021-01-20 21:55 - 000831288 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2021-01-30 20:38 - 2021-01-20 21:55 - 000384304 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPEnhService.exe
2021-01-30 20:38 - 2021-01-20 21:55 - 000284976 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2021-01-30 20:38 - 2021-01-20 21:55 - 000059192 _____ (Synaptics Incorporated) C:\Windows\system32\Drivers\Smb_driver_AMDASF.sys
2021-01-21 12:01 - 2021-01-21 12:01 - 000000000 ____D C:\Users\Thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-01-21 12:01 - 2021-01-21 12:01 - 000000000 ____D C:\Users\Thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2021-01-20 11:21 - 2021-01-29 20:55 - 000002371 _____ C:\Users\Thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-01-20 11:21 - 2021-01-29 20:55 - 000002371 _____ C:\Users\Thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-01-20 11:21 - 2021-01-20 11:21 - 000000000 ____D C:\Users\Thoma\AppData\Roaming\Teams
2021-01-20 11:21 - 2021-01-20 11:21 - 000000000 ____D C:\Users\Thoma\AppData\Roaming\Teams
2021-01-20 11:20 - 2021-01-20 11:21 - 000000000 ____D C:\Users\Thoma\AppData\Local\SquirrelTemp
2021-01-20 11:20 - 2021-01-20 11:21 - 000000000 ____D C:\Users\Thoma\AppData\Local\SquirrelTemp
2021-01-20 11:20 - 2021-01-20 11:20 - 000000000 ____D C:\Program Files (x86)\Teams Installer
2021-01-20 11:19 - 2021-01-20 11:19 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-01-20 11:19 - 2021-01-20 11:19 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-01-20 11:19 - 2021-01-20 11:19 - 000002400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-01-20 11:19 - 2021-01-20 11:19 - 000002400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-01-13 20:05 - 2021-01-13 20:05 - 000696832 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2021-01-13 20:05 - 2021-01-13 20:05 - 000576512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2021-01-13 20:05 - 2021-01-13 20:05 - 000568320 _____ (Microsoft Corporation) C:\Windows\system32\PhotoScreensaver.scr
2021-01-13 20:05 - 2021-01-13 20:05 - 000555008 _____ (Microsoft Corporation) C:\Windows\system32\appwiz.cpl
2021-01-13 20:05 - 2021-01-13 20:05 - 000502784 _____ C:\Windows\system32\AssignedAccessCsp.dll
2021-01-13 20:05 - 2021-01-13 20:05 - 000500224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoScreensaver.scr
2021-01-13 20:05 - 2021-01-13 20:05 - 000455680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appwiz.cpl
2021-01-13 20:05 - 2021-01-13 20:05 - 000294912 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2021-01-13 20:05 - 2021-01-13 20:05 - 000233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2021-01-13 20:05 - 2021-01-13 20:05 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\VBICodec.ax
2021-01-13 20:05 - 2021-01-13 20:05 - 000151040 _____ C:\Windows\system32\uwfcsp.dll
2021-01-13 20:05 - 2021-01-13 20:05 - 000135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VBICodec.ax
2021-01-13 20:05 - 2021-01-13 20:05 - 000094720 _____ C:\Windows\system32\VirtualMonitorManager.dll
2021-01-13 20:05 - 2021-01-13 20:05 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2021-01-13 20:05 - 2021-01-13 20:05 - 000083968 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2021-01-13 20:05 - 2021-01-13 20:05 - 000072704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2021-01-13 20:05 - 2021-01-13 20:05 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2021-01-13 20:05 - 2021-01-13 20:05 - 000067072 _____ C:\Windows\system32\BWContextHandler.dll
2021-01-13 20:05 - 2021-01-13 20:05 - 000053248 _____ C:\Windows\SysWOW64\BWContextHandler.dll
2021-01-13 20:04 - 2021-01-13 20:04 - 001101312 _____ C:\Windows\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 20:04 - 2021-01-13 20:04 - 000458240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mmsys.cpl
2021-01-13 20:04 - 2021-01-13 20:04 - 000415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2021-01-13 20:04 - 2021-01-13 20:04 - 000331264 _____ C:\Windows\SysWOW64\ssdm.dll
2021-01-13 20:04 - 2021-01-13 20:04 - 000208896 _____ (Microsoft Corporation) C:\Windows\system32\intl.cpl
2021-01-13 20:04 - 2021-01-13 20:04 - 000208384 _____ C:\Windows\SysWOW64\HeatCore.dll
2021-01-13 20:04 - 2021-01-13 20:04 - 000184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2021-01-13 20:04 - 2021-01-13 20:04 - 000167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\intl.cpl
2021-01-13 20:04 - 2021-01-13 20:04 - 000000315 _____ C:\Windows\system32\DrtmAuth9.bin
2021-01-13 20:04 - 2021-01-13 20:04 - 000000315 _____ C:\Windows\system32\DrtmAuth8.bin
2021-01-13 20:04 - 2021-01-13 20:04 - 000000315 _____ C:\Windows\system32\DrtmAuth7.bin
2021-01-13 20:04 - 2021-01-13 20:04 - 000000315 _____ C:\Windows\system32\DrtmAuth6.bin
2021-01-13 20:04 - 2021-01-13 20:04 - 000000315 _____ C:\Windows\system32\DrtmAuth5.bin
2021-01-13 20:04 - 2021-01-13 20:04 - 000000315 _____ C:\Windows\system32\DrtmAuth4.bin
2021-01-13 20:04 - 2021-01-13 20:04 - 000000315 _____ C:\Windows\system32\DrtmAuth3.bin
2021-01-13 20:04 - 2021-01-13 20:04 - 000000315 _____ C:\Windows\system32\DrtmAuth2.bin
2021-01-13 20:04 - 2021-01-13 20:04 - 000000315 _____ C:\Windows\system32\DrtmAuth18.bin
2021-01-13 20:04 - 2021-01-13 20:04 - 000000315 _____ C:\Windows\system32\DrtmAuth17.bin
2021-01-13 20:04 - 2021-01-13 20:04 - 000000315 _____ C:\Windows\system32\DrtmAuth16.bin
2021-01-13 20:04 - 2021-01-13 20:04 - 000000315 _____ C:\Windows\system32\DrtmAuth15.bin
2021-01-13 20:04 - 2021-01-13 20:04 - 000000315 _____ C:\Windows\system32\DrtmAuth12.bin
2021-01-13 20:04 - 2021-01-13 20:04 - 000000315 _____ C:\Windows\system32\DrtmAuth11.bin
2021-01-13 20:04 - 2021-01-13 20:04 - 000000315 _____ C:\Windows\system32\DrtmAuth10.bin
2021-01-13 20:04 - 2021-01-13 20:04 - 000000315 _____ C:\Windows\system32\DrtmAuth1.bin
2021-01-13 20:03 - 2021-01-13 20:03 - 002590720 _____ C:\Windows\system32\dwmscene.dll
2021-01-13 20:03 - 2021-01-13 20:03 - 001841152 _____ C:\Windows\system32\TextInputMethodFormatter.dll
2021-01-13 20:03 - 2021-01-13 20:03 - 000549888 _____ (Microsoft Corporation) C:\Windows\system32\mmsys.cpl
2021-01-13 20:03 - 2021-01-13 20:03 - 000266752 _____ C:\Windows\system32\HeatCore.dll
2021-01-13 20:03 - 2021-01-13 20:03 - 000186368 _____ C:\Windows\system32\BthpanContextHandler.dll
2021-01-13 20:03 - 2021-01-13 20:03 - 000164864 _____ C:\Windows\system32\DataStoreCacheDumpTool.exe
2021-01-13 20:02 - 2021-01-13 20:02 - 000540672 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2021-01-13 20:02 - 2021-01-13 20:02 - 000453632 _____ C:\Windows\system32\ssdm.dll
2021-01-13 20:02 - 2021-01-13 20:02 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2021-01-13 20:02 - 2021-01-13 20:02 - 000061440 _____ C:\Windows\system32\rdsxvmaudio.dll
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-12 21:01 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-12 21:01 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-12 20:52 - 2020-02-26 11:09 - 000000000 ____D C:\ProgramData\Mozilla
2021-02-12 20:52 - 2020-02-26 11:09 - 000000000 ____D C:\ProgramData\Mozilla
2021-02-12 20:51 - 2020-02-26 11:09 - 000000000 ____D C:\Users\Thoma\AppData\LocalLow\Mozilla
2021-02-12 20:51 - 2020-02-26 11:09 - 000000000 ____D C:\Users\Thoma\AppData\LocalLow\Mozilla
2021-02-12 20:38 - 2019-04-19 05:58 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-02-12 18:21 - 2020-02-26 11:05 - 000000000 ____D C:\Users\Thoma\AppData\Local\D3DSCache
2021-02-12 18:21 - 2020-02-26 11:05 - 000000000 ____D C:\Users\Thoma\AppData\Local\D3DSCache
2021-02-12 16:26 - 2019-03-19 05:37 - 000032768 _____ C:\Windows\system32\config\ELAM
2021-02-12 16:15 - 2019-12-06 18:46 - 000745380 _____ C:\Windows\system32\perfh007.dat
2021-02-12 16:15 - 2019-12-06 18:46 - 000150668 _____ C:\Windows\system32\perfc007.dat
2021-02-12 16:15 - 2019-04-19 06:08 - 001724292 _____ C:\Windows\system32\PerfStringBackup.INI
2021-02-12 16:15 - 2019-03-19 05:50 - 000000000 ____D C:\Windows\INF
2021-02-12 16:08 - 2019-04-19 06:00 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-02-12 16:08 - 2019-03-19 05:37 - 000786432 _____ C:\Windows\system32\config\BBI
2021-02-12 16:07 - 2020-03-03 11:08 - 000000000 ____D C:\Users\Thoma\AppData\Roaming\OpenOffice Updater
2021-02-12 16:07 - 2020-03-03 11:08 - 000000000 ____D C:\Users\Thoma\AppData\Roaming\OpenOffice Updater
2021-02-12 16:02 - 2019-03-19 05:52 - 000000000 ___HD C:\Windows\ELAMBKUP
2021-02-12 15:59 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\AppReadiness
2021-02-12 11:05 - 2020-02-26 11:09 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-12 10:52 - 2020-09-18 14:23 - 000000000 ____D C:\Users\Thoma\AppData\Local\Battle.net
2021-02-12 10:52 - 2020-09-18 14:23 - 000000000 ____D C:\Users\Thoma\AppData\Local\Battle.net
2021-02-12 10:51 - 2020-09-18 14:29 - 000000000 ____D C:\Program Files (x86)\Warcraft III
2021-02-12 10:14 - 2020-02-26 11:05 - 000000000 ____D C:\Users\Thoma\AppData\Local\Packages
2021-02-12 10:14 - 2020-02-26 11:05 - 000000000 ____D C:\Users\Thoma\AppData\Local\Packages
2021-02-12 09:10 - 2020-02-26 11:12 - 000000000 ____D C:\Users\Thoma\AppData\Local\Comms
2021-02-12 09:10 - 2020-02-26 11:12 - 000000000 ____D C:\Users\Thoma\AppData\Local\Comms
2021-02-12 09:02 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\LiveKernelReports
2021-02-12 00:45 - 2019-04-19 06:00 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-02-12 00:17 - 2020-09-18 14:22 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-02-10 23:12 - 2020-09-16 10:39 - 000000000 ____D C:\Program Files (x86)\Origin
2021-02-10 23:12 - 2020-09-16 10:38 - 000000000 ____D C:\ProgramData\Origin
2021-02-10 23:12 - 2020-09-16 10:38 - 000000000 ____D C:\ProgramData\Origin
2021-02-10 21:25 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-10 21:10 - 2020-02-26 11:09 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-10 21:10 - 2020-02-26 11:09 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-10 21:08 - 2019-12-06 10:14 - 000000000 ____D C:\Program Files (x86)\McAfee
2021-02-10 18:22 - 2020-02-26 11:02 - 000000000 ____D C:\Users\Thoma
2021-02-10 09:53 - 2019-03-19 05:37 - 000000000 ____D C:\Windows\CbsTemp
2021-02-10 09:52 - 2020-02-28 01:52 - 000000000 ____D C:\Windows\system32\MRT
2021-02-10 09:51 - 2020-02-28 01:52 - 130141752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-02-09 16:56 - 2020-03-02 19:42 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-09 16:50 - 2020-03-30 07:51 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2021-02-09 16:50 - 2020-03-30 07:50 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-09 16:50 - 2020-03-30 07:50 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-08 10:47 - 2020-02-26 11:07 - 000003376 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-762242832-1656469940-355921844-1001
2021-02-08 10:47 - 2020-02-26 11:07 - 000000000 ___RD C:\Users\Thoma\OneDrive
2021-02-08 10:47 - 2020-02-26 11:07 - 000000000 ___RD C:\Users\Thoma\OneDrive
2021-02-08 10:47 - 2020-02-26 11:02 - 000002386 _____ C:\Users\Thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-08 10:47 - 2020-02-26 11:02 - 000002386 _____ C:\Users\Thoma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-06 10:05 - 2020-06-27 10:32 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-06 10:05 - 2020-06-27 10:32 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-06 10:05 - 2020-06-27 10:32 - 000002281 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-02-06 10:05 - 2020-06-27 10:32 - 000002281 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-02-05 19:20 - 2020-06-27 10:31 - 000003700 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-05 19:20 - 2020-06-27 10:31 - 000003576 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-03 15:58 - 2020-05-08 13:11 - 000000000 ____D C:\Users\Thoma\AppData\Local\ElevatedDiagnostics
2021-02-03 15:58 - 2020-05-08 13:11 - 000000000 ____D C:\Users\Thoma\AppData\Local\ElevatedDiagnostics
2021-02-02 21:08 - 2019-12-06 09:59 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-01 10:19 - 2019-12-06 10:14 - 000000000 ____D C:\Windows\system32\Tasks\McAfee
2021-01-30 12:32 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\ServiceState
2021-01-22 13:03 - 2020-06-26 12:13 - 000799104 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2021-01-21 12:01 - 2020-04-29 13:22 - 000000000 ____D C:\Users\Thoma\AppData\Roaming\Zoom
2021-01-21 12:01 - 2020-04-29 13:22 - 000000000 ____D C:\Users\Thoma\AppData\Roaming\Zoom
2021-01-20 11:40 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\Registration
2021-01-20 11:22 - 2020-02-26 11:05 - 000000000 ____D C:\Users\Thoma\AppData\Local\ConnectedDevicesPlatform
2021-01-20 11:22 - 2020-02-26 11:05 - 000000000 ____D C:\Users\Thoma\AppData\Local\ConnectedDevicesPlatform
2021-01-20 11:19 - 2020-03-07 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-20 11:19 - 2020-03-07 09:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-18 15:59 - 2020-04-22 00:33 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\My Games
2021-01-18 15:59 - 2020-04-22 00:33 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\My Games
2021-01-18 11:04 - 2020-11-27 11:30 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Endless Space 2
2021-01-18 11:04 - 2020-11-27 11:30 - 000000000 ____D C:\Users\Thoma\OneDrive\Dokumente\Endless Space 2
2021-01-14 09:47 - 2020-02-26 11:05 - 000000000 ___RD C:\Users\Thoma\3D Objects
2021-01-14 09:47 - 2020-02-26 11:05 - 000000000 ___RD C:\Users\Thoma\3D Objects
2021-01-14 09:47 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2021-01-14 09:46 - 2019-04-19 05:58 - 000467552 _____ C:\Windows\system32\FNTCACHE.DAT
2021-01-13 23:05 - 2019-12-06 18:44 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-01-13 23:05 - 2019-03-19 07:20 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 23:05 - 2019-03-19 07:20 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\SysWOW64\F12
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\system32\UNP
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\system32\F12
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ___RD C:\Windows\PrintDialog
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\Com
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\SystemResources
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\setup
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\oobe
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\migwiz
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\Dism
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\Com
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\system32\AdvancedInstallers
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\ShellExperiences
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\ShellComponents
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\Provisioning
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\IME
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Windows\bcastdvr
2021-01-13 23:05 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 20:02 - 2019-04-19 06:03 - 002877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2021-02-12 09:27 - 2021-02-12 09:27 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\Thoma\AppData\Roaming\Thoma.exe
2021-02-12 17:00 - 2021-02-12 17:06 - 000007597 _____ () C:\Users\Thoma\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ======================== und hier die Addition: Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-02-2021
durchgeführt von Thoma (12-02-2021 21:01:31)
Gestartet von C:\Users\Thoma\OneDrive\Desktop
Windows 10 Pro Version 1909 18363.1316 (X64) (2020-02-26 16:53:24)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-762242832-1656469940-355921844-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-762242832-1656469940-355921844-503 - Limited - Disabled)
Gast (S-1-5-21-762242832-1656469940-355921844-501 - Limited - Disabled)
Thoma (S-1-5-21-762242832-1656469940-355921844-1001 - Administrator - Enabled) => C:\Users\Thoma
WDAGUtilityAccount (S-1-5-21-762242832-1656469940-355921844-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {9D4501E6-72F6-2877-C789-89AF6F535B2C}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
FW: McAfee Firewall (Disabled) {A57E80C3-3899-292F-ECD6-209A91801C57}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.001.20135 - Adobe Systems Incorporated)
Adobe Flash Player 32 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 32.0.0.330 - Adobe)
Ashampoo Slideshow Studio 2019 (HKLM-x32\...\{91B33C97-4A4D-A9FD-B59A-1256B60F3665}_is1) (Version: 1.4.0 - Ashampoo GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.12 - Electronic Arts)
GIMP 2.10.18 (HKLM\...\GIMP-2_is1) (Version: 2.10.18 - The GIMP Team)
LAV Filters 0.63.0 (HKLM-x32\...\lavfilters_is1) (Version: 0.63.0 - Hendrik Leppkes)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0 R25 - McAfee, LLC.)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.13628.20274 - Microsoft Corporation)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.13628.20274 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.63 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft OneDrive (HKU\S-1-5-21-762242832-1656469940-355921844-1001\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-762242832-1656469940-355921844-1001\...\Teams) (Version: 1.3.00.34662 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.26.28720 (HKLM-x32\...\{7d607fb4-7e28-4c7a-a92f-3fcdaf555faf}) (Version: 14.26.28720.3 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25008 (HKLM-x32\...\{c239cea1-d49e-4e16-8e87-8c055765f7ec}) (Version: 14.10.25008.0 - Microsoft Corporation)
Might and Magic Heroes VII (HKLM-x32\...\Uplay Install 1176) (Version: - Ubisoft)
Mozilla Firefox 85.0.2 (x64 de) (HKLM\...\Mozilla Firefox 85.0.2 (x64 de)) (Version: 85.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 73.0.1 - Mozilla)
MTG Arena (HKLM\...\{9A330D3A-2883-4735-9659-C778942A5F05}) (Version: 0.1.3372 - Wizards of the Coast)
NordVPN (HKLM-x32\...\{D50EFE85-BA30-4E86-A181-50F6694005A5}) (Version: 6.30.10 - NordVPN) Hidden
NordVPN (HKLM-x32\...\NordVPN 6.30.10) (Version: 6.30.10 - NordVPN)
NordVPN network TAP (HKLM-x32\...\{97DEC5D6-2BE9-45BB-BFC5-274B851B486B}) (Version: 1.0.1 - NordVPN)
NordVPN network TUN (HKLM\...\{77DA107A-7AE4-497D-A84A-B143C3A21676}) (Version: 1.0.0 - NordVPN)
NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
OpenOffice 4.1.7 (HKLM-x32\...\{81D7585D-3E44-4984-B99B-911492419D3E}) (Version: 4.17.9800 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 10.5.92.46430 - Electronic Arts, Inc.)
Paradox Launcher v2 (HKLM\...\{A8D4AE16-519B-409D-B5B4-2647C06805AD}) (Version: 2.0.3.0 - Paradox Interactive)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
RogueKiller Version 14.8.4.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 14.8.4.0 - Adlice Software)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.28779 - Microsoft Corporation)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 113.0 - Ubisoft)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - Blizzard Entertainment)
WinRAR 5.80 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.80.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-762242832-1656469940-355921844-1001\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.)
Packages:
=========
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.40016.0_x64__0a9344xs7nr4m [2020-06-20] (Advanced Micro Devices Inc.)
Dolby Audio Premium -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudioPremium_3.20500.501.0_x64__rz1tebttyb220 [2020-09-07] (Dolby Laboratories)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.53.2.0_x86__kgqvnymyfvs32 [2021-02-10] (king.com)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2101.29.0_x64__k1h2ywk1493x8 [2021-01-25] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-02-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-02-28] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-02] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.37.4392.0_x64__8wekyb3d8bbwe [2021-02-10] (Microsoft Corporation) [Startup Task]
MPEG-2-Videoerweiterung -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.22661.0_x64__8wekyb3d8bbwe [2020-02-28] (Microsoft Corporation)
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2020-03-30] (Adobe Systems Incorporated)
SmartAudio 3 -> C:\Program Files\WindowsApps\22094SynapticsIncorporate.SmartAudio3_1.0.83.0_x64__qt57b6kdvhcfw [2020-07-13] (Synaptics Hong Kong Limited, Taiwan Branch (H.K.))
Synaptics TouchPad Control Panel -> C:\Program Files\WindowsApps\SynapticsIncorporated.SynapticsControlPanel_19005.19068.0.0_x64__807d65c4rvak2 [2020-12-25] (Synaptics Incorporated)
Synaptics Trackpoint Control Panel -> C:\Program Files\WindowsApps\SynapticsIncorporated.241916F58D6E7_19005.19068.0.0_x64__807d65c4rvak2 [2020-12-25] (Synaptics Incorporated)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.7.0_x86__xpfg3f7e9an52 [2021-01-20] (New Work SE)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-762242832-1656469940-355921844-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Thoma\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-762242832-1656469940-355921844-1001_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Thoma\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20244.4\x64\Microsoft.Teams.AddinLoader.dll => Keine Datei
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-04-18] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-12] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => C:\Program Files\McAfee\MSC\McCtxMenuFrmWrk.dll [2020-04-18] (McAfee, LLC -> McAfee, LLC)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2019-12-05] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2020-02-26 18:15 - 2020-02-26 18:15 - 000710656 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\XINGAG.XING_4.0.7.0_x86__xpfg3f7e9an52\e_sqlite3.dll
2021-01-20 08:55 - 2021-01-20 08:55 - 038125568 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\XINGAG.XING_4.0.7.0_x86__xpfg3f7e9an52\Xing.UWP.dll
2020-02-28 01:53 - 2020-02-28 01:53 - 001370112 _____ (Conexant Systems LLC.) [Datei ist nicht signiert] C:\Program Files\WindowsApps\22094SynapticsIncorporate.SmartAudio3_1.0.83.0_x64__qt57b6kdvhcfw\SA3\CxHDAudioAPI.dll
2019-12-06 10:28 - 2019-12-06 10:28 - 001460224 _____ (Robert Simpson, et al.) [Datei ist nicht signiert] C:\Program Files\WindowsApps\22094SynapticsIncorporate.SmartAudio3_1.0.83.0_x64__qt57b6kdvhcfw\Flow\Flow1\x64\SQLite.Interop.dll
2020-12-22 14:01 - 2020-05-30 14:58 - 001280000 _____ (Robert Simpson, et al.) [Datei ist nicht signiert] C:\ProgramData\Lenovo\iMController\Plugins\GenericMessagingPlugin\x86\x86\SQLite.Interop.dll
2020-06-19 16:22 - 2020-04-09 08:17 - 000944840 _____ (SQLite Development Team) [Datei ist nicht signiert] C:\ProgramData\Lenovo\iMController\Plugins\LenovoWiFiSecurityPlugin\x86\x86\e_sqlite3.dll
2020-09-30 10:26 - 2020-09-16 10:39 - 001282048 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\LIBEAY32.dll
2020-09-30 10:26 - 2020-09-16 10:39 - 000279040 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\ssleay32.dll
2020-09-30 10:26 - 2020-09-16 10:39 - 001611264 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\platforms\qwindows.dll
2021-02-10 23:12 - 2020-09-16 10:39 - 005487104 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Core.dll
2021-02-10 23:12 - 2020-09-16 10:39 - 005841920 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Gui.dll
2021-02-10 23:12 - 2020-09-16 10:39 - 001179136 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Network.dll
2021-02-10 23:12 - 2020-09-16 10:39 - 000146432 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5WebSockets.dll
2021-02-10 23:12 - 2020-09-16 10:39 - 005089792 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Widgets.dll
2021-02-10 23:12 - 2020-09-16 10:39 - 000184832 _____ (The Qt Company Ltd) [Datei ist nicht signiert] C:\Program Files (x86)\Origin\Qt5Xml.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ModuleCoreService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ModuleCoreService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKU\S-1-5-21-762242832-1656469940-355921844-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?pc=LCTE
HKU\S-1-5-21-762242832-1656469940-355921844-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKLM -> DefaultScope {0818BC2E-3CBD-4D06-AC9B-9AC7DB7B46A7} URL =
SearchScopes: HKU\S-1-5-21-762242832-1656469940-355921844-1001 -> DefaultScope {0818BC2E-3CBD-4D06-AC9B-9AC7DB7B46A7} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll [2020-04-18] (McAfee, LLC -> McAfee, LLC)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2020-04-18] (McAfee, LLC -> McAfee, LLC)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-762242832-1656469940-355921844-1001\...\sharepoint.com -> hxxps://bwedu-files.sharepoint.com
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-762242832-1656469940-355921844-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Thoma\Downloads\Smoking-Amy.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKU\S-1-5-21-762242832-1656469940-355921844-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-762242832-1656469940-355921844-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-762242832-1656469940-355921844-1001\...\StartupApproved\Run: => "NordVPN"
HKU\S-1-5-21-762242832-1656469940-355921844-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{A9848A05-46A9-4433-B8B0-A17E1D816C4E}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{50EF8A15-C4C4-4F02-A6EC-FCE901D88084}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{59B0F093-9199-447C-9F06-A15A9302AA2B}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, LLC -> McAfee, LLC)
FirewallRules: [{46DE2C73-9567-43F3-AF9F-7D2CB155EE1E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9E7B471C-C7D5-4285-B7EE-5524ECF803A8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{06D032B6-DA2A-49F1-9FE4-DCD163046998}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{F50C618C-052E-4E06-A5A7-75D3F4123AE0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve -> Valve Corporation)
FirewallRules: [{7453A39F-7D98-4A26-9A6E-5CE571B49A15}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Keine Datei
FirewallRules: [{454D2D39-0D21-4E3F-9647-61273E95B05D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe => Keine Datei
FirewallRules: [{10DF0FE4-B83C-4BF9-BF50-0ACA01EAB8C4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pharaoh + Cleopatra\Pharaoh.exe (Sierra) [Datei ist nicht signiert]
FirewallRules: [{E290474C-4128-4286-8CD2-77C7E8ED9525}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pharaoh + Cleopatra\Pharaoh.exe (Sierra) [Datei ist nicht signiert]
FirewallRules: [{505946C1-57FC-4022-9AC6-3DFEC31EF5F2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ImperatorRome\launcher\Paradox Launcher.exe => Keine Datei
FirewallRules: [{54E46CBB-901F-42C4-A57F-DE24718F0F60}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ImperatorRome\launcher\Paradox Launcher.exe => Keine Datei
FirewallRules: [{61EB5257-DFF4-4259-9E97-AE885BF01277}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wesnoth\wesnoth.exe (The Battle for Wesnoth Project) [Datei ist nicht signiert]
FirewallRules: [{12FA94EE-1A56-47C3-AE60-C0777BFDC751}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\wesnoth\wesnoth.exe (The Battle for Wesnoth Project) [Datei ist nicht signiert]
FirewallRules: [{44FE95DC-6C99-4F51-BA00-0B6A9C5841ED}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{984BC0CF-BA65-4CD6-A223-B97E733E37C7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve -> Valve Corporation)
FirewallRules: [{785A2EDB-78C8-40F0-BF96-268930038F33}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe => Keine Datei
FirewallRules: [{A2C647A8-A743-4CE4-B17B-49EAE8CED75F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ImperatorRome\launcher\dowser.exe => Keine Datei
FirewallRules: [{F7335BA9-33C9-4EE9-B362-4655EE2F92B2}] => (Allow) C:\Users\Thoma\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{776D4879-DFF5-426C-9C64-3DB80AC55094}] => (Allow) C:\Users\Thoma\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{91323A7F-596F-4D4E-A459-F02AB2EC5778}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen 3\system\Risen3.exe => Keine Datei
FirewallRules: [{83907643-8E2F-4321-AA62-86108C41E0C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Risen 3\system\Risen3.exe => Keine Datei
FirewallRules: [TCP Query User{C61850F8-AF15-443E-AC0D-50E6365772EC}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [UDP Query User{98486156-B34F-4CBA-9D69-BA3F1D659DF0}C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\total war rome ii\rome2.exe (The Creative Assembly Limited -> The Creative Assembly Ltd)
FirewallRules: [TCP Query User{84DE27FD-7050-4F07-ABCB-5D53E72F4B84}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [UDP Query User{C0C611CE-F00E-49E7-B9B1-89FA7E5164C0}C:\program files\wizards of the coast\mtga\mtga.exe] => (Allow) C:\program files\wizards of the coast\mtga\mtga.exe (Wizards of the Coast, LLC -> )
FirewallRules: [{DE52D6DC-9C12-4D3E-BCF6-6223FD2F0111}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan Universe\CatanUniverse.exe () [Datei ist nicht signiert]
FirewallRules: [{DEA15DE7-BD7D-4E0F-8373-056278BF4D59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Catan Universe\CatanUniverse.exe () [Datei ist nicht signiert]
FirewallRules: [{189C2D59-649F-40E6-9FB6-C125BB75764E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{406F0D47-6765-46EA-8580-719532ACE1C6}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{578E4D18-D87C-4398-8874-CF8FE415BF9B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{F2DADB58-F6DA-49D3-A823-41A445522FFB}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{15571332-E0E9-4F3C-96D3-A9D6C376D581}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe (Electronic Arts -> EA Digital Illusions CE AB)
FirewallRules: [{534314CB-F1BD-49F9-B529-7652623D926D}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield Bad Company 2\BFBC2Game.exe (Electronic Arts -> EA Digital Illusions CE AB)
FirewallRules: [{FF2DCF18-1B53-43EE-8D2C-BC86B259BD66}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe => Keine Datei
FirewallRules: [{336F2458-B9A8-46E5-A20A-CEAE97D9BA78}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe => Keine Datei
FirewallRules: [{5254599C-0E9B-4849-BBC2-47A1D68450E2}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe => Keine Datei
FirewallRules: [{694F30AC-9725-4676-A761-9205F3A698D7}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe => Keine Datei
FirewallRules: [{D9199524-3289-4976-8446-4871712DF374}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [{E3A3D695-DF80-4523-BF25-B9539D1C7EBD}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe (Electronic Arts -> Electronic Arts)
FirewallRules: [TCP Query User{20C01ECA-2376-4ABF-86DB-1508093D16FA}C:\program files (x86)\warcraft iii\_retail_\x86_64\warcraft iii.exe] => (Block) C:\program files (x86)\warcraft iii\_retail_\x86_64\warcraft iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc)
FirewallRules: [UDP Query User{84AB4D69-F1A1-4F4D-98E7-0EFFC561BC5F}C:\program files (x86)\warcraft iii\_retail_\x86_64\warcraft iii.exe] => (Block) C:\program files (x86)\warcraft iii\_retail_\x86_64\warcraft iii.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc)
FirewallRules: [TCP Query User{EB5DA1FE-5AF9-4724-B5A0-6046A12701C9}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{20F583C3-8F8E-4131-A388-4ED59CAD5106}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{829928C1-8279-44DE-816A-0FDE44DEC074}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\game\bin\win64\dota2.exe => Keine Datei
FirewallRules: [{911EB3A9-0AB4-4440-A119-C283E6F51B77}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 test\game\bin\win64\dota2.exe => Keine Datei
FirewallRules: [{017DAD65-C6D3-403B-BDEC-93D14FE19B28}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Might and Magic Heroes VII\Binaries\Win32\MMH7Game-Win32-Shipping.exe => Keine Datei
FirewallRules: [{845CF9A1-40C9-4021-886A-CB5FE3274446}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Might and Magic Heroes VII\Binaries\Win64\MMH7Game-Win64-Shipping.exe (Limbic Entertainment GmbH -> Ubisoft, Inc.)
FirewallRules: [{78D88F85-E67E-4AF6-9153-90B00ADAADFB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ICBM\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{0F23AE52-9741-49B3-9C76-0FE35EB37C7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ICBM\Launcher.exe (Slitherine Software UK Limited -> Slitherine Ltd.)
FirewallRules: [{BD9853B7-A631-417A-B389-597E650DFCDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme.exe (Disney Interactive Studios Inc -> )
FirewallRules: [{4842A385-4E65-4E1C-8AEE-1B43FA20DCAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme.exe (Disney Interactive Studios Inc -> )
FirewallRules: [{8BBA1426-2428-4961-BC12-B86D22F5651D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme2.exe (Disney Interactive Studios Inc -> )
FirewallRules: [{AFB899F8-D9B6-4A88-8BD4-E1599B5D5BB9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Star Wars Empire at War\runme2.exe (Disney Interactive Studios Inc -> )
FirewallRules: [{B248DBD9-79F5-4B55-BB0E-C4F3B1A2BF50}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{85953656-EC75-42D8-ADA6-836B14A2848F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => Keine Datei
FirewallRules: [{C4854D7F-2D3F-4F0F-AB48-78AA4D8E5DCE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization VI\LaunchPad\LaunchPad.exe => Keine Datei
FirewallRules: [{5B9CF07F-511E-4A6F-A046-41EC446CA286}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B0E9FFCA-27BE-4CF7-9CB2-50321F73063D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E5B95CCE-3329-4EE8-A34E-D85CF18AD391}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C39F0F5F-4846-48DC-92F3-4962BE85BB7D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{62AEA891-78F8-4562-B3CC-45DEC3B330A4}C:\users\thoma\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\thoma\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{AB1AE384-816F-4529-BA70-945818CF754E}C:\users\thoma\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\thoma\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{417AD5EB-8D55-42D9-B29F-A1397827D116}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{40A94009-5AF4-43E6-A718-2BA7AC17E2A0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4F2A3525-F464-4F08-9704-7965F8872196}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{79D3B313-7D4F-4ADF-B556-49BC80758747}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7206FB48-1D08-4BEE-8896-58D49EB99406}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
FirewallRules: [{824FABC0-B1D6-4788-AD4F-B5DC6CA3F6DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Total War Rome II\launcher\launcher.exe (The Creative Assembly Limited -> Creative Assembly Ltd)
==================== Wiederherstellungspunkte =========================
12-02-2021 17:15:35 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (02/12/2021 04:02:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 85.0.2.7709, Zeitstempel: 0x60215287
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005649e
ID des fehlerhaften Prozesses: 0x1c5c
Startzeit der fehlerhaften Anwendung: 0x01d7015015b15c25
Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 899b8ce0-3c7b-4681-80aa-2440a94b3824
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/12/2021 11:07:54 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 85.0.2.7709, Zeitstempel: 0x60215287
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005649e
ID des fehlerhaften Prozesses: 0x1ee0
Startzeit der fehlerhaften Anwendung: 0x01d70126ee248b91
Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: 31619dc7-44e9-4510-80c4-f1d1522b8031
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/12/2021 10:50:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bad_module_info, Version: 0.0.0.0, Zeitstempel: 0x00000000
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00007ffb9095cb54
ID des fehlerhaften Prozesses: 0x38c4
Startzeit der fehlerhaften Anwendung: 0x01d701246e9a4c4f
Pfad der fehlerhaften Anwendung: bad_module_info
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: b7e08e25-dabd-40ef-916b-31cb55ef42f4
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/10/2021 06:22:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Error: (02/10/2021 06:22:00 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (02/09/2021 06:35:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: RuntimeBroker.exe, Version: 10.0.18362.1316, Zeitstempel: 0xc5608d75
Name des fehlerhaften Moduls: windows.storage.dll, Version: 10.0.18362.1316, Zeitstempel: 0x6069e123
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000121d55
ID des fehlerhaften Prozesses: 0x3594
Startzeit der fehlerhaften Anwendung: 0x01d6ff09fe4e516b
Pfad der fehlerhaften Anwendung: C:\Windows\System32\RuntimeBroker.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\windows.storage.dll
Berichtskennung: 5e619b79-d48f-4d59-b43b-da226c71f1fc
Vollständiger Name des fehlerhaften Pakets: Microsoft.OneConnect_5.2011.3081.0_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: runtimebroker07f4358a809ac99a64a67c1
Error: (02/08/2021 11:57:08 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Error: (02/08/2021 11:57:08 AM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Systemfehler:
=============
Error: (02/12/2021 08:49:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OGLLRTL)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/12/2021 06:14:58 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OGLLRTL)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/12/2021 06:09:31 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OGLLRTL)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/12/2021 06:08:21 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{924DC564-16A6-42EB-929A-9A61FA7DA06F}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/12/2021 06:08:21 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{924DC564-16A6-42EB-929A-9A61FA7DA06F}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/12/2021 06:08:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OGLLRTL)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/12/2021 05:32:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OGLLRTL)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/12/2021 04:29:00 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OGLLRTL)
Description: Der Server "Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Windows Defender:
=================
Date: 2021-02-12 16:11:02.818
Description:
Die Windows Defender Antivirus-�berpr�fung wurde vor ihrem Abschluss beendet.
�berpr�fungs-ID: {803E026B-48FB-4C08-853A-18A12FD14E20}
�berpr�fungstyp: Antimalware
�berpr�fungsparameter: Schnell�berpr�fung
Benutzer: DESKTOP-OGLLRTL\Thoma
Date: 2021-02-12 15:46:21.244
Description:
Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerw�nschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Schwerwiegend
Kategorie: Trojaner - Dropper
Pfad: file:_C:\Users\Thoma\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-OGLLRTL\Thoma
Prozessname: C:\Users\Thoma\AppData\Roaming\Thoma.exe
Sicherheitsversion: AV: 1.331.782.0, AS: 1.331.782.0, NIS: 1.331.782.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-02-12 11:06:39.292
Description:
Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerw�nschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Schwerwiegend
Kategorie: Trojaner - Dropper
Pfad: file:_C:\Users\Thoma\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-OGLLRTL\Thoma
Prozessname: C:\Users\Thoma\AppData\Roaming\Thoma.exe
Sicherheitsversion: AV: 1.331.782.0, AS: 1.331.782.0, NIS: 1.331.782.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-02-12 10:54:10.525
Description:
Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerw�nschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Schwerwiegend
Kategorie: Trojaner - Dropper
Pfad: file:_C:\Users\Thoma\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-OGLLRTL\Thoma
Prozessname: C:\Users\Thoma\AppData\Roaming\Thoma.exe
Sicherheitsversion: AV: 1.331.782.0, AS: 1.331.782.0, NIS: 1.331.782.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-02-12 09:28:22.453
Description:
Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerw�nschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Schwerwiegend
Kategorie: Trojaner - Dropper
Pfad: file:_C:\Users\Thoma\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-OGLLRTL\Thoma
Prozessname: C:\Users\Thoma\AppData\Roaming\Thoma.exe
Sicherheitsversion: AV: 1.331.782.0, AS: 1.331.782.0, NIS: 1.331.782.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
CodeIntegrity:
=================
Date: 2021-02-12 20:14:59.263
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-02-12 20:14:59.255
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-02-12 20:14:59.230
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-02-12 20:14:59.217
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-02-12 20:14:59.209
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-02-12 20:14:59.188
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-02-12 20:14:59.175
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2021-02-12 20:14:59.165
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\McAfee\MfeAV\AMSIExt.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
BIOS: LENOVO R11ET30W (1.10 ) 10/11/2019
Hauptplatine: LENOVO 20NE000JGE
Prozessor: AMD Ryzen 5 3500U with Radeon Vega Mobile Gfx
Prozentuale Nutzung des RAM: 83%
Installierter physikalischer RAM: 6021.74 MB
Verfügbarer physikalischer RAM: 1013.55 MB
Summe virtueller Speicher: 7996.32 MB
Verfügbarer virtueller Speicher: 1377.46 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:237.23 GB) (Free:1.06 GB) NTFS
\\?\Volume{afef1342-b8a8-41cf-a95a-9c2764e10019}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.35 GB) NTFS
\\?\Volume{91f36f23-4c2a-4a78-b3de-f08c5230f659}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: DADC400C)
Partition: GPT.
==================== Ende von Addition.txt ======================= hier der log von malwarebytes Code:
Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Datum des Schutzereignisses: 12.02.21
Uhrzeit des Schutzereignisses: 16:04
Protokolldatei: 9420cf6a-6d43-11eb-9cf0-f875a4431c99.json
-Softwaredaten-
Version: 4.3.0.98
Komponentenversion: 1.0.1173
Version des Aktualisierungspakets: 1.0.37017
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 18362.1316)
CPU: x64
Dateisystem: NTFS
Benutzer: System
-Einzelheiten zu blockierten Websites-
Bösartige Website: 1
, C:\Users\Thoma\AppData\Roaming\Thoma.exe, Blockiert, -1, -1, 0.0.0, ,
-Website-Daten-
Kategorie: Trojaner
Domäne:
IP-Adresse: 95.153.31.8
Port: 443
Typ: Ausgehend
Datei: C:\Users\Thoma\AppData\Roaming\Thoma.exe
(end) Code:
Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Datum des Schutzereignisses: 12.02.21
Uhrzeit des Schutzereignisses: 16:04
Protokolldatei: 9420cf6a-6d43-11eb-9cf0-f875a4431c99.json
-Softwaredaten-
Version: 4.3.0.98
Komponentenversion: 1.0.1173
Version des Aktualisierungspakets: 1.0.37017
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 18362.1316)
CPU: x64
Dateisystem: NTFS
Benutzer: System
-Einzelheiten zu blockierten Websites-
Bösartige Website: 1
, C:\Users\Thoma\AppData\Roaming\Thoma.exe, Blockiert, -1, -1, 0.0.0, ,
-Website-Daten-
Kategorie: Trojaner
Domäne:
IP-Adresse: 95.153.31.8
Port: 443
Typ: Ausgehend
Datei: C:\Users\Thoma\AppData\Roaming\Thoma.exe
(end) schonmal vielen dank für das Anschauen! Danke, danke, danke sehr! |