Windows Security Stopped Working

Collapse
X
Collapse
 
  • Page of 3
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • Urenis
    PCHF Member
    • Feb 2024
    • 14
    #1

    Windows Security Stopped Working

    [ATTACH type=“full” alt=“Windows_Security.png”]13445[/ATTACH]
    when i want to open windows security it stays like this until it closes eventually. I don’t know since when and why this happened.

    thanks for your help!

    in order to this post the FRST and Addition file is included.
    Forums - PC Help Forum
    https://pchelpforum.net/t/prework-please-read-before-posting.11235/#post-11788
    PCHF Forums


    FRST:

    Code:
    Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
durchgeführt von eiko- (Administrator) auf DESKTOP-OSDJ7D2 (Micro-Star International Co., Ltd. MS-7B85) (28-02-2024 16:50:32)
Gestartet von C:\Users\eiko-\Desktop\FRST64.exe
Geladene Profile: eiko-
Plattform: Microsoft Windows 11 Home Version 23H2 22631.3155 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(A-Volute SAS → A-Volute) C:\Users\eiko-\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe
(C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc → Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc → Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.CropAndLock.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe
(cmd.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(D:\Programme\Dragon Center\APP_Dragon_Center_Keeper.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → MSI) D:\Programme\Dragon Center\CC_Engine_x64.exe
(explorer.exe ->) (Google LLC → Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(explorer.exe ->) (Logitech Inc → Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe
(Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe
(NVIDIA Corporation → Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Oracle America, Inc. → Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe
(services.exe ->) (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH) C:\Program Files (x86)\3S CODESYS\GatewayPLC\ServiceControl.exe
(services.exe ->) (520D4CDF-A287-4423-AB88-D88CCF7E866D → ) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAccount_1.23.12130.0_x64__3c1yjt4zspk6g\SAService\SAService.exe
(services.exe ->) (Adobe Inc. → Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (A-Volute SAS → Nahimic) C:\Windows\System32\NahimicService.exe
(services.exe ->) (Corsair Memory, Inc. → Corsair Memory, Inc.) D:\Programme\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(services.exe ->) (geek software GmbH → geek software GmbH) D:\Programme\PDF24\pdf24.exe
(services.exe ->) (HP Inc. → HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\msiexec.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star Int’l Co., Ltd.) D:\Programme\Dragon Center\DragonCenter_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star INT’L CO., LTD.) D:\Programme\Dragon Center\Mystic_Light\LightKeeperService.exe
(services.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 → ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2407.10.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows → ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.170.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star Int’l Co., Ltd.) D:\Programme\Dragon Center\APP_Dragon_Center_Keeper.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star Int’l Co., Ltd.) D:\Programme\Dragon Center\Mystic_Light\LEDKeeper2.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star INT’L CO., LTD.) D:\Programme\Dragon Center\StorageMonitor\StorageMonitor.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1668000 2021-06-09] (Logitech Inc → Logitech, Inc.)
HKLM...\Run: [PDF24] => D:\Programme\PDF24\pdf24.exe [613560 2022-11-30] (geek software GmbH → geek software GmbH)
HKLM...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher → Logitech)
HKLM-x32...\Run: [CORSAIR iCUE Software] => D:\Programme\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [405032 2019-12-21] (Corsair Memory, Inc. → Corsair Memory, Inc.)
HKLM-x32...\Run: [GatewaySysTray] => C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewaySysTray.exe [690456 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
HKLM-x32...\Run: [CODESYSControlSysTray] => C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlSysTray.exe [509216 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [750680 2023-12-19] (Oracle America, Inc. → Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [Steam] => D:\Programme\Steam\steam.exe [4388200 2024-01-13] (Valve Corp. → Valve Corporation)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [Discord] => C:\Users\eiko-\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. → GitHub)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [Overwolf] => D:\Programme\Overwolf\OverwolfLauncher.exe [1785864 2024-01-07] (Overwolf Ltd → Overwolf Ltd.)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [com.squirrel.Teams.Teams] => C:\Users\eiko-\AppData\Local\Microsoft\Teams\Update.exe [2591080 2023-12-17] (Microsoft 3rd Party Application Component → Microsoft Corporation)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [MicrosoftEdgeAutoLaunch_322C183E72E821C8032805843FDA8DCC] => “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe” --no-startup-window --win-session-start [4060728 2024-02-27] (Microsoft Corporation → Microsoft Corporation)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [70912472 2023-11-16] (Riot Games, Inc. → Riot Games, Inc.)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37180368 2023-12-11] (Epic Games Inc. → Epic Games, Inc.)
HKLM...\Print\Monitors\Canon BJ FAX Language Monitor TR8500 series: C:\Windows\system32\CNCALDL.DLL [254464 2019-01-28] (CANON INC.) [Datei ist nicht signiert]
HKLM...\Print\Monitors\Canon BJ Language Monitor TR8500 series: C:\Windows\system32\CNMLMDL.DLL [1302016 2019-01-10] (CANON INC.) [Datei ist nicht signiert]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files (x86)\Google\Chrome\Application\121.0.6167.189\Installer\chrmstp.exe [2024-02-25] (Google LLC → Google LLC)
HKLM\Software...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] → 
Startup: C:\Users\eiko-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2023-12-10]
ShortcutTarget: An OneNote senden.lnk → C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation → Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2023-05-22]
ShortcutTarget: CodeMeter Control Center.lnk → C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {FFE2FE1B-1C7C-4F94-B919-456BF6851F68} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. → Adobe Inc.)
Task: {4D56D740-F8FB-4DEF-B3F8-F64A144EC9D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-07] (Google LLC → Google LLC)
Task: {8815457D-F870-4FB9-8D26-51F492C61D7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-07] (Google LLC → Google LLC)
Task: {3B3465EA-B5AC-4D3E-B4CF-3715683C8BB0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23570432 2023-12-21] (Microsoft Corporation → Microsoft Corporation)
Task: {8FBD0F0E-C069-42BC-AB61-E4FD57858237} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23570432 2023-12-21] (Microsoft Corporation → Microsoft Corporation)
Task: {B499D912-AA39-4222-8CFA-EADA075E98DD} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209384 2024-01-13] (Microsoft Corporation → Microsoft Corporation)
Task: {C39BA31E-FC4D-4D07-A34F-58235B684FDA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209384 2024-01-13] (Microsoft Corporation → Microsoft Corporation)
Task: {8FC172F6-839D-4027-BBDE-4A89EB1301DE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513936 2024-01-13] (Microsoft Corporation → Microsoft Corporation)
Task: {BAE5AB5A-F185-4135-AD9D-097BF0F2CA22} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513936 2024-01-13] (Microsoft Corporation → Microsoft Corporation)
Task: {ED229EC7-51A0-4F98-8F03-603ECEB2184E} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\Schedule created by enrollment client to reattest client certificate => C:\WINDOWS\system32\deviceenroller.exe [516096 2024-02-14] (Microsoft Windows → Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Keine Datei)
Task: {99CB8C5D-3532-4F20-B85D-C54AF74C2EEA} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (Keine Datei)
Task: {5E998215-860E-411F-AC35-509DEA2083D6} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (Keine Datei)
Task: {CF6B2F35-9B4E-4CCC-AA88-460AE566CE43} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (Keine Datei)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
Task: {EFC003FD-C225-4E23-945C-7E84FD4E9554} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation → NVIDIA Corporation) → -d “C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck” -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {083D83A3-86B5-437E-BC21-E0CC35ACD65E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation → NVIDIA Corporation) → -d “C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck” -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {C60A0C92-E529-4A55-AA72-235D1AFBCA65} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-09] (NVIDIA Corporation → NVIDIA Corporation)
Task: {C2B2716D-476E-4B58-8A59-A18A77583588} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {CF9F5784-F165-4D6E-876F-A22475E89024} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {A6BB91CC-4F56-4B61-837F-A1AD7B9D49EF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {C2685297-C323-45CD-AA50-DCCE92F349E1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {6FB59C07-AF87-4EFC-9B03-68C8341BFA48} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {C0FF1705-9D3E-48A8-B840-7101B8E4D3BD} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {99CE4BA9-7C1E-4F0D-8CAF-E34C95AEA6D8} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {2F35FD26-5AB7-4952-B1E0-E558B0733762} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2641928 2024-01-07] (Overwolf Ltd → Overwolf LTD)
Task: {5967D93A-9F3E-4547-A3D4-44C5253ED619} - System32\Tasks\PowerToys\Autorun for eiko- => C:\Program Files\PowerToys\PowerToys.exe [1216544 2024-01-05] (Microsoft Corporation → Microsoft Corporation)
Task: {3DB13C74-DE6C-470B-9460-AB7A523FB569} - System32\Tasks\VLC Plus Player Updater => C:\Users\eiko-\AppData\Local\VLC → Plus Player Updater\Updater.exe <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip..\Interfaces{3a305b48-12bf-40ef-b06c-e6fc35585716}: [DhcpNameServer] 192.168.178.1
Tcpip..\Interfaces{3a305b48-12bf-40ef-b06c-e6fc35585716}: [DhcpDomain] fritz.box
Tcpip..\Interfaces{c37cf130-c400-4f29-8c9a-3d756739681d}: [NameServer] 1.1.1.1
Tcpip..\Interfaces{c37cf130-c400-4f29-8c9a-3d756739681d}: [DhcpNameServer] 192.168.180.191
[HEADING=1]Edge:[/HEADING]
Edge Profile: C:\Users\eiko-\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-02]
Edge Extension: (Google Docs Offline) - C:\Users\eiko-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-24]
Edge Extension: (Edge relevant text changes) - C:\Users\eiko-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-02]
Edge HKLM...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
[HEADING=1]FireFox:[/HEADING]
FF Plugin: @java.com/DTPlugin,version=11.401.2 → C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-12-19] (Oracle America, Inc. → Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.401.2 → C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-12-19] (Oracle America, Inc. → Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.18 → D:\Programme\VLC\npvlc.dll [2022-11-08] (VideoLAN → VideoLAN)
FF Plugin: Adobe Acrobat → C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-22] (Adobe Inc. → Adobe Systems Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
[HEADING=1]Chrome:[/HEADING]
CHR DefaultProfile: Default
CHR Profile: C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default [2024-02-28]
CHR Notifications: Default → hxxps://www.alleaktien.de
CHR Extension: (Honey: Automatische Coupons & Prämien) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-02-25]
CHR Extension: (Social Blade) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2022-09-04] [UpdateUrl:hxxps://addon.socialblade.com/updates.json] <==== ACHTUNG
CHR Extension: (uBlock Origin) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-02-25]
CHR Extension: (Multi-File Downloader) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpecplbkinpdbedgejddhepkgcppgchk [2022-05-12]
CHR Extension: (Video Downloader Professional) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2023-04-19]
CHR Extension: (Just Focus) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\gefaddaengbodpiobpbgblajdboalmgc [2022-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-28]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-02-28]
CHR Extension: (Unpaywall) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplffkdpngmdjhlpjmppncnlhomiipha [2023-04-29]
CHR Extension: (Live Stream Downloader) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\looepbdllpjgdmkpdcdffhdbmpbcfekj [2023-12-10]
CHR Extension: (Shazam: Finde Songtitel in deinem Browser) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmioliijnhnoblpgimnlajmefafdfilb [2024-01-05]
CHR Extension: (Uncanny Cookie Clicker) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmdenlpgbgmeofmdkhimecmkcgabgno [2023-11-14]
CHR Extension: (MetaMask) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2024-01-30]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR HKLM...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. → Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15772456 2023-12-10] (BattlEye Innovations e.K. → )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9497576 2023-12-21] (Microsoft Corporation → Microsoft Corporation)
S3 CODESYS Control Win V3; C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe [5383968 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
R2 CODESYS Gateway V3; C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe [562968 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
R2 CODESYS ServiceControl; C:\Program Files (x86)\3S CODESYS\GatewayPLC\ServiceControl.exe [203544 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
R2 CorsairService; D:\Programme\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [55336 2019-12-21] (Corsair Memory, Inc. → Corsair Memory, Inc.)
R2 DragonCenter_Service; D:\Programme\Dragon Center\DragonCenter_Service.exe [142512 2019-08-29] (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star Int’l Co., Ltd.)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [955816 2023-12-10] (EasyAntiCheat Oy → Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. → Epic Games, Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2024-01-19] (HP Inc. → HP Inc.)
R2 LightKeeperService; D:\Programme\Dragon Center\Mystic_Light\LightKeeperService.exe [81552 2020-01-07] (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star INT’L CO., LTD.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-28] (Malwarebytes Inc. → Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-02-28] (Malwarebytes Inc. → Malwarebytes)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1909416 2024-01-01] (A-Volute SAS → Nahimic)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2641928 2024-01-07] (Overwolf Ltd → Overwolf LTD)
R2 PDF24; D:\Programme\PDF24\pdf24.exe [613560 2022-11-30] (geek software GmbH → geek software GmbH)
R2 SamsungAccountService; C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAccount_1.23.12130.0_x64__3c1yjt4zspk6g\SAService\SAService.exe [6656 2023-12-21] (520D4CDF-A287-4423-AB88-D88CCF7E866D → )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe [3191256 2024-02-28] (Microsoft Windows Publisher → Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe [133576 2024-02-28] (Microsoft Windows Publisher → Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 → Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 → Apple Inc.)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [58368 2023-11-16] (www.winchiphead.com) [Datei ist nicht signiert]
S2 CorsairLLAccess2C5180972F76443B27B6BE38ADBF2AE99B374496; D:\Programme\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [20696 2019-12-12] (Microsoft Windows Hardware Compatibility Publisher → Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-06] (Microsoft Windows Hardware Compatibility Publisher → Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-06] (Microsoft Windows Hardware Compatibility Publisher → Corsair)
R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [386552 2021-11-26] (Microsoft Windows Hardware Compatibility Publisher → Dokan Project)
S1 EneIo; C:\Windows\system32\drivers\ene.sys [17624 2019-05-22] (Microsoft Windows Hardware Compatibility Publisher → )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-02-28] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
S3 ipadtst; C:\ProgramData\MSI\Super_Charger\ipadtst_64.sys [20464 2013-11-11] (MICRO-STAR INTERNATIONAL CO., LTD. → Windows (R) Win 7 DDK provider)
S3 ipadtst2; C:\ProgramData\MSI\Super_Charger\ipadtst2_64.sys [16336 2016-07-29] (MICRO-STAR INTERNATIONAL CO., LTD. → MSI)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-02-28] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-02-28] (Microsoft Windows Early Launch Anti-malware Publisher → Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt11.sys [233704 2024-02-28] (Malwarebytes Inc. → Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-02-28] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-28] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-02-28] (Malwarebytes Inc. → Malwarebytes)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [94784 2022-06-03] (A-Volute SAS → Windows (R) Win 7 DDK provider)
R3 NTIOLib_CC_COMM; D:\Programme\Dragon Center\Lib\SYS\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. → MSI)
R3 NTIOLib_CC_CPU; D:\Programme\Dragon Center\Lib\Super_Charger\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. → MSI)
R3 NTIOLib_MysticLight; D:\Programme\Dragon Center\Mystic_Light\Lib\NTIOLib_X64.sys [14288 2020-01-07] (MICRO-STAR INTERNATIONAL CO., LTD. → MSI)
R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2020-03-18] (Avira Operations GmbH & Co. KG → The OpenVPN Project)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James → Scarlet.Crush Productions)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. → The OpenVPN Project)
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [81920 2023-04-19] (Microsoft Corporation) [Datei ist nicht signiert]
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [165744 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher → Nefarius Software Solutions e.U.)
R3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [21040 2024-02-28] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [608648 2024-02-28] (Microsoft Windows → Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-02-28] (Microsoft Windows → Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2024-02-28 16:50 - 2024-02-28 16:50 - 000033421 _____ C:\Users\eiko-\Desktop\FRST.txt
2024-02-28 16:48 - 2024-02-28 16:48 - 000233704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2024-02-28 16:48 - 2024-02-28 16:48 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-02-28 16:48 - 2024-02-28 16:48 - 000000004 ____H C:\ProgramData\cm-lock
2024-02-28 16:48 - 2024-02-28 16:48 - 000000000 ____D C:\Users\eiko-\AppData\LocalLow\IGDump
2024-02-28 16:35 - 2024-02-28 16:42 - 000532013 _____ C:\Users\eiko-\Desktop\Fixlog.txt
2024-02-28 16:35 - 2024-02-28 16:35 - 000009288 _____ C:\Users\eiko-\Desktop\rtcdqsmatz.txt
2024-02-28 16:34 - 2024-02-28 16:50 - 000000000 ____D C:\FRST
2024-02-28 16:34 - 2024-02-28 16:34 - 002386944 _____ (Farbar) C:\Users\eiko-\Downloads\FRST64.exe
2024-02-28 16:34 - 2024-02-28 16:34 - 002386944 _____ (Farbar) C:\Users\eiko-\Desktop\FRST64.exe
2024-02-28 16:32 - 2024-02-28 16:32 - 000712333 _____ C:\Users\eiko-\Downloads\Fixlog.txt.txt
2024-02-28 16:29 - 2024-02-28 16:29 - 000004730 _____ C:\Users\eiko-\Desktop\Malwarebytes Scan-Bericht 2024-02-28 152400.txt
2024-02-28 16:21 - 2024-02-28 16:46 - 000000000 ____D C:\Users\eiko-\AppData\Local\Malwarebytes
2024-02-28 16:21 - 2024-02-28 16:21 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-02-28 16:21 - 2024-02-28 16:21 - 000002088 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-02-28 16:20 - 2024-02-28 16:20 - 002585496 _____ (Malwarebytes) C:\Users\eiko-\Downloads\MBSetup.exe
2024-02-28 16:20 - 2024-02-28 16:20 - 002585496 _____ (Malwarebytes) C:\Users\eiko-\Desktop\MBSetup.exe
2024-02-28 16:20 - 2024-02-28 16:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-02-28 16:20 - 2024-02-28 16:20 - 000000000 ____D C:\Program Files\Malwarebytes
2024-02-28 16:18 - 2024-02-28 16:17 - 008797968 _____ (Malwarebytes) C:\Users\eiko-\Desktop\adwcleaner.exe
2024-02-28 16:17 - 2024-02-28 16:19 - 000000000 ____D C:\AdwCleaner
2024-02-28 16:17 - 2024-02-28 16:17 - 008797968 _____ (Malwarebytes) C:\Users\eiko-\Downloads\adwcleaner.exe
2024-02-28 16:02 - 2024-02-28 16:03 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1421055718-2087356316-1872245878-1002
2024-02-28 16:02 - 2024-02-28 16:03 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1421055718-2087356316-1872245878-1002
2024-02-28 15:58 - 2024-02-28 15:58 - 000758838 _____ C:\WINDOWS\system32\perfh007.dat
2024-02-28 15:58 - 2024-02-28 15:58 - 000157058 _____ C:\WINDOWS\system32\perfc007.dat
2024-02-26 16:16 - 2024-02-26 16:16 - 000000000 ____D C:\Users\eiko-\AppData\LocalLow\Nokta Games
2024-02-26 16:14 - 2024-02-26 16:14 - 000000213 _____ C:\Users\eiko-\Desktop\Supermarket Simulator.url
2024-02-16 12:16 - 2024-02-16 12:16 - 032507592 _____ C:\Users\eiko-\Downloads\MKON Hausarbeit Gruppe 3.zip
2024-02-16 12:12 - 2024-02-16 12:12 - 000000000 ____D C:\Users\eiko-\Downloads\MKON Hausarbeit Gruppe 3
2024-02-14 16:01 - 2024-02-14 16:01 - 017224067 _____ C:\Users\eiko-\Downloads\Unbenanntes_Notizbuch.pdf
2024-02-14 14:21 - 2024-02-14 14:21 - 000019222 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-14 14:20 - 2024-02-14 14:20 - 000019222 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-14 14:17 - 2024-02-14 14:19 - 000000000 ___HD C:$WinREAgent
2024-02-14 11:50 - 2024-02-14 11:50 - 010669146 _____ C:\Users\eiko-\Downloads\978-3-8348-2581-0.pdf
2024-02-13 15:46 - 2024-02-13 15:46 - 006163244 _____ C:\Users\eiko-\Downloads\Anleitung MS2 Aufgabentype.pdf
2024-02-13 10:14 - 2024-02-13 10:14 - 000000000 ____D C:\Users\eiko-\Downloads\Photos-001 (2)
2024-02-13 10:13 - 2024-02-13 10:14 - 062952428 _____ C:\Users\eiko-\Downloads\Photos-001 (2).zip
2024-02-11 12:43 - 2024-02-11 12:43 - 000534937 _____ C:\Users\eiko-\Downloads\RL_Federn_Aufgabe (4).pdf
2024-02-11 12:21 - 2024-02-11 12:21 - 000936592 _____ C:\Users\eiko-\Downloads\624beffb-15e1-47fd-86e0-bf8de081bd29_Export-8ba90b14-8348-4300-9315-58890a9fcb66.zip
2024-02-11 12:21 - 2024-02-11 12:21 - 000000000 ____D C:\Users\eiko-\Downloads\624beffb-15e1-47fd-86e0-bf8de081bd29_Export-8ba90b14-8348-4300-9315-58890a9fcb66
2024-02-11 12:18 - 2024-02-11 12:18 - 003680011 _____ C:\Users\eiko-\Downloads\70f01c28-7c35-43b7-84f4-7366f8fa2549_Export-5fdfccfe-4bbb-432d-8e8d-9a2e76d48e74.zip
2024-02-11 12:18 - 2024-02-11 12:18 - 000000000 ____D C:\Users\eiko-\Downloads\70f01c28-7c35-43b7-84f4-7366f8fa2549_Export-5fdfccfe-4bbb-432d-8e8d-9a2e76d48e74
2024-02-11 11:43 - 2024-02-11 11:43 - 000876160 _____ C:\Users\eiko-\Downloads\Clicker_Kupplungen.pdf
2024-02-10 16:38 - 2024-02-10 16:38 - 000336378 _____ C:\Users\eiko-\Downloads\Kon3_Rechenlabor_Ketten.pdf
2024-02-10 16:38 - 2024-02-10 16:38 - 000225045 _____ C:\Users\eiko-\Downloads\Kon3_Rechenlabor_ZR.pdf
2024-02-10 16:38 - 2024-02-10 16:38 - 000152820 _____ C:\Users\eiko-\Downloads\Kon3_Rechenlabor_Riemen.pdf
2024-02-09 16:12 - 2024-02-09 16:12 - 002336867 _____ C:\Users\eiko-\Downloads\Probeklausur AT1.pdf
2024-02-09 14:38 - 2024-02-09 16:00 - 000000000 ____D C:\Users\eiko-\Downloads\OneDrive_1_9.2.2024
2024-02-09 14:38 - 2024-02-09 14:38 - 001064154 _____ C:\Users\eiko-\Downloads\OneDrive_1_9.2.2024.zip
2024-02-07 15:23 - 2024-02-07 15:23 - 000073710 _____ C:\Users\eiko-\Downloads\Clicker_Riemen (1).pdf
2024-02-05 16:01 - 2024-02-05 16:01 - 001424709 _____ C:\Users\eiko-\Downloads\MP_Codebeispiele_Klausur (1).pdf
2024-02-05 15:58 - 2024-02-05 15:58 - 001424709 _____ C:\Users\eiko-\Downloads\MP_Codebeispiele_Klausur.pdf
2024-02-05 15:49 - 2024-02-05 15:49 - 000656359 _____ C:\Users\eiko-\Downloads\MP_Ubersicht.pdf
2024-02-04 11:29 - 2024-02-04 11:29 - 003195103 _____ C:\Users\eiko-\Downloads\FTT-Rechnungen.pdf
2024-02-04 11:02 - 2024-02-04 11:02 - 000048937 _____ C:\Users\eiko-\Downloads\Belegungen und Prüfungsanmeldungen.pdf
2024-02-03 16:46 - 2024-02-28 16:48 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2024-02-03 16:46 - 2024-02-03 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerToys (Preview)
2024-02-03 16:45 - 2024-02-03 16:46 - 000000000 ____D C:\Program Files\PowerToys
2024-02-03 15:46 - 2024-02-03 15:46 - 000007484 _____ C:\Users\eiko-\Downloads\Endkappe LED-Profile stabiler V2.stl
2024-02-03 15:22 - 2024-02-03 15:22 - 000009084 _____ C:\Users\eiko-\Downloads\Endkappe LED-Profile stabiler (1).stl
2024-02-03 14:46 - 2024-02-03 14:46 - 000009084 _____ C:\Users\eiko-\Downloads\Endkappe LED-Profile stabiler.stl
2024-02-02 15:38 - 2024-02-11 15:53 - 000000000 ____D C:\Users\eiko-\Desktop\Papa schicken
2024-02-02 15:09 - 2024-02-02 15:09 - 000029884 _____ C:\Users\eiko-\Downloads\45 Grad LED-Profile stabiler.stl
2024-02-02 12:12 - 2024-02-02 12:12 - 000024938 _____ C:\Users\eiko-\Downloads\main (3).pdf
2024-02-01 15:39 - 2024-02-01 15:39 - 000020133 _____ C:\Users\eiko-\Downloads\main (2).pdf
2024-02-01 15:39 - 2024-02-01 15:39 - 000020133 _____ C:\Users\eiko-\Downloads\main (1).pdf
2024-02-01 15:38 - 2024-02-01 15:38 - 000020236 _____ C:\Users\eiko-\Downloads\main.pdf
2024-02-01 11:26 - 2024-02-01 11:26 - 000000000 ____D C:\Users\eiko-\Tracing
2024-01-31 19:43 - 2024-01-31 19:44 - 003958093 _____ C:\Users\eiko-\Downloads\Dokument0.pdf
2024-01-31 19:42 - 2024-01-31 19:42 - 003793605 _____ C:\Users\eiko-\Downloads\Klausur WS2021_240131_194224685.pdf
2024-01-31 19:42 - 2024-01-31 19:42 - 002251361 _____ C:\Users\eiko-\Downloads\Klausur WiSe19_240131_194222772.pdf
2024-01-31 19:42 - 2024-01-31 19:42 - 001687722 _____ C:\Users\eiko-\Downloads\Klausur SS19 Fluid_240131_194221059.pdf
2024-01-31 12:22 - 2024-01-31 12:22 - 000507114 _____ C:\Users\eiko-\Downloads\2024-01-31 Notenspiegel_Schönian_Eiko_DE.pdf
2024-01-31 10:41 - 2024-02-01 16:25 - 000000000 ____D C:\Users\eiko-\Downloads\Uni Stuff-20240131T094130Z-001
2024-01-31 10:41 - 2024-01-31 10:41 - 016956404 _____ C:\Users\eiko-\Downloads\Uni Stuff-20240131T094130Z-001.zip
2024-01-29 12:26 - 2024-01-29 12:26 - 000128016 _____ C:\Users\eiko-\Downloads\SmartSelect_20240129_122504_Samsung Notes.jpg-20240129T112533Z-001.zip
2024-01-29 12:25 - 2024-01-29 12:25 - 000128016 _____ C:\Users\eiko-\Downloads\SmartSelect_20240129_122504_Samsung Notes.jpg-20240129T112534Z-001.zip
2024-01-29 11:35 - 2024-01-29 11:35 - 022897881 _____ C:\Users\eiko-\Downloads\Übungsaufgaben Thermo_240129_113524599.pdf
2024-01-29 11:33 - 2024-01-29 11:33 - 016300662 _____ C:\Users\eiko-\Downloads\TThermodynamik Zusammenfassung _240129_113346271.pdf
2024-01-29 11:31 - 2024-01-29 11:31 - 008252735 _____ C:\Users\eiko-\Downloads\Formelsammlung Fluid_240129_113111100.pdf
2024-01-29 11:28 - 2024-01-29 11:28 - 021874813 _____ C:\Users\eiko-\Downloads\Übungsaufgaben Fluid X_240129_112826381.pdf

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2024-02-28 16:50 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-28 16:50 - 2020-01-08 15:49 - 000000000 ____D C:\ProgramData\NVIDIA
2024-02-28 16:50 - 2020-01-07 21:17 - 000000000 ____D C:\Program Files (x86)\Google
2024-02-28 16:48 - 2023-05-22 12:01 - 000000068 __RSH C:\WINDOWS\system32\Drivers\WUDFRd.winsecurity
2024-02-28 16:48 - 2023-05-22 12:01 - 000000068 __RSH C:\WINDOWS\system32\Drivers\winhv.winsecurity
2024-02-28 16:48 - 2023-04-19 21:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-28 16:48 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-28 16:47 - 2022-05-07 06:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-02-28 16:47 - 2021-01-04 00:24 - 000012288 ___SH C:\DumpStack.log.tmp
2024-02-28 16:40 - 2020-06-10 09:51 - 000000000 ____D C:\Users\eiko-\AppData\LocalLow\Temp
2024-02-28 16:28 - 2022-04-12 12:02 - 000000000 ____D C:\Users\eiko-\AppData\Local\SvRmt
2024-02-28 16:21 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-02-28 16:21 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2024-02-28 16:10 - 2023-01-16 10:32 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-02-28 16:10 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-28 16:10 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-28 16:10 - 2020-07-04 09:55 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-28 16:01 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-28 16:01 - 2020-01-07 20:22 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-02-28 15:59 - 2020-01-07 20:27 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\MMC
2024-02-28 15:58 - 2023-04-19 21:07 - 001754660 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-28 15:54 - 2020-01-07 22:07 - 000000000 ____D C:\Users\eiko-\AppData\Local\CrashDumps
2024-02-28 15:52 - 2022-04-22 14:57 - 000000000 ____D C:\Users\eiko-\AppData\Local\D3DSCache
2024-02-28 15:50 - 2020-01-07 20:22 - 000000000 ____D C:\Users\eiko-\AppData\Local\Packages
2024-02-28 15:41 - 2023-04-19 21:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-28 15:37 - 2020-02-17 18:41 - 000000000 ____D C:\Users\eiko-\AppData\Local\ElevatedDiagnostics
2024-02-28 15:28 - 2022-05-07 06:24 - 000000000 __D C:\Program Files\Windows Defender
2024-02-28 15:28 - 2020-01-08 03:17 - 000000000 D C:\WINDOWS\system32\Drivers\wd
2024-02-28 15:25 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-28 15:25 - 2020-01-07 20:38 - 000918944 N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2024-02-28 15:12 - 2023-04-19 21:09 - 000003684 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-28 15:12 - 2023-04-19 21:09 - 000003568 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2024-02-28 15:12 - 2023-04-19 21:09 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-02-28 15:12 - 2023-04-19 21:09 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-28 15:12 - 2023-04-19 21:09 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000003344 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2024-02-28 15:12 - 2023-04-19 21:09 - 000003250 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task
2024-02-28 15:12 - 2023-04-19 21:09 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1421055718-2087356316-1872245878-1001
2024-02-28 15:12 - 2023-04-19 21:09 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1421055718-2087356316-1872245878-1001
2024-02-28 15:12 - 2023-04-19 21:09 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002568 _____ C:\WINDOWS\system32\Tasks\VLC Plus Player Updater
2024-02-26 16:14 - 2021-11-02 15:02 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2024-02-25 20:30 - 2020-10-22 14:00 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\discord
2024-02-25 19:55 - 2020-10-22 14:00 - 000000000 ____D C:\Users\eiko-\AppData\Local\Discord
2024-02-25 19:55 - 2020-01-07 21:17 - 000002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-25 17:10 - 2020-03-07 16:17 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Word
2024-02-25 13:20 - 2022-05-12 17:00 - 000000000 ____D C:\XboxGames
2024-02-24 20:04 - 2023-01-13 08:53 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-02-24 20:04 - 2022-10-13 19:02 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-02-24 20:03 - 2021-01-04 00:25 - 000002406 _____ C:\Users\eiko-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-16 12:40 - 2023-04-18 15:42 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\FreeFileSync
2024-02-16 10:56 - 2022-10-22 15:08 - 000095848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2024-02-16 10:56 - 2022-10-22 15:08 - 000075256 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2024-02-16 10:56 - 2022-02-11 19:58 - 002713080 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2024-02-16 10:56 - 2022-02-11 19:58 - 000689656 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2024-02-16 10:56 - 2022-02-11 19:58 - 000218728 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2024-02-16 10:56 - 2022-02-11 19:58 - 000202344 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2024-02-16 10:56 - 2022-02-11 19:58 - 000144888 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2024-02-14 22:21 - 2023-04-19 21:05 - 000512456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-14 22:20 - 2023-10-12 00:56 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-14 14:34 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-02-14 14:30 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-14 14:29 - 2020-01-07 20:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-14 14:27 - 2020-01-07 20:44 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-14 14:21 - 2023-04-19 21:06 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-13 10:38 - 2020-01-09 20:16 - 000000000 ____D C:\Users\eiko-\AppData\Local\Steam
2024-02-12 18:48 - 2020-03-07 16:18 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Excel
2024-02-12 17:53 - 2023-12-18 13:41 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-02-11 22:35 - 2021-10-04 13:24 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Notion
2024-02-11 09:20 - 2021-04-06 10:21 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Teams
2024-02-09 12:12 - 2023-01-02 11:24 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Anki2
2024-02-06 07:45 - 2020-01-07 20:38 - 000000000 ____D C:\ProgramData\Packages
2024-02-05 10:14 - 2023-12-08 14:38 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\EQATEC Analytics
2024-02-03 20:30 - 2020-01-08 16:24 - 000000000 ____D C:\Users\eiko-\AppData\Roaming.minecraft
2024-02-03 20:29 - 2020-12-13 17:13 - 000000000 ____D C:\Users\eiko-\AppData\Local\Overwolf
2024-02-03 16:46 - 2020-01-07 22:03 - 000000000 ____D C:\ProgramData\Package Cache
2024-02-03 16:40 - 2023-11-12 18:07 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\OrcaSlicer
2024-02-02 12:44 - 2021-04-11 15:54 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Code
2024-02-02 08:22 - 2023-07-10 16:30 - 000000000 ___HD C:\avast! sandbox
2024-02-01 15:32 - 2021-04-11 15:53 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2024-02-01 15:31 - 2023-07-10 16:30 - 000000000 ____D C:\Users\eiko-.platformio
2024-02-01 11:26 - 2023-04-19 18:58 - 000000000 ____D C:\Users\eiko-
2024-02-01 11:26 - 2020-01-07 20:20 - 000000000 ___SD C:\Users\eiko-\AppData\Roaming\Microsoft\Credentials

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2023-07-06 20:00 - 2023-07-06 20:00 - 000000018 _____ () C:\Users\eiko-\AppData\Roaming.cache9050425797200915815.dat
2022-12-14 12:40 - 2022-12-14 16:29 - 000004216 _____ () C:\Users\eiko-\AppData\Roaming\LTspiceXVII.ini
2023-08-22 12:37 - 2023-08-22 14:47 - 000000128 _____ () C:\Users\eiko-\AppData\Roaming\winscp.rnd
2023-08-22 12:26 - 2023-08-22 14:52 - 000000128 _____ () C:\Users\eiko-\AppData\Local\PUTTY.RND
2023-05-17 20:17 - 2023-05-17 20:17 - 000003249 _____ () C:\Users\eiko-\AppData\Local\recently-used.xbel
2022-02-20 02:10 - 2022-02-20 02:10 - 000007605 _____ () C:\Users\eiko-\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================

Addition:
[HEADING=1]Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
durchgeführt von eiko- (28-02-2024 16:51:26)
Gestartet von C:\Users\eiko-\Desktop
Microsoft Windows 11 Home Version 23H2 22631.3155 (X64) (2023-04-20 14:28:59)
Start-Modus: Normal[/HEADING]
==================== Konten: =============================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-1421055718-2087356316-1872245878-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1421055718-2087356316-1872245878-503 - Limited - Disabled)
eiko- (S-1-5-21-1421055718-2087356316-1872245878-1001 - Administrator - Enabled) => C:\Users\eiko-
Gast (S-1-5-21-1421055718-2087356316-1872245878-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1421055718-2087356316-1872245878-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz “Hidden” können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat (64-bit) (HKLM...{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.008.20555 - Adobe)
Adobe Refresh Manager (HKLM-x32...{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Altium Designer 23 (HKLM...\Altium Designer {A9B34CD7-40BF-42A8-8F33-55BA03B6232C}) (Version: 23.11.1.41 - Altium Limited)
AMD Ryzen Master SDK (HKLM...{DBD50508-5F75-416B-995D-C42433A00944}) (Version: 2.1.0.1236 - Advanced Micro Devices, Inc.)
Anaconda3 2023.03-1 (Python 3.10.9 64-bit) (HKLM...\Anaconda3 2023.03-1 (Python 3.10.9 64-bit)) (Version: 2023.03-1 - Anaconda, Inc.)
Anki (HKLM-x32...\Anki) (Version: 2.1.55 - )
Anno 1800 (HKLM-x32...\Uplay Install 4553) (Version: - Ubisoft)
AnycubicPhotonWorkshop (HKLM...{C48D4F03-E59D-475F-B34D-E618A500C118}is1) (Version: - Anycubic)
Arduino (HKLM-x32...\Arduino) (Version: 1.8.13 - Arduino LLC)
Autodesk Fusion 360 (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.17954 - Autodesk, Inc.)
CLion 2022.1 (HKLM-x32...\CLion 2022.1) (Version: 221.5080.224 - JetBrains s.r.o.)
CodeMeter Runtime Kit v6.30d (HKLM...{627EBCBD-71C2-4FDE-9BEA-3AF7F03FBE10}) (Version: 6.30.2280.504 - WIBU-SYSTEMS AG)
CODESYS V3.5 SP10 Patch 4 (HKLM-x32...{91B73AA2-4B42-481F-9ECD-03AB9C6016DF}) (Version: 3.5.10.407 - 3S-Smart Software Solutions GmbH) Hidden
CODESYS V3.5 SP10 Patch 4 (HKLM-x32...\InstallShield{91B73AA2-4B42-481F-9ECD-03AB9C6016DF}) (Version: 3.5.10.407 - 3S-Smart Software Solutions GmbH)
CORSAIR iCUE Software (HKLM-x32...{30D73167-BD7C-473A-AF2F-BBC194FA42D4}) (Version: 3.24.52 - Corsair)
Crucial Storage Executive (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Crucial Storage Executive 9.01.012023.01) (Version: 9.01.012023.01 - Crucial)
CrystalDiskInfo 8.13.3 (HKLM...\CrystalDiskInfo_is1) (Version: 8.13.3 - Crystal Dew World)
CurseForge (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.244.4.1 - Overwolf app)
Discord (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Discord) (Version: 0.0.311 - Discord Inc.)
Dokan Library 1.5.1.1000 (x64) (HKLM...{65A3A964-3DC3-0105-0001-211126123627}) (Version: 1.5.1.1000 - Dokany Project) Hidden
Dokan Library 1.5.1.1000 Bundle (HKLM-x32...{05c046de-f751-48c8-b8d3-77259ea88eb7}) (Version: 1.5.1.1000 - Dokany Project)
Dragon Center (HKLM-x32...{B252FABF-9582-4824-B02B-6D2DC93685C7}}_is1) (Version: 1.0.0.63 - MSI)
draw.io 22.0.2 (HKLM...\27a75bf3-be48-5c35-934f-8491cf108abe) (Version: 22.0.2 - JGraph)
ENE RGB HAL (HKLM...{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32...{9f93601b-15ea-4e69-8d7c-dfa0f29ae04e}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM...{1CD178C9-BB49-4E59-9DA6-3C152E2A9844}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32...{fe81cfd3-9db4-409d-b0f9-26707d1423c6}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32...{9483ABD9-C772-487B-ADF8-09347CF8F2D2}) (Version: 1.3.93.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM...{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32...{57A956AB-4BCC-45C6-9B40-957E4E125568}) (Version: 2.0.44.0 - Epic Games, Inc.)
FreeFileSync (HKLM-x32...\FreeFileSync_is1) (Version: 12.2 - FreeFileSync.org)
Fritzing (HKLM...{62E4A8BF-5F3B-49E0-9ECE-3140C049FA34}) (Version: 0.9.10.0 - Fritzing GmbH)
GIMP 2.10.22 (HKLM...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team)
Git (HKLM...\Git_is1) (Version: 2.42.0.2 - The Git Development Community)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 121.0.6167.189 - Google LLC)
HWiNFO64 Version 6.12 (HKLM...\HWiNFO64_is1) (Version: 6.12 - Martin Malik - REALiX)
Immortals Fenyx Rising (HKLM-x32...\Uplay Install 5405) (Version: - Ubisoft)
Inkscape (HKLM...{B57F4693-8866-4053-B706-901E03F3301B}) (Version: 1.2.2 - Inkscape)
Java 8 Update 401 (64-bit) (HKLM...{71024AE4-039E-4CA4-87B4-2F64180401F0}) (Version: 8.0.4010.10 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32...{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
logisim-evolution (HKLM...{BFAB7B04-8835-36CF-87DB-D1E3A319406E}) (Version: 3.8.0 - logisim-evolution developers)
Logitech Options (HKLM...\LogiOptions) (Version: 8.54.161 - Logitech)
LTspice XVII (HKLM...\LTspice XVII) (Version: - Linear Technology Corporation)
Malwarebytes version 5.0.17.99 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.0.17.99 - Malwarebytes)
Microsoft .NET Host - 5.0.4 (x64) (HKLM...{DD901386-A294-4FF1-A683-0EFF5C66209A}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.4 (x86) (HKLM-x32...{9BFB6AF7-641C-4B52-82CA-43F5A4FD288E}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.8 (x64) (HKLM...{19FCE07F-2A75-44AC-9EA5-8E29FE2F8DBE}) (Version: 56.35.63143 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.4 (x64) (HKLM...{773EF543-570F-4746-953A-3CB19DFCB3E2}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.4 (x86) (HKLM-x32...{79D32D19-A148-4E8E-AC31-2FC90CDBBFA8}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.8 (x64) (HKLM...{174E0D7C-F2C9-49A2-83FB-95A0FE6FA023}) (Version: 56.35.63143 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.4 (x64) (HKLM...{879C9645-ADF3-4697-915B-00B76EBA629F}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.4 (x86) (HKLM-x32...{D523398E-D0EE-4F91-AE81-A27222A621DA}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.8 (x64) (HKLM...{B45C77BA-0B4E-4FBB-99B9-9774ECBE20AA}) (Version: 56.35.63143 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 122.0.2365.59 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32...\Microsoft EdgeWebView) (Version: 122.0.2365.52 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32...{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - de-de (HKLM...\ProPlus2019Volume - de-de) (Version: 16.0.10406.20006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\OneDriveSetup.exe) (Version: 24.020.0128.0003 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Teams) (Version: 1.6.00.33567 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM...{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.23.35502 - Microsoft)
Microsoft Update Health Tools (HKLM...{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM...{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM...{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32...{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32...{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM...{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM...{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32...{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32...{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32...{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32...{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32...{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32...{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM...{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM...{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM...{7C0242A3-8B66-35D1-9FE0-13B426ACB609}) (Version: 10.0.60729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.86.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.4 (x64) (HKLM...{A04C83D6-2FC0-4F09-9166-E870E5A9E168}) (Version: 40.16.29817 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.4 (x64) (HKLM-x32...{ff817559-f11f-4faa-af52-26feb4b46fff}) (Version: 5.0.4.29817 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.4 (x86) (HKLM-x32...{0F1B4D8B-545C-4C65-BA29-3F564C2F6915}) (Version: 40.16.29817 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.4 (x86) (HKLM-x32...{a83b07f3-e0e5-4402-87d4-3d1acf79c42a}) (Version: 5.0.4.29817 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.8 (x64) (HKLM...{3133BC55-90BD-4B87-82A2-6670B3CAFB81}) (Version: 56.35.63153 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.8 (x64) (HKLM-x32...{d260fcb6-95b8-4c81-8e07-ce75876ffca2}) (Version: 7.0.8.32619 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32...{810F1419-7760-402E-8772-B4054FAA2B72}) (Version: 1.0.0.0 - Mojang)
Nefarius Virtual Gamepad Emulation Bus Driver (HKLM...{93D91F60-7C94-4A79-863F-EA713D2EB3F3}) (Version: 1.17.333.0 - Nefarius Software Solutions e.U.)
Nextcloud (HKLM...{27596A6F-750F-4996-A5C2-A980522ED1C4}) (Version: 3.4.1.20211221 - Nextcloud GmbH)
Notion 2.0.47 (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\fcdf0d7f-424b-5f10-a1c7-a8f643f21adf) (Version: 2.0.47 - Notion Labs, Inc)
Notion 3.1.0 (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\661f0cc6-343a-59cb-a5e8-8f6324cc6998) (Version: 3.1.0 - Notion Labs, Inc)
NVIDIA GeForce Experience 3.20.2.34 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.2.34 - NVIDIA Corporation)
NVIDIA Grafiktreiber 456.71 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM...{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10406.20006 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM...{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10406.20006 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM...{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.10406.20006 - Microsoft Corporation) Hidden
OnePlus USB Drivers 1.00 (HKLM-x32...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
OrcaSlicer (HKLM-x32...\OrcaSlicer) (Version: 1.8.0 - SoftFever)
Overwolf (HKLM-x32...\Overwolf) (Version: 0.241.0.10 - Overwolf Ltd.)
PDF24 Creator 11.8.0 (HKLM...{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.8.0 - PDF24.org)
PowerToys (Preview) (HKLM...{6F3910F2-DA29-490C-811F-D3691B134A61}) (Version: 0.77.0 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32...{1aada4d0-ca73-4389-8f63-73923c771fd4}) (Version: 0.77.0 - Microsoft Corporation)
Prusa3D Version 2.5.0 (HKLM...\Prusa3D_is1) (Version: 2.5.0 - Prusa Research a.s.)
PrusaSlicer Version 2.5.0 (HKLM...\PrusaSlicer_is1) (Version: 2.5.0 - Prusa Research s.r.o.)
Qalculate! (HKLM...{F4803C78-0331-4EE2-9103-33FB0673E2D3}) (Version: 4.8.1 - Hanna Knutsson)
Raspberry Pi Imager (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Raspberry Pi Imager) (Version: 1.7.5 - Raspberry Pi Ltd)
Recuva (HKLM...\Recuva) (Version: 1.53 - Piriform)
SAP Crystal Reports runtime engine for .NET Framework (64-bit) (HKLM...{F9B436DD-8D48-430E-BA89-F85DFA452C55}) (Version: 13.0.9.1312 - SAP)
Snapmaker Luban 3.8.0 (HKLM...{4c329381-cbe6-5eac-8b35-1ff73ff2e943}) (Version: 3.8.0 - Snapmaker Dev Team)
Snapmaker Luban 4.4.0 (HKLM...\4c329381-cbe6-5eac-8b35-1ff73ff2e943) (Version: 4.4.0 - Snapmaker Dev Team)
SQLite ODBC Driver for Win64 (remove only) (HKLM-x32...\SQLite ODBC Driver for Win64) (Version: - )
Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeighaX 4.00 (x64) (HKLM...{2AB65377-C672-498E-BE74-5C60CCFEAC5C}) (Version: 4.0.0 - Open Design Alliance)
Trackmania (HKLM-x32...\Uplay Install 5595) (Version: - Ubisoft)
Ubisoft Connect (HKLM-x32...\Uplay) (Version: 101.0 - Ubisoft)
UltiMaker Cura 5.3.1 (HKLM-x32...\UltiMaker Cura 5.3.1-5.3.1) (Version: 5.3.1 - UltiMaker)
VHDPlus IDE (64bit) (HKLM...{715CFA00-2211-47A2-AD88-87EC71B9564E}) (Version: 0.11.1.0 - VHDPlus)
Virtual-C IDE (HKLM...{59A5E95F-ABEA-48BF-B3AC-B9A78A17E144}) (Version: 2.2.2 - VirtualC)
VLC media player (HKLM...\VLC media player) (Version: 3.0.18 - VideoLAN)
Windows-PC-Integritätsprüfung (HKLM...{63EFBDB5-01B0-4614-BE9F-7F1908E42275}) (Version: 3.1.2109.29003 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM...{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinSCP 6.1.1 (HKLM-x32...\winscp3_is1) (Version: 6.1.1 - Martin Prikryl)
Zoom (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\ZoomUMX) (Version: 5.16.10 (26186) - Zoom Video Communications, Inc.)
[HEADING=1]Packages:[/HEADING]
Adobe Acrobat Reader → C:\Program Files\Adobe\Acrobat DC [2024-02-16] ()
Any Zip → C:\Program Files\WindowsApps\AnywaySoftInc.AnyZip_2.1.2.0_x64__0qkrc2qacwvfm [2024-02-28] (AnywaySoft, Inc.) [MS Ad]
Dev Home → C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1100.416.0_x64__8wekyb3d8bbwe [2024-02-24] (Microsoft Corporation)
HP Smart → C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_151.3.1092.0_x64__v10z8vjag6ke6 [2024-02-28] (HP Inc.)
Media Engine-Add-On für Fotos → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-03-29] (Microsoft Corporation)
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2024-02-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2024-02-28] (Microsoft Corporation) [MS Ad]
Microsoft Family → C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-14] (Microsoft Corp.)
Microsoft Solitaire Collection → C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2024-02-28] (Microsoft Studios) [MS Ad]
Microsoft Teams (work or school) → C:\Program Files\WindowsApps\MSTeams_24004.1307.2669.7070_x64__8wekyb3d8bbwe [2024-02-24] (Microsoft) [Startup Task]
Microsoft.AV1VideoExtension → C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-08-17] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS → C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-01-10] (Microsoft Corporation)
NVIDIA Control Panel → C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-04-20] (NVIDIA Corp.)
PowerToys ImageResizer Context Menu → C:\Program Files\PowerToys [2024-02-03] (Microsoft)
PowerToys PowerRename Context Menu → C:\Program Files\PowerToys\WinUI3Apps [2024-02-03] (Microsoft)
Prime Video for Windows → C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.153.0_x64__pwbj9vvecjh7j [2024-01-13] (Amazon Development Centre (London) Ltd)
Samsung Account → C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAccount_1.23.12130.0_x64__3c1yjt4zspk6g [2024-01-13] (Samsung Electronics Co. Ltd.)
Samsung Notes → C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungNotes_4.3.239.0_x64__wyx1vj98g3asy [2024-02-06] (Samsung Electronics Co, Ltd.) [Startup Task]
Spotify Music → C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0 [2024-02-15] (Spotify AB) [Startup Task]
WhatsApp → C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2407.10.0_x64__cv1g1gvanyjgm [2024-02-28] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack → C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-02-14] (Microsoft Corporation)
WinZipComputing.WinZipDesktopSubscription → C:\Program Files\WindowsApps\WinZipComputing.WinZipDesktopSubscription_76.5.15635.0_x64__3ykzqggjzj4z0 [2023-10-08] (WinZip Computing) [Startup Task]

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{04271989-C4D2-AE62-65FD-0434D8A5067B} → [OneDrive - haw-hamburg.de] => D:\OneDrive - haw-hamburg.de [2021-10-28 13:10]
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{05D5C28D-5808-4D10-B074-E5C99E12B717}\InprocServer32 → D:\Programme\tools\bin\orpiica64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{05D7C79A-7474-4C48-B4A1-B1D66BD63D09}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{0A486F4A-4115-4099-A699-775E9DC3B5EF}\InprocServer32 → D:\Programme\tools\bin\orpiPIC64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{0B27F437-2835-4659-8237-43CD183219A0}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{10144713-1526-46C9-88DA-1FB52807A9FF}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.SvgThumbnailProviderCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{123C44B9-728B-404C-9275-A9AAFF4A2A70}\localserver32 → “D:\Programme\tools\bin\Capture.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{13357088-9834-0409-1600-134951500000}\localserver32 → C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. → Adobe)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{18E58886-082B-4D2E-AF26-F17DBB49EAA4}\InprocServer32 → D:\Programme\tools\bin\orpiPIC64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 → C:\Users\eiko-\AppData\Local\Microsoft\TeamsMeetingAddin\1.23.35502\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{1B809005-0E36-449B-82A1-521C8B159CD2}\localserver32 → D:\Programme\tools\bin\stmed.exe => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{210682C7-69FA-40AA-9EBA-B484297E1428}\localserver32 → “D:\Programme\tools\bin\Capture.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{2325BDDF-8DC9-436C-89B9-A432CCBA3CA0}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{29469141-0AEF-44B7-9AEF-EE8CA948230F}\localserver32 → “D:\Programme\tools\bin\Capture.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{29CCEAE5-7C13-445E-B6EC-C6EB61337434}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{2F93A534-EB50-40CC-8E01-86615C821D55}\InprocServer32 → D:\Programme\tools\bin\orApConCtl64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{3237F402-D6FF-400D-8251-E45ACCA340E6}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{38142727-3008-9161-1521-349515000000}\localserver32 → C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. → Adobe)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{38398caf-42a4-4800-b39a-6721ecbcf0e4} → [Nextcloud - Eiko@192.168.100.220] => C:\Users\eiko-\Nextcloud2 [2022-05-02 17:15]
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{3899FD4D-D0C0-11D1-BBA2-0000C0708DD0}\localserver32 → “D:\Programme\tools\bin\modeled.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{396D66FA-4DDD-4AE1-9792-83662E856435}\InprocServer32 → D:\Programme\tools\bin\orpicis64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{4190A94F-E2F3-4834-B4AC-0C6169C87252}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{422F089A-E21A-44A9-9696-3B75892C5ADB}\InprocServer32 → D:\Programme\tools\bin\orpiPIC64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{48F36F49-216C-4935-9981-BDC2587FFD58}\localserver32 → “D:\Programme\tools\bin\modeled.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{4D5817BC-3DB0-46CC-AF10-732569D2233E}\InprocServer32 → D:\Programme\tools\bin\orpiPIC64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{4FD67241-98FE-4C18-998F-1E90DF7202D0}\localserver32 → “D:\Programme\tools\bin\SimSrvr.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{50CD4F57-D656-4D61-9824-CC612943539F}\localserver32 → “D:\Programme\tools\bin\pspiceaa.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{56512e36-c98f-d8d5-43c6-669ea60c4c0b}\localserver32 → “C:\Program Files\CleverFiles\Disk Drill\DD.exe” -ToastActivated => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{5A9F68A6-E297-4AA7-8062-C808E3788577}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{5C975C4D-F25F-4A57-A8A8-A3CEB8C32F09}\localserver32 → “D:\Programme\tools\bin\simmgr.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{5ea9a442-5352-ed6e-d37f-9d511e7e2caa}\localserver32 → C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{60789D87-9C3C-44AF-B18C-3DE2C2820ED3}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.MarkdownPreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{60C5D516-1EC5-4234-9B43-F99375FC56D3}\localserver32 → “D:\Programme\tools\bin\pspiceaa.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{617C4066-AC96-49A8-AD25-F49A71D918C1}\InprocServer32 → D:\Programme\tools\bin\orpicis64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{65A76550-356C-4E11-A72A-D4CBC651E6A2}\localserver32 → “D:\Programme\tools\bin\modeled.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{66985293-D546-11D1-B884-0000C080A60E}\localserver32 → “D:\Programme\tools\bin\modeled.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{68C9FDDB-EC79-4B65-9284-DD0DF17278CB}\InprocServer32 → D:\Programme\tools\bin\orpicis64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{71561EAC-EAD9-43D5-AF33-D3FAD8E08678}\localserver32 → D:\Programme\tools\bin\stmed.exe => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{729B72CD-B72E-4FE9-BCBF-E954B33FE699}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.QoiPreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{72FECBE9-03E9-4720-B9F3-06E2D921DB58}\InprocServer32 → D:\Programme\tools\bin\orpiPIC64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{7567A866-4AE5-4F60-AC2F-3F22C701F005}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{77FC9D03-91B9-4ED6-9A60-D67D8D144BE9}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{7BA47769-9971-4E54-80EE-5CDDFA3D7AFC}\InprocServer32 → D:\Programme\tools\bin\orpiica64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 → C:\Users\eiko-\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS → A-Volute)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{81A2FA8A-7639-49D8-BF17-12D124675126}\InprocServer32 → D:\Programme\tools\bin\ortruereuse64.ocx => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{83B9FE93-98C2-41C2-81F3-5638E5AC393C}\InprocServer32 → D:\Programme\tools\bin\ortruereuse64.ocx => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{84696c5b-1f1c-44ab-ac43-c9c6ce85c2dc} → [Nextcloud - Eiko@192.168.100.220] => C:\Users\eiko-\Nextcloud
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{88B6F2BB-8991-4C18-8CAB-135459004B15}\localserver32 → “D:\Programme\tools\bin\PspiceExplorerSrvr.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{8C04C2F0-59C9-443C-8D80-610F8BDE5436}\localserver32 → “D:\Programme\tools\bin\mrksrvr.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{8C36E9F3-FEF8-4356-9687-0C6233AABA4A}\localserver32 → “D:\Programme\tools\bin\simmgr.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{A0257634-8812-4CE8-AF11-FA69ACAEAFAE}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.GcodePreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{A06264CB-707B-4F72-94F4-D7ED17DBA8A7}\localserver32 → “D:\Programme\tools\bin\pspiceaa.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{AA7602C4-132E-401F-ACFA-9575FE07F910}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{AB34CA32-528F-42B1-A0D7-0124BBAEE609}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{AD856B15-D25E-4008-AFB7-AFAA55586188}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.QoiThumbnailProviderCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{B494D0B4-1EBF-4DE3-B125-E02A3635D853}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{B4FAEA65-84A2-43E7-9A99-BB9FFA445A84}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{B7FC3AD7-A23F-4A6C-8B58-A2A2932BA1CB}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{BBB19602-BF51-11D1-BB9B-0000C0708DD0}\localserver32 → “D:\Programme\tools\bin\modeled.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{BD30641C-F215-4B4D-8AA0-4F352CEF3191}\InprocServer32 → D:\Programme\tools\bin\orpicis64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{C4911AF1-ADE4-4B0F-B358-F3C0420A2E66}\InprocServer32 → D:\Programme\tools\bin\orApConCtl64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 → C:\Users\eiko-\AppData\Local\Autodesk\webdeploy\production\b0c303e70bd97cfdc195adab65922cfeffcb363a\NPreview10.dll (Autodesk, Inc. → )
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 → C:\Users\eiko-\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{D255B66D-E366-4F8F-A6D3-BFA1E6C662B2}\InprocServer32 → D:\Programme\tools\bin\orgenlibcom64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{D888E055-3690-457C-8B2E-B3FC3AE72B0F}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{D8A7D3AA-A300-47B0-9DFA-37BA08312DFF}\localserver32 → “D:\Programme\tools\bin\Capture.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{DA8C98D1-2BF5-46F2-A53C-AC1F3FB8C026}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{DB2D5854-0B7A-468D-8E7F-1F328DD4D4A9}\InprocServer32 → D:\Programme\tools\bin\orpicis64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{E59930E6-F48A-4F96-AF57-A35360052540}\localserver32 → “D:\Programme\tools\bin\modeled.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{E941B0DC-DCEE-4D64-8DFA-8CF7C7F242E5}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{EA8A65DF-0920-4DDC-B468-B3043141A21C}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{EB0DEA2E-EF40-44CD-A2B0-2B66C03C3762}\localserver32 → “D:\Programme\tools\bin\Capture.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{EF05EE67-7E36-4545-8C43-79F623414A47}\InprocServer32 → D:\Programme\tools\bin\orpiica64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{F0B7857A-E4CC-46CC-80CB-3FE8B38734D0}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{F2847CBE-CD03-4C83-A359-1A8052C1B9D5}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.GcodeThumbnailProviderCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{F9CE1B02-BDC1-11D1-BB99-0000C0708DD0}\localserver32 → “D:\Programme\tools\bin\modeled.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{FCDD4EED-41AA-492F-8A84-31A1546226E0}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.SvgPreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ NextcloudError] → {E0342B74-7593-4C70-9D61-22F294AAFE05} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudOK] → {E1094E94-BE93-4EA2-9639-8475C68F3886} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudOKShared] → {E243AD85-F71B-496B-B17E-B8091CBE93D2} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudSync] → {E3D6DB20-1D83-4829-B5C9-941B31C0C35A} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudWarning] → {E4977F33-F93A-4A0A-9D3C-83DEA0EE8483} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ContextMenuHandlers2: [FileLocksmithExt] → {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2024-01-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers3: [FileLocksmithExt] → {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2024-01-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-28] (Malwarebytes Inc. → Malwarebytes)
ContextMenuHandlers3: [NextcloudContextMenuHandler] → {BC6988AB-ACE2-4B81-84DC-DC34F9B24401} => C:\Program Files\Nextcloud\shellext\NCContextMenu.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ContextMenuHandlers3: [PowerRenameExt] → {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2024-01-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers4: [RecuvaShellExt] → {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED → Piriform Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] → {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvshext.dll [2020-10-07] (NVIDIA Corporation → NVIDIA Corporation)
ContextMenuHandlers5: [PowerRenameExt] → {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2024-01-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-28] (Malwarebytes Inc. → Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] → {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED → Piriform Software Ltd)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2019-06-19 10:25 - 2019-06-19 10:25 - 000209920 _____ () [Datei ist nicht signiert] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\AacHal_x86.dll
2018-03-20 14:34 - 2018-03-20 14:34 - 000265728 _____ () [Datei ist nicht signiert] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\SB_SMBUS_SDK.dll
2019-06-28 10:51 - 2019-06-28 10:51 - 000184832 _____ () [Datei ist nicht signiert] C:\Program Files\ENE\Aac_ENE_EHD_M2_HAL\AacHal_x86.dll
2020-01-07 22:07 - 2020-01-07 22:05 - 000237568 _____ () [Datei ist nicht signiert] D:\Programme\Dragon Center\Mystic_Light\LEDControl.dll
2020-01-09 18:18 - 2019-01-28 06:00 - 000254464 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNCALDL.DLL
2020-01-09 18:18 - 2019-01-10 05:00 - 001302016 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNMLMDL.DLL
2020-01-07 22:07 - 2020-01-07 22:05 - 002200784 _____ (Dexin Corp → MICRO-STAR INTERNATIONAL) [Datei ist nicht signiert] D:\Programme\Dragon Center\Mystic_Light\IcMSIDll.dll
2020-01-07 22:07 - 2020-01-07 22:07 - 002200784 _____ (Dexin Corp → MICRO-STAR INTERNATIONAL) [Datei ist nicht signiert] D:\Programme\Dragon Center\Mystic_Light\Lib\IcMSIDll.dll
2019-11-15 10:53 - 2019-11-15 10:53 - 000090112 _____ (Silicon Laboratories, Inc.) [Datei ist nicht signiert] D:\Programme\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2020-01-07 22:07 - 2020-01-07 22:07 - 000399872 _____ (TODO: <公司名稱>) [Datei ist nicht signiert] D:\Programme\Dragon Center\Mystic_Light\Lib\SDKDLL.dll
2016-09-29 05:30 - 2016-09-29 05:30 - 000220160 _____ (WIBU-SYSTEMS AG) [Datei ist nicht signiert] C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.lDe

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows:CM_2a732c3f1e3eb40b63fe062d0180f157c71684af0a0442ab953224075801bb78 [74]
AlternateDataStreams: C:\Windows:CM_bf41c588bad5a092a453669c0d3c66d1ec2c072fbf5c15cc6acda24c9e4d0955 [74]
AlternateDataStreams: C:\Users\eiko-\Desktop\FRST64.exe:MBAM.Zone.Identifier [240]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert “AlternateShell” wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => “”=“Service”

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)

HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes\regfile: <==== ACHTUNG
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes.reg: => <==== ACHTUNG
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes.bat: => <==== ACHTUNG
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes.cmd: => <==== ACHTUNG

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========

BHO: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre-1.8\bin\ssv.dll [2023-12-19] (Oracle America, Inc. → Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll [2023-12-19] (Oracle America, Inc. → Oracle Corporation)
BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2024-01-13] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\localhost → localhost
IE trusted site: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\sharepoint.com → hxxps://hawhamburgde-files.sharepoint.com

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2019-03-19 05:49 - 2024-02-28 16:35 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path → C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Windows\System32\OpenSSH;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;%SYSTEMROOT%\System32\OpenSSH;C:\Program Files\dotnet;C:\Program Files (x86)\dotnet;C:\Program Files\Crucial\Crucial Storage Executive;C:\Program Files\Git\cmd
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Control Panel\Desktop\Wallpaper → C:\Users\eiko-\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\15248146012458418531\133532746171711734.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

HKLM...\StartupApproved\StartupFolder: => “WinZip Preloader.lnk”
HKLM...\StartupApproved\StartupFolder: => “CodeMeter Control Center.lnk”
HKLM...\StartupApproved\Run: => “WinZip UN”
HKLM...\StartupApproved\Run: => “WinZip FAH”
HKLM...\StartupApproved\Run: => “PDF24”
HKLM...\StartupApproved\Run32: => “CORSAIR iCUE Software”
HKLM...\StartupApproved\Run32: => “IJNetworkScannerSelectorEX2”
HKLM...\StartupApproved\Run32: => “CanonQuickMenu”
HKLM...\StartupApproved\Run32: => “PDFPrint”
HKLM...\StartupApproved\Run32: => “GatewaySysTray”
HKLM...\StartupApproved\Run32: => “CODESYSControlSysTray”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\StartupFolder: => “An OneNote senden.lnk”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “OneDrive”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “Steam”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “Discord”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “Overwolf”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “Nextcloud”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “MicrosoftEdgeAutoLaunch_322C183E72E821C8032805843FDA8DCC”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “com.squirrel.Teams.Teams”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “RiotClient”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “EpicGamesLauncher”

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{DC38C056-7BC6-402C-8C7E-0D09D1A7B84F}] => (Block) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [{81AACDE4-9800-490D-B67E-F513665C9918}] => (Block) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [UDP Query User{AD788EA4-4AC7-4DEB-AD15-60BB29596564}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{92CF064D-57DB-46A0-9AFF-4D88B7A620E5}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [UDP Query User{0F4A798B-5889-4F92-9609-5A18A87BE9D1}D:\programme\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) D:\programme\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{5BDA5EB0-9575-4832-80AC-C853FD95A948}D:\programme\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) D:\programme\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{8330EB73-AB1C-41CA-9755-39A390E36176}D:\programme\freefilesync\bin\freefilesync_x64.exe] => (Allow) D:\programme\freefilesync\bin\freefilesync_x64.exe (Florian BAUER → FreeFileSync.org)
FirewallRules: [TCP Query User{8D7F5CE9-0C93-4AA4-A37F-7964AA9BAD77}D:\programme\freefilesync\bin\freefilesync_x64.exe] => (Allow) D:\programme\freefilesync\bin\freefilesync_x64.exe (Florian BAUER → FreeFileSync.org)
FirewallRules: [{2B27175F-CF4D-4A4F-AD7D-65A0B35F8935}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{E1B86E19-0D33-4630-8FF7-277C68AABBFC}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{6B3EADBD-3708-4F4B-9EF5-06BA20CE694F}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{F4CFF23C-172A-431D-B83E-990FD7F8C7F4}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{415D687F-A78C-4777-8F1E-94CF957E5D67}] => (Allow) D:\PROGRAMME\tools\pcbdw\jre\bin\tnameserv.exe => Keine Datei
FirewallRules: [{1AD84F0E-92B6-4870-94AF-8CDCBB0D76DB}] => (Allow) D:\PROGRAMME\tools\pcbdw\jre\bin\rmiregistry.exe => Keine Datei
FirewallRules: [{43BCEB11-CC5D-4525-A4D6-983DB16E1113}] => (Allow) D:\PROGRAMME\tools\pcbdw\jre\bin\javaw.exe => Keine Datei
FirewallRules: [{0BB9249C-F3E2-4A00-8547-64BA27D69C5E}] => (Allow) D:\PROGRAMME\tools\pcbdw\jre\bin\java.exe => Keine Datei
FirewallRules: [{DE1628ED-2117-42E8-B73D-1F969DAD5DDE}] => (Allow) D:\PROGRAMME\tools\cdnshelp\bin_cdnshelp.exe => Keine Datei
FirewallRules: [{6A7B6764-94FB-4119-B5D6-519BBCE264E7}] => (Allow) D:\PROGRAMME\tools\bin\muserver.exe => Keine Datei
FirewallRules: [{FA374C6D-70FC-42C8-9ED2-BDEAF0FAF7AB}] => (Allow) D:\PROGRAMME\tools\bin\Capture.exe => Keine Datei
FirewallRules: [{7F1DABF9-4680-4958-90AE-795A207BEC11}] => (Allow) D:\PROGRAMME\tools\bin\sigxp.exe => Keine Datei
FirewallRules: [{7181D43B-C903-4716-80AA-E2510A0B753F}] => (Allow) D:\PROGRAMME\tools\bin\sigxsect.exe => Keine Datei
FirewallRules: [{50D056C2-D114-4F2A-88B6-B2340277240E}] => (Allow) D:\PROGRAMME\tools\bin\sigwave.exe => Keine Datei
FirewallRules: [{89554ABD-674D-4A86-9280-A67D5F957FC9}] => (Allow) D:\PROGRAMME\tools\bin\productServer.exe => Keine Datei
FirewallRules: [{AC876044-062D-49F2-ABD7-8C0A97B3FA6B}] => (Allow) D:\PROGRAMME\tools\bin\modelintegrity.exe => Keine Datei
FirewallRules: [{1B3C1EB3-52C6-438A-826D-B56C5AF14C0F}] => (Allow) D:\PROGRAMME\tools\bin\allegro.exe => Keine Datei
FirewallRules: [{D2B69B7C-765B-47C7-ADE6-1F21549A9CCB}] => (Allow) D:\PROGRAMME\tools\bin\AppMgr.exe => Keine Datei
FirewallRules: [{FC672B17-3863-4F30-8082-C7F53EDA5F57}] => (Allow) D:\PROGRAMME\tools\bin\cdsmps.exe => Keine Datei
FirewallRules: [{D1DBF654-2E4F-4CF9-B272-FF66E259E186}] => (Allow) D:\PROGRAMME\tools\bin\cdsNameServer.exe => Keine Datei
FirewallRules: [{B28AB4A5-9DEE-486E-AF50-4934F05BB383}] => (Allow) D:\PROGRAMME\tools\bin\cdsMsgServer.exe => Keine Datei
FirewallRules: [{E85246FF-F695-4D99-9E59-CFF7B292BCA8}] => (Allow) D:\PROGRAMME\tools\bin\clsbd.exe => Keine Datei
FirewallRules: [{BA9AA785-2BCA-45BC-947F-8AEFB77C847C}] => (Allow) D:\PROGRAMME\tools\bin\swap.exe => Keine Datei
FirewallRules: [{5781DB7B-6FED-4C26-9DD0-31895BC251B3}] => (Allow) D:\PROGRAMME\tools\jre64\bin\javaw.exe => Keine Datei
FirewallRules: [{85165EBA-88B4-4FDD-A9A6-ABDBF41DD5BB}] => (Allow) D:\PROGRAMME\tools\jre64\bin\java.exe => Keine Datei
FirewallRules: [{DF55D6C9-8E7B-4E4A-92E8-FA6E4F728AE3}] => (Allow) D:\PROGRAMME\tools\jre64\bin\tnameserv.exe => Keine Datei
FirewallRules: [{F91EF174-DBF5-45D6-A938-45BF3B577457}] => (Allow) D:\PROGRAMME\tools\jre64\bin\rmiregistry.exe => Keine Datei
FirewallRules: [{3030485F-6495-41F8-85D1-60EBB1E2F0B9}] => (Allow) D:\PROGRAMME\OpenAccess\bin\x64\opt\oaFSLockD.exe => Keine Datei
FirewallRules: [{C7E2171C-8FD8-44BF-958C-DE5CEDE68B77}] => (Allow) D:\PROGRAMME\openaccess\bin\x64\opt\oaDMTurboServer.exe => Keine Datei
FirewallRules: [UDP Query User{043ECEF8-8109-40B8-84AD-19CFAE5B6E76}D:\programme\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) D:\programme\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [TCP Query User{BE6CA684-F767-440E-B229-7C99913C3337}D:\programme\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) D:\programme\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{9F4B0050-EE9D-41D1-9F3A-E354A838556B}D:\programme\angry ip scanner\jre\bin\javaw.exe] => (Block) D:\programme\angry ip scanner\jre\bin\javaw.exe => Keine Datei
FirewallRules: [TCP Query User{51F3F81D-E710-4788-8753-45FDCE3F1D83}D:\programme\angry ip scanner\jre\bin\javaw.exe] => (Block) D:\programme\angry ip scanner\jre\bin\javaw.exe => Keine Datei
FirewallRules: [UDP Query User{65184F1F-8F38-4CE4-AA73-22C8F93537CB}D:\programme\install\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\programme\install\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{FCBF3D6D-D1A2-497A-AC73-647AAF1DA470}D:\programme\install\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\programme\install\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{38F4B99D-25BE-4655-9C28-43100D3F530D}] => (Allow) C:\Users\eiko-\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{BF1DE274-0BCB-4D81-95D8-52728E4A95B0}D:\programme\airdroid\airdroid.exe] => (Allow) D:\programme\airdroid\airdroid.exe => Keine Datei
FirewallRules: [TCP Query User{82B6BDE2-6A1B-4062-94D1-A2A17BC971F4}D:\programme\airdroid\airdroid.exe] => (Allow) D:\programme\airdroid\airdroid.exe => Keine Datei
FirewallRules: [{055487D4-80A4-4764-B807-1424EE5FD5F4}] => (Allow) D:\Programme\Ubisoft Game Launcher\games\Anno 1800\Bin\Win64\Anno1800.exe (UBISOFT ENTERTAINMENT INC. → Ubisoft)
FirewallRules: [{9512345D-6394-465C-8E3B-5F33DE5EC10B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{C675973E-8322-4C2C-97EB-5D07079A99F0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{D1330097-8553-48E2-BFE5-3EEEB543BB39}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{287A857D-70DA-42BB-BFF6-F454D73B29F5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{45AE92CD-EA04-4379-8578-613E0030B301}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{91039128-6EF6-4727-9C42-C448B4C5D10F}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Mythology\AoMX.exe (Microsoft Corp) [Datei ist nicht signiert]
FirewallRules: [{6B4D91F0-7455-4AC3-884B-98C1803A6167}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Mythology\AoMX.exe (Microsoft Corp) [Datei ist nicht signiert]
FirewallRules: [{EBF76231-D441-433F-8DAD-7CDFC8468D3E}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Mythology\Launcher.exe (TODO: ) [Datei ist nicht signiert]
FirewallRules: [{217F66B7-11A6-4DFD-80CC-B6D79F5CEC18}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Mythology\Launcher.exe (TODO: ) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{DF7F7F81-5388-4EC8-97EF-9ED87931CF19}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_241\bin\javaw.exe => Keine Datei
FirewallRules: [TCP Query User{D4823837-C4A1-4CAD-888D-6D23DFDC78F9}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_241\bin\javaw.exe => Keine Datei
FirewallRules: [{DFC0EB80-5C53-4CFD-B783-86F6FE6C8D24}] => (Allow) D:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{E9B135D1-5AEC-4E80-9760-758BC2ED25E5}] => (Allow) D:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{DBA546C7-062E-4537-BBAC-803DDD3D6A7E}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC → Futuremark)
FirewallRules: [{7387F38A-6876-49EC-B2B0-9E71D96ECC72}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC → Futuremark)
FirewallRules: [{9A7F8F80-CAB5-4216-8F4E-483D2684F91B}] => (Allow) D:\Programme\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{C6BB91F1-1D99-4F69-A490-B20D99D436CF}] => (Allow) D:\Programme\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{C41D44F6-ED97-461A-AA06-94A5A39A07A1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{5976B0C1-5ACC-4485-BDA9-EEA8754EEE6F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{6E369597-3084-4050-B043-600D6ABA1FB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{C66A0230-400B-493A-8C1B-F00C17D1BEF2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{F871D8FB-3F4D-421D-AAE3-9F6B20048843}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{454E7A75-1C3C-4DFD-8207-0E864B2F1ABA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [TCP Query User{D4BA32A3-FDF4-4C07-BC62-83B179C6506E}D:\programme\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\programme\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{936F2D13-DF5E-458B-A955-851D5B4FB563}D:\programme\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\programme\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{28127D0E-D3AE-4FC0-AD01-3B3223E629E3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => Keine Datei
FirewallRules: [{741F5DDA-8B3E-484E-8394-92E50FCF214A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => Keine Datei
FirewallRules: [{CD5CBB81-99D3-44BC-A6E4-9D5E2896C627}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => Keine Datei
FirewallRules: [{96C0C8D0-97B5-4782-84AB-C4DFC4AE5475}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => Keine Datei
FirewallRules: [TCP Query User{CCA06AF5-66CF-4F13-AB71-F9C39825990B}D:\programme\arduino\java\bin\javaw.exe] => (Allow) D:\programme\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{2AA2A08E-9AD4-4EB0-B55E-469CDF39360F}D:\programme\arduino\java\bin\javaw.exe] => (Allow) D:\programme\arduino\java\bin\javaw.exe
FirewallRules: [{495F5E7C-5384-436C-B273-A178C723B2DD}] => (Allow) D:\Programme\Ubisoft Game Launcher\games\Trackmania\trackmania.exe (NADEO SASU → Nadeo)
FirewallRules: [{F362C656-6E2B-41BC-BFBB-8CE01081C3C5}] => (Allow) D:\Programme\Ubisoft Game Launcher\games\Trackmania\trackmania.exe (NADEO SASU → Nadeo)
FirewallRules: [TCP Query User{35E3D4E4-4F09-440B-AB5B-45B905483E2C}C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [UDP Query User{B757C28E-7F67-4FC1-A65A-A42EB464EA26}C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{2E361E33-CE02-4280-9B42-54AA9EA954D8}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{E46CE610-C8BD-47B6-8BD8-6F88F29BF20A}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{CE0A55A3-B0F5-40D0-A062-62FBE8739C3C}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{C7F1E4E8-58A9-43F1-AA76-79CECBD2D03F}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{2AB7E746-53EB-4DAD-9654-236D5600CAD2}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc → Logitech, Inc.)
FirewallRules: [{C96599EC-5310-4A59-9F73-F5BDD796797F}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{D682A2EB-BAE7-4BE5-A304-C1F416B127E3}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{35FAA9AC-1213-4D38-9E8C-9A275E6E14B6}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{3268EFBE-4C81-49C9-AD48-EDC3335758F9}] => (Allow) C:\Users\eiko-\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{7D17E545-BF8E-4FA8-A01A-08972AEF9CBB}] => (Allow) C:\Users\eiko-\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{80574D36-E00A-4A9A-8191-87D405ED45C3}] => (Allow) C:\Users\eiko-\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{75C4C195-B5F7-4632-8014-53F1FCE8B0ED}C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [UDP Query User{0A70D895-87A9-4B9C-82F2-97CFA3FC0A7F}C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{FF239137-D032-45F6-B263-143C815C103C}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Empires IV\RelicCardinal.exe (RELIC ENTERTAINMENT, INC. → Relic Entertainment)
FirewallRules: [{8F25C6C8-5F22-43F1-AD9A-25875FCB0E98}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Empires IV\RelicCardinal.exe (RELIC ENTERTAINMENT, INC. → Relic Entertainment)
FirewallRules: [{4EC62EE2-355A-43AE-87A8-09939E4DDF57}] => (Allow) C:\Users\eiko-\AppData\Local\Temp\7zS7ACD\HPDiagnosticCoreUI.exe => Keine Datei
FirewallRules: [{69C09CB5-37CC-4C69-91D7-C6A761BF91AA}] => (Allow) C:\Users\eiko-\AppData\Local\Temp\7zS7ACD\HPDiagnosticCoreUI.exe => Keine Datei
FirewallRules: [TCP Query User{306288FF-4DE5-4EB1-8866-D00FE9C273A8}D:\programme\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\programme\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{EC39A673-930D-49EC-9135-9B866A1A0033}D:\programme\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\programme\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{17BBF18F-A806-495E-93D3-6C38E8158BD2}D:\programme\arduino\java\bin\javaw.exe] => (Allow) D:\programme\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{4CCC7730-F912-4056-BBA6-F50BE4F9EE6A}D:\programme\arduino\java\bin\javaw.exe] => (Allow) D:\programme\arduino\java\bin\javaw.exe
FirewallRules: [{F0B59BBA-FB70-48B0-8CF3-9153EF7B7BC3}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG)
FirewallRules: [{3D58B04D-AFD0-4482-A115-7571E50C4558}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG)
FirewallRules: [{08D56A1D-3837-4F57-90CF-849116B7E206}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG)
FirewallRules: [{5B29FA0B-29F5-416D-ABB2-290897BC05FA}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\CODESYS.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{015A8D3D-F40C-4BB5-A5A7-74AA118AAD76}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\CODESYS.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{475F8A65-BC13-4BB3-A1EA-1FF2C99EC3C5}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\CODESYS.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{395F3D88-3380-4201-873C-014EC07E72EE}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\CODESYS.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{15ECB879-60C4-42F4-94BE-66A38BB6CC48}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\RepTool.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{E3B1E9C9-200D-465E-AD9C-622FDA031CF3}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\RepTool.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{9BAB2765-B9DE-4A99-8182-1B1981DC23B1}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\RepTool.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{8B99EB7C-E07A-4126-B1D6-52FF044E7862}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\RepTool.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{CBB56258-647F-4608-8384-296265CCADBB}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\IPMCLI.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{99C74BD9-106E-4CD6-A6C5-0E39F9097B6D}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\IPMCLI.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{2937A2BD-18E2-46CB-A6F2-83A475A1BF2D}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\IPMCLI.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{D6ED8DD3-E2F1-4B55-95B0-16309EE0B082}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\IPMCLI.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{AA40FF9F-72BC-42D8-A8C0-D330563CE228}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{F2BD632C-2FA0-4AAC-9024-26D7A1A99CEC}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{91238EAC-87E7-4297-9329-E302BE237483}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{FFE70F5B-1EAA-4C55-954C-E763DCD1E0B1}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{CEE39792-4A68-4970-8615-FEBA29CF7019}] => (Allow) C:\Windows\SysWOW64\Gateway.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{6B8FB6D7-1CFB-412D-9CF5-23706446F401}] => (Allow) C:\Windows\SysWOW64\Gateway.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{DD5D6F82-F8CD-45DF-8BCD-4B52EE5C701F}] => (Allow) C:\Windows\SysWOW64\Gateway.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{C0A7C768-654B-46F7-AA9E-6D111B46F844}] => (Allow) C:\Windows\SysWOW64\Gateway.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{EC09C64B-FC0B-4DB8-8905-631E7C445096}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{3E8FC8EC-4359-4FAB-9653-F65D906A650A}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{B852E5C9-F6BA-4C97-9785-569D1E33A681}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{D80E72AE-7250-42D7-846D-0FA9AA12ACE8}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{B8951E4A-334B-4072-8C39-BED285225477}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{464A1A85-0515-435B-9086-C2EF53D93886}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{67625BC9-F345-4610-8730-700695486F99}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{5C710ECE-9777-4488-9D5E-CB7990EE78AA}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [TCP Query User{5286CD36-1CA4-4B8A-BFA6-9CCB2E7B2A50}C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe] => (Allow) C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{E0515BBA-3DB8-46D5-B642-49EA0C99180B}C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe] => (Allow) C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe () [Datei ist nicht signiert]
FirewallRules: [{F2FEF788-42EB-4946-BE43-66B4627CB7E6}] => (Block) C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe () [Datei ist nicht signiert]
FirewallRules: [{AF9965FD-F81F-44F1-AF57-9CC445DD513F}] => (Block) C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{68E6CF3C-38A7-4EB9-96CC-F84EFFE857A4}C:\program files\orcaslicer\orca-slicer.exe] => (Allow) C:\program files\orcaslicer\orca-slicer.exe (SoftFever) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{4A6434BA-95EE-4311-802B-664A774B682E}C:\program files\orcaslicer\orca-slicer.exe] => (Allow) C:\program files\orcaslicer\orca-slicer.exe (SoftFever) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{58C3F345-F0B7-4F88-B4FB-7D5FB56FF212}C:\program files\altium\ad23\x2.exe] => (Allow) C:\program files\altium\ad23\x2.exe (Altium LLC → Altium LLC)
FirewallRules: [UDP Query User{E6831222-A353-4556-8C88-C187BBE6FB54}C:\program files\altium\ad23\x2.exe] => (Allow) C:\program files\altium\ad23\x2.exe (Altium LLC → Altium LLC)
FirewallRules: [TCP Query User{B658F0F2-0674-4EAF-97A3-24F9862C0969}C:\program files\logisim-evolution\logisim-evolution.exe] => (Allow) C:\program files\logisim-evolution\logisim-evolution.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{82C35AEA-279C-4D8D-BE9A-1141D3EB63BD}C:\program files\logisim-evolution\logisim-evolution.exe] => (Allow) C:\program files\logisim-evolution\logisim-evolution.exe () [Datei ist nicht signiert]
FirewallRules: [{BDA1F261-AACF-41B5-AF13-06A399EE663F}] => (Allow) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{DD277CB2-CCCB-49B1-90F2-8ECD2725E566}] => (Allow) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{75C2A5BB-BD5D-400F-BF4C-2D5E8C37F022}] => (Block) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{F570DEB9-7543-444D-BE22-8B5F4E0A64AF}] => (Block) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{0BEE96F2-B220-4374-85AA-F7591F9115D4}] => (Allow) D:\Programme\Overwolf\0.241.0.10\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{FDE81D56-341B-4F0A-A78E-B47CF66AC867}] => (Allow) D:\Programme\Overwolf\0.241.0.10\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{607F91DD-70EF-4778-A667-37E964C97E6C}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24004.1403.2634.2418_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{4E963323-DBE0-4EB8-BE46-948D296EF8C5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24004.1403.2634.2418_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{AD6D52A6-184E-4609-A83F-3B1BFDE17A5D}] => (Allow) C:\Program Files\PowerToys\PowerToys.MouseWithoutBorders.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{9B775932-8A94-4498-8776-15FF464CC1F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{BCAD00D9-729A-46E5-9821-B6C10598770F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{D768EE1E-1A62-40F9-BC01-45BE2BB707A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{8B0B53C6-3724-4ACE-88BD-8C5C16934A19}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{7A440472-29B9-4177-BA6A-159FCFE13D97}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{6DBF0588-ACEB-46EC-A6C4-E1AD06FAC48D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{29BBCF3D-B7B3-4CDE-81E2-5ADCC34966DD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{7B0357DA-3E2F-477C-817E-2A35E7150D94}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{D7D148F1-32CD-4B13-9BB0-5A4AD7B03450}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{30211BEE-3CD3-4924-9BB7-8B9707AD8416}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.231.1205.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{EDFD7B9F-FB83-4D9F-BBDD-6531504BC829}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24004.1307.2669.7070_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{2263883D-3995-4BD7-9B22-1DAD1495BF23}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24004.1307.2669.7070_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{5FD1FC2C-9153-4A41-A69D-61626F835630}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{ADFA4932-EA8F-4E46-AAAE-E58B935BE380}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{79068DF1-AF19-45E5-8157-7A928B4CB6D4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{87149421-DD07-4E19-9819-17347BB6C14A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{83DA9AA9-C92A-4FCA-9BBA-D7023B78F27B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC)
FirewallRules: [{08C12255-4807-4EA2-B22B-5987EF309E67}] => (Allow) D:\Programme\Steam\steamapps\common\Supermarket Simulator\Supermarket Simulator.exe () [Datei ist nicht signiert]
FirewallRules: [{CE7704F2-FF6A-484C-A27E-40464706FE3A}] => (Allow) D:\Programme\Steam\steamapps\common\Supermarket Simulator\Supermarket Simulator.exe () [Datei ist nicht signiert]
FirewallRules: [{09E5CBDC-E069-45D4-86C8-93DD8321A355}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{6D004781-A1E3-4614-92E8-10FA11B4ADD0}] => (Allow) LPort=26820
FirewallRules: [{E17689FD-2D5F-4153-9FD4-0C0CDF5288BB}] => (Allow) LPort=26822
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Wiederherstellungspunkte =========================

14-02-2024 14:17:16 Windows Update
24-02-2024 20:32:56 Windows Update
24-02-2024 20:32:57 Windows Update
24-02-2024 20:32:58 Windows Update
28-02-2024 14:26:58 Windows Update
28-02-2024 14:27:01 Windows Update

==================== Fehlerhafte Geräte im Gerätemanager ============

==================== Fehlereinträge in der Ereignisanzeige: ========================
[HEADING=1]Applikationsfehler:[/HEADING]
Error: (02/28/2024 04:49:46 PM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Das Programm SecHealthUI.exe Version 10.0.22621.1 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.

Error: (02/28/2024 04:48:16 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-OSDJ7D2$ über https://amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Wed, 28 Feb 2024 15:48:18 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 71ea7843-9db6-4aa0-b9b6-43757ed4d06d

Methode: GET(203ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (02/28/2024 04:48:16 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Wed, 28 Feb 2024 15:48:18 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 3c5feca0-62c2-4a86-8310-289485e0119a

Methode: GET(375ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (02/28/2024 04:43:28 PM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Das Programm SecHealthUI.exe Version 10.0.22621.1 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.

Error: (02/28/2024 04:35:29 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine “QueryFullProcessImageNameW” ist ein unerwarteter Fehler aufgetreten. hr = 0x80070006, Das Handle ist ungültig..

Vorgang:
Asynchroner Vorgang wird ausgeführt

Kontext:
Aktueller Status: DoSnapshotSet

Error: (02/28/2024 04:35:19 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle “IVssWriterCallback” ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert.Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.

Vorgang:
Generatordaten werden gesammelt

Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {e0651f04-714a-41c3-ab13-8d4c552d90d1}

Error: (02/28/2024 04:32:00 PM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Das Programm SecHealthUI.exe Version 10.0.22621.1 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.

Error: (02/28/2024 04:12:39 PM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Das Programm SecHealthUI.exe Version 10.0.22621.1 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.
[HEADING=1]Systemfehler:[/HEADING]
Error: (02/28/2024 04:50:33 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OSDJ7D2)
Description: Der Server “{F99A566C-42AE-4DE2-AD4D-D297A04C5433}” konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (02/28/2024 04:48:08 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst “GameInput Service” wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (02/28/2024 04:48:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst “GameInput Service” wurde mit folgendem Fehler beendet:
Die Verbunddatei “GameInput Service” wurde mit einer neueren Version erstellt.

Error: (02/28/2024 04:48:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst “GameInput Service” wurde unerwartet beendet. Dies ist bereits 5 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/28/2024 04:48:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst “GameInput Service” wurde mit folgendem Fehler beendet:
Die Verbunddatei “GameInput Service” wurde mit einer neueren Version erstellt.

Error: (02/28/2024 04:48:06 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst “GameInput Service” wurde unerwartet beendet. Dies ist bereits 4 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/28/2024 04:48:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst “GameInput Service” wurde mit folgendem Fehler beendet:
Die Verbunddatei “GameInput Service” wurde mit einer neueren Version erstellt.

Error: (02/28/2024 04:48:05 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst “GameInput Service” wurde unerwartet beendet. Dies ist bereits 3 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Windows Defender:
================Event[0]

Date: 2024-02-28 15:24:21
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.349.1208.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiSpyware
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18500.10
Fehlercode: 0x80072f8f
Fehlerbeschreibung: Es ist ein Sicherheitsfehler aufgetreten.

Date: 2024-02-28 15:24:21
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.349.1208.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18500.10
Fehlercode: 0x80072f8f
Fehlerbeschreibung: Es ist ein Sicherheitsfehler aufgetreten.

Date: 2024-02-28 15:24:20
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.349.1208.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18500.10
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.

Date: 2024-02-28 15:24:20
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.349.1208.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18500.10
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2024-02-28 16:49:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Speicherinformationen ===========================

BIOS: American Megatrends Inc. 1.B0 11/08/2019
Hauptplatine: Micro-Star International Co., Ltd. B450 GAMING PRO CARBON AC (MS-7B85)
Prozessor: AMD Ryzen 5 3600 6-Core Processor
Prozentuale Nutzung des RAM: 17%
Installierter physikalischer RAM: 32716.52 MB
Verfügbarer physikalischer RAM: 26837.14 MB
Summe virtueller Speicher: 34764.52 MB
Verfügbarer virtueller Speicher: 26923.32 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:930.09 GB) (Free:651.85 GB) (Model: CT1000P3SSD8) NTFS
Drive d: (Speicher) (Fixed) (Total:894.24 GB) (Free:449.38 GB) (Model: Patriot Burst) NTFS
Drive e: (SSD Speicher) (Fixed) (Total:119.24 GB) (Free:119.15 GB) (Model: SAMSUNG MZVLW128HEGR-00000) NTFS
Drive x: () (Network) (Total:0 GB) (Free:0 GB)

\?\Volume{e5fef1f2-14bc-41e5-a2cb-6fec93bb4729}\ () (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS
\?\Volume{41e65462-6f71-4c4a-9c2b-c5457b66e6f2}\ () (Fixed) (Total:0.69 GB) (Free:0.06 GB) NTFS
\?\Volume{9ac877f4-f51d-470b-8acb-437c47e286b7}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 894.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt =======================
    Tags: None
    • Malnutrition
      PCHF Moderator
      • Jul 2016
      • 7045
      #2
      @Urenis

      I’ll have a look at this when I get home this afternoon.

      Around 7 pm eastern time.

        Comment

        • Malnutrition
          PCHF Moderator
          • Jul 2016
          • 7045
          #3
          Copy the content of the code box below.
          Do not copy the word code!!!
          Right Click FRST and run as Administrator.
          Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
          Attach it to your next message.
          Code:
          start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Task: {3DB13C74-DE6C-470B-9460-AB7A523FB569} - System32\Tasks\VLC Plus Player Updater => C:\Users\eiko-\AppData\Local\VLC -> Plus Player Updater\Updater.exe <==== ACHTUNG
C:\Users\eiko-\AppData\Local\VLC
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3a305b48-12bf-40ef-b06c-e6fc35585716}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3a305b48-12bf-40ef-b06c-e6fc35585716}: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{c37cf130-c400-4f29-8c9a-3d756739681d}: [NameServer] 1.1.1.1
Tcpip\..\Interfaces\{c37cf130-c400-4f29-8c9a-3d756739681d}: [DhcpNameServer] 192.168.180.191
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
Unlock: C:\ProgramData\cm-lock
C:\ProgramData\cm-lock
2024-02-28 15:58 - 2024-02-28 15:58 - 000758838 _____ C:\WINDOWS\system32\perfh007.dat
2024-02-28 15:58 - 2024-02-28 15:58 - 000157058 _____ C:\WINDOWS\system32\perfc007.dat
C:\Users\eiko-\AppData\Local\SvRmt
2023-08-22 12:37 - 2023-08-22 14:47 - 000000128 _____ () C:\Users\eiko-\AppData\Roaming\winscp.rnd
2023-07-06 20:00 - 2023-07-06 20:00 - 000000018 _____ () C:\Users\eiko-\AppData\Roaming\.cache9050425797200915815.dat
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{05D5C28D-5808-4D10-B074-E5C99E12B717}\InprocServer32 -> D:\Programme\tools\bin\orpiica64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{05D7C79A-7474-4C48-B4A1-B1D66BD63D09}\localserver32 -> "D:\Programme\tools\bin\pspice.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{0A486F4A-4115-4099-A699-775E9DC3B5EF}\InprocServer32 -> D:\Programme\tools\bin\orpiPIC64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{0B27F437-2835-4659-8237-43CD183219A0}\InprocServer32 -> D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{123C44B9-728B-404C-9275-A9AAFF4A2A70}\localserver32 -> "D:\Programme\tools\bin\Capture.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{18E58886-082B-4D2E-AF26-F17DBB49EAA4}\InprocServer32 -> D:\Programme\tools\bin\orpiPIC64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{1B809005-0E36-449B-82A1-521C8B159CD2}\localserver32 -> D:\Programme\tools\bin\stmed.exe => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{210682C7-69FA-40AA-9EBA-B484297E1428}\localserver32 -> "D:\Programme\tools\bin\Capture.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{2325BDDF-8DC9-436C-89B9-A432CCBA3CA0}\localserver32 -> "D:\Programme\tools\bin\pspice.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{29469141-0AEF-44B7-9AEF-EE8CA948230F}\localserver32 -> "D:\Programme\tools\bin\Capture.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{29CCEAE5-7C13-445E-B6EC-C6EB61337434}\localserver32 -> "D:\Programme\tools\bin\pspice.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{2F93A534-EB50-40CC-8E01-86615C821D55}\InprocServer32 -> D:\Programme\tools\bin\orApConCtl64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{3237F402-D6FF-400D-8251-E45ACCA340E6}\InprocServer32 -> D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{3899FD4D-D0C0-11D1-BBA2-0000C0708DD0}\localserver32 -> "D:\Programme\tools\bin\modeled.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{396D66FA-4DDD-4AE1-9792-83662E856435}\InprocServer32 -> D:\Programme\tools\bin\orpicis64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{4190A94F-E2F3-4834-B4AC-0C6169C87252}\localserver32 -> "D:\Programme\tools\bin\pspice.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{422F089A-E21A-44A9-9696-3B75892C5ADB}\InprocServer32 -> D:\Programme\tools\bin\orpiPIC64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{48F36F49-216C-4935-9981-BDC2587FFD58}\localserver32 -> "D:\Programme\tools\bin\modeled.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{4D5817BC-3DB0-46CC-AF10-732569D2233E}\InprocServer32 -> D:\Programme\tools\bin\orpiPIC64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{4FD67241-98FE-4C18-998F-1E90DF7202D0}\localserver32 -> "D:\Programme\tools\bin\SimSrvr.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{50CD4F57-D656-4D61-9824-CC612943539F}\localserver32 -> "D:\Programme\tools\bin\pspiceaa.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{56512e36-c98f-d8d5-43c6-669ea60c4c0b}\localserver32 -> "C:\Program Files\CleverFiles\Disk Drill\DD.exe" -ToastActivated => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{5A9F68A6-E297-4AA7-8062-C808E3788577}\localserver32 -> "D:\Programme\tools\bin\pspice.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{5C975C4D-F25F-4A57-A8A8-A3CEB8C32F09}\localserver32 -> "D:\Programme\tools\bin\simmgr.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{60C5D516-1EC5-4234-9B43-F99375FC56D3}\localserver32 -> "D:\Programme\tools\bin\pspiceaa.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{617C4066-AC96-49A8-AD25-F49A71D918C1}\InprocServer32 -> D:\Programme\tools\bin\orpicis64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{65A76550-356C-4E11-A72A-D4CBC651E6A2}\localserver32 -> "D:\Programme\tools\bin\modeled.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{66985293-D546-11D1-B884-0000C080A60E}\localserver32 -> "D:\Programme\tools\bin\modeled.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{68C9FDDB-EC79-4B65-9284-DD0DF17278CB}\InprocServer32 -> D:\Programme\tools\bin\orpicis64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{71561EAC-EAD9-43D5-AF33-D3FAD8E08678}\localserver32 -> D:\Programme\tools\bin\stmed.exe => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{72FECBE9-03E9-4720-B9F3-06E2D921DB58}\InprocServer32 -> D:\Programme\tools\bin\orpiPIC64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{7567A866-4AE5-4F60-AC2F-3F22C701F005}\localserver32 -> "D:\Programme\tools\bin\pspice.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{77FC9D03-91B9-4ED6-9A60-D67D8D144BE9}\localserver32 -> "D:\Programme\tools\bin\pspice.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{7BA47769-9971-4E54-80EE-5CDDFA3D7AFC}\InprocServer32 -> D:\Programme\tools\bin\orpiica64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{81A2FA8A-7639-49D8-BF17-12D124675126}\InprocServer32 -> D:\Programme\tools\bin\ortruereuse64.ocx => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{83B9FE93-98C2-41C2-81F3-5638E5AC393C}\InprocServer32 -> D:\Programme\tools\bin\ortruereuse64.ocx => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{88B6F2BB-8991-4C18-8CAB-135459004B15}\localserver32 -> "D:\Programme\tools\bin\PspiceExplorerSrvr.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{8C04C2F0-59C9-443C-8D80-610F8BDE5436}\localserver32 -> "D:\Programme\tools\bin\mrksrvr.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{8C36E9F3-FEF8-4356-9687-0C6233AABA4A}\localserver32 -> "D:\Programme\tools\bin\simmgr.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{B494D0B4-1EBF-4DE3-B125-E02A3635D853}\InprocServer32 -> D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{B4FAEA65-84A2-43E7-9A99-BB9FFA445A84}\InprocServer32 -> D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{B7FC3AD7-A23F-4A6C-8B58-A2A2932BA1CB}\InprocServer32 -> D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{BBB19602-BF51-11D1-BB9B-0000C0708DD0}\localserver32 -> "D:\Programme\tools\bin\modeled.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{BD30641C-F215-4B4D-8AA0-4F352CEF3191}\InprocServer32 -> D:\Programme\tools\bin\orpicis64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{C4911AF1-ADE4-4B0F-B358-F3C0420A2E66}\InprocServer32 -> D:\Programme\tools\bin\orApConCtl64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{D255B66D-E366-4F8F-A6D3-BFA1E6C662B2}\InprocServer32 -> D:\Programme\tools\bin\orgenlibcom64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{D888E055-3690-457C-8B2E-B3FC3AE72B0F}\InprocServer32 -> D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{D8A7D3AA-A300-47B0-9DFA-37BA08312DFF}\localserver32 -> "D:\Programme\tools\bin\Capture.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{DA8C98D1-2BF5-46F2-A53C-AC1F3FB8C026}\localserver32 -> "D:\Programme\tools\bin\pspice.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{DB2D5854-0B7A-468D-8E7F-1F328DD4D4A9}\InprocServer32 -> D:\Programme\tools\bin\orpicis64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{E59930E6-F48A-4F96-AF57-A35360052540}\localserver32 -> "D:\Programme\tools\bin\modeled.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{E941B0DC-DCEE-4D64-8DFA-8CF7C7F242E5}\InprocServer32 -> D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{EA8A65DF-0920-4DDC-B468-B3043141A21C}\localserver32 -> "D:\Programme\tools\bin\pspice.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{EB0DEA2E-EF40-44CD-A2B0-2B66C03C3762}\localserver32 -> "D:\Programme\tools\bin\Capture.exe" => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{EF05EE67-7E36-4545-8C43-79F623414A47}\InprocServer32 -> D:\Programme\tools\bin\orpiica64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{F0B7857A-E4CC-46CC-80CB-3FE8B38734D0}\InprocServer32 -> D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID\{F9CE1B02-BDC1-11D1-BB99-0000C0708DD0}\localserver32 -> "D:\Programme\tools\bin\modeled.exe" => Keine Datei
AlternateDataStreams: C:\Windows:CM_2a732c3f1e3eb40b63fe062d0180f157c71684af0a0442ab953224075801bb78 [74]
AlternateDataStreams: C:\Windows:CM_bf41c588bad5a092a453669c0d3c66d1ec2c072fbf5c15cc6acda24c9e4d0955 [74]
AlternateDataStreams: C:\Users\eiko-\Desktop\FRST64.exe:MBAM.Zone.Identifier [240]
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes\regfile: <==== ACHTUNG
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes\.reg: => <==== ACHTUNG
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes\.bat: => <==== ACHTUNG
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes\.cmd: => <==== ACHTUNG
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "WinZip FAH"
FirewallRules: [{415D687F-A78C-4777-8F1E-94CF957E5D67}] => (Allow) D:\PROGRAMME\tools\pcbdw\jre\bin\tnameserv.exe => Keine Datei
FirewallRules: [{1AD84F0E-92B6-4870-94AF-8CDCBB0D76DB}] => (Allow) D:\PROGRAMME\tools\pcbdw\jre\bin\rmiregistry.exe => Keine Datei
FirewallRules: [{43BCEB11-CC5D-4525-A4D6-983DB16E1113}] => (Allow) D:\PROGRAMME\tools\pcbdw\jre\bin\javaw.exe => Keine Datei
FirewallRules: [{0BB9249C-F3E2-4A00-8547-64BA27D69C5E}] => (Allow) D:\PROGRAMME\tools\pcbdw\jre\bin\java.exe => Keine Datei
FirewallRules: [{DE1628ED-2117-42E8-B73D-1F969DAD5DDE}] => (Allow) D:\PROGRAMME\tools\cdnshelp\bin\_cdnshelp.exe => Keine Datei
FirewallRules: [{6A7B6764-94FB-4119-B5D6-519BBCE264E7}] => (Allow) D:\PROGRAMME\tools\bin\muserver.exe => Keine Datei
FirewallRules: [{FA374C6D-70FC-42C8-9ED2-BDEAF0FAF7AB}] => (Allow) D:\PROGRAMME\tools\bin\Capture.exe => Keine Datei
FirewallRules: [{7F1DABF9-4680-4958-90AE-795A207BEC11}] => (Allow) D:\PROGRAMME\tools\bin\sigxp.exe => Keine Datei
FirewallRules: [{7181D43B-C903-4716-80AA-E2510A0B753F}] => (Allow) D:\PROGRAMME\tools\bin\sigxsect.exe => Keine Datei
FirewallRules: [{50D056C2-D114-4F2A-88B6-B2340277240E}] => (Allow) D:\PROGRAMME\tools\bin\sigwave.exe => Keine Datei
FirewallRules: [{89554ABD-674D-4A86-9280-A67D5F957FC9}] => (Allow) D:\PROGRAMME\tools\bin\productServer.exe => Keine Datei
FirewallRules: [{AC876044-062D-49F2-ABD7-8C0A97B3FA6B}] => (Allow) D:\PROGRAMME\tools\bin\modelintegrity.exe => Keine Datei
FirewallRules: [{1B3C1EB3-52C6-438A-826D-B56C5AF14C0F}] => (Allow) D:\PROGRAMME\tools\bin\allegro.exe => Keine Datei
FirewallRules: [{D2B69B7C-765B-47C7-ADE6-1F21549A9CCB}] => (Allow) D:\PROGRAMME\tools\bin\AppMgr.exe => Keine Datei
FirewallRules: [{FC672B17-3863-4F30-8082-C7F53EDA5F57}] => (Allow) D:\PROGRAMME\tools\bin\cdsmps.exe => Keine Datei
FirewallRules: [{D1DBF654-2E4F-4CF9-B272-FF66E259E186}] => (Allow) D:\PROGRAMME\tools\bin\cdsNameServer.exe => Keine Datei
FirewallRules: [{B28AB4A5-9DEE-486E-AF50-4934F05BB383}] => (Allow) D:\PROGRAMME\tools\bin\cdsMsgServer.exe => Keine Datei
FirewallRules: [{E85246FF-F695-4D99-9E59-CFF7B292BCA8}] => (Allow) D:\PROGRAMME\tools\bin\clsbd.exe => Keine Datei
FirewallRules: [{BA9AA785-2BCA-45BC-947F-8AEFB77C847C}] => (Allow) D:\PROGRAMME\tools\bin\swap.exe => Keine Datei
FirewallRules: [{5781DB7B-6FED-4C26-9DD0-31895BC251B3}] => (Allow) D:\PROGRAMME\tools\jre64\bin\javaw.exe => Keine Datei
FirewallRules: [{85165EBA-88B4-4FDD-A9A6-ABDBF41DD5BB}] => (Allow) D:\PROGRAMME\tools\jre64\bin\java.exe => Keine Datei
FirewallRules: [{DF55D6C9-8E7B-4E4A-92E8-FA6E4F728AE3}] => (Allow) D:\PROGRAMME\tools\jre64\bin\tnameserv.exe => Keine Datei
FirewallRules: [{F91EF174-DBF5-45D6-A938-45BF3B577457}] => (Allow) D:\PROGRAMME\tools\jre64\bin\rmiregistry.exe => Keine Datei
FirewallRules: [{3030485F-6495-41F8-85D1-60EBB1E2F0B9}] => (Allow) D:\PROGRAMME\OpenAccess\bin\x64\opt\oaFSLockD.exe => Keine Datei
FirewallRules: [{C7E2171C-8FD8-44BF-958C-DE5CEDE68B77}] => (Allow) D:\PROGRAMME\openaccess\bin\x64\opt\oaDMTurboServer.exe => Keine Datei
FirewallRules: [UDP Query User{9F4B0050-EE9D-41D1-9F3A-E354A838556B}D:\programme\angry ip scanner\jre\bin\javaw.exe] => (Block) D:\programme\angry ip scanner\jre\bin\javaw.exe => Keine Datei
FirewallRules: [TCP Query User{51F3F81D-E710-4788-8753-45FDCE3F1D83}D:\programme\angry ip scanner\jre\bin\javaw.exe] => (Block) D:\programme\angry ip scanner\jre\bin\javaw.exe => Keine Datei
FirewallRules: [UDP Query User{BF1DE274-0BCB-4D81-95D8-52728E4A95B0}D:\programme\airdroid\airdroid.exe] => (Allow) D:\programme\airdroid\airdroid.exe => Keine Datei
FirewallRules: [TCP Query User{82B6BDE2-6A1B-4062-94D1-A2A17BC971F4}D:\programme\airdroid\airdroid.exe] => (Allow) D:\programme\airdroid\airdroid.exe => Keine Datei
FirewallRules: [UDP Query User{DF7F7F81-5388-4EC8-97EF-9ED87931CF19}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_241\bin\javaw.exe => Keine Datei
FirewallRules: [TCP Query User{D4823837-C4A1-4CAD-888D-6D23DFDC78F9}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_241\bin\javaw.exe => Keine Datei
FirewallRules: [{28127D0E-D3AE-4FC0-AD01-3B3223E629E3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => Keine Datei
FirewallRules: [{741F5DDA-8B3E-484E-8394-92E50FCF214A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => Keine Datei
FirewallRules: [{CD5CBB81-99D3-44BC-A6E4-9D5E2896C627}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => Keine Datei
FirewallRules: [{96C0C8D0-97B5-4782-84AB-C4DFC4AE5475}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => Keine Datei
FirewallRules: [{C96599EC-5310-4A59-9F73-F5BDD796797F}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{D682A2EB-BAE7-4BE5-A304-C1F416B127E3}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{35FAA9AC-1213-4D38-9E8C-9A275E6E14B6}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{4EC62EE2-355A-43AE-87A8-09939E4DDF57}] => (Allow) C:\Users\eiko-\AppData\Local\Temp\7zS7ACD\HPDiagnosticCoreUI.exe => Keine Datei
FirewallRules: [{69C09CB5-37CC-4C69-91D7-C6A761BF91AA}] => (Allow) C:\Users\eiko-\AppData\Local\Temp\7zS7ACD\HPDiagnosticCoreUI.exe => Keine Datei
FirewallRules: [{BDA1F261-AACF-41B5-AF13-06A399EE663F}] => (Allow) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{DD277CB2-CCCB-49B1-90F2-8ECD2725E566}] => (Allow) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{75C2A5BB-BD5D-400F-BF4C-2D5E8C37F022}] => (Block) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{F570DEB9-7543-444D-BE22-8B5F4E0A64AF}] => (Block) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{BDA1F261-AACF-41B5-AF13-06A399EE663F}] => (Allow) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{DD277CB2-CCCB-49B1-90F2-8ECD2725E566}] => (Allow) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{75C2A5BB-BD5D-400F-BF4C-2D5E8C37F022}] => (Block) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{F570DEB9-7543-444D-BE22-8B5F4E0A64AF}] => (Block) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{6D004781-A1E3-4614-92E8-10FA11B4ADD0}] => (Allow) LPort=26820
FirewallRules: [{E17689FD-2D5F-4153-9FD4-0C0CDF5288BB}] => (Allow) LPort=26822
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Keine Datei)
Task: {99CB8C5D-3532-4F20-B85D-C54AF74C2EEA} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (Keine Datei)
Task: {5E998215-860E-411F-AC35-509DEA2083D6} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (Keine Datei)
Task: {CF6B2F35-9B4E-4CCC-AA88-460AE566CE43} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (Keine Datei)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Keine Datei]
CMD: del /f /s /q %windir%\prefetch\*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download\*.*
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
Cmd: NETSH winsock reset catalog
Cmd: NETSH int ipv4 reset reset.log
Cmd: NETSH int ipv6 reset reset.log
Cmd: ipconfig /release
Cmd: ipconfig /renew
Cmd: ipconfig /flushdns
Cmd: ipconfig /registerdns
Cmd: bitsadmin /reset /allusers
Cmd: Winmgmt /salvagerepository
Cmd: Winmgmt /resetrepository
Cmd: Winmgmt /resyncperf
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End::


          Download Kaspersky Virus Removal Tool B[/B] and save it to your Desktop.
          Very important to save this to your desktop!!

          Select the Windows Key and R Key together, the Run box should open.
          Copy and paste the following into the run box.
          C:\Users\eiko-\Desktop\KVRT.exe -dontencrypt

          Select „Ok“ in the Run box.
          If the „Windows protected your PC“ window opens, select „More info“. A new windows will open, select „Run anyway“.
          An EULA window from KVRT will open, tick all confirmation boxes then select “Accept”.
          A window from KVRT will open, select “Change Parameters”.
          In the new window ensure the following boxes are ticked:

          [ul]
          [li]System memory[/li][li]Startup objects[/li][li]Boot sectors[/li][li]System drive[/li][/ul]
          Then select “OK” and „Start scan“.
          When completed: If entries are found, there will be options to choose. If “Cure” is offered, leave as it is. For any other options change to “Delete”, then select “Continue”.
          Usually, your system needs a reboot to finish the removal process.
          Logfiles can be found on your systemdrive (usually C: ), similar like this:

          C:\KVRT2020_Data\Reports\report__.klr

          Right click direct onto those reports, select > open with > Notepad.
          Save the files and attach them with your next reply.



          Once completed the two task above please post FRST logs in english and let me know how things are.

          I’d like to have these logs in English please.
          Right Click on FRST64 and rename the FRST file to FRST64english.exe
          Please then re-run the scan and post the FRST and Addition.txt logs.
          Make sure and still run the program as Administrator.

            Comment

            • Urenis
              PCHF Member
              • Feb 2024
              • 14
              #4
              Hello Malnutrition, thanks for your help! I have completed your tasks, but my windows sequrity manager remains unchanged from the first post. Is there anything else I can do?

              KVRT Report:

              [ICODE]<Report> <Metadata Version="1" PCID="{A56CCCE8-27F9-7A40-7CA4-892DE9F1AF8B}" LastModification="2024.03.01 12:19:41.256" /> <EventBlocks> <Block0 Type="Scan" Processed="1" Found="0" Neutralized="0"> <Event0 Action="Scan" Time="133537585412482936" Object="" Info="Started" /> <Event1 Action="Scan" Time="133537585589037009" Object="" Info="Finished" /> </Block0> <Block1 Type="Scan" Processed="4982698" Found="0" Neutralized="0"> <Event0 Action="Scan" Time="133537585762082225" Object="" Info="Started" /> <Event1 Action="Scan" Time="133537646883922890" Object="" Info="Finished" /> </Block1> </EventBlocks> </Report> [/ICODE]

              Fixlog:
              [HEADING=1]
              Code:
              Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by eiko- (01-03-2024 12:27:21) Run:3
Running from C:\Users\eiko-\Desktop
Loaded Profiles: eiko-
Boot Mode: Normal[/HEADING]
fixlist content:
[HR][/HR]
start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG
HKLM\Software...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] → 
Task: {3DB13C74-DE6C-470B-9460-AB7A523FB569} - System32\Tasks\VLC Plus Player Updater => C:\Users\eiko-\AppData\Local\VLC → Plus Player Updater\Updater.exe <==== ACHTUNG
C:\Users\eiko-\AppData\Local\VLC
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip..\Interfaces{3a305b48-12bf-40ef-b06c-e6fc35585716}: [DhcpNameServer] 192.168.178.1
Tcpip..\Interfaces{3a305b48-12bf-40ef-b06c-e6fc35585716}: [DhcpDomain] fritz.box
Tcpip..\Interfaces{c37cf130-c400-4f29-8c9a-3d756739681d}: [NameServer] 1.1.1.1
Tcpip..\Interfaces{c37cf130-c400-4f29-8c9a-3d756739681d}: [DhcpNameServer] 192.168.180.191
CHR HKLM-x32...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32...\Chrome\Extension: [mfhcmdonhekjhfbjmeacdjbhlfgpjabp]
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys 
Unlock: C:\ProgramData\cm-lock
C:\ProgramData\cm-lock
2024-02-28 15:58 - 2024-02-28 15:58 - 000758838 _____ C:\WINDOWS\system32\perfh007.dat
2024-02-28 15:58 - 2024-02-28 15:58 - 000157058 _____ C:\WINDOWS\system32\perfc007.dat
C:\Users\eiko-\AppData\Local\SvRmt
2023-08-22 12:37 - 2023-08-22 14:47 - 000000128 _____ () C:\Users\eiko-\AppData\Roaming\winscp.rnd
2023-07-06 20:00 - 2023-07-06 20:00 - 000000018 _____ () C:\Users\eiko-\AppData\Roaming.cache9050425797200915815.dat
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{05D5C28D-5808-4D10-B074-E5C99E12B717}\InprocServer32 → D:\Programme\tools\bin\orpiica64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{05D7C79A-7474-4C48-B4A1-B1D66BD63D09}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{0A486F4A-4115-4099-A699-775E9DC3B5EF}\InprocServer32 → D:\Programme\tools\bin\orpiPIC64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{0B27F437-2835-4659-8237-43CD183219A0}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{123C44B9-728B-404C-9275-A9AAFF4A2A70}\localserver32 → “D:\Programme\tools\bin\Capture.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{18E58886-082B-4D2E-AF26-F17DBB49EAA4}\InprocServer32 → D:\Programme\tools\bin\orpiPIC64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{1B809005-0E36-449B-82A1-521C8B159CD2}\localserver32 → D:\Programme\tools\bin\stmed.exe => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{210682C7-69FA-40AA-9EBA-B484297E1428}\localserver32 → “D:\Programme\tools\bin\Capture.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{2325BDDF-8DC9-436C-89B9-A432CCBA3CA0}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{29469141-0AEF-44B7-9AEF-EE8CA948230F}\localserver32 → “D:\Programme\tools\bin\Capture.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{29CCEAE5-7C13-445E-B6EC-C6EB61337434}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{2F93A534-EB50-40CC-8E01-86615C821D55}\InprocServer32 → D:\Programme\tools\bin\orApConCtl64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{3237F402-D6FF-400D-8251-E45ACCA340E6}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{3899FD4D-D0C0-11D1-BBA2-0000C0708DD0}\localserver32 → “D:\Programme\tools\bin\modeled.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{396D66FA-4DDD-4AE1-9792-83662E856435}\InprocServer32 → D:\Programme\tools\bin\orpicis64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{4190A94F-E2F3-4834-B4AC-0C6169C87252}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{422F089A-E21A-44A9-9696-3B75892C5ADB}\InprocServer32 → D:\Programme\tools\bin\orpiPIC64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{48F36F49-216C-4935-9981-BDC2587FFD58}\localserver32 → “D:\Programme\tools\bin\modeled.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{4D5817BC-3DB0-46CC-AF10-732569D2233E}\InprocServer32 → D:\Programme\tools\bin\orpiPIC64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{4FD67241-98FE-4C18-998F-1E90DF7202D0}\localserver32 → “D:\Programme\tools\bin\SimSrvr.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{50CD4F57-D656-4D61-9824-CC612943539F}\localserver32 → “D:\Programme\tools\bin\pspiceaa.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{56512e36-c98f-d8d5-43c6-669ea60c4c0b}\localserver32 → “C:\Program Files\CleverFiles\Disk Drill\DD.exe” -ToastActivated => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{5A9F68A6-E297-4AA7-8062-C808E3788577}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{5C975C4D-F25F-4A57-A8A8-A3CEB8C32F09}\localserver32 → “D:\Programme\tools\bin\simmgr.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{60C5D516-1EC5-4234-9B43-F99375FC56D3}\localserver32 → “D:\Programme\tools\bin\pspiceaa.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{617C4066-AC96-49A8-AD25-F49A71D918C1}\InprocServer32 → D:\Programme\tools\bin\orpicis64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{65A76550-356C-4E11-A72A-D4CBC651E6A2}\localserver32 → “D:\Programme\tools\bin\modeled.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{66985293-D546-11D1-B884-0000C080A60E}\localserver32 → “D:\Programme\tools\bin\modeled.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{68C9FDDB-EC79-4B65-9284-DD0DF17278CB}\InprocServer32 → D:\Programme\tools\bin\orpicis64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{71561EAC-EAD9-43D5-AF33-D3FAD8E08678}\localserver32 → D:\Programme\tools\bin\stmed.exe => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{72FECBE9-03E9-4720-B9F3-06E2D921DB58}\InprocServer32 → D:\Programme\tools\bin\orpiPIC64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{7567A866-4AE5-4F60-AC2F-3F22C701F005}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{77FC9D03-91B9-4ED6-9A60-D67D8D144BE9}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{7BA47769-9971-4E54-80EE-5CDDFA3D7AFC}\InprocServer32 → D:\Programme\tools\bin\orpiica64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{81A2FA8A-7639-49D8-BF17-12D124675126}\InprocServer32 → D:\Programme\tools\bin\ortruereuse64.ocx => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{83B9FE93-98C2-41C2-81F3-5638E5AC393C}\InprocServer32 → D:\Programme\tools\bin\ortruereuse64.ocx => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{88B6F2BB-8991-4C18-8CAB-135459004B15}\localserver32 → “D:\Programme\tools\bin\PspiceExplorerSrvr.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{8C04C2F0-59C9-443C-8D80-610F8BDE5436}\localserver32 → “D:\Programme\tools\bin\mrksrvr.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{8C36E9F3-FEF8-4356-9687-0C6233AABA4A}\localserver32 → “D:\Programme\tools\bin\simmgr.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{B494D0B4-1EBF-4DE3-B125-E02A3635D853}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{B4FAEA65-84A2-43E7-9A99-BB9FFA445A84}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{B7FC3AD7-A23F-4A6C-8B58-A2A2932BA1CB}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{BBB19602-BF51-11D1-BB9B-0000C0708DD0}\localserver32 → “D:\Programme\tools\bin\modeled.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{BD30641C-F215-4B4D-8AA0-4F352CEF3191}\InprocServer32 → D:\Programme\tools\bin\orpicis64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{C4911AF1-ADE4-4B0F-B358-F3C0420A2E66}\InprocServer32 → D:\Programme\tools\bin\orApConCtl64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{D255B66D-E366-4F8F-A6D3-BFA1E6C662B2}\InprocServer32 → D:\Programme\tools\bin\orgenlibcom64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{D888E055-3690-457C-8B2E-B3FC3AE72B0F}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{D8A7D3AA-A300-47B0-9DFA-37BA08312DFF}\localserver32 → “D:\Programme\tools\bin\Capture.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{DA8C98D1-2BF5-46F2-A53C-AC1F3FB8C026}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{DB2D5854-0B7A-468D-8E7F-1F328DD4D4A9}\InprocServer32 → D:\Programme\tools\bin\orpicis64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{E59930E6-F48A-4F96-AF57-A35360052540}\localserver32 → “D:\Programme\tools\bin\modeled.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{E941B0DC-DCEE-4D64-8DFA-8CF7C7F242E5}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{EA8A65DF-0920-4DDC-B468-B3043141A21C}\localserver32 → “D:\Programme\tools\bin\pspice.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{EB0DEA2E-EF40-44CD-A2B0-2B66C03C3762}\localserver32 → “D:\Programme\tools\bin\Capture.exe” => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{EF05EE67-7E36-4545-8C43-79F623414A47}\InprocServer32 → D:\Programme\tools\bin\orpiica64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{F0B7857A-E4CC-46CC-80CB-3FE8B38734D0}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{F9CE1B02-BDC1-11D1-BB99-0000C0708DD0}\localserver32 → “D:\Programme\tools\bin\modeled.exe” => Keine Datei
AlternateDataStreams: C:\Windows:CM_2a732c3f1e3eb40b63fe062d0180f157c71684af0a0442ab953224075801bb78 [74]
AlternateDataStreams: C:\Windows:CM_bf41c588bad5a092a453669c0d3c66d1ec2c072fbf5c15cc6acda24c9e4d0955 [74]
AlternateDataStreams: C:\Users\eiko-\Desktop\FRST64.exe:MBAM.Zone.Identifier [240]
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes\regfile: <==== ACHTUNG
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes.reg: => <==== ACHTUNG
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes.bat: => <==== ACHTUNG
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes.cmd: => <==== ACHTUNG
HKLM...\StartupApproved\Run: => “WinZip UN”
HKLM...\StartupApproved\Run: => “WinZip FAH”
FirewallRules: [{415D687F-A78C-4777-8F1E-94CF957E5D67}] => (Allow) D:\PROGRAMME\tools\pcbdw\jre\bin\tnameserv.exe => Keine Datei
FirewallRules: [{1AD84F0E-92B6-4870-94AF-8CDCBB0D76DB}] => (Allow) D:\PROGRAMME\tools\pcbdw\jre\bin\rmiregistry.exe => Keine Datei
FirewallRules: [{43BCEB11-CC5D-4525-A4D6-983DB16E1113}] => (Allow) D:\PROGRAMME\tools\pcbdw\jre\bin\javaw.exe => Keine Datei
FirewallRules: [{0BB9249C-F3E2-4A00-8547-64BA27D69C5E}] => (Allow) D:\PROGRAMME\tools\pcbdw\jre\bin\java.exe => Keine Datei
FirewallRules: [{DE1628ED-2117-42E8-B73D-1F969DAD5DDE}] => (Allow) D:\PROGRAMME\tools\cdnshelp\bin_cdnshelp.exe => Keine Datei
FirewallRules: [{6A7B6764-94FB-4119-B5D6-519BBCE264E7}] => (Allow) D:\PROGRAMME\tools\bin\muserver.exe => Keine Datei
FirewallRules: [{FA374C6D-70FC-42C8-9ED2-BDEAF0FAF7AB}] => (Allow) D:\PROGRAMME\tools\bin\Capture.exe => Keine Datei
FirewallRules: [{7F1DABF9-4680-4958-90AE-795A207BEC11}] => (Allow) D:\PROGRAMME\tools\bin\sigxp.exe => Keine Datei
FirewallRules: [{7181D43B-C903-4716-80AA-E2510A0B753F}] => (Allow) D:\PROGRAMME\tools\bin\sigxsect.exe => Keine Datei
FirewallRules: [{50D056C2-D114-4F2A-88B6-B2340277240E}] => (Allow) D:\PROGRAMME\tools\bin\sigwave.exe => Keine Datei
FirewallRules: [{89554ABD-674D-4A86-9280-A67D5F957FC9}] => (Allow) D:\PROGRAMME\tools\bin\productServer.exe => Keine Datei
FirewallRules: [{AC876044-062D-49F2-ABD7-8C0A97B3FA6B}] => (Allow) D:\PROGRAMME\tools\bin\modelintegrity.exe => Keine Datei
FirewallRules: [{1B3C1EB3-52C6-438A-826D-B56C5AF14C0F}] => (Allow) D:\PROGRAMME\tools\bin\allegro.exe => Keine Datei
FirewallRules: [{D2B69B7C-765B-47C7-ADE6-1F21549A9CCB}] => (Allow) D:\PROGRAMME\tools\bin\AppMgr.exe => Keine Datei
FirewallRules: [{FC672B17-3863-4F30-8082-C7F53EDA5F57}] => (Allow) D:\PROGRAMME\tools\bin\cdsmps.exe => Keine Datei
FirewallRules: [{D1DBF654-2E4F-4CF9-B272-FF66E259E186}] => (Allow) D:\PROGRAMME\tools\bin\cdsNameServer.exe => Keine Datei
FirewallRules: [{B28AB4A5-9DEE-486E-AF50-4934F05BB383}] => (Allow) D:\PROGRAMME\tools\bin\cdsMsgServer.exe => Keine Datei
FirewallRules: [{E85246FF-F695-4D99-9E59-CFF7B292BCA8}] => (Allow) D:\PROGRAMME\tools\bin\clsbd.exe => Keine Datei
FirewallRules: [{BA9AA785-2BCA-45BC-947F-8AEFB77C847C}] => (Allow) D:\PROGRAMME\tools\bin\swap.exe => Keine Datei
FirewallRules: [{5781DB7B-6FED-4C26-9DD0-31895BC251B3}] => (Allow) D:\PROGRAMME\tools\jre64\bin\javaw.exe => Keine Datei
FirewallRules: [{85165EBA-88B4-4FDD-A9A6-ABDBF41DD5BB}] => (Allow) D:\PROGRAMME\tools\jre64\bin\java.exe => Keine Datei
FirewallRules: [{DF55D6C9-8E7B-4E4A-92E8-FA6E4F728AE3}] => (Allow) D:\PROGRAMME\tools\jre64\bin\tnameserv.exe => Keine Datei
FirewallRules: [{F91EF174-DBF5-45D6-A938-45BF3B577457}] => (Allow) D:\PROGRAMME\tools\jre64\bin\rmiregistry.exe => Keine Datei
FirewallRules: [{3030485F-6495-41F8-85D1-60EBB1E2F0B9}] => (Allow) D:\PROGRAMME\OpenAccess\bin\x64\opt\oaFSLockD.exe => Keine Datei
FirewallRules: [{C7E2171C-8FD8-44BF-958C-DE5CEDE68B77}] => (Allow) D:\PROGRAMME\openaccess\bin\x64\opt\oaDMTurboServer.exe => Keine Datei
FirewallRules: [UDP Query User{9F4B0050-EE9D-41D1-9F3A-E354A838556B}D:\programme\angry ip scanner\jre\bin\javaw.exe] => (Block) D:\programme\angry ip scanner\jre\bin\javaw.exe => Keine Datei
FirewallRules: [TCP Query User{51F3F81D-E710-4788-8753-45FDCE3F1D83}D:\programme\angry ip scanner\jre\bin\javaw.exe] => (Block) D:\programme\angry ip scanner\jre\bin\javaw.exe => Keine Datei
FirewallRules: [UDP Query User{BF1DE274-0BCB-4D81-95D8-52728E4A95B0}D:\programme\airdroid\airdroid.exe] => (Allow) D:\programme\airdroid\airdroid.exe => Keine Datei
FirewallRules: [TCP Query User{82B6BDE2-6A1B-4062-94D1-A2A17BC971F4}D:\programme\airdroid\airdroid.exe] => (Allow) D:\programme\airdroid\airdroid.exe => Keine Datei
FirewallRules: [UDP Query User{DF7F7F81-5388-4EC8-97EF-9ED87931CF19}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_241\bin\javaw.exe => Keine Datei
FirewallRules: [TCP Query User{D4823837-C4A1-4CAD-888D-6D23DFDC78F9}C:\program files\java\jre1.8.0_241\bin\javaw.exe] => (Allow) C:\program files\java\jre1.8.0_241\bin\javaw.exe => Keine Datei
FirewallRules: [{28127D0E-D3AE-4FC0-AD01-3B3223E629E3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => Keine Datei
FirewallRules: [{741F5DDA-8B3E-484E-8394-92E50FCF214A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe => Keine Datei
FirewallRules: [{CD5CBB81-99D3-44BC-A6E4-9D5E2896C627}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => Keine Datei
FirewallRules: [{96C0C8D0-97B5-4782-84AB-C4DFC4AE5475}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe => Keine Datei
FirewallRules: [{C96599EC-5310-4A59-9F73-F5BDD796797F}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{D682A2EB-BAE7-4BE5-A304-C1F416B127E3}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{35FAA9AC-1213-4D38-9E8C-9A275E6E14B6}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{4EC62EE2-355A-43AE-87A8-09939E4DDF57}] => (Allow) C:\Users\eiko-\AppData\Local\Temp\7zS7ACD\HPDiagnosticCoreUI.exe => Keine Datei
FirewallRules: [{69C09CB5-37CC-4C69-91D7-C6A761BF91AA}] => (Allow) C:\Users\eiko-\AppData\Local\Temp\7zS7ACD\HPDiagnosticCoreUI.exe => Keine Datei
FirewallRules: [{BDA1F261-AACF-41B5-AF13-06A399EE663F}] => (Allow) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{DD277CB2-CCCB-49B1-90F2-8ECD2725E566}] => (Allow) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{75C2A5BB-BD5D-400F-BF4C-2D5E8C37F022}] => (Block) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{F570DEB9-7543-444D-BE22-8B5F4E0A64AF}] => (Block) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{BDA1F261-AACF-41B5-AF13-06A399EE663F}] => (Allow) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{DD277CB2-CCCB-49B1-90F2-8ECD2725E566}] => (Allow) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{75C2A5BB-BD5D-400F-BF4C-2D5E8C37F022}] => (Block) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{F570DEB9-7543-444D-BE22-8B5F4E0A64AF}] => (Block) D:\Programme\Overwolf\0.240.0.6\OverwolfBrowser.exe => Keine Datei
FirewallRules: [{6D004781-A1E3-4614-92E8-10FA11B4ADD0}] => (Allow) LPort=26820
FirewallRules: [{E17689FD-2D5F-4153-9FD4-0C0CDF5288BB}] => (Allow) LPort=26822
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Keine Datei)
Task: {99CB8C5D-3532-4F20-B85D-C54AF74C2EEA} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (Keine Datei)
Task: {5E998215-860E-411F-AC35-509DEA2083D6} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC ReadyToReboot (Keine Datei)
Task: {CF6B2F35-9B4E-4CCC-AA88-460AE566CE43} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery ReadyToReboot (Keine Datei)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf → C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Keine Datei]
CMD: del /f /s /q %windir%\prefetch*.*
CMD: del /s /q C:\Windows\SoftwareDistribution\download*.*
CMD: del /s /q "%userprofile%\AppData\Local\temp*."
Cmd: NETSH winsock reset catalog
Cmd: NETSH int ipv4 reset reset.log
Cmd: NETSH int ipv6 reset reset.log
Cmd: ipconfig /release
Cmd: ipconfig /renew
Cmd: ipconfig /flushdns
Cmd: ipconfig /registerdns
Cmd: bitsadmin /reset /allusers
Cmd: Winmgmt /salvagerepository
Cmd: Winmgmt /resetrepository
Cmd: Winmgmt /resyncperf
C:\Windows\Temp*.
C:\WINDOWS\system32*.tmp
C:\WINDOWS\syswow64*.tmp
emptytemp:
Reboot:
End::
[HR][/HR]
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\“DisableAntiSpyware”=“0” => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\“DisableAntiVirus”=“0” => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers{C885AA15-1764-4293-B82A-0586ADD46B35} => not found
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{3DB13C74-DE6C-470B-9460-AB7A523FB569}” => not found
“C:\WINDOWS\System32\Tasks\VLC Plus Player Updater” => not found
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VLC Plus Player Updater” => not found
“C:\Users\eiko-\AppData\Local\VLC” => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 => not found
“HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer” => removed successfully
“HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{3a305b48-12bf-40ef-b06c-e6fc35585716}\DhcpNameServer” => removed successfully
“HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{3a305b48-12bf-40ef-b06c-e6fc35585716}\DhcpDomain” => removed successfully
“HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{c37cf130-c400-4f29-8c9a-3d756739681d}\NameServer” => not found
“HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces{c37cf130-c400-4f29-8c9a-3d756739681d}\DhcpNameServer” => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\caljgklbbfbcjjanaijlacgncafpegll => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh => not found
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mfhcmdonhekjhfbjmeacdjbhlfgpjabp => not found
WinSetupMon => service not found.
“C:\ProgramData\cm-lock” => not found
“C:\ProgramData\cm-lock” => not found
“C:\WINDOWS\system32\perfh007.dat” => not found
“C:\WINDOWS\system32\perfc007.dat” => not found
“C:\Users\eiko-\AppData\Local\SvRmt” => not found
“C:\Users\eiko-\AppData\Roaming\winscp.rnd” => not found
“C:\Users\eiko-\AppData\Roaming.cache9050425797200915815.dat” => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{05D5C28D-5808-4D10-B074-E5C99E12B717} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{05D7C79A-7474-4C48-B4A1-B1D66BD63D09} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{0A486F4A-4115-4099-A699-775E9DC3B5EF} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{0B27F437-2835-4659-8237-43CD183219A0} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{123C44B9-728B-404C-9275-A9AAFF4A2A70} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{18E58886-082B-4D2E-AF26-F17DBB49EAA4} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{1B809005-0E36-449B-82A1-521C8B159CD2} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{210682C7-69FA-40AA-9EBA-B484297E1428} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{2325BDDF-8DC9-436C-89B9-A432CCBA3CA0} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{29469141-0AEF-44B7-9AEF-EE8CA948230F} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{29CCEAE5-7C13-445E-B6EC-C6EB61337434} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{2F93A534-EB50-40CC-8E01-86615C821D55} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{3237F402-D6FF-400D-8251-E45ACCA340E6} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{3899FD4D-D0C0-11D1-BBA2-0000C0708DD0} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{396D66FA-4DDD-4AE1-9792-83662E856435} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{4190A94F-E2F3-4834-B4AC-0C6169C87252} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{422F089A-E21A-44A9-9696-3B75892C5ADB} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{48F36F49-216C-4935-9981-BDC2587FFD58} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{4D5817BC-3DB0-46CC-AF10-732569D2233E} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{4FD67241-98FE-4C18-998F-1E90DF7202D0} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{50CD4F57-D656-4D61-9824-CC612943539F} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{56512e36-c98f-d8d5-43c6-669ea60c4c0b} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{5A9F68A6-E297-4AA7-8062-C808E3788577} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{5C975C4D-F25F-4A57-A8A8-A3CEB8C32F09} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{60C5D516-1EC5-4234-9B43-F99375FC56D3} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{617C4066-AC96-49A8-AD25-F49A71D918C1} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{65A76550-356C-4E11-A72A-D4CBC651E6A2} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{66985293-D546-11D1-B884-0000C080A60E} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{68C9FDDB-EC79-4B65-9284-DD0DF17278CB} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{71561EAC-EAD9-43D5-AF33-D3FAD8E08678} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{72FECBE9-03E9-4720-B9F3-06E2D921DB58} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{7567A866-4AE5-4F60-AC2F-3F22C701F005} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{77FC9D03-91B9-4ED6-9A60-D67D8D144BE9} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{7BA47769-9971-4E54-80EE-5CDDFA3D7AFC} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{81A2FA8A-7639-49D8-BF17-12D124675126} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{83B9FE93-98C2-41C2-81F3-5638E5AC393C} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{88B6F2BB-8991-4C18-8CAB-135459004B15} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{8C04C2F0-59C9-443C-8D80-610F8BDE5436} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{8C36E9F3-FEF8-4356-9687-0C6233AABA4A} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{B494D0B4-1EBF-4DE3-B125-E02A3635D853} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{B4FAEA65-84A2-43E7-9A99-BB9FFA445A84} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{B7FC3AD7-A23F-4A6C-8B58-A2A2932BA1CB} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{BBB19602-BF51-11D1-BB9B-0000C0708DD0} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{BD30641C-F215-4B4D-8AA0-4F352CEF3191} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{C4911AF1-ADE4-4B0F-B358-F3C0420A2E66} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{D255B66D-E366-4F8F-A6D3-BFA1E6C662B2} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{D888E055-3690-457C-8B2E-B3FC3AE72B0F} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{D8A7D3AA-A300-47B0-9DFA-37BA08312DFF} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{DA8C98D1-2BF5-46F2-A53C-AC1F3FB8C026} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{DB2D5854-0B7A-468D-8E7F-1F328DD4D4A9} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{E59930E6-F48A-4F96-AF57-A35360052540} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{E941B0DC-DCEE-4D64-8DFA-8CF7C7F242E5} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{EA8A65DF-0920-4DDC-B468-B3043141A21C} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{EB0DEA2E-EF40-44CD-A2B0-2B66C03C3762} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{EF05EE67-7E36-4545-8C43-79F623414A47} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{F0B7857A-E4CC-46CC-80CB-3FE8B38734D0} => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{F9CE1B02-BDC1-11D1-BB99-0000C0708DD0} => not found
C:\Windows => “:CM_2a732c3f1e3eb40b63fe062d0180f157c71684af0a0442ab953224075801bb78” ADS removed successfully
C:\Windows => “:CM_bf41c588bad5a092a453669c0d3c66d1ec2c072fbf5c15cc6acda24c9e4d0955” ADS removed successfully
“C:\Users\eiko-\Desktop\FRST64.exe” => “:MBAM.Zone.Identifier” ADS not found.
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes\regfile => removed successfully
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes.reg => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes.bat => not found
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes.cmd => not found
“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\WinZip UN” => not found
“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinZip UN” => not found
“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\WinZip FAH” => not found
“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinZip FAH” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{415D687F-A78C-4777-8F1E-94CF957E5D67}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{1AD84F0E-92B6-4870-94AF-8CDCBB0D76DB}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{43BCEB11-CC5D-4525-A4D6-983DB16E1113}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{0BB9249C-F3E2-4A00-8547-64BA27D69C5E}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{DE1628ED-2117-42E8-B73D-1F969DAD5DDE}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{6A7B6764-94FB-4119-B5D6-519BBCE264E7}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{FA374C6D-70FC-42C8-9ED2-BDEAF0FAF7AB}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{7F1DABF9-4680-4958-90AE-795A207BEC11}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{7181D43B-C903-4716-80AA-E2510A0B753F}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{50D056C2-D114-4F2A-88B6-B2340277240E}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{89554ABD-674D-4A86-9280-A67D5F957FC9}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{AC876044-062D-49F2-ABD7-8C0A97B3FA6B}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{1B3C1EB3-52C6-438A-826D-B56C5AF14C0F}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{D2B69B7C-765B-47C7-ADE6-1F21549A9CCB}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{FC672B17-3863-4F30-8082-C7F53EDA5F57}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{D1DBF654-2E4F-4CF9-B272-FF66E259E186}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{B28AB4A5-9DEE-486E-AF50-4934F05BB383}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{E85246FF-F695-4D99-9E59-CFF7B292BCA8}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{BA9AA785-2BCA-45BC-947F-8AEFB77C847C}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{5781DB7B-6FED-4C26-9DD0-31895BC251B3}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{85165EBA-88B4-4FDD-A9A6-ABDBF41DD5BB}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{DF55D6C9-8E7B-4E4A-92E8-FA6E4F728AE3}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{F91EF174-DBF5-45D6-A938-45BF3B577457}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{3030485F-6495-41F8-85D1-60EBB1E2F0B9}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{C7E2171C-8FD8-44BF-958C-DE5CEDE68B77}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\UDP Query User{9F4B0050-EE9D-41D1-9F3A-E354A838556B}D:\programme\angry ip scanner\jre\bin\javaw.exe” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\TCP Query User{51F3F81D-E710-4788-8753-45FDCE3F1D83}D:\programme\angry ip scanner\jre\bin\javaw.exe” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\UDP Query User{BF1DE274-0BCB-4D81-95D8-52728E4A95B0}D:\programme\airdroid\airdroid.exe” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\TCP Query User{82B6BDE2-6A1B-4062-94D1-A2A17BC971F4}D:\programme\airdroid\airdroid.exe” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\UDP Query User{DF7F7F81-5388-4EC8-97EF-9ED87931CF19}C:\program files\java\jre1.8.0_241\bin\javaw.exe” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\TCP Query User{D4823837-C4A1-4CAD-888D-6D23DFDC78F9}C:\program files\java\jre1.8.0_241\bin\javaw.exe” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{28127D0E-D3AE-4FC0-AD01-3B3223E629E3}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{741F5DDA-8B3E-484E-8394-92E50FCF214A}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{CD5CBB81-99D3-44BC-A6E4-9D5E2896C627}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{96C0C8D0-97B5-4782-84AB-C4DFC4AE5475}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{C96599EC-5310-4A59-9F73-F5BDD796797F}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{D682A2EB-BAE7-4BE5-A304-C1F416B127E3}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{35FAA9AC-1213-4D38-9E8C-9A275E6E14B6}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{4EC62EE2-355A-43AE-87A8-09939E4DDF57}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{69C09CB5-37CC-4C69-91D7-C6A761BF91AA}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{BDA1F261-AACF-41B5-AF13-06A399EE663F}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{DD277CB2-CCCB-49B1-90F2-8ECD2725E566}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{75C2A5BB-BD5D-400F-BF4C-2D5E8C37F022}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{F570DEB9-7543-444D-BE22-8B5F4E0A64AF}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{BDA1F261-AACF-41B5-AF13-06A399EE663F}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{DD277CB2-CCCB-49B1-90F2-8ECD2725E566}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{75C2A5BB-BD5D-400F-BF4C-2D5E8C37F022}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{F570DEB9-7543-444D-BE22-8B5F4E0A64AF}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{6D004781-A1E3-4614-92E8-10FA11B4ADD0}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{E17689FD-2D5F-4153-9FD4-0C0CDF5288BB}” => not found
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{CCDFC0B8-01A3-4E74-A820-4F13F51D269E}” => not found
“C:\WINDOWS\System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser” => not found
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser” => not found
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{99CB8C5D-3532-4F20-B85D-C54AF74C2EEA}” => not found
“C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults” => not found
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults” => not found
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{5E998215-860E-411F-AC35-509DEA2083D6}” => not found
“C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC” => not found
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_AC” => not found
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{CF6B2F35-9B4E-4CCC-AA88-460AE566CE43}” => not found
“C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery” => not found
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery” => not found
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{E0F10DCF-44AD-40E8-9370-FB5DA59F93FB}” => not found
“C:\WINDOWS\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker” => not found
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker” => not found
HKLM\Software\Wow6432Node\MozillaPlugins@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf => not found
HKLM\Software\Wow6432Node\MozillaPlugins@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp => not found
HKLM\Software\Wow6432Node\MozillaPlugins@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf => not found

========= del /f /s /q %windir%\prefetch*.* =========

Datei wurde gelöscht - C:\WINDOWS\prefetch\3F3922A7.EXE-FB197EBB.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\9B993D3E.EXE-D7CBD25F.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\AGGREGATORHOST.EXE-963948F7.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\APPLICATIONFRAMEHOST.EXE-4CE44C83.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\AUDIODG.EXE-9848A323.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\BACKGROUNDTASKHOST.EXE-CA639011.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\BCDEDIT.EXE-EB47CDA5.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\BITSADMIN.EXE-51D741B1.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\CHCP.COM-F8EF3271.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\CHROME.EXE-CCF9F3F4.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\CHROME.EXE-CCF9F3F5.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\CHROME.EXE-CCF9F3F6.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\CHROME.EXE-CCF9F3F7.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\CHROME.EXE-CCF9F3F8.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\CHROME.EXE-CCF9F3FC.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\CMD.EXE-CD245F9E.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\COMPPKGSRV.EXE-6D25F3E6.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\CONHOST.EXE-F98A1078.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\CONSENT.EXE-2D674CE4.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\CORSAIR.SERVICE.EXE-BDDF88E3.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\CTFMON.EXE-5E6E7DF5.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DASHOST.EXE-38AAABF0.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DATAEXCHANGEHOST.EXE-58347B91.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DBINSTALLER.EXE-7E26368C.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DEFRAG.EXE-22AD8A37.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DLLHOST.EXE-08D3C038.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DLLHOST.EXE-2A6DBD3A.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DLLHOST.EXE-34E3C159.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DLLHOST.EXE-4495F41A.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DLLHOST.EXE-4576FA80.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DLLHOST.EXE-5C8817D4.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DLLHOST.EXE-6A829A47.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DLLHOST.EXE-6E31253B.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DLLHOST.EXE-6ECD5207.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DLLHOST.EXE-838782F8.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DLLHOST.EXE-8E84E9F3.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DLLHOST.EXE-A7CA0E6D.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DLLHOST.EXE-B51A0D95.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DLLHOST.EXE-BF26B840.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DLLHOST.EXE-D7A86B5E.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DLLHOST.EXE-FBE1A9D7.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\DRVINST.EXE-26FFA444.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\FILECOAUTH.EXE-1D4F29E4.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\FRST64.EXE-19722C6F.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\FRST64ENGLISH.EXE-25EC24F1.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\GAMEBARFTSERVER.EXE-B59BB134.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\GAMINGSERVICES.EXE-57AEBBB5.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\GOOGLECRASHHANDLER.EXE-FEB49C1E.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\GOOGLECRASHHANDLER64.EXE-A7287920.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\GOOGLEUPDATE.EXE-62E5E10F.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\HPPRINTSCANDOCTORSERVICE.EXE-458477F7.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\HPSUPD-WIN32EXE.EXE-B7260647.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\HXTSR.EXE-28EF0FAE.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\JUSCHED.EXE-4B303C70.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\LOGIOPTIONS.EXE-F999183D.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\LOGIOPTIONSMGR.EXE-0BC3A87D.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\LOGIOVERLAY.EXE-CED5044D.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\LOGONUI.EXE-E35F76FB.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\MBAMWSC.EXE-8BFBDC40.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\MBUPDATRV5.EXE-50A27400.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\MICROSOFTEDGEUPDATE.EXE-30812F03.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\MICROSOFTEDGE_X64_122.0.2365.-1FE55786.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\MONOTIFICATIONUX.EXE-2B1ED6FE.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\MOUSOCOREWORKER.EXE-7CAF47D4.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\MPCMDRUN.EXE-B2A1617A.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\MS-TEAMSUPDATE.EXE-56337468.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\MSCORSVW.EXE-55FE3087.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\MSCORSVW.EXE-D593A5D9.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\MSIEXEC.EXE-7D20CFB0.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\NAHIMICNOTIFSYS.EXE-7B6F91B0.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\NGEN.EXE-383F81D5.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\NGEN.EXE-A8DBB043.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\NGENTASK.EXE-4DB88ADA.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\NGENTASK.EXE-CD4E002C.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\NHNOTIFSYS.EXE-D0ABDC73.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\NOTEPAD.EXE-5AAF0228.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\NVDISPLAY.CONTAINER.EXE-0AC28D8A.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\NVIDIA SHARE.EXE-7C27AD17.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\NVIDIA SHARE.EXE-7C27AD18.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\NVIDIA SHARE.EXE-7C27AD19.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\NVIDIA WEB HELPER.EXE-41424FE5.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\NVNODEJSLAUNCHER.EXE-73FF5D65.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\NVOAWRAPPERCACHE.EXE-41FA2FF9.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\NVSPHELPER64.EXE-CCDB8994.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\OAWRAPPER.EXE-20749C01.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\OFFICECLICKTORUN.EXE-4FE3D34D.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\OPENWITH.EXE-BA0DC300.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\PDF24.EXE-A132DE72.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\PfPre_7045c5a8.mkd
Datei wurde gelöscht - C:\WINDOWS\prefetch\PING.EXE-167FE968.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\REG.EXE-6A8B6960.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\ResPriUHMStaticDb.ebd
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNDLL32.EXE-24257AB2.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNDLL32.EXE-A3EE2396.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNDLL32.EXE-A4DB1DC0.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNDLL32.EXE-F54AA2FC.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNDLL32.EXE-F72AF37F.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNONCE.EXE-E874B0D0.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-00F57B83.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-03C73A86.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-04B80F6E.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-11085C27.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-13F48958.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-1722BFA6.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-17E2786F.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-3251CCBD.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-95CC250B.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-A171222F.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-A9738CD7.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\RUNTIMEBROKER.EXE-ED836183.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SDBINST.EXE-370E6B85.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SEARCHFILTERHOST.EXE-10E4267C.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SEARCHINDEXER.EXE-EF8503D3.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SEARCHPROTOCOLHOST.EXE-C6CFE2A8.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SECHEALTHUI.EXE-1061A621.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SECURITYHEALTHSERVICE.EXE-35303265.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SETUP.EXE-4C427D7A.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SMARTSCREEN.EXE-3A39E32D.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SPPSVC.EXE-7B160CA5.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SRTASKS.EXE-29C2E869.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\STARTMENUEXPERIENCEHOST.EXE-5519A65F.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-06DB112E.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-2A6F3879.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-2E2E0474.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-38BE90DD.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-38F65F84.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-3FC5543E.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-4577C5A3.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-469DC83C.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-4F36168A.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-558D6B62.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-576FFE64.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-60F5DE2F.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-7218DCB2.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-72547F04.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-777471D2.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-7A0C4A3D.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-7B7B04BA.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-874EA4F5.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-8A29D439.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-AB62BD9E.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-B00008EC.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-B34B6FD4.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-D8E52163.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-E3079650.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-E6789326.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-E75DDD99.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\SVCHOST.EXE-FEA1FDBE.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\TASKHOSTW.EXE-1EAF2222.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\TEXTINPUTHOST.EXE-21F1387A.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\TIWORKER.EXE-CBFD1FA7.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\TRUSTEDINSTALLER.EXE-B018CCBF.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\UPDATER.EXE-C8760C0D.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\USEROOBEBROKER.EXE-F817667C.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\USOCLIENT.EXE-3B2DE7B8.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\VSSVC.EXE-206E55B3.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\WERFAULT.EXE-44194444.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\WEVTUTIL.EXE-4CD23CAE.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\WIDGETSERVICE.EXE-4376F891.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\WINDOWSPACKAGEMANAGERSERVER.E-A183F4A4.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\WINMGMT.EXE-8BC3A8FC.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\WMIADAP.EXE-7D63BB4C.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\WMIPRVSE.EXE-0C8A533A.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\WMIPRVSE.EXE-BB49B536.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\WORDPAD.EXE-505FE0CE.pf
Datei wurde gelöscht - C:\WINDOWS\prefetch\WUAPIHOST.EXE-6D06E4D6.pf

========= End of CMD: =========

========= del /s /q C:\Windows\SoftwareDistribution\download*.* =========

0

========= End of CMD: =========

========= del /s /q “%userprofile%\AppData\Local\temp*.*” =========

Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\AdobeARM.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\bc3902d8132f43e3ae086a009979fa88.db
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\bc3902d8132f43e3ae086a009979fa88.db.ses
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\eiko-.bmp
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\jusched.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-12360.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-14704.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-20552.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-20560.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-7632.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-8592.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-8704.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\StructuredQuery.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\SmartScreen\RemoteData\LastPing
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\SmartScreen\RemoteData\windowsSettings
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\SmartScreen\RemoteData\windowsSettings_1.0-1cc5da2fc505c79016279b1f03de96158e8f3ef178d55bc3f03c9ab395231805
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\system-commandline-sentinel-files\dotnet-suggest-registration-PowerToys.Awake, Version=0.77.0.0, Culture=neutral, PublicKeyToken=null

========= End of CMD: =========

========= NETSH winsock reset catalog =========

Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.

========= End of CMD: =========

========= NETSH int ipv4 reset reset.log =========

Depotweiterleitung wird zurckgesetzt… OK
Depot wird zurckgesetzt… OK
Steuerungsprotokoll wird zurckgesetzt… OK
Echosequenzanforderung wird zurckgesetzt… OK
Global wird zurckgesetzt… OK
Schnittstelle wird zurckgesetzt… OK
Anycastadresse wird zurckgesetzt… OK
Multicastadresse wird zurckgesetzt… OK
Unicastadresse wird zurckgesetzt… OK
Nachbar wird zurckgesetzt… OK
Pfad wird zurckgesetzt… OK
Potentiell wird zurckgesetzt… OK
Pr„fixrichtlinie wird zurckgesetzt… OK
Proxynachbar wird zurckgesetzt… OK
Route wird zurckgesetzt… OK
Standordpr„fix wird zurckgesetzt… OK
Unterschnittstelle wird zurckgesetzt… OK
Reaktivierungsmuster wird zurckgesetzt… OK
Nachbar aufl”sen wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… Fehler
Zugriff verweigert

wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
Starten Sie den Computer neu, um die Aktion abzuschlieáen.

========= End of CMD: =========

========= NETSH int ipv6 reset reset.log =========

Depotweiterleitung wird zurckgesetzt… OK
Depot wird zurckgesetzt… OK
Steuerungsprotokoll wird zurckgesetzt… OK
Echosequenzanforderung wird zurckgesetzt… OK
Global wird zurckgesetzt… OK
Schnittstelle wird zurckgesetzt… OK
Anycastadresse wird zurckgesetzt… OK
Multicastadresse wird zurckgesetzt… OK
Unicastadresse wird zurckgesetzt… OK
Nachbar wird zurckgesetzt… OK
Pfad wird zurckgesetzt… OK
Potentiell wird zurckgesetzt… OK
Pr„fixrichtlinie wird zurckgesetzt… OK
Proxynachbar wird zurckgesetzt… OK
Route wird zurckgesetzt… OK
Standordpr„fix wird zurckgesetzt… OK
Unterschnittstelle wird zurckgesetzt… OK
Reaktivierungsmuster wird zurckgesetzt… OK
Nachbar aufl”sen wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… Fehler
Zugriff verweigert

wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
Starten Sie den Computer neu, um die Aktion abzuschlieáen.

========= End of CMD: =========

========= ipconfig /release =========

Windows-IP-Konfiguration

Es kann kein Vorgang auf WLAN ausgefhrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf LAN-Verbindung* 1 ausgefhrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf LAN-Verbindung* 11 ausgefhrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf Bluetooth-Netzwerkverbindung ausgefhrt werden, solange dessen Medium nicht
verbunden ist.

Ethernet-Adapter Ethernet:

Verbindungsspezifisches DNS-Suffix:
IPv6-Adresse. . . . . . . . . . . : 2001:9e8:74bd:4b00:b15e:1746:a1dd:99d0
Tempor„re IPv6-Adresse. . . . . . : 2001:9e8:74bd:4b00:d0f9:7cb1:5901:af27
Verbindungslokale IPv6-Adresse . : fe80::576c:80ed:4e22:8aeb%7
Standardgateway . . . . . . . . . : fe80::4a5d:35ff:fe83:2cc0%7

Drahtlos-LAN-Adapter WLAN:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter LAN-Verbindung* 1:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter LAN-Verbindung* 11:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Ethernet-Adapter Ethernet 2:

Verbindungsspezifisches DNS-Suffix:
Verbindungslokale IPv6-Adresse . : fe80::1b27:326c:3942:8ab7%9
IPv4-Adresse (Auto. Konfiguration): 169.254.7.216
Subnetzmaske . . . . . . . . . . : 255.255.0.0
Standardgateway . . . . . . . . . :

Ethernet-Adapter Bluetooth-Netzwerkverbindung:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

========= End of CMD: =========

========= ipconfig /renew =========

Windows-IP-Konfiguration

Es kann kein Vorgang auf WLAN ausgefhrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf LAN-Verbindung* 1 ausgefhrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf LAN-Verbindung* 11 ausgefhrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf Bluetooth-Netzwerkverbindung ausgefhrt werden, solange dessen Medium nicht
verbunden ist.

Ethernet-Adapter Ethernet:

Verbindungsspezifisches DNS-Suffix: fritz.box
IPv6-Adresse. . . . . . . . . . . : 2001:9e8:74bd:4b00:b15e:1746:a1dd:99d0
Tempor„re IPv6-Adresse. . . . . . : 2001:9e8:74bd:4b00:d0f9:7cb1:5901:af27
Verbindungslokale IPv6-Adresse . : fe80::576c:80ed:4e22:8aeb%7
IPv4-Adresse . . . . . . . . . . : 192.168.178.22
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Standardgateway . . . . . . . . . : fe80::4a5d:35ff:fe83:2cc0%7
192.168.178.1

Drahtlos-LAN-Adapter WLAN:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter LAN-Verbindung* 1:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter LAN-Verbindung* 11:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Ethernet-Adapter Ethernet 2:

Verbindungsspezifisches DNS-Suffix:
Verbindungslokale IPv6-Adresse . : fe80::1b27:326c:3942:8ab7%9
IPv4-Adresse (Auto. Konfiguration): 169.254.7.216
Subnetzmaske . . . . . . . . . . : 255.255.0.0
Standardgateway . . . . . . . . . :

Ethernet-Adapter Bluetooth-Netzwerkverbindung:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= End of CMD: =========

========= ipconfig /registerdns =========

Windows-IP-Konfiguration

Die Registrierung der DNS-Ressourceneintr„ge fr alle Adapter dieses Computer wurde initialisiert. Fehler werden in der Ereignisanzeige in 15 Minuten aufgefhrt.

========= End of CMD: =========

========= bitsadmin /reset /allusers =========

BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.

========= End of CMD: =========

========= Winmgmt /salvagerepository =========

Das WMI-Repository ist konsistent.

========= End of CMD: =========

========= Winmgmt /resetrepository =========

Fehler beim Zurcksetzen des WMI-Repositorys
Fehlercode: 0x8007041B
Einrichtung: Win32
Beschreibung: Ein Stoppzeichen wurde an einen Dienst gesendet, von dem andere Dienste abh„ngen.

========= End of CMD: =========

========= Winmgmt /resyncperf =========

0

========= End of CMD: =========

=========== “C:\Windows\Temp*.*” ==========

C:\Windows\Temp\catalog.json => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1017.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1021.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1021a.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1023.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1037.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1045.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1054.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1145.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1155.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1221.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1226.log => moved successfully
Could not move “C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1227.log” => Scheduled to move on reboot.
C:\Windows\Temp\gameinputredist.log => moved successfully
C:\Windows\Temp\msedge_installer.log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(2024030112212817C8).log => moved successfully
Could not move “C:\Windows\Temp\officeclicktorun.exe_streamserver(202403011227304858).log” => Scheduled to move on reboot.
C:\Windows\Temp\pdf24.exe.stdout._0_183421_3340856657.log => moved successfully
Could not move “C:\Windows\Temp\pdf24.exe.stdout._0_431156_4160321622.log” => Scheduled to move on reboot.
C:\Windows\Temp\pdf24.exe.stdout._0_8375_1405131426.log => moved successfully
C:\Windows\Temp\pdf24.exe.stdout._0_8578_3230158893.log => moved successfully

========= End → “C:\Windows\Temp*.*” ========

=========== “C:\WINDOWS\system32*.tmp” ==========

not found

========= End → “C:\WINDOWS\system32*.tmp” ========

=========== “C:\WINDOWS\syswow64*.tmp” ==========

not found

========= End → “C:\WINDOWS\syswow64*.tmp” ========

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9467016 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 104907834 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 27628 B
NetworkService => 27628 B
eiko- => 330559 B

RecycleBin => 0 B
EmptyTemp: => 109.4 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 01-03-2024 12:30:22)

C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1227.log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202403011227304858).log => Is moved successfully
C:\Windows\Temp\pdf24.exe.stdout._0_431156_4160321622.log => Is moved successfully

==== End of Fixlog 12:30:22 ====
              FRST (english):

              Code:
              Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by eiko- (administrator) on DESKTOP-OSDJ7D2 (Micro-Star International Co., Ltd. MS-7B85) (01-03-2024 12:24:00)
Running from C:\Users\eiko-\Desktop\FRST64english.exe
Loaded Profiles: eiko-
Platform: Microsoft Windows 11 Home Version 23H2 22631.3155 (X64) Language: Deutsch (Deutschland)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(A-Volute SAS → A-Volute) C:\Users\eiko-\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe
(C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc → Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc → Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.CropAndLock.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe
(cmd.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(D:\Programme\Dragon Center\APP_Dragon_Center_Keeper.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → MSI) D:\Programme\Dragon Center\CC_Engine_x64.exe
(explorer.exe ->) (Google LLC → Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(explorer.exe ->) (Logitech Inc → Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe
(Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(NVIDIA Corporation → Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Oracle America, Inc. → Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe
(services.exe ->) (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH) C:\Program Files (x86)\3S CODESYS\GatewayPLC\ServiceControl.exe
(services.exe ->) (520D4CDF-A287-4423-AB88-D88CCF7E866D → ) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAccount_1.23.12130.0_x64__3c1yjt4zspk6g\SAService\SAService.exe
(services.exe ->) (Adobe Inc. → Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (A-Volute SAS → Nahimic) C:\Windows\System32\NahimicService.exe
(services.exe ->) (Corsair Memory, Inc. → Corsair Memory, Inc.) D:\Programme\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(services.exe ->) (geek software GmbH → geek software GmbH) D:\Programme\PDF24\pdf24.exe
(services.exe ->) (HP Inc. → HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\msiexec.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star Int’l Co., Ltd.) D:\Programme\Dragon Center\DragonCenter_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star INT’L CO., LTD.) D:\Programme\Dragon Center\Mystic_Light\LightKeeperService.exe
(services.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 → ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2407.10.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows → ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.170.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe <6>
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star Int’l Co., Ltd.) D:\Programme\Dragon Center\APP_Dragon_Center_Keeper.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star Int’l Co., Ltd.) D:\Programme\Dragon Center\Mystic_Light\LEDKeeper2.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star INT’L CO., LTD.) D:\Programme\Dragon Center\StorageMonitor\StorageMonitor.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1668000 2021-06-09] (Logitech Inc → Logitech, Inc.)
HKLM...\Run: [PDF24] => D:\Programme\PDF24\pdf24.exe [613560 2022-11-30] (geek software GmbH → geek software GmbH)
HKLM...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher → Logitech)
HKLM-x32...\Run: [CORSAIR iCUE Software] => D:\Programme\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [405032 2019-12-21] (Corsair Memory, Inc. → Corsair Memory, Inc.)
HKLM-x32...\Run: [GatewaySysTray] => C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewaySysTray.exe [690456 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
HKLM-x32...\Run: [CODESYSControlSysTray] => C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlSysTray.exe [509216 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [750680 2023-12-19] (Oracle America, Inc. → Oracle Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [Steam] => D:\Programme\Steam\steam.exe [4388200 2024-02-26] (Valve Corp. → Valve Corporation)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [Discord] => C:\Users\eiko-\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. → GitHub)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [Overwolf] => D:\Programme\Overwolf\OverwolfLauncher.exe [1789960 2024-02-26] (Overwolf Ltd → Overwolf Ltd.)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [com.squirrel.Teams.Teams] => C:\Users\eiko-\AppData\Local\Microsoft\Teams\Update.exe [2591080 2023-12-17] (Microsoft 3rd Party Application Component → Microsoft Corporation)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [MicrosoftEdgeAutoLaunch_322C183E72E821C8032805843FDA8DCC] => “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe” --no-startup-window --win-session-start [4060728 2024-02-27] (Microsoft Corporation → Microsoft Corporation)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [70912472 2023-11-16] (Riot Games, Inc. → Riot Games, Inc.)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37180368 2023-12-11] (Epic Games Inc. → Epic Games, Inc.)
HKLM...\Print\Monitors\Canon BJ FAX Language Monitor TR8500 series: C:\Windows\system32\CNCALDL.DLL [254464 2019-01-28] (CANON INC.) [File not signed]
HKLM...\Print\Monitors\Canon BJ Language Monitor TR8500 series: C:\Windows\system32\CNMLMDL.DLL [1302016 2019-01-10] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files (x86)\Google\Chrome\Application\122.0.6261.71\Installer\chrmstp.exe [2024-02-28] (Google LLC → Google LLC)
Startup: C:\Users\eiko-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2023-12-10]
ShortcutTarget: An OneNote senden.lnk → C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation → Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2023-05-22]
ShortcutTarget: CodeMeter Control Center.lnk → C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {FFE2FE1B-1C7C-4F94-B919-456BF6851F68} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. → Adobe Inc.)
Task: {4D56D740-F8FB-4DEF-B3F8-F64A144EC9D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-07] (Google LLC → Google LLC)
Task: {8815457D-F870-4FB9-8D26-51F492C61D7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-07] (Google LLC → Google LLC)
Task: {B97F7B1A-CBE7-4C2D-86CD-B753C4A1B075} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23570520 2024-02-02] (Microsoft Corporation → Microsoft Corporation)
Task: {EE86FD1B-4BC0-444A-8289-47ED15CFCF6E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23570520 2024-02-02] (Microsoft Corporation → Microsoft Corporation)
Task: {E68060AB-6DF7-4D04-AB8A-70607886A6EB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209384 2024-02-29] (Microsoft Corporation → Microsoft Corporation)
Task: {A15099C1-AED8-4FC6-8AE7-7509FDD536D2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209384 2024-02-29] (Microsoft Corporation → Microsoft Corporation)
Task: {76D75D59-EE92-4CE7-AE33-EEEF21398C3C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513808 2024-02-29] (Microsoft Corporation → Microsoft Corporation)
Task: {CC69A0EF-2A50-4EF2-8E51-142824E833DB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513808 2024-02-29] (Microsoft Corporation → Microsoft Corporation)
Task: {ED229EC7-51A0-4F98-8F03-603ECEB2184E} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\Schedule created by enrollment client to reattest client certificate => C:\WINDOWS\system32\deviceenroller.exe [516096 2024-02-14] (Microsoft Windows → Microsoft Corporation)
Task: {EFC003FD-C225-4E23-945C-7E84FD4E9554} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation → NVIDIA Corporation) → -d “C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck” -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {083D83A3-86B5-437E-BC21-E0CC35ACD65E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation → NVIDIA Corporation) → -d “C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck” -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {C60A0C92-E529-4A55-AA72-235D1AFBCA65} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-09] (NVIDIA Corporation → NVIDIA Corporation)
Task: {C2B2716D-476E-4B58-8A59-A18A77583588} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {CF9F5784-F165-4D6E-876F-A22475E89024} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {A6BB91CC-4F56-4B61-837F-A1AD7B9D49EF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {C2685297-C323-45CD-AA50-DCCE92F349E1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {6FB59C07-AF87-4EFC-9B03-68C8341BFA48} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {C0FF1705-9D3E-48A8-B840-7101B8E4D3BD} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {99CE4BA9-7C1E-4F0D-8CAF-E34C95AEA6D8} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {2F35FD26-5AB7-4952-B1E0-E558B0733762} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2642952 2024-02-26] (Overwolf Ltd → Overwolf LTD)
Task: {FF03C3CE-F660-4B66-863A-6B2F9DAFFDA3} - System32\Tasks\PowerToys\Autorun for eiko- => C:\Program Files\PowerToys\PowerToys.exe [1216544 2024-01-05] (Microsoft Corporation → Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip..\Interfaces{3a305b48-12bf-40ef-b06c-e6fc35585716}: [DhcpNameServer] 192.168.178.1
Tcpip..\Interfaces{3a305b48-12bf-40ef-b06c-e6fc35585716}: [DhcpDomain] fritz.box
[HEADING=1]Edge:[/HEADING]
Edge Profile: C:\Users\eiko-\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-02]
Edge Extension: (Google Docs Offline) - C:\Users\eiko-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-24]
Edge Extension: (Edge relevant text changes) - C:\Users\eiko-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-02]
Edge HKLM...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
[HEADING=1]FireFox:[/HEADING]
FF Plugin: @java.com/DTPlugin,version=11.401.2 → C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-12-19] (Oracle America, Inc. → Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.401.2 → C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-12-19] (Oracle America, Inc. → Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.18 → D:\Programme\VLC\npvlc.dll [2022-11-08] (VideoLAN → VideoLAN)
FF Plugin: Adobe Acrobat → C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-22] (Adobe Inc. → Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
[HEADING=1]Chrome:[/HEADING]
CHR DefaultProfile: Default
CHR Profile: C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default [2024-03-01]
CHR Notifications: Default → hxxps://pchelpforum.net; hxxps://www.alleaktien.de
CHR Extension: (Honey: Automatische Coupons & Prämien) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-02-25]
CHR Extension: (Social Blade) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2022-09-04] [UpdateUrl:hxxps://addon.socialblade.com/updates.json] <==== ATTENTION
CHR Extension: (uBlock Origin) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-02-25]
CHR Extension: (Multi-File Downloader) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpecplbkinpdbedgejddhepkgcppgchk [2022-05-12]
CHR Extension: (Video Downloader Professional) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2023-04-19]
CHR Extension: (Just Focus) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\gefaddaengbodpiobpbgblajdboalmgc [2022-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-28]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-02-28]
CHR Extension: (Unpaywall) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplffkdpngmdjhlpjmppncnlhomiipha [2023-04-29]
CHR Extension: (Live Stream Downloader) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\looepbdllpjgdmkpdcdffhdbmpbcfekj [2023-12-10]
CHR Extension: (Shazam: Finde Songtitel in deinem Browser) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmioliijnhnoblpgimnlajmefafdfilb [2024-01-05]
CHR Extension: (Uncanny Cookie Clicker) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmdenlpgbgmeofmdkhimecmkcgabgno [2023-11-14]
CHR Extension: (MetaMask) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2024-01-30]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR HKLM...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. → Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15772456 2023-12-10] (BattlEye Innovations e.K. → )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9497696 2024-02-02] (Microsoft Corporation → Microsoft Corporation)
S3 CODESYS Control Win V3; C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe [5383968 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
R2 CODESYS Gateway V3; C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe [562968 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
R2 CODESYS ServiceControl; C:\Program Files (x86)\3S CODESYS\GatewayPLC\ServiceControl.exe [203544 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
R2 CorsairService; D:\Programme\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [55336 2019-12-21] (Corsair Memory, Inc. → Corsair Memory, Inc.)
R2 DragonCenter_Service; D:\Programme\Dragon Center\DragonCenter_Service.exe [142512 2019-08-29] (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star Int’l Co., Ltd.)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [955816 2023-12-10] (EasyAntiCheat Oy → Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. → Epic Games, Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2024-01-19] (HP Inc. → HP Inc.)
R2 LightKeeperService; D:\Programme\Dragon Center\Mystic_Light\LightKeeperService.exe [81552 2020-01-07] (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star INT’L CO., LTD.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-28] (Malwarebytes Inc. → Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-02-28] (Malwarebytes Inc. → Malwarebytes)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1909416 2024-01-01] (A-Volute SAS → Nahimic)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2642952 2024-02-26] (Overwolf Ltd → Overwolf LTD)
R2 PDF24; D:\Programme\PDF24\pdf24.exe [613560 2022-11-30] (geek software GmbH → geek software GmbH)
R2 SamsungAccountService; C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAccount_1.23.12130.0_x64__3c1yjt4zspk6g\SAService\SAService.exe [6656 2023-12-21] (520D4CDF-A287-4423-AB88-D88CCF7E866D → )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe [3191256 2024-02-28] (Microsoft Windows Publisher → Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe [133576 2024-02-28] (Microsoft Windows Publisher → Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 → Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 → Apple Inc.)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [58368 2023-11-16] (www.winchiphead.com) [File not signed]
S2 CorsairLLAccess2C5180972F76443B27B6BE38ADBF2AE99B374496; D:\Programme\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [20696 2019-12-12] (Microsoft Windows Hardware Compatibility Publisher → Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-06] (Microsoft Windows Hardware Compatibility Publisher → Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-06] (Microsoft Windows Hardware Compatibility Publisher → Corsair)
R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [386552 2021-11-26] (Microsoft Windows Hardware Compatibility Publisher → Dokan Project)
S1 EneIo; C:\Windows\system32\drivers\ene.sys [17624 2019-05-22] (Microsoft Windows Hardware Compatibility Publisher → )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-02-28] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
S3 ipadtst; C:\ProgramData\MSI\Super_Charger\ipadtst_64.sys [20464 2013-11-11] (MICRO-STAR INTERNATIONAL CO., LTD. → Windows (R) Win 7 DDK provider)
S3 ipadtst2; C:\ProgramData\MSI\Super_Charger\ipadtst2_64.sys [16336 2016-07-29] (MICRO-STAR INTERNATIONAL CO., LTD. → MSI)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-02-28] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-02-28] (Microsoft Windows Early Launch Anti-malware Publisher → Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt11.sys [233704 2024-03-01] (Malwarebytes Inc. → Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-03-01] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-28] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-03-01] (Malwarebytes Inc. → Malwarebytes)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [94784 2022-06-03] (A-Volute SAS → Windows (R) Win 7 DDK provider)
R3 NTIOLib_CC_COMM; D:\Programme\Dragon Center\Lib\SYS\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. → MSI)
R3 NTIOLib_CC_CPU; D:\Programme\Dragon Center\Lib\Super_Charger\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. → MSI)
R3 NTIOLib_MysticLight; D:\Programme\Dragon Center\Mystic_Light\Lib\NTIOLib_X64.sys [14288 2020-01-07] (MICRO-STAR INTERNATIONAL CO., LTD. → MSI)
R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2020-03-18] (Avira Operations GmbH & Co. KG → The OpenVPN Project)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James → Scarlet.Crush Productions)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. → The OpenVPN Project)
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [81920 2023-04-19] (Microsoft Corporation) [File not signed]
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [165744 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher → Nefarius Software Solutions e.U.)
R3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [21040 2024-02-28] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [608648 2024-02-28] (Microsoft Windows → Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-02-28] (Microsoft Windows → Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-01 12:21 - 2024-03-01 12:21 - 000233704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2024-03-01 12:21 - 2024-03-01 12:21 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-03-01 12:21 - 2024-03-01 12:21 - 000000004 ____H C:\ProgramData\cm-lock
2024-03-01 12:21 - 2024-03-01 12:21 - 000000000 ____D C:\Users\eiko-\AppData\LocalLow\IGDump
2024-03-01 10:21 - 2024-03-01 10:21 - 000000000 ____D C:\KVRT2020_Data
2024-03-01 10:19 - 2024-03-01 10:20 - 109429104 _____ (AO Kaspersky Lab) C:\Users\eiko-\Desktop\KVRT.exe
2024-03-01 10:19 - 2024-03-01 10:19 - 109429104 _____ (AO Kaspersky Lab) C:\Users\eiko-\Downloads\KVRT.exe
2024-02-29 15:01 - 2024-02-29 15:01 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-02-28 16:51 - 2024-02-28 16:52 - 000093038 _____ C:\Users\eiko-\Desktop\Addition.txt
2024-02-28 16:50 - 2024-03-01 12:24 - 000030646 _____ C:\Users\eiko-\Desktop\FRST.txt
2024-02-28 16:35 - 2024-03-01 10:18 - 000076227 _____ C:\Users\eiko-\Desktop\Fixlog.txt
2024-02-28 16:35 - 2024-02-28 16:35 - 000009288 _____ C:\Users\eiko-\Desktop\rtcdqsmatz.txt
2024-02-28 16:34 - 2024-03-01 12:24 - 000000000 ____D C:\FRST
2024-02-28 16:34 - 2024-02-28 16:34 - 002386944 _____ (Farbar) C:\Users\eiko-\Downloads\FRST64.exe
2024-02-28 16:34 - 2024-02-28 16:34 - 002386944 _____ (Farbar) C:\Users\eiko-\Desktop\FRST64english.exe
2024-02-28 16:32 - 2024-02-28 16:32 - 000712333 _____ C:\Users\eiko-\Downloads\Fixlog.txt.txt
2024-02-28 16:29 - 2024-02-28 16:29 - 000004730 _____ C:\Users\eiko-\Desktop\Malwarebytes Scan-Bericht 2024-02-28 152400.txt
2024-02-28 16:21 - 2024-03-01 12:18 - 000000000 ____D C:\Users\eiko-\AppData\Local\Malwarebytes
2024-02-28 16:21 - 2024-02-28 16:21 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-02-28 16:21 - 2024-02-28 16:21 - 000002088 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-02-28 16:20 - 2024-02-28 16:20 - 002585496 _____ (Malwarebytes) C:\Users\eiko-\Downloads\MBSetup.exe
2024-02-28 16:20 - 2024-02-28 16:20 - 002585496 _____ (Malwarebytes) C:\Users\eiko-\Desktop\MBSetup.exe
2024-02-28 16:20 - 2024-02-28 16:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-02-28 16:20 - 2024-02-28 16:20 - 000000000 ____D C:\Program Files\Malwarebytes
2024-02-28 16:18 - 2024-02-28 16:17 - 008797968 _____ (Malwarebytes) C:\Users\eiko-\Desktop\adwcleaner.exe
2024-02-28 16:17 - 2024-02-28 16:19 - 000000000 ____D C:\AdwCleaner
2024-02-28 16:17 - 2024-02-28 16:17 - 008797968 _____ (Malwarebytes) C:\Users\eiko-\Downloads\adwcleaner.exe
2024-02-28 16:02 - 2024-02-28 16:03 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1421055718-2087356316-1872245878-1002
2024-02-28 16:02 - 2024-02-28 16:03 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1421055718-2087356316-1872245878-1002
2024-02-26 16:16 - 2024-02-26 16:16 - 000000000 ____D C:\Users\eiko-\AppData\LocalLow\Nokta Games
2024-02-26 16:14 - 2024-02-26 16:14 - 000000213 _____ C:\Users\eiko-\Desktop\Supermarket Simulator.url
2024-02-16 12:16 - 2024-02-16 12:16 - 032507592 _____ C:\Users\eiko-\Downloads\MKON Hausarbeit Gruppe 3.zip
2024-02-16 12:12 - 2024-02-16 12:12 - 000000000 ____D C:\Users\eiko-\Downloads\MKON Hausarbeit Gruppe 3
2024-02-14 16:01 - 2024-02-14 16:01 - 017224067 _____ C:\Users\eiko-\Downloads\Unbenanntes_Notizbuch.pdf
2024-02-14 14:21 - 2024-02-14 14:21 - 000019222 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-14 14:20 - 2024-02-14 14:20 - 000019222 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-14 14:17 - 2024-02-14 14:19 - 000000000 ___HD C:$WinREAgent
2024-02-14 11:50 - 2024-02-14 11:50 - 010669146 _____ C:\Users\eiko-\Downloads\978-3-8348-2581-0.pdf
2024-02-13 15:46 - 2024-02-13 15:46 - 006163244 _____ C:\Users\eiko-\Downloads\Anleitung MS2 Aufgabentype.pdf
2024-02-13 10:14 - 2024-02-13 10:14 - 000000000 ____D C:\Users\eiko-\Downloads\Photos-001 (2)
2024-02-13 10:13 - 2024-02-13 10:14 - 062952428 _____ C:\Users\eiko-\Downloads\Photos-001 (2).zip
2024-02-11 12:43 - 2024-02-11 12:43 - 000534937 _____ C:\Users\eiko-\Downloads\RL_Federn_Aufgabe (4).pdf
2024-02-11 12:21 - 2024-02-11 12:21 - 000936592 _____ C:\Users\eiko-\Downloads\624beffb-15e1-47fd-86e0-bf8de081bd29_Export-8ba90b14-8348-4300-9315-58890a9fcb66.zip
2024-02-11 12:21 - 2024-02-11 12:21 - 000000000 ____D C:\Users\eiko-\Downloads\624beffb-15e1-47fd-86e0-bf8de081bd29_Export-8ba90b14-8348-4300-9315-58890a9fcb66
2024-02-11 12:18 - 2024-02-11 12:18 - 003680011 _____ C:\Users\eiko-\Downloads\70f01c28-7c35-43b7-84f4-7366f8fa2549_Export-5fdfccfe-4bbb-432d-8e8d-9a2e76d48e74.zip
2024-02-11 12:18 - 2024-02-11 12:18 - 000000000 ____D C:\Users\eiko-\Downloads\70f01c28-7c35-43b7-84f4-7366f8fa2549_Export-5fdfccfe-4bbb-432d-8e8d-9a2e76d48e74
2024-02-11 11:43 - 2024-02-11 11:43 - 000876160 _____ C:\Users\eiko-\Downloads\Clicker_Kupplungen.pdf
2024-02-10 16:38 - 2024-02-10 16:38 - 000336378 _____ C:\Users\eiko-\Downloads\Kon3_Rechenlabor_Ketten.pdf
2024-02-10 16:38 - 2024-02-10 16:38 - 000225045 _____ C:\Users\eiko-\Downloads\Kon3_Rechenlabor_ZR.pdf
2024-02-10 16:38 - 2024-02-10 16:38 - 000152820 _____ C:\Users\eiko-\Downloads\Kon3_Rechenlabor_Riemen.pdf
2024-02-09 16:12 - 2024-02-09 16:12 - 002336867 _____ C:\Users\eiko-\Downloads\Probeklausur AT1.pdf
2024-02-09 14:38 - 2024-02-09 16:00 - 000000000 ____D C:\Users\eiko-\Downloads\OneDrive_1_9.2.2024
2024-02-09 14:38 - 2024-02-09 14:38 - 001064154 _____ C:\Users\eiko-\Downloads\OneDrive_1_9.2.2024.zip
2024-02-07 15:23 - 2024-02-07 15:23 - 000073710 _____ C:\Users\eiko-\Downloads\Clicker_Riemen (1).pdf
2024-02-05 16:01 - 2024-02-05 16:01 - 001424709 _____ C:\Users\eiko-\Downloads\MP_Codebeispiele_Klausur (1).pdf
2024-02-05 15:58 - 2024-02-05 15:58 - 001424709 _____ C:\Users\eiko-\Downloads\MP_Codebeispiele_Klausur.pdf
2024-02-05 15:49 - 2024-02-05 15:49 - 000656359 _____ C:\Users\eiko-\Downloads\MP_Ubersicht.pdf
2024-02-04 11:29 - 2024-02-04 11:29 - 003195103 _____ C:\Users\eiko-\Downloads\FTT-Rechnungen.pdf
2024-02-04 11:02 - 2024-02-04 11:02 - 000048937 _____ C:\Users\eiko-\Downloads\Belegungen und Prüfungsanmeldungen.pdf
2024-02-03 16:46 - 2024-03-01 12:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2024-02-03 16:46 - 2024-02-03 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerToys (Preview)
2024-02-03 16:45 - 2024-02-03 16:46 - 000000000 ____D C:\Program Files\PowerToys
2024-02-03 15:46 - 2024-02-03 15:46 - 000007484 _____ C:\Users\eiko-\Downloads\Endkappe LED-Profile stabiler V2.stl
2024-02-03 15:22 - 2024-02-03 15:22 - 000009084 _____ C:\Users\eiko-\Downloads\Endkappe LED-Profile stabiler (1).stl
2024-02-03 14:46 - 2024-02-03 14:46 - 000009084 _____ C:\Users\eiko-\Downloads\Endkappe LED-Profile stabiler.stl
2024-02-02 15:38 - 2024-02-11 15:53 - 000000000 ____D C:\Users\eiko-\Desktop\Papa schicken
2024-02-02 15:09 - 2024-02-02 15:09 - 000029884 _____ C:\Users\eiko-\Downloads\45 Grad LED-Profile stabiler.stl
2024-02-02 12:12 - 2024-02-02 12:12 - 000024938 _____ C:\Users\eiko-\Downloads\main (3).pdf
2024-02-01 15:39 - 2024-02-01 15:39 - 000020133 _____ C:\Users\eiko-\Downloads\main (2).pdf
2024-02-01 15:39 - 2024-02-01 15:39 - 000020133 _____ C:\Users\eiko-\Downloads\main (1).pdf
2024-02-01 15:38 - 2024-02-01 15:38 - 000020236 _____ C:\Users\eiko-\Downloads\main.pdf
2024-02-01 11:26 - 2024-02-01 11:26 - 000000000 ____D C:\Users\eiko-\Tracing
2024-01-31 19:43 - 2024-01-31 19:44 - 003958093 _____ C:\Users\eiko-\Downloads\Dokument0.pdf
2024-01-31 19:42 - 2024-01-31 19:42 - 003793605 _____ C:\Users\eiko-\Downloads\Klausur WS2021_240131_194224685.pdf
2024-01-31 19:42 - 2024-01-31 19:42 - 002251361 _____ C:\Users\eiko-\Downloads\Klausur WiSe19_240131_194222772.pdf
2024-01-31 19:42 - 2024-01-31 19:42 - 001687722 _____ C:\Users\eiko-\Downloads\Klausur SS19 Fluid_240131_194221059.pdf
2024-01-31 12:22 - 2024-01-31 12:22 - 000507114 _____ C:\Users\eiko-\Downloads\2024-01-31 Notenspiegel_Schönian_Eiko_DE.pdf
2024-01-31 10:41 - 2024-02-01 16:25 - 000000000 ____D C:\Users\eiko-\Downloads\Uni Stuff-20240131T094130Z-001
2024-01-31 10:41 - 2024-01-31 10:41 - 016956404 _____ C:\Users\eiko-\Downloads\Uni Stuff-20240131T094130Z-001.zip

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-01 12:23 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-03-01 12:23 - 2020-01-08 15:49 - 000000000 ____D C:\ProgramData\NVIDIA
2024-03-01 12:23 - 2020-01-07 21:17 - 000000000 ____D C:\Program Files (x86)\Google
2024-03-01 12:21 - 2023-05-22 12:01 - 000000068 __RSH C:\WINDOWS\system32\Drivers\WUDFRd.winsecurity
2024-03-01 12:21 - 2023-05-22 12:01 - 000000068 __RSH C:\WINDOWS\system32\Drivers\winhv.winsecurity
2024-03-01 12:21 - 2023-04-19 21:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-03-01 12:21 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-01 12:21 - 2021-01-04 00:24 - 000012288 ___SH C:\DumpStack.log.tmp
2024-03-01 12:20 - 2022-05-07 06:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-03-01 10:36 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-01 10:36 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-03-01 10:24 - 2023-04-19 21:07 - 000850308 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-03-01 10:24 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2024-03-01 10:13 - 2023-04-19 21:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-29 15:01 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-02-29 15:00 - 2020-03-07 16:12 - 000000000 ____D C:\Program Files\Microsoft Office
2024-02-29 13:04 - 2022-04-22 14:57 - 000000000 ____D C:\Users\eiko-\AppData\Local\D3DSCache
2024-02-28 19:55 - 2020-01-07 21:17 - 000002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-28 16:40 - 2020-06-10 09:51 - 000000000 ____D C:\Users\eiko-\AppData\LocalLow\Temp
2024-02-28 16:21 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-02-28 16:10 - 2023-01-16 10:32 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-02-28 16:10 - 2020-07-04 09:55 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-28 16:01 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-28 16:01 - 2020-01-07 20:22 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-02-28 15:59 - 2020-01-07 20:27 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\MMC
2024-02-28 15:54 - 2020-01-07 22:07 - 000000000 ____D C:\Users\eiko-\AppData\Local\CrashDumps
2024-02-28 15:50 - 2020-01-07 20:22 - 000000000 ____D C:\Users\eiko-\AppData\Local\Packages
2024-02-28 15:37 - 2020-02-17 18:41 - 000000000 ____D C:\Users\eiko-\AppData\Local\ElevatedDiagnostics
2024-02-28 15:28 - 2022-05-07 06:24 - 000000000 __D C:\Program Files\Windows Defender
2024-02-28 15:28 - 2020-01-08 03:17 - 000000000 D C:\WINDOWS\system32\Drivers\wd
2024-02-28 15:25 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-28 15:25 - 2020-01-07 20:38 - 000918944 N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2024-02-28 15:12 - 2023-04-19 21:09 - 000003684 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-28 15:12 - 2023-04-19 21:09 - 000003568 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2024-02-28 15:12 - 2023-04-19 21:09 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-02-28 15:12 - 2023-04-19 21:09 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-28 15:12 - 2023-04-19 21:09 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000003344 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2024-02-28 15:12 - 2023-04-19 21:09 - 000003250 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task
2024-02-28 15:12 - 2023-04-19 21:09 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1421055718-2087356316-1872245878-1001
2024-02-28 15:12 - 2023-04-19 21:09 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1421055718-2087356316-1872245878-1001
2024-02-28 15:12 - 2023-04-19 21:09 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-26 16:14 - 2021-11-02 15:02 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2024-02-25 20:30 - 2020-10-22 14:00 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\discord
2024-02-25 19:55 - 2020-10-22 14:00 - 000000000 ____D C:\Users\eiko-\AppData\Local\Discord
2024-02-25 17:10 - 2020-03-07 16:17 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Word
2024-02-25 13:20 - 2022-05-12 17:00 - 000000000 ____D C:\XboxGames
2024-02-24 20:04 - 2023-01-13 08:53 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-02-24 20:04 - 2022-10-13 19:02 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-02-24 20:03 - 2021-01-04 00:25 - 000002406 _____ C:\Users\eiko-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-16 12:40 - 2023-04-18 15:42 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\FreeFileSync
2024-02-16 10:56 - 2022-10-22 15:08 - 000095848 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2024-02-16 10:56 - 2022-10-22 15:08 - 000075256 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2024-02-16 10:56 - 2022-02-11 19:58 - 002713080 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2024-02-16 10:56 - 2022-02-11 19:58 - 000689656 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2024-02-16 10:56 - 2022-02-11 19:58 - 000218728 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2024-02-16 10:56 - 2022-02-11 19:58 - 000202344 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2024-02-16 10:56 - 2022-02-11 19:58 - 000144888 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2024-02-14 22:21 - 2023-04-19 21:05 - 000512456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-14 22:20 - 2023-10-12 00:56 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-14 14:34 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-02-14 14:30 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-14 14:29 - 2020-01-07 20:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-14 14:27 - 2020-01-07 20:44 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-14 14:21 - 2023-04-19 21:06 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-13 10:38 - 2020-01-09 20:16 - 000000000 ____D C:\Users\eiko-\AppData\Local\Steam
2024-02-12 18:48 - 2020-03-07 16:18 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Excel
2024-02-12 17:53 - 2023-12-18 13:41 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-02-11 22:35 - 2021-10-04 13:24 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Notion
2024-02-11 09:20 - 2021-04-06 10:21 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Teams
2024-02-09 12:12 - 2023-01-02 11:24 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Anki2
2024-02-06 07:45 - 2020-01-07 20:38 - 000000000 ____D C:\ProgramData\Packages
2024-02-05 10:14 - 2023-12-08 14:38 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\EQATEC Analytics
2024-02-03 20:30 - 2020-01-08 16:24 - 000000000 ____D C:\Users\eiko-\AppData\Roaming.minecraft
2024-02-03 20:29 - 2020-12-13 17:13 - 000000000 ____D C:\Users\eiko-\AppData\Local\Overwolf
2024-02-03 16:46 - 2020-01-07 22:03 - 000000000 ____D C:\ProgramData\Package Cache
2024-02-03 16:40 - 2023-11-12 18:07 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\OrcaSlicer
2024-02-02 12:44 - 2021-04-11 15:54 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Code
2024-02-02 08:22 - 2023-07-10 16:30 - 000000000 ___HD C:\avast! sandbox
2024-02-01 15:32 - 2021-04-11 15:53 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Visual Studio Code
2024-02-01 15:31 - 2023-07-10 16:30 - 000000000 ____D C:\Users\eiko-.platformio
2024-02-01 11:26 - 2023-04-19 18:58 - 000000000 ____D C:\Users\eiko-
2024-02-01 11:26 - 2020-01-07 20:20 - 000000000 ___SD C:\Users\eiko-\AppData\Roaming\Microsoft\Credentials

==================== Files in the root of some directories ========

2022-12-14 12:40 - 2022-12-14 16:29 - 000004216 _____ () C:\Users\eiko-\AppData\Roaming\LTspiceXVII.ini
2023-08-22 12:26 - 2023-08-22 14:52 - 000000128 _____ () C:\Users\eiko-\AppData\Local\PUTTY.RND
2023-05-17 20:17 - 2023-05-17 20:17 - 000003249 _____ () C:\Users\eiko-\AppData\Local\recently-used.xbel
2022-02-20 02:10 - 2022-02-20 02:10 - 000007605 _____ () C:\Users\eiko-\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
              Addition (english):
              [HEADING=1]
              Code:
              Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by eiko- (01-03-2024 12:24:53)
Running from C:\Users\eiko-\Desktop
Microsoft Windows 11 Home Version 23H2 22631.3155 (X64) (2023-04-20 14:28:59)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1421055718-2087356316-1872245878-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1421055718-2087356316-1872245878-503 - Limited - Disabled)
eiko- (S-1-5-21-1421055718-2087356316-1872245878-1001 - Administrator - Enabled) => C:\Users\eiko-
Gast (S-1-5-21-1421055718-2087356316-1872245878-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1421055718-2087356316-1872245878-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM...{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.008.20555 - Adobe)
Adobe Refresh Manager (HKLM-x32...{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Altium Designer 23 (HKLM...\Altium Designer {A9B34CD7-40BF-42A8-8F33-55BA03B6232C}) (Version: 23.11.1.41 - Altium Limited)
AMD Ryzen Master SDK (HKLM...{DBD50508-5F75-416B-995D-C42433A00944}) (Version: 2.1.0.1236 - Advanced Micro Devices, Inc.)
Anaconda3 2023.03-1 (Python 3.10.9 64-bit) (HKLM...\Anaconda3 2023.03-1 (Python 3.10.9 64-bit)) (Version: 2023.03-1 - Anaconda, Inc.)
Anki (HKLM-x32...\Anki) (Version: 2.1.55 - )
Anno 1800 (HKLM-x32...\Uplay Install 4553) (Version: - Ubisoft)
AnycubicPhotonWorkshop (HKLM...{C48D4F03-E59D-475F-B34D-E618A500C118}is1) (Version: - Anycubic)
Arduino (HKLM-x32...\Arduino) (Version: 1.8.13 - Arduino LLC)
Autodesk Fusion 360 (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.17954 - Autodesk, Inc.)
CLion 2022.1 (HKLM-x32...\CLion 2022.1) (Version: 221.5080.224 - JetBrains s.r.o.)
CodeMeter Runtime Kit v6.30d (HKLM...{627EBCBD-71C2-4FDE-9BEA-3AF7F03FBE10}) (Version: 6.30.2280.504 - WIBU-SYSTEMS AG)
CODESYS V3.5 SP10 Patch 4 (HKLM-x32...{91B73AA2-4B42-481F-9ECD-03AB9C6016DF}) (Version: 3.5.10.407 - 3S-Smart Software Solutions GmbH) Hidden
CODESYS V3.5 SP10 Patch 4 (HKLM-x32...\InstallShield{91B73AA2-4B42-481F-9ECD-03AB9C6016DF}) (Version: 3.5.10.407 - 3S-Smart Software Solutions GmbH)
CORSAIR iCUE Software (HKLM-x32...{30D73167-BD7C-473A-AF2F-BBC194FA42D4}) (Version: 3.24.52 - Corsair)
Crucial Storage Executive (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Crucial Storage Executive 9.01.012023.01) (Version: 9.01.012023.01 - Crucial)
CrystalDiskInfo 8.13.3 (HKLM...\CrystalDiskInfo_is1) (Version: 8.13.3 - Crystal Dew World)
CurseForge (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.244.4.1 - Overwolf app)
Discord (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Discord) (Version: 0.0.311 - Discord Inc.)
Dokan Library 1.5.1.1000 (x64) (HKLM...{65A3A964-3DC3-0105-0001-211126123627}) (Version: 1.5.1.1000 - Dokany Project) Hidden
Dokan Library 1.5.1.1000 Bundle (HKLM-x32...{05c046de-f751-48c8-b8d3-77259ea88eb7}) (Version: 1.5.1.1000 - Dokany Project)
Dragon Center (HKLM-x32...{B252FABF-9582-4824-B02B-6D2DC93685C7}}_is1) (Version: 1.0.0.63 - MSI)
draw.io 22.0.2 (HKLM...\27a75bf3-be48-5c35-934f-8491cf108abe) (Version: 22.0.2 - JGraph)
ENE RGB HAL (HKLM...{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32...{9f93601b-15ea-4e69-8d7c-dfa0f29ae04e}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM...{1CD178C9-BB49-4E59-9DA6-3C152E2A9844}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32...{fe81cfd3-9db4-409d-b0f9-26707d1423c6}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32...{9483ABD9-C772-487B-ADF8-09347CF8F2D2}) (Version: 1.3.93.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM...{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32...{57A956AB-4BCC-45C6-9B40-957E4E125568}) (Version: 2.0.44.0 - Epic Games, Inc.)
FreeFileSync (HKLM-x32...\FreeFileSync_is1) (Version: 12.2 - FreeFileSync.org)
Fritzing (HKLM...{62E4A8BF-5F3B-49E0-9ECE-3140C049FA34}) (Version: 0.9.10.0 - Fritzing GmbH)
GIMP 2.10.22 (HKLM...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team)
Git (HKLM...\Git_is1) (Version: 2.42.0.2 - The Git Development Community)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 122.0.6261.71 - Google LLC)
HWiNFO64 Version 6.12 (HKLM...\HWiNFO64_is1) (Version: 6.12 - Martin Malik - REALiX)
Immortals Fenyx Rising (HKLM-x32...\Uplay Install 5405) (Version: - Ubisoft)
Inkscape (HKLM...{B57F4693-8866-4053-B706-901E03F3301B}) (Version: 1.2.2 - Inkscape)
Java 8 Update 401 (64-bit) (HKLM...{71024AE4-039E-4CA4-87B4-2F64180401F0}) (Version: 8.0.4010.10 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32...{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
logisim-evolution (HKLM...{BFAB7B04-8835-36CF-87DB-D1E3A319406E}) (Version: 3.8.0 - logisim-evolution developers)
Logitech Options (HKLM...\LogiOptions) (Version: 8.54.161 - Logitech)
LTspice XVII (HKLM...\LTspice XVII) (Version: - Linear Technology Corporation)
Malwarebytes version 5.0.17.99 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.0.17.99 - Malwarebytes)
Microsoft .NET Host - 5.0.4 (x64) (HKLM...{DD901386-A294-4FF1-A683-0EFF5C66209A}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.4 (x86) (HKLM-x32...{9BFB6AF7-641C-4B52-82CA-43F5A4FD288E}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.8 (x64) (HKLM...{19FCE07F-2A75-44AC-9EA5-8E29FE2F8DBE}) (Version: 56.35.63143 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.4 (x64) (HKLM...{773EF543-570F-4746-953A-3CB19DFCB3E2}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.4 (x86) (HKLM-x32...{79D32D19-A148-4E8E-AC31-2FC90CDBBFA8}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.8 (x64) (HKLM...{174E0D7C-F2C9-49A2-83FB-95A0FE6FA023}) (Version: 56.35.63143 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.4 (x64) (HKLM...{879C9645-ADF3-4697-915B-00B76EBA629F}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.4 (x86) (HKLM-x32...{D523398E-D0EE-4F91-AE81-A27222A621DA}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.8 (x64) (HKLM...{B45C77BA-0B4E-4FBB-99B9-9774ECBE20AA}) (Version: 56.35.63143 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 122.0.2365.59 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32...\Microsoft EdgeWebView) (Version: 122.0.2365.59 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32...{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - de-de (HKLM...\ProPlus2019Volume - de-de) (Version: 16.0.10407.20032 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\OneDriveSetup.exe) (Version: 24.020.0128.0003 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Teams) (Version: 1.6.00.33567 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM...{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.23.35502 - Microsoft)
Microsoft Update Health Tools (HKLM...{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM...{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM...{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32...{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32...{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM...{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM...{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32...{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32...{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32...{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32...{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32...{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32...{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM...{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM...{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM...{7C0242A3-8B66-35D1-9FE0-13B426ACB609}) (Version: 10.0.60729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.86.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.4 (x64) (HKLM...{A04C83D6-2FC0-4F09-9166-E870E5A9E168}) (Version: 40.16.29817 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.4 (x64) (HKLM-x32...{ff817559-f11f-4faa-af52-26feb4b46fff}) (Version: 5.0.4.29817 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.4 (x86) (HKLM-x32...{0F1B4D8B-545C-4C65-BA29-3F564C2F6915}) (Version: 40.16.29817 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.4 (x86) (HKLM-x32...{a83b07f3-e0e5-4402-87d4-3d1acf79c42a}) (Version: 5.0.4.29817 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.8 (x64) (HKLM...{3133BC55-90BD-4B87-82A2-6670B3CAFB81}) (Version: 56.35.63153 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.8 (x64) (HKLM-x32...{d260fcb6-95b8-4c81-8e07-ce75876ffca2}) (Version: 7.0.8.32619 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32...{810F1419-7760-402E-8772-B4054FAA2B72}) (Version: 1.0.0.0 - Mojang)
Nefarius Virtual Gamepad Emulation Bus Driver (HKLM...{93D91F60-7C94-4A79-863F-EA713D2EB3F3}) (Version: 1.17.333.0 - Nefarius Software Solutions e.U.)
Nextcloud (HKLM...{27596A6F-750F-4996-A5C2-A980522ED1C4}) (Version: 3.4.1.20211221 - Nextcloud GmbH)
Notion 2.0.47 (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\fcdf0d7f-424b-5f10-a1c7-a8f643f21adf) (Version: 2.0.47 - Notion Labs, Inc)
Notion 3.1.0 (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\661f0cc6-343a-59cb-a5e8-8f6324cc6998) (Version: 3.1.0 - Notion Labs, Inc)
NVIDIA GeForce Experience 3.20.2.34 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.2.34 - NVIDIA Corporation)
NVIDIA Grafiktreiber 456.71 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM...{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10407.20032 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM...{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10407.20032 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM...{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.10407.20032 - Microsoft Corporation) Hidden
OnePlus USB Drivers 1.00 (HKLM-x32...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
OrcaSlicer (HKLM-x32...\OrcaSlicer) (Version: 1.8.0 - SoftFever)
Overwolf (HKLM-x32...\Overwolf) (Version: 0.242.0.11 - Overwolf Ltd.)
PDF24 Creator 11.8.0 (HKLM...{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.8.0 - PDF24.org)
PowerToys (Preview) (HKLM...{6F3910F2-DA29-490C-811F-D3691B134A61}) (Version: 0.77.0 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32...{1aada4d0-ca73-4389-8f63-73923c771fd4}) (Version: 0.77.0 - Microsoft Corporation)
Prusa3D Version 2.5.0 (HKLM...\Prusa3D_is1) (Version: 2.5.0 - Prusa Research a.s.)
PrusaSlicer Version 2.5.0 (HKLM...\PrusaSlicer_is1) (Version: 2.5.0 - Prusa Research s.r.o.)
Qalculate! (HKLM...{F4803C78-0331-4EE2-9103-33FB0673E2D3}) (Version: 4.8.1 - Hanna Knutsson)
Raspberry Pi Imager (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Raspberry Pi Imager) (Version: 1.7.5 - Raspberry Pi Ltd)
Recuva (HKLM...\Recuva) (Version: 1.53 - Piriform)
SAP Crystal Reports runtime engine for .NET Framework (64-bit) (HKLM...{F9B436DD-8D48-430E-BA89-F85DFA452C55}) (Version: 13.0.9.1312 - SAP)
Snapmaker Luban 3.8.0 (HKLM...{4c329381-cbe6-5eac-8b35-1ff73ff2e943}) (Version: 3.8.0 - Snapmaker Dev Team)
Snapmaker Luban 4.4.0 (HKLM...\4c329381-cbe6-5eac-8b35-1ff73ff2e943) (Version: 4.4.0 - Snapmaker Dev Team)
SQLite ODBC Driver for Win64 (remove only) (HKLM-x32...\SQLite ODBC Driver for Win64) (Version: - )
Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeighaX 4.00 (x64) (HKLM...{2AB65377-C672-498E-BE74-5C60CCFEAC5C}) (Version: 4.0.0 - Open Design Alliance)
Trackmania (HKLM-x32...\Uplay Install 5595) (Version: - Ubisoft)
Ubisoft Connect (HKLM-x32...\Uplay) (Version: 101.0 - Ubisoft)
UltiMaker Cura 5.3.1 (HKLM-x32...\UltiMaker Cura 5.3.1-5.3.1) (Version: 5.3.1 - UltiMaker)
VHDPlus IDE (64bit) (HKLM...{715CFA00-2211-47A2-AD88-87EC71B9564E}) (Version: 0.11.1.0 - VHDPlus)
Virtual-C IDE (HKLM...{59A5E95F-ABEA-48BF-B3AC-B9A78A17E144}) (Version: 2.2.2 - VirtualC)
VLC media player (HKLM...\VLC media player) (Version: 3.0.18 - VideoLAN)
Windows-PC-Integritätsprüfung (HKLM...{63EFBDB5-01B0-4614-BE9F-7F1908E42275}) (Version: 3.1.2109.29003 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM...{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinSCP 6.1.1 (HKLM-x32...\winscp3_is1) (Version: 6.1.1 - Martin Prikryl)
Zoom (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\ZoomUMX) (Version: 5.16.10 (26186) - Zoom Video Communications, Inc.)
[HEADING=1]Packages:[/HEADING]
Adobe Acrobat Reader → C:\Program Files\Adobe\Acrobat DC [2024-02-16] ()
Any Zip → C:\Program Files\WindowsApps\AnywaySoftInc.AnyZip_2.1.2.0_x64__0qkrc2qacwvfm [2024-02-28] (AnywaySoft, Inc.) [MS Ad]
Dev Home → C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1100.416.0_x64__8wekyb3d8bbwe [2024-02-24] (Microsoft Corporation)
HP Smart → C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_151.3.1092.0_x64__v10z8vjag6ke6 [2024-02-28] (HP Inc.)
Media Engine-Add-On für Fotos → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-03-29] (Microsoft Corporation)
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2024-02-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2024-02-28] (Microsoft Corporation) [MS Ad]
Microsoft Family → C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-14] (Microsoft Corp.)
Microsoft Teams (work or school) → C:\Program Files\WindowsApps\MSTeams_24004.1307.2669.7070_x64__8wekyb3d8bbwe [2024-02-24] (Microsoft) [Startup Task]
Microsoft.AV1VideoExtension → C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-08-17] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS → C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-01-10] (Microsoft Corporation)
NVIDIA Control Panel → C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-04-20] (NVIDIA Corp.)
PowerToys ImageResizer Context Menu → C:\Program Files\PowerToys [2024-02-03] (Microsoft)
PowerToys PowerRename Context Menu → C:\Program Files\PowerToys\WinUI3Apps [2024-02-03] (Microsoft)
Prime Video for Windows → C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.153.0_x64__pwbj9vvecjh7j [2024-01-13] (Amazon Development Centre (London) Ltd)
Samsung Account → C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAccount_1.23.12130.0_x64__3c1yjt4zspk6g [2024-01-13] (Samsung Electronics Co. Ltd.)
Samsung Notes → C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungNotes_4.3.239.0_x64__wyx1vj98g3asy [2024-02-06] (Samsung Electronics Co, Ltd.) [Startup Task]
Solitaire & Casual Games → C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-29] (Microsoft Studios) [MS Ad]
Spotify Music → C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0 [2024-02-29] (Spotify AB) [Startup Task]
WhatsApp → C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2407.10.0_x64__cv1g1gvanyjgm [2024-02-28] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack → C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-02-14] (Microsoft Corporation)
WinZipComputing.WinZipDesktopSubscription → C:\Program Files\WindowsApps\WinZipComputing.WinZipDesktopSubscription_76.5.15635.0_x64__3ykzqggjzj4z0 [2023-10-08] (WinZip Computing) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{04271989-C4D2-AE62-65FD-0434D8A5067B} → [OneDrive - haw-hamburg.de] => D:\OneDrive - haw-hamburg.de [2021-10-28 13:10]
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{10144713-1526-46C9-88DA-1FB52807A9FF}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.SvgThumbnailProviderCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{13357088-9834-0409-1600-134951500000}\localserver32 → C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. → Adobe)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 → C:\Users\eiko-\AppData\Local\Microsoft\TeamsMeetingAddin\1.23.35502\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{38142727-3008-9161-1521-349515000000}\localserver32 → C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. → Adobe)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{38398caf-42a4-4800-b39a-6721ecbcf0e4} → [Nextcloud - Eiko@192.168.100.220] => C:\Users\eiko-\Nextcloud2 [2022-05-02 17:15]
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{5ea9a442-5352-ed6e-d37f-9d511e7e2caa}\localserver32 → C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{60789D87-9C3C-44AF-B18C-3DE2C2820ED3}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.MarkdownPreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{729B72CD-B72E-4FE9-BCBF-E954B33FE699}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.QoiPreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 → C:\Users\eiko-\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS → A-Volute)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{84696c5b-1f1c-44ab-ac43-c9c6ce85c2dc} → [Nextcloud - Eiko@192.168.100.220] => C:\Users\eiko-\Nextcloud
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{A0257634-8812-4CE8-AF11-FA69ACAEAFAE}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.GcodePreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{A06264CB-707B-4F72-94F4-D7ED17DBA8A7}\localserver32 → “D:\Programme\tools\bin\pspiceaa.exe” => No File
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{AA7602C4-132E-401F-ACFA-9575FE07F910}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => No File
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{AB34CA32-528F-42B1-A0D7-0124BBAEE609}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => No File
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{AD856B15-D25E-4008-AFB7-AFAA55586188}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.QoiThumbnailProviderCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 → C:\Users\eiko-\AppData\Local\Autodesk\webdeploy\production\b0c303e70bd97cfdc195adab65922cfeffcb363a\NPreview10.dll (Autodesk, Inc. → )
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 → C:\Users\eiko-\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{F2847CBE-CD03-4C83-A359-1A8052C1B9D5}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.GcodeThumbnailProviderCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{FCDD4EED-41AA-492F-8A84-31A1546226E0}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.SvgPreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ NextcloudError] → {E0342B74-7593-4C70-9D61-22F294AAFE05} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudOK] → {E1094E94-BE93-4EA2-9639-8475C68F3886} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudOKShared] → {E243AD85-F71B-496B-B17E-B8091CBE93D2} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudSync] → {E3D6DB20-1D83-4829-B5C9-941B31C0C35A} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudWarning] → {E4977F33-F93A-4A0A-9D3C-83DEA0EE8483} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ContextMenuHandlers2: [FileLocksmithExt] → {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2024-01-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers3: [FileLocksmithExt] → {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2024-01-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-28] (Malwarebytes Inc. → Malwarebytes)
ContextMenuHandlers3: [NextcloudContextMenuHandler] → {BC6988AB-ACE2-4B81-84DC-DC34F9B24401} => C:\Program Files\Nextcloud\shellext\NCContextMenu.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ContextMenuHandlers3: [PowerRenameExt] → {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2024-01-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers4: [RecuvaShellExt] → {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED → Piriform Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] → {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvshext.dll [2020-10-07] (NVIDIA Corporation → NVIDIA Corporation)
ContextMenuHandlers5: [PowerRenameExt] → {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2024-01-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-28] (Malwarebytes Inc. → Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] → {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED → Piriform Software Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-06-19 10:25 - 2019-06-19 10:25 - 000209920 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\AacHal_x86.dll
2018-03-20 14:34 - 2018-03-20 14:34 - 000265728 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\SB_SMBUS_SDK.dll
2019-06-28 10:51 - 2019-06-28 10:51 - 000184832 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE_EHD_M2_HAL\AacHal_x86.dll
2020-01-07 22:07 - 2020-01-07 22:05 - 000237568 _____ () [File not signed] D:\Programme\Dragon Center\Mystic_Light\LEDControl.dll
2020-01-09 18:18 - 2019-01-28 06:00 - 000254464 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNCALDL.DLL
2020-01-09 18:18 - 2019-01-10 05:00 - 001302016 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMLMDL.DLL
2020-01-07 22:07 - 2020-01-07 22:05 - 002200784 _____ (Dexin Corp → MICRO-STAR INTERNATIONAL) [File not signed] D:\Programme\Dragon Center\Mystic_Light\IcMSIDll.dll
2020-01-07 22:07 - 2020-01-07 22:07 - 002200784 _____ (Dexin Corp → MICRO-STAR INTERNATIONAL) [File not signed] D:\Programme\Dragon Center\Mystic_Light\Lib\IcMSIDll.dll
2019-11-15 10:53 - 2019-11-15 10:53 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] D:\Programme\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2020-01-07 22:07 - 2020-01-07 22:07 - 000399872 _____ (TODO: <公司名稱>) [File not signed] D:\Programme\Dragon Center\Mystic_Light\Lib\SDKDLL.dll
2016-09-29 05:30 - 2016-09-29 05:30 - 000220160 _____ (WIBU-SYSTEMS AG) [File not signed] C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.lDe

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:CM_2a732c3f1e3eb40b63fe062d0180f157c71684af0a0442ab953224075801bb78 [74]
AlternateDataStreams: C:\Windows:CM_bf41c588bad5a092a453669c0d3c66d1ec2c072fbf5c15cc6acda24c9e4d0955 [74]
AlternateDataStreams: C:\Users\eiko-\Desktop\KVRT.exe:MBAM.Zone.Identifier [183]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => “”=“Service”

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes\regfile: <==== ATTENTION

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre-1.8\bin\ssv.dll [2023-12-19] (Oracle America, Inc. → Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll [2023-12-19] (Oracle America, Inc. → Oracle Corporation)
BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2024-01-13] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\localhost → localhost
IE trusted site: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\sharepoint.com → hxxps://hawhamburgde-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2024-02-28 16:35 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path → C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Windows\System32\OpenSSH;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;%SYSTEMROOT%\System32\OpenSSH;C:\Program Files\dotnet;C:\Program Files (x86)\dotnet;C:\Program Files\Crucial\Crucial Storage Executive;C:\Program Files\Git\cmd
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Control Panel\Desktop\Wallpaper → C:\Users\eiko-\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\15248146012458418531\133536187848193423.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM...\StartupApproved\StartupFolder: => “WinZip Preloader.lnk”
HKLM...\StartupApproved\StartupFolder: => “CodeMeter Control Center.lnk”
HKLM...\StartupApproved\Run: => “PDF24”
HKLM...\StartupApproved\Run32: => “CORSAIR iCUE Software”
HKLM...\StartupApproved\Run32: => “IJNetworkScannerSelectorEX2”
HKLM...\StartupApproved\Run32: => “CanonQuickMenu”
HKLM...\StartupApproved\Run32: => “PDFPrint”
HKLM...\StartupApproved\Run32: => “GatewaySysTray”
HKLM...\StartupApproved\Run32: => “CODESYSControlSysTray”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\StartupFolder: => “An OneNote senden.lnk”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “OneDrive”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “Steam”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “Discord”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “Overwolf”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “Nextcloud”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “MicrosoftEdgeAutoLaunch_322C183E72E821C8032805843FDA8DCC”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “com.squirrel.Teams.Teams”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “RiotClient”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “EpicGamesLauncher”

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DC38C056-7BC6-402C-8C7E-0D09D1A7B84F}] => (Block) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [{81AACDE4-9800-490D-B67E-F513665C9918}] => (Block) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [UDP Query User{AD788EA4-4AC7-4DEB-AD15-60BB29596564}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{92CF064D-57DB-46A0-9AFF-4D88B7A620E5}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [UDP Query User{0F4A798B-5889-4F92-9609-5A18A87BE9D1}D:\programme\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) D:\programme\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{5BDA5EB0-9575-4832-80AC-C853FD95A948}D:\programme\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) D:\programme\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{8330EB73-AB1C-41CA-9755-39A390E36176}D:\programme\freefilesync\bin\freefilesync_x64.exe] => (Allow) D:\programme\freefilesync\bin\freefilesync_x64.exe (Florian BAUER → FreeFileSync.org)
FirewallRules: [TCP Query User{8D7F5CE9-0C93-4AA4-A37F-7964AA9BAD77}D:\programme\freefilesync\bin\freefilesync_x64.exe] => (Allow) D:\programme\freefilesync\bin\freefilesync_x64.exe (Florian BAUER → FreeFileSync.org)
FirewallRules: [{2B27175F-CF4D-4A4F-AD7D-65A0B35F8935}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{E1B86E19-0D33-4630-8FF7-277C68AABBFC}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{6B3EADBD-3708-4F4B-9EF5-06BA20CE694F}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{F4CFF23C-172A-431D-B83E-990FD7F8C7F4}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [UDP Query User{043ECEF8-8109-40B8-84AD-19CFAE5B6E76}D:\programme\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) D:\programme\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [TCP Query User{BE6CA684-F767-440E-B229-7C99913C3337}D:\programme\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) D:\programme\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{65184F1F-8F38-4CE4-AA73-22C8F93537CB}D:\programme\install\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\programme\install\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{FCBF3D6D-D1A2-497A-AC73-647AAF1DA470}D:\programme\install\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\programme\install\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{38F4B99D-25BE-4655-9C28-43100D3F530D}] => (Allow) C:\Users\eiko-\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{055487D4-80A4-4764-B807-1424EE5FD5F4}] => (Allow) D:\Programme\Ubisoft Game Launcher\games\Anno 1800\Bin\Win64\Anno1800.exe (UBISOFT ENTERTAINMENT INC. → Ubisoft)
FirewallRules: [{9512345D-6394-465C-8E3B-5F33DE5EC10B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{C675973E-8322-4C2C-97EB-5D07079A99F0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{D1330097-8553-48E2-BFE5-3EEEB543BB39}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{287A857D-70DA-42BB-BFF6-F454D73B29F5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{45AE92CD-EA04-4379-8578-613E0030B301}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{91039128-6EF6-4727-9C42-C448B4C5D10F}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Mythology\AoMX.exe (Microsoft Corp) [File not signed]
FirewallRules: [{6B4D91F0-7455-4AC3-884B-98C1803A6167}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Mythology\AoMX.exe (Microsoft Corp) [File not signed]
FirewallRules: [{EBF76231-D441-433F-8DAD-7CDFC8468D3E}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Mythology\Launcher.exe (TODO: ) [File not signed]
FirewallRules: [{217F66B7-11A6-4DFD-80CC-B6D79F5CEC18}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Mythology\Launcher.exe (TODO: ) [File not signed]
FirewallRules: [{DFC0EB80-5C53-4CFD-B783-86F6FE6C8D24}] => (Allow) D:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{E9B135D1-5AEC-4E80-9760-758BC2ED25E5}] => (Allow) D:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{DBA546C7-062E-4537-BBAC-803DDD3D6A7E}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC → Futuremark)
FirewallRules: [{7387F38A-6876-49EC-B2B0-9E71D96ECC72}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC → Futuremark)
FirewallRules: [{9A7F8F80-CAB5-4216-8F4E-483D2684F91B}] => (Allow) D:\Programme\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{C6BB91F1-1D99-4F69-A490-B20D99D436CF}] => (Allow) D:\Programme\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{C41D44F6-ED97-461A-AA06-94A5A39A07A1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{5976B0C1-5ACC-4485-BDA9-EEA8754EEE6F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{6E369597-3084-4050-B043-600D6ABA1FB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{C66A0230-400B-493A-8C1B-F00C17D1BEF2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{F871D8FB-3F4D-421D-AAE3-9F6B20048843}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{454E7A75-1C3C-4DFD-8207-0E864B2F1ABA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [TCP Query User{D4BA32A3-FDF4-4C07-BC62-83B179C6506E}D:\programme\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\programme\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{936F2D13-DF5E-458B-A955-851D5B4FB563}D:\programme\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\programme\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{CCA06AF5-66CF-4F13-AB71-F9C39825990B}D:\programme\arduino\java\bin\javaw.exe] => (Allow) D:\programme\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{2AA2A08E-9AD4-4EB0-B55E-469CDF39360F}D:\programme\arduino\java\bin\javaw.exe] => (Allow) D:\programme\arduino\java\bin\javaw.exe
FirewallRules: [{495F5E7C-5384-436C-B273-A178C723B2DD}] => (Allow) D:\Programme\Ubisoft Game Launcher\games\Trackmania\trackmania.exe (NADEO SASU → Nadeo)
FirewallRules: [{F362C656-6E2B-41BC-BFBB-8CE01081C3C5}] => (Allow) D:\Programme\Ubisoft Game Launcher\games\Trackmania\trackmania.exe (NADEO SASU → Nadeo)
FirewallRules: [TCP Query User{35E3D4E4-4F09-440B-AB5B-45B905483E2C}C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [UDP Query User{B757C28E-7F67-4FC1-A65A-A42EB464EA26}C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{2E361E33-CE02-4280-9B42-54AA9EA954D8}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{E46CE610-C8BD-47B6-8BD8-6F88F29BF20A}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{CE0A55A3-B0F5-40D0-A062-62FBE8739C3C}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{C7F1E4E8-58A9-43F1-AA76-79CECBD2D03F}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{2AB7E746-53EB-4DAD-9654-236D5600CAD2}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc → Logitech, Inc.)
FirewallRules: [{3268EFBE-4C81-49C9-AD48-EDC3335758F9}] => (Allow) C:\Users\eiko-\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{7D17E545-BF8E-4FA8-A01A-08972AEF9CBB}] => (Allow) C:\Users\eiko-\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{80574D36-E00A-4A9A-8191-87D405ED45C3}] => (Allow) C:\Users\eiko-\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{75C4C195-B5F7-4632-8014-53F1FCE8B0ED}C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [UDP Query User{0A70D895-87A9-4B9C-82F2-97CFA3FC0A7F}C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{FF239137-D032-45F6-B263-143C815C103C}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Empires IV\RelicCardinal.exe (RELIC ENTERTAINMENT, INC. → Relic Entertainment)
FirewallRules: [{8F25C6C8-5F22-43F1-AD9A-25875FCB0E98}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Empires IV\RelicCardinal.exe (RELIC ENTERTAINMENT, INC. → Relic Entertainment)
FirewallRules: [TCP Query User{306288FF-4DE5-4EB1-8866-D00FE9C273A8}D:\programme\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\programme\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{EC39A673-930D-49EC-9135-9B866A1A0033}D:\programme\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\programme\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{17BBF18F-A806-495E-93D3-6C38E8158BD2}D:\programme\arduino\java\bin\javaw.exe] => (Allow) D:\programme\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{4CCC7730-F912-4056-BBA6-F50BE4F9EE6A}D:\programme\arduino\java\bin\javaw.exe] => (Allow) D:\programme\arduino\java\bin\javaw.exe
FirewallRules: [{F0B59BBA-FB70-48B0-8CF3-9153EF7B7BC3}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG)
FirewallRules: [{3D58B04D-AFD0-4482-A115-7571E50C4558}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG)
FirewallRules: [{08D56A1D-3837-4F57-90CF-849116B7E206}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG)
FirewallRules: [{5B29FA0B-29F5-416D-ABB2-290897BC05FA}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\CODESYS.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{015A8D3D-F40C-4BB5-A5A7-74AA118AAD76}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\CODESYS.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{475F8A65-BC13-4BB3-A1EA-1FF2C99EC3C5}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\CODESYS.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{395F3D88-3380-4201-873C-014EC07E72EE}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\CODESYS.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{15ECB879-60C4-42F4-94BE-66A38BB6CC48}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\RepTool.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{E3B1E9C9-200D-465E-AD9C-622FDA031CF3}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\RepTool.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{9BAB2765-B9DE-4A99-8182-1B1981DC23B1}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\RepTool.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{8B99EB7C-E07A-4126-B1D6-52FF044E7862}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\RepTool.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{CBB56258-647F-4608-8384-296265CCADBB}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\IPMCLI.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{99C74BD9-106E-4CD6-A6C5-0E39F9097B6D}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\IPMCLI.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{2937A2BD-18E2-46CB-A6F2-83A475A1BF2D}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\IPMCLI.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{D6ED8DD3-E2F1-4B55-95B0-16309EE0B082}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\IPMCLI.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{AA40FF9F-72BC-42D8-A8C0-D330563CE228}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{F2BD632C-2FA0-4AAC-9024-26D7A1A99CEC}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{91238EAC-87E7-4297-9329-E302BE237483}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{FFE70F5B-1EAA-4C55-954C-E763DCD1E0B1}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{CEE39792-4A68-4970-8615-FEBA29CF7019}] => (Allow) C:\Windows\SysWOW64\Gateway.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{6B8FB6D7-1CFB-412D-9CF5-23706446F401}] => (Allow) C:\Windows\SysWOW64\Gateway.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{DD5D6F82-F8CD-45DF-8BCD-4B52EE5C701F}] => (Allow) C:\Windows\SysWOW64\Gateway.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{C0A7C768-654B-46F7-AA9E-6D111B46F844}] => (Allow) C:\Windows\SysWOW64\Gateway.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{EC09C64B-FC0B-4DB8-8905-631E7C445096}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{3E8FC8EC-4359-4FAB-9653-F65D906A650A}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{B852E5C9-F6BA-4C97-9785-569D1E33A681}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{D80E72AE-7250-42D7-846D-0FA9AA12ACE8}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{B8951E4A-334B-4072-8C39-BED285225477}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{464A1A85-0515-435B-9086-C2EF53D93886}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{67625BC9-F345-4610-8730-700695486F99}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{5C710ECE-9777-4488-9D5E-CB7990EE78AA}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [TCP Query User{5286CD36-1CA4-4B8A-BFA6-9CCB2E7B2A50}C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe] => (Allow) C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe () [File not signed]
FirewallRules: [UDP Query User{E0515BBA-3DB8-46D5-B642-49EA0C99180B}C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe] => (Allow) C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe () [File not signed]
FirewallRules: [{F2FEF788-42EB-4946-BE43-66B4627CB7E6}] => (Block) C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe () [File not signed]
FirewallRules: [{AF9965FD-F81F-44F1-AF57-9CC445DD513F}] => (Block) C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe () [File not signed]
FirewallRules: [TCP Query User{68E6CF3C-38A7-4EB9-96CC-F84EFFE857A4}C:\program files\orcaslicer\orca-slicer.exe] => (Allow) C:\program files\orcaslicer\orca-slicer.exe (SoftFever) [File not signed]
FirewallRules: [UDP Query User{4A6434BA-95EE-4311-802B-664A774B682E}C:\program files\orcaslicer\orca-slicer.exe] => (Allow) C:\program files\orcaslicer\orca-slicer.exe (SoftFever) [File not signed]
FirewallRules: [TCP Query User{58C3F345-F0B7-4F88-B4FB-7D5FB56FF212}C:\program files\altium\ad23\x2.exe] => (Allow) C:\program files\altium\ad23\x2.exe (Altium LLC → Altium LLC)
FirewallRules: [UDP Query User{E6831222-A353-4556-8C88-C187BBE6FB54}C:\program files\altium\ad23\x2.exe] => (Allow) C:\program files\altium\ad23\x2.exe (Altium LLC → Altium LLC)
FirewallRules: [TCP Query User{B658F0F2-0674-4EAF-97A3-24F9862C0969}C:\program files\logisim-evolution\logisim-evolution.exe] => (Allow) C:\program files\logisim-evolution\logisim-evolution.exe () [File not signed]
FirewallRules: [UDP Query User{82C35AEA-279C-4D8D-BE9A-1141D3EB63BD}C:\program files\logisim-evolution\logisim-evolution.exe] => (Allow) C:\program files\logisim-evolution\logisim-evolution.exe () [File not signed]
FirewallRules: [{607F91DD-70EF-4778-A667-37E964C97E6C}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24004.1403.2634.2418_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{4E963323-DBE0-4EB8-BE46-948D296EF8C5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24004.1403.2634.2418_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{AD6D52A6-184E-4609-A83F-3B1BFDE17A5D}] => (Allow) C:\Program Files\PowerToys\PowerToys.MouseWithoutBorders.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{EDFD7B9F-FB83-4D9F-BBDD-6531504BC829}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24004.1307.2669.7070_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{2263883D-3995-4BD7-9B22-1DAD1495BF23}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24004.1307.2669.7070_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{5FD1FC2C-9153-4A41-A69D-61626F835630}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{ADFA4932-EA8F-4E46-AAAE-E58B935BE380}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{79068DF1-AF19-45E5-8157-7A928B4CB6D4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{87149421-DD07-4E19-9819-17347BB6C14A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{08C12255-4807-4EA2-B22B-5987EF309E67}] => (Allow) D:\Programme\Steam\steamapps\common\Supermarket Simulator\Supermarket Simulator.exe () [File not signed]
FirewallRules: [{CE7704F2-FF6A-484C-A27E-40464706FE3A}] => (Allow) D:\Programme\Steam\steamapps\common\Supermarket Simulator\Supermarket Simulator.exe () [File not signed]
FirewallRules: [{0C8D4364-9D12-4EF8-A7B6-44E4001FE9A6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC)
FirewallRules: [{03E9B1FD-4D25-4D8F-8D5B-A313F7F6CA23}] => (Allow) D:\Programme\Overwolf\0.241.0.10\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{42D9EC72-71C6-4028-949C-6867DACB54BD}] => (Allow) D:\Programme\Overwolf\0.241.0.10\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{375E2C36-7169-47DE-B2D3-79424BBAAA1D}] => (Block) D:\Programme\Overwolf\0.241.0.10\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{10F72388-F5E5-480D-A6DD-36EA96E37FAE}] => (Block) D:\Programme\Overwolf\0.241.0.10\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{1DA1EE29-1BD5-4967-8D6C-609A4DBF2257}] => (Allow) D:\Programme\Overwolf\0.242.0.11\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{AA70ADC6-0732-41C3-ABDF-CA6E06C09E75}] => (Allow) D:\Programme\Overwolf\0.242.0.11\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{D852E223-3EF6-4721-BF19-6272F579654F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{19D9484A-641B-45B8-B664-A9C371F01661}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{689D3F45-EE85-48AF-8302-A98FEB500ABC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{8E5064E6-A832-42FF-B94D-F2C1C77EB730}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{DA8157EF-5A48-45D9-9F37-342773C8472F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{35BF3957-EA38-4892-A47D-A78804388403}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{48E1678E-D52E-43C2-8FE4-5DC3EE9E5432}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{DFD79D3E-4338-4EEA-999C-528A5CAC8483}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{C172A26F-78BB-48C2-BD26-EA96E4822135}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{0E857EA6-A4E5-4ED8-9C54-64D13821B44E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{B837D140-10B7-4DDF-8269-D941A4CAF4D9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.59\msedgewebview2.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{7ED3959E-DF5D-4271-867F-2B45FF9AF602}] => (Allow) LPort=26820
FirewallRules: [{DB81DBF2-6ED3-4E66-AADE-90902F76BA1E}] => (Allow) LPort=26822
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Restore Points =========================

24-02-2024 20:32:56 Windows Update
24-02-2024 20:32:57 Windows Update
24-02-2024 20:32:58 Windows Update
28-02-2024 14:26:58 Windows Update
28-02-2024 14:27:01 Windows Update

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (03/01/2024 12:22:42 PM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Das Programm SecHealthUI.exe Version 10.0.22621.1 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.

Error: (03/01/2024 12:21:40 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-OSDJ7D2$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Fri, 01 Mar 2024 11:21:41 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 6ef58f73-f18e-4c16-a9c2-d85af0f7df0c

Methode: GET(187ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (03/01/2024 12:21:40 PM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Fri, 01 Mar 2024 11:21:39 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 67410b42-b61d-4988-b775-fcb91a3784e4

Methode: GET(859ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (03/01/2024 10:18:03 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-OSDJ7D2$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Fri, 01 Mar 2024 09:18:03 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 5aef0d0e-af65-4c38-9c7e-323f24cc45fe

Methode: GET(172ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (03/01/2024 10:18:02 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Fri, 01 Mar 2024 09:18:03 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 1b1d2d56-a8db-4e63-9f1b-d098d739f030

Methode: GET(406ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (03/01/2024 10:15:31 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine “QueryFullProcessImageNameW” ist ein unerwarteter Fehler aufgetreten. hr = 0x8007001f, Ein an das System angeschlossenes Gerät funktioniert nicht..

Vorgang:
Asynchroner Vorgang wird ausgeführt

Kontext:
Aktueller Status: DoSnapshotSet

Error: (03/01/2024 10:15:20 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle “IVssWriterCallback” ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert.Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.

Vorgang:
Generatordaten werden gesammelt

Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {93c016f3-5a34-45ed-9e03-cd3ba7b30024}

Error: (03/01/2024 10:13:47 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-OSDJ7D2$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Fri, 01 Mar 2024 09:13:48 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 93f5e66e-990f-4806-980b-2b6e2241639c

Methode: GET(187ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
[HEADING=1]System errors:[/HEADING]
Error: (03/01/2024 12:25:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OSDJ7D2)
Description: Der Server “{470B9B9B-0E95-4963-B265-5D58E5808C3D}” konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (03/01/2024 12:23:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OSDJ7D2)
Description: Der Server “{434AEC1C-8583-45EC-B88F-750D6F380BC3}” konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (03/01/2024 12:21:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst “GameInput Service” wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (03/01/2024 12:21:33 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst “GameInput Service” wurde mit folgendem Fehler beendet:
Die Verbunddatei “GameInput Service” wurde mit einer neueren Version erstellt.

Error: (03/01/2024 12:21:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst “GameInput Service” wurde unerwartet beendet. Dies ist bereits 5 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/01/2024 12:21:32 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst “GameInput Service” wurde mit folgendem Fehler beendet:
Die Verbunddatei “GameInput Service” wurde mit einer neueren Version erstellt.

Error: (03/01/2024 12:21:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst “GameInput Service” wurde unerwartet beendet. Dies ist bereits 4 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/01/2024 12:21:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst “GameInput Service” wurde mit folgendem Fehler beendet:
Die Verbunddatei “GameInput Service” wurde mit einer neueren Version erstellt.

Windows Defender:
================Event[0]

Date: 2024-02-28 15:24:21
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.349.1208.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiSpyware
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18500.10
Fehlercode: 0x80072f8f
Fehlerbeschreibung: Es ist ein Sicherheitsfehler aufgetreten.

Date: 2024-02-28 15:24:21
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.349.1208.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18500.10
Fehlercode: 0x80072f8f
Fehlerbeschreibung: Es ist ein Sicherheitsfehler aufgetreten.

Date: 2024-02-28 15:24:20
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.349.1208.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18500.10
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.

Date: 2024-02-28 15:24:20
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.349.1208.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18500.10
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2024-03-01 12:24:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1.B0 11/08/2019
Motherboard: Micro-Star International Co., Ltd. B450 GAMING PRO CARBON AC (MS-7B85)
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 18%
Total physical RAM: 32716.52 MB
Available physical RAM: 26657.36 MB
Total Virtual: 34764.52 MB
Available Virtual: 26800.86 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.09 GB) (Free:649.88 GB) (Model: CT1000P3SSD8) NTFS
Drive d: (Speicher) (Fixed) (Total:894.24 GB) (Free:448.89 GB) (Model: Patriot Burst) NTFS
Drive e: (SSD Speicher) (Fixed) (Total:119.24 GB) (Free:119.15 GB) (Model: SAMSUNG MZVLW128HEGR-00000) NTFS
Drive x: () (Network) (Total:0 GB) (Free:0 GB)

\?\Volume{e5fef1f2-14bc-41e5-a2cb-6fec93bb4729}\ () (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS
\?\Volume{41e65462-6f71-4c4a-9c2b-c5457b66e6f2}\ () (Fixed) (Total:0.69 GB) (Free:0.06 GB) NTFS
\?\Volume{9ac877f4-f51d-470b-8acb-437c47e286b7}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 894.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
              [/HEADING][/HEADING]

                Comment

                • Malnutrition
                  PCHF Moderator
                  • Jul 2016
                  • 7045
                  #5
                  Copy the content of the code box below.
                  [COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
                  Right Click FRST and run as Administrator.
                  Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
                  Attach it to your next message.

                  Code:
                  start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
CHR Extension: (Social Blade) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2022-09-04] [UpdateUrl:hxxps://addon.socialblade.com/updates.json] <==== ATTENTION
R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2020-03-18] (Avira Operations GmbH & Co. KG → The OpenVPN Project)
C:\WINDOWS\System32\drivers\phantomtap.sys
C:\avast! sandbox
C:\Users\eiko-\AppData\Local\PUTTY.RND
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{A06264CB-707B-4F72-94F4-D7ED17DBA8A7}\localserver32 → “D:\Programme\tools\bin\pspiceaa.exe” => No File
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{AA7602C4-132E-401F-ACFA-9575FE07F910}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => No File
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{AB34CA32-528F-42B1-A0D7-0124BBAEE609}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => No File
AlternateDataStreams: C:\Windows:CM_2a732c3f1e3eb40b63fe062d0180f157c71684af0a0442ab953224075801bb78 [74]
AlternateDataStreams: C:\Windows:CM_bf41c588bad5a092a453669c0d3c66d1ec2c072fbf5c15cc6acda24c9e4d0955 [74]
AlternateDataStreams: C:\Users\eiko-\Desktop\KVRT.exe:MBAM.Zone.Identifier [183]
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes\regfile: <==== ATTENTION
FirewallRules: [{7ED3959E-DF5D-4271-867F-2B45FF9AF602}] => (Allow) LPort=26820
FirewallRules: [{DB81DBF2-6ED3-4E66-AADE-90902F76BA1E}] => (Allow) LPort=26822
File: c:\Windows\System32\drivers\winhvr.winsecurity
File: C:\WINDOWS\system32\Drivers\WUDFRd.winsecurity
File: C:\Users\eiko-\Downloads\624beffb-15e1-47fd-86e0-bf8de081bd29_Export-8ba90b14-8348-4300-9315-58890a9fcb66
File: C:\Users\eiko-\Downloads\70f01c28-7c35-43b7-84f4-7366f8fa2549_Export-5fdfccfe-4bbb-432d-8e8d-9a2e76d48e74
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
“DelayedAutoStart”=dword:00000001
“DependOnService”=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
“Description”=“@%SystemRoot%\System32\wscsvc.dll,-201”
“DisplayName”=“@%SystemRoot%\System32\wscsvc.dll,-200”
“ErrorControl”=dword:00000001
“FailureActions”=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
“ImagePath”=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,
00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,
72,00,69,00,63,00,74,00,65,00,64,00,20,00,2d,00,70,00,00,00
“LaunchProtected”=dword:00000002
“ObjectName”=“NT AUTHORITY\LocalService”
“RequiredPrivileges”=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,
67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,
00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,
00,00,00,00
“ServiceSidType”=dword:00000001
“Start”=dword:00000002
“Type”=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
“ServiceDll”=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
“ServiceDllUnloadOnStop”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
“Security”=hex:01,00,14,80,1c,01,00,00,28,01,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
00,00,02,00,ec,00,08,00,00,00,00,00,18,00,9d,00,02,00,01,02,00,00,00,00,00,
05,20,00,00,00,21,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,
12,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,20,
02,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,
14,00,9d,00,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,fd,01,02,
00,01,06,00,00,00,00,00,05,50,00,00,00,e5,fe,79,5f,a0,ae,0d,3b,22,fa,0a,c9,
01,5a,41,3a,e5,a6,4a,b7,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,
00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,
28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,00,00,00,db,8c,74,0f,c2,72,73,
f3,2b,26,b9,44,77,1e,4f,02,76,63,b5,21,01,01,00,00,00,00,00,05,12,00,00,00,
01,01,00,00,00,00,00,05,12,00,00,00
EndRegedit:
StartBatch:
WMIC SERVICE WHERE Name=“dcomlaunch” set startmode=“auto”
WMIC SERVICE WHERE Name=“nsi” set startmode=“auto”
WMIC SERVICE WHERE Name=“dhcp” set startmode=“auto”
WMIC SERVICE WHERE Name=“rpcss” set startmode=“auto”
WMIC SERVICE WHERE Name=“rpceptmapper” set startmode=“auto”
WMIC SERVICE WHERE Name=“winmgmt” set startmode=“auto”
WMIC SERVICE WHERE Name=“sdrsvc” set startmode=“manual”
WMIC SERVICE WHERE Name=“vss” set startmode=“manual”
WMIC SERVICE WHERE Name=“eventlog” set startmode=“auto”
WMIC SERVICE WHERE Name=“bfe” set startmode=“auto”
WMIC SERVICE WHERE Name=“eventsystem” set startmode=“auto”
WMIC SERVICE WHERE Name=“msiserver” set startmode=“manual”
WMIC SERVICE WHERE Name=“sstpsvc” set startmode=“manual”
WMIC SERVICE WHERE Name=“rasman” set startmode=“manual”
WMIC SERVICE WHERE Name=“trustedinstaller” set startmode=“auto”
net start sdrsvc
net start vss
net start rpcss
net start eventsystem
net start winmgmt
net start msiserver
net start bfe
net start trustedinstaller
“%WINDIR%\SYSTEM32\lodctr.exe” /R
“%WINDIR%\SysWOW64\lodctr.exe” /R
“%WINDIR%\SYSTEM32\lodctr.exe” /R
“%WINDIR%\SysWOW64\lodctr.exe” /R
NETSH winsock reset catalog
NETSH int ipv4 reset reset.log
NETSH int ipv6 reset reset.log
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
bitsadmin /list /allusers
bitsadmin /reset /allusers
Winmgmt /salvagerepository
Winmgmt /resetrepository
Winmgmt /resyncperf
Endbatch:
startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
[HEADING=1]Funtion Remove-all-windefend-excludes to Remove all exclusions on MS Windefend[/HEADING]
Function Remove-all-windefend-excludes {
$Paths=(Get-MpPreference).ExclusionPath
$Extensions=(Get-MpPreference).ExclusionExtension
$Processes=(Get-MpPreference).ExclusionProcess
foreach ($Path in $Paths) { Remove-MpPreference -ExclusionPath $Path -force}
foreach ($Extension in $Extensions) { Remove-MpPreference -ExclusionExtension $Extension -force}
foreach ($Process in $Processes) { Remove-MpPreference -ExclusionProcess $Process -force}
}
[HEADING=1]Remove all exclusions on MS Windefend[/HEADING]
Write-Output “Removing all exclusions on MS Windefend antivirus”
Set-MpPreference -DisableAutoExclusions $true -Force
Remove-all-windefend-excludes
EndPowerShell:

startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
Remove-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender” -Name “DisableAntiVirus” –Force
Remove-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender” -Name “DisableAntiSpyware” –Force
Remove-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender” -Name “PUAProtection” –Force
Remove-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender” -Name “DisableRoutinelyTakingAction” –Force
Remove-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection” -Name “DisableBehaviorMonitoring” -force
Remove-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection” -Name “DisableOnAccessProtection” -force
Remove-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection” -Name “DisableScanOnRealtimeEnable” -force
Get-Service windefend | Select-Object -Property Name, StartType, Status
Set-Service -Name securityhealthservice -StartupType manual -force
Get-Service securityhealthservice | Select-Object -Property Name, StartType, Status
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
Set-MpPreference -DisableArchiveScanning $false -Force
Set-MpPreference -DisableBehaviorMonitoring $false -Force
Set-MpPreference -DisableEmailScanning $False -Force
Set-MpPreference -DisableIOAVProtection $false -Force
Set-MpPreference -DisablePrivacyMode $true -Force
Set-MpPreference -DisableRealtimeMonitoring $false -Force
Set-MpPreference -MAPSReporting Advanced -Force
Set-MpPreference -PUAProtection enabled -Force
Set-MpPreference -SignatureScheduleDay Everyday -Force
Set-MpPreference -DisableRemovableDriveScanning $false -Force
Set-MpPreference -SubmitSamplesConsent SendSafeSamples
[HEADING=1]Reset and check Secure Health status[/HEADING]
Get-AppxPackage Microsoft.SecHealthUI -AllUsers | Reset-AppxPackage
Get-AppxPackage Microsoft.SecHealthUI -AllUsers|select Name, Status
[HEADING=1]Check if these services are running[/HEADING]
Get-Service mbamservice, Windefend, SecurityHealthService, wscsvc, mpsdrv, mpssvc, bfe, WdNisSvc, WdNisDrv, sense, winmgmt, rpcss, RpcEptMapper, bits, cryptsvc, wuauserv, dcomlaunch | Select Name, DisplayName, Status, starttype
EndPowerShell:

startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
Remove-Item -Path “C:\Windows\Prefetch*” -force -recurse -ErrorAction SilentlyContinue
Write-Output “updating”
Update-MpSignature
Write-Output “scanning quick scan”
Start-MpScan -ScanType QuickScan
Remove-MpThreat
EndPowerShell:

CMD: del /s /q “%userprofile%\AppData\Local\temp*.*”
emptytemp:
Reboot:
End::



                  Adware Cleaner

                  [ul]
                  [li]Download AdwCleaner and save it to your Desktop[/li][li]Right-click on AdwCleaner.exeand select, Run as Administrator[/li][li]Accept the EULA (I accept), then click on Scan Now[/li][li]Let the scan complete[/li][li]Once the scan completes, make sure that every item listed in the different tabs is checked and click on the Quarantine and delete.[/li][li]Once the cleaning process is complete, AdwCleaner will ask you to restart your computer[/li][li]Close all other open windows and allow it to restart[/li][li]After the restart, Notepad will open with the AdwCleaner cleaning log[/li][li]Please Attach the contents of that log into your next reply to me[/li][/ul]




                  Download RogueKiller and install the program.
                  Once downloaded and installed, right click and run as admin.
                  Click the check for updates button.
                  Go to scan setting then slide the MalPE option right to activate.
                  Then go to scan, then start a full scan on your machine.
                  Then click report when the scan completes.
                  Under Share my report click on open then select text file.
                  Copy it and paste the results here.
                  Make sure you do not remove anything detected until I see the log please.[/COLOR]

                    Comment

                    • Urenis
                      PCHF Member
                      • Feb 2024
                      • 14
                      #6
                      Windows security doesn’t work yet. Is there a deeper problem?

                      Fixlog:
                      [HEADING=1]
                      Code:
                      Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by eiko- (01-03-2024 15:33:49) Run:4
Running from C:\Users\eiko-\Desktop
Loaded Profiles: eiko-
Boot Mode: Normal[/HEADING]
fixlist content:
[HR][/HR]
start::
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
CHR Extension: (Social Blade) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2022-09-04] [UpdateUrl:hxxps://addon.socialblade.com/updates.json] <==== ATTENTION
R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2020-03-18] (Avira Operations GmbH & Co. KG → The OpenVPN Project)
C:\WINDOWS\System32\drivers\phantomtap.sys
C:\avast! sandbox
C:\Users\eiko-\AppData\Local\PUTTY.RND
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{A06264CB-707B-4F72-94F4-D7ED17DBA8A7}\localserver32 → “D:\Programme\tools\bin\pspiceaa.exe” => No File
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{AA7602C4-132E-401F-ACFA-9575FE07F910}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => No File
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{AB34CA32-528F-42B1-A0D7-0124BBAEE609}\InprocServer32 → D:\Programme\tools\bin\orpiPspice64.dll => No File
AlternateDataStreams: C:\Windows:CM_2a732c3f1e3eb40b63fe062d0180f157c71684af0a0442ab953224075801bb78 [74]
AlternateDataStreams: C:\Windows:CM_bf41c588bad5a092a453669c0d3c66d1ec2c072fbf5c15cc6acda24c9e4d0955 [74]
AlternateDataStreams: C:\Users\eiko-\Desktop\KVRT.exe:MBAM.Zone.Identifier [183]
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes\regfile: <==== ATTENTION
FirewallRules: [{7ED3959E-DF5D-4271-867F-2B45FF9AF602}] => (Allow) LPort=26820
FirewallRules: [{DB81DBF2-6ED3-4E66-AADE-90902F76BA1E}] => (Allow) LPort=26822
File: c:\Windows\System32\drivers\winhvr.winsecurity
File: C:\WINDOWS\system32\Drivers\WUDFRd.winsecurity
File: C:\Users\eiko-\Downloads\624beffb-15e1-47fd-86e0-bf8de081bd29_Export-8ba90b14-8348-4300-9315-58890a9fcb66
File: C:\Users\eiko-\Downloads\70f01c28-7c35-43b7-84f4-7366f8fa2549_Export-5fdfccfe-4bbb-432d-8e8d-9a2e76d48e74
StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
“DelayedAutoStart”=dword:00000001
“DependOnService”=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
“Description”=“@%SystemRoot%\System32\wscsvc.dll,-201”
“DisplayName”=“@%SystemRoot%\System32\wscsvc.dll,-200”
“ErrorControl”=dword:00000001
“FailureActions”=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
“ImagePath”=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,
6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,
00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,
72,00,69,00,63,00,74,00,65,00,64,00,20,00,2d,00,70,00,00,00
“LaunchProtected”=dword:00000002
“ObjectName”=“NT AUTHORITY\LocalService”
“RequiredPrivileges”=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,
00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,
67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,
00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,
00,00,00,00
“ServiceSidType”=dword:00000001
“Start”=dword:00000002
“Type”=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
“ServiceDll”=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,
77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
“ServiceDllUnloadOnStop”=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
“Security”=hex:01,00,14,80,1c,01,00,00,28,01,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
00,00,02,00,ec,00,08,00,00,00,00,00,18,00,9d,00,02,00,01,02,00,00,00,00,00,
05,20,00,00,00,21,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,
12,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,20,
02,00,00,00,00,14,00,9d,00,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,
14,00,9d,00,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,fd,01,02,
00,01,06,00,00,00,00,00,05,50,00,00,00,e5,fe,79,5f,a0,ae,0d,3b,22,fa,0a,c9,
01,5a,41,3a,e5,a6,4a,b7,00,00,28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,
00,00,00,b5,89,fb,38,19,84,c2,cb,5c,6c,23,6d,57,00,77,6e,c0,02,64,87,00,00,
28,00,ff,01,0f,00,01,06,00,00,00,00,00,05,50,00,00,00,db,8c,74,0f,c2,72,73,
f3,2b,26,b9,44,77,1e,4f,02,76,63,b5,21,01,01,00,00,00,00,00,05,12,00,00,00,
01,01,00,00,00,00,00,05,12,00,00,00
EndRegedit:
StartBatch:
WMIC SERVICE WHERE Name=“dcomlaunch” set startmode=“auto”
WMIC SERVICE WHERE Name=“nsi” set startmode=“auto”
WMIC SERVICE WHERE Name=“dhcp” set startmode=“auto”
WMIC SERVICE WHERE Name=“rpcss” set startmode=“auto”
WMIC SERVICE WHERE Name=“rpceptmapper” set startmode=“auto”
WMIC SERVICE WHERE Name=“winmgmt” set startmode=“auto”
WMIC SERVICE WHERE Name=“sdrsvc” set startmode=“manual”
WMIC SERVICE WHERE Name=“vss” set startmode=“manual”
WMIC SERVICE WHERE Name=“eventlog” set startmode=“auto”
WMIC SERVICE WHERE Name=“bfe” set startmode=“auto”
WMIC SERVICE WHERE Name=“eventsystem” set startmode=“auto”
WMIC SERVICE WHERE Name=“msiserver” set startmode=“manual”
WMIC SERVICE WHERE Name=“sstpsvc” set startmode=“manual”
WMIC SERVICE WHERE Name=“rasman” set startmode=“manual”
WMIC SERVICE WHERE Name=“trustedinstaller” set startmode=“auto”
net start sdrsvc
net start vss
net start rpcss
net start eventsystem
net start winmgmt
net start msiserver
net start bfe
net start trustedinstaller
“%WINDIR%\SYSTEM32\lodctr.exe” /R
“%WINDIR%\SysWOW64\lodctr.exe” /R
“%WINDIR%\SYSTEM32\lodctr.exe” /R
“%WINDIR%\SysWOW64\lodctr.exe” /R
NETSH winsock reset catalog
NETSH int ipv4 reset reset.log
NETSH int ipv6 reset reset.log
ipconfig /release
ipconfig /renew
ipconfig /flushdns
ipconfig /registerdns
bitsadmin /list /allusers
bitsadmin /reset /allusers
Winmgmt /salvagerepository
Winmgmt /resetrepository
Winmgmt /resyncperf
Endbatch:
startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
[HEADING=1]4-14-2022 M. Naggar[/HEADING]
[HEADING=1]Funtion Remove-all-windefend-excludes to Remove all exclusions on MS Windefend[/HEADING]
Function Remove-all-windefend-excludes {
$Paths=(Get-MpPreference).ExclusionPath
$Extensions=(Get-MpPreference).ExclusionExtension
$Processes=(Get-MpPreference).ExclusionProcess
foreach ($Path in $Paths) { Remove-MpPreference -ExclusionPath $Path -force}
foreach ($Extension in $Extensions) { Remove-MpPreference -ExclusionExtension $Extension -force}
foreach ($Process in $Processes) { Remove-MpPreference -ExclusionProcess $Process -force}
}
[HEADING=1]Remove all exclusions on MS Windefend[/HEADING]
Write-Output “Removing all exclusions on MS Windefend antivirus”
Set-MpPreference -DisableAutoExclusions $true -Force
Remove-all-windefend-excludes
EndPowerShell:

startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
[HEADING=1]12-01-2022 M. Naggar[/HEADING]
Remove-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender” -Name “DisableAntiVirus” –Force
Remove-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender” -Name “DisableAntiSpyware” –Force
Remove-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender” -Name “PUAProtection” –Force
Remove-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender” -Name “DisableRoutinelyTakingAction” –Force
Remove-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection” -Name “DisableBehaviorMonitoring” -force
Remove-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection” -Name “DisableOnAccessProtection” -force
Remove-ItemProperty -Path “HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection” -Name “DisableScanOnRealtimeEnable” -force
Get-Service windefend | Select-Object -Property Name, StartType, Status
Set-Service -Name securityhealthservice -StartupType manual -force
Get-Service securityhealthservice | Select-Object -Property Name, StartType, Status
Set-MpPreference -CheckForSignaturesBeforeRunningScan $true -Force
Set-MpPreference -DisableArchiveScanning $false -Force
Set-MpPreference -DisableBehaviorMonitoring $false -Force
Set-MpPreference -DisableEmailScanning $False -Force
Set-MpPreference -DisableIOAVProtection $false -Force
Set-MpPreference -DisablePrivacyMode $true -Force
Set-MpPreference -DisableRealtimeMonitoring $false -Force
Set-MpPreference -MAPSReporting Advanced -Force
Set-MpPreference -PUAProtection enabled -Force
Set-MpPreference -SignatureScheduleDay Everyday -Force
Set-MpPreference -DisableRemovableDriveScanning $false -Force
Set-MpPreference -SubmitSamplesConsent SendSafeSamples
[HEADING=1]Reset and check Secure Health status[/HEADING]
Get-AppxPackage Microsoft.SecHealthUI -AllUsers | Reset-AppxPackage
Get-AppxPackage Microsoft.SecHealthUI -AllUsers|select Name, Status
[HEADING=1]Check if these services are running[/HEADING]
Get-Service mbamservice, Windefend, SecurityHealthService, wscsvc, mpsdrv, mpssvc, bfe, WdNisSvc, WdNisDrv, sense, winmgmt, rpcss, RpcEptMapper, bits, cryptsvc, wuauserv, dcomlaunch | Select Name, DisplayName, Status, starttype
EndPowerShell:

startpowershell:
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted -force -ErrorAction SilentlyContinue -Confirm:$false
Remove-Item -Path “C:\Windows\Prefetch*” -force -recurse -ErrorAction SilentlyContinue
Write-Output “updating”
Update-MpSignature
Write-Output “scanning quick scan”
Start-MpScan -ScanType QuickScan
Remove-MpThreat
EndPowerShell:

CMD: del /s /q “%userprofile%\AppData\Local\temp*.*”
emptytemp:
Reboot:
End::
[HR][/HR]
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\“DisableAntiSpyware”=“0” => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\“DisableAntiVirus”=“0” => value restored successfully
CHR Extension: (Social Blade) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2022-09-04] [UpdateUrl:hxxps://addon.socialblade.com/updates.json] <==== ATTENTION => Error: No automatic fix found for this entry.
phantomtap => Unable to stop service.
HKLM\System\CurrentControlSet\Services\phantomtap => removed successfully
phantomtap => service removed successfully
C:\WINDOWS\System32\drivers\phantomtap.sys => moved successfully

“C:\avast! sandbox” folder move:

C:\avast! sandbox => moved successfully
C:\Users\eiko-\AppData\Local\PUTTY.RND => moved successfully
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{A06264CB-707B-4F72-94F4-D7ED17DBA8A7} => removed successfully
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{AA7602C4-132E-401F-ACFA-9575FE07F910} => removed successfully
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{AB34CA32-528F-42B1-A0D7-0124BBAEE609} => removed successfully
C:\Windows => “:CM_2a732c3f1e3eb40b63fe062d0180f157c71684af0a0442ab953224075801bb78” ADS removed successfully
C:\Windows => “:CM_bf41c588bad5a092a453669c0d3c66d1ec2c072fbf5c15cc6acda24c9e4d0955” ADS removed successfully
C:\Users\eiko-\Desktop\KVRT.exe => “:MBAM.Zone.Identifier” ADS removed successfully
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes\regfile => removed successfully
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{7ED3959E-DF5D-4271-867F-2B45FF9AF602}” => not found
“HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\{DB81DBF2-6ED3-4E66-AADE-90902F76BA1E}” => not found

========================= File: c:\Windows\System32\drivers\winhvr.winsecurity ========================

“c:\Windows\System32\drivers\winhvr.winsecurity” => not found
====== End of File: ======

========================= File: C:\WINDOWS\system32\Drivers\WUDFRd.winsecurity ========================

C:\WINDOWS\system32\Drivers\WUDFRd.winsecurity
File not signed
MD5: 87B74126672698ED1BE531064DC64A94
Creation and modification date: 2023-05-22 12:01 - 2024-03-01 15:31
Size: 000000068
Attributes: -RASH
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

========================= File: C:\Users\eiko-\Downloads\624beffb-15e1-47fd-86e0-bf8de081bd29_Export-8ba90b14-8348-4300-9315-58890a9fcb66 ========================

C:\Users\eiko-\Downloads\624beffb-15e1-47fd-86e0-bf8de081bd29_Export-8ba90b14-8348-4300-9315-58890a9fcb66
File not signed
MD5: <==== ATTENTION (zero byte File/Folder)
Creation and modification date: 2024-02-11 12:21 - 2024-02-11 12:21
Size: 000000000
Attributes: ----D
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

========================= File: C:\Users\eiko-\Downloads\70f01c28-7c35-43b7-84f4-7366f8fa2549_Export-5fdfccfe-4bbb-432d-8e8d-9a2e76d48e74 ========================

C:\Users\eiko-\Downloads\70f01c28-7c35-43b7-84f4-7366f8fa2549_Export-5fdfccfe-4bbb-432d-8e8d-9a2e76d48e74
File not signed
MD5: <==== ATTENTION (zero byte File/Folder)
Creation and modification date: 2024-02-11 12:18 - 2024-02-11 12:18
Size: 000000000
Attributes: ----D
Company Name:
Internal Name:
Original Name:
Product:
Description:
File Version:
Product Version:
Copyright:

====== End of File: ======

Registry ====> Der Vorgang wurde erfolgreich beendet.

========= Batch: =========
Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“DcomLaunch”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“nsi”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“Dhcp”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“RpcSs”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“RpcEptMapper”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“Winmgmt”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“SDRSVC”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“VSS”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“EventLog”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“BFE”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“EventSystem”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“msiserver”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“SstpSvc”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“RasMan”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“TrustedInstaller”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

Windows-Sicherung wird gestartet.
Windows-Sicherung wurde erfolgreich gestartet.

Der angeforderte Dienst wurde bereits gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.

Der angeforderte Dienst wurde bereits gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.

Der angeforderte Dienst wurde bereits gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.

Der angeforderte Dienst wurde bereits gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.

Der angeforderte Dienst wurde bereits gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.

Der angeforderte Dienst wurde bereits gestartet.

Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.

Windows Modules Installer wird gestartet.
Windows Modules Installer wurde erfolgreich gestartet.

Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.

Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.

Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.

Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.

Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.

Depotweiterleitung wird zurckgesetzt… OK
Depot wird zurckgesetzt… OK
Steuerungsprotokoll wird zurckgesetzt… OK
Echosequenzanforderung wird zurckgesetzt… OK
Global wird zurckgesetzt… OK
Schnittstelle wird zurckgesetzt… OK
Anycastadresse wird zurckgesetzt… OK
Multicastadresse wird zurckgesetzt… OK
Unicastadresse wird zurckgesetzt… OK
Nachbar wird zurckgesetzt… OK
Pfad wird zurckgesetzt… OK
Potentiell wird zurckgesetzt… OK
Pr„fixrichtlinie wird zurckgesetzt… OK
Proxynachbar wird zurckgesetzt… OK
Route wird zurckgesetzt… OK
Standordpr„fix wird zurckgesetzt… OK
Unterschnittstelle wird zurckgesetzt… OK
Reaktivierungsmuster wird zurckgesetzt… OK
Nachbar aufl”sen wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… Fehler
Zugriff verweigert

wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
Starten Sie den Computer neu, um die Aktion abzuschlieáen.

Depotweiterleitung wird zurckgesetzt… OK
Depot wird zurckgesetzt… OK
Steuerungsprotokoll wird zurckgesetzt… OK
Echosequenzanforderung wird zurckgesetzt… OK
Global wird zurckgesetzt… OK
Schnittstelle wird zurckgesetzt… OK
Anycastadresse wird zurckgesetzt… OK
Multicastadresse wird zurckgesetzt… OK
Unicastadresse wird zurckgesetzt… OK
Nachbar wird zurckgesetzt… OK
Pfad wird zurckgesetzt… OK
Potentiell wird zurckgesetzt… OK
Pr„fixrichtlinie wird zurckgesetzt… OK
Proxynachbar wird zurckgesetzt… OK
Route wird zurckgesetzt… OK
Standordpr„fix wird zurckgesetzt… OK
Unterschnittstelle wird zurckgesetzt… OK
Reaktivierungsmuster wird zurckgesetzt… OK
Nachbar aufl”sen wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… Fehler
Zugriff verweigert

wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
wird zurckgesetzt… OK
Starten Sie den Computer neu, um die Aktion abzuschlieáen.

Windows-IP-Konfiguration

Es kann kein Vorgang auf WLAN ausgefhrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf LAN-Verbindung* 1 ausgefhrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf LAN-Verbindung* 11 ausgefhrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf Bluetooth-Netzwerkverbindung ausgefhrt werden, solange dessen Medium nicht
verbunden ist.

Ethernet-Adapter Ethernet:

Verbindungsspezifisches DNS-Suffix:
IPv6-Adresse. . . . . . . . . . . : 2001:9e8:74bd:4b00:b15e:1746:a1dd:99d0
Tempor„re IPv6-Adresse. . . . . . : 2001:9e8:74bd:4b00:7d69:42fc:989a:ec5c
Verbindungslokale IPv6-Adresse . : fe80::576c:80ed:4e22:8aeb%7
Standardgateway . . . . . . . . . : fe80::4a5d:35ff:fe83:2cc0%7

Drahtlos-LAN-Adapter WLAN:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter LAN-Verbindung* 1:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter LAN-Verbindung* 11:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Ethernet-Adapter Ethernet 2:

Verbindungsspezifisches DNS-Suffix:
Verbindungslokale IPv6-Adresse . : fe80::1b27:326c:3942:8ab7%9
IPv4-Adresse (Auto. Konfiguration): 169.254.7.216
Subnetzmaske . . . . . . . . . . : 255.255.0.0
Standardgateway . . . . . . . . . :

Ethernet-Adapter Bluetooth-Netzwerkverbindung:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Windows-IP-Konfiguration

Es kann kein Vorgang auf WLAN ausgefhrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf LAN-Verbindung* 1 ausgefhrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf LAN-Verbindung* 11 ausgefhrt werden, solange dessen Medium nicht
verbunden ist.
Es kann kein Vorgang auf Bluetooth-Netzwerkverbindung ausgefhrt werden, solange dessen Medium nicht
verbunden ist.

Ethernet-Adapter Ethernet:

Verbindungsspezifisches DNS-Suffix: fritz.box
IPv6-Adresse. . . . . . . . . . . : 2001:9e8:74bd:4b00:b15e:1746:a1dd:99d0
Tempor„re IPv6-Adresse. . . . . . : 2001:9e8:74bd:4b00:7d69:42fc:989a:ec5c
Verbindungslokale IPv6-Adresse . : fe80::576c:80ed:4e22:8aeb%7
IPv4-Adresse . . . . . . . . . . : 192.168.178.22
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Standardgateway . . . . . . . . . : fe80::4a5d:35ff:fe83:2cc0%7
192.168.178.1

Drahtlos-LAN-Adapter WLAN:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter LAN-Verbindung* 1:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Drahtlos-LAN-Adapter LAN-Verbindung* 11:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Ethernet-Adapter Ethernet 2:

Verbindungsspezifisches DNS-Suffix:
Verbindungslokale IPv6-Adresse . : fe80::1b27:326c:3942:8ab7%9
IPv4-Adresse (Auto. Konfiguration): 169.254.7.216
Subnetzmaske . . . . . . . . . . : 255.255.0.0
Standardgateway . . . . . . . . . :

Ethernet-Adapter Bluetooth-Netzwerkverbindung:

Medienstatus. . . . . . . . . . . : Medium getrennt
Verbindungsspezifisches DNS-Suffix:

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

Windows-IP-Konfiguration

Die Registrierung der DNS-Ressourceneintr„ge fr alle Adapter dieses Computer wurde initialisiert. Fehler werden in der Ereignisanzeige in 15 Minuten aufgefhrt.

BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

Listed 0 job(s).

BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.

0 out of 0 jobs canceled.

Das WMI-Repository ist konsistent.

Fehler beim Zurcksetzen des WMI-Repositorys
Fehlercode: 0x8007041B
Einrichtung: Win32
Beschreibung: Ein Stoppzeichen wurde an einen Dienst gesendet, von dem andere Dienste abh„ngen.

0

========= End of Batch: =========

========= Powershell: =========

Removing all exclusions on MS Windefend antivirus

========= End of Powershell: =========

========= Powershell: =========

Name StartType Status
[HR][/HR]
windefend Manual Stopped
securityhealthservice Manual Stopped
Microsoft.SecHealthUI Ok
bfe Automatic Running
bits Automatic Running
cryptsvc Automatic Running
dcomlaunch Automatic Running
mbamservice Automatic Running
mpsdrv Manual Running
mpssvc Automatic Running
RpcEptMapper Automatic Running
rpcss Automatic Running
SecurityHealthService Manual Stopped
WdNisDrv Manual Stopped
WdNisSvc Manual Stopped
Windefend Manual Stopped
winmgmt Automatic Running
wscsvc Automatic Running
wuauserv Automatic Stopped

========= End of Powershell: =========

========= Powershell: =========

updating
scanning quick scan

========= End of Powershell: =========

========= del /s /q “%userprofile%\AppData\Local\temp*.*” =========

Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\4768049d206d4143a2631a05151cbd12.db
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\4768049d206d4143a2631a05151cbd12.db.session
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\AdobeARM.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\aria-debug-15692.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\aria-debug-20676.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\aria-debug-3164.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\bc3902d8132f43e3ae086a009979fa88.db
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\bc3902d8132f43e3ae086a009979fa88.db.ses
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\eiko-.bmp
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\ExchangePerflog_8484fa3159fa860bcfcccd43.dat
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\jusched.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-20676.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-20996.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-21000.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-21292.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-3024.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-5028.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\StructuredQuery.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp{81B24501-A65F-47E7-8E12-09C214BFC188} - OProcSessId.dat
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\flatlaf.temp\flatlaf-windows-x86_64-25634396499000.dll
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\flatlaf.temp\flatlaf-windows-x86_64-25634396499000.dll.delete
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\Microsoft\Teams\meeting-addin\teams-meeting-addin-loader.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\Microsoft\Teams\meeting-addin\teams-meeting-addin-oneauth.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\Microsoft\Teams\meeting-addin\teams-meeting-addin.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\Outlook Logging\firstrun.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\Outlook Logging\Outlook-20240301T1407150166.etl
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\scoped_dir18352_1592009978\9ea66aeba647b80736cf442571408ab2.png
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\SmartScreen\RemoteData\LastPing
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\SmartScreen\RemoteData\windowsSettings
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\SmartScreen\RemoteData\windowsSettings_1.0-1cc5da2fc505c79016279b1f03de96158e8f3ef178d55bc3f03c9ab395231805
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\system-commandline-sentinel-files\dotnet-suggest-registration-PowerToys.Awake, Version=0.77.0.0, Culture=neutral, PublicKeyToken=null
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\TCD1045.tmp\APASixthEditionOfficeOnline.xsl
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\TCD1046.tmp\harvardanglia2008officeonline.xsl
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\TCD1047.tmp\turabian.xsl
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\TCD1048.tmp\sist02.xsl
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\TCD1049.tmp\CHICAGO.xsl
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\TCD104A.tmp\gosttitle.xsl
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\TCD104B.tmp\iso690.xsl
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\TCD104C.tmp\gostname.xsl
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\TCD104D.tmp\iso690nmerical.xsl
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\TCD105E.tmp\gb.xsl
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\TCD105F.tmp\MS_MacDotsFaxCoverSheet.dotx
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\TCD1060.tmp\ieee2006officeonline.xsl
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\TCD1061.tmp\mlaseventheditionofficeonline.xsl

========= End of CMD: =========

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 17903152 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 15812782 B
Windows/system/drivers => 83151 B
Edge => 0 B
Chrome => 197291521 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 12034 B
NetworkService => 12034 B
eiko- => 1978122 B

RecycleBin => 0 B
EmptyTemp: => 222.3 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:35:01 ====
                      AdwCleaner:

                      Code:
                      # -------------------------------
[HEADING=1]Malwarebytes AdwCleaner 8.4.1.0[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Build: 01-29-2024[/HEADING]
[HEADING=1]Database: 2024-01-29.3 (Local)[/HEADING]
[HEADING=1]Support: https://www.malwarebytes.com/support[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Mode: Clean[/HEADING]
[HEADING=1]-------------------------------[/HEADING]
[HEADING=1]Start: 03-01-2024[/HEADING]
[HEADING=1]Duration: 00:00:00[/HEADING]
[HEADING=1]OS: Windows 11 (Build 22631.3155)[/HEADING]
[HEADING=1]Cleaned: 0[/HEADING]
[HEADING=1]Failed: 0[/HEADING]
***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.
[HR][/HR]
[+] Delete Tracing Keys
[+] Reset Winsock
[HR][/HR]
AdwCleaner[S00].txt - [2235 octets] - [28/02/2024 16:18:48]
AdwCleaner[C00].txt - [2239 octets] - [28/02/2024 16:19:30]
AdwCleaner[S01].txt - [1542 octets] - [01/03/2024 15:43:56]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
                      RogueKillerLog:

                      Code:
                      Program : RogueKiller Anti-Malware
Version : 15.15.2.0
x64 : Yes
Program Date : Feb 19 2024
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : Support Form | Contact • Adlice Software
Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
Operating System : Windows 11 (10.0.22631) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : eiko-
User is Admin : Yes
Date : 2024/03/01 15:02:53
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 820
Found items : 2
Total scanned : 209322
Signatures Version : 20240216_101755
Truesight Driver : Yes
Updates Count : 36
Arguments : -minimize

************************* Warnings *************************

************************* Updates *************************
CrystalDiskInfo 8.13.3 (64-bit), version 8.13.3
[+] Available Version : 9.2.3
[+] Size : 12360704
[+] Wow6432 : No
[+] Portable : No
[+] update_location : D:\Programme\CrystalDiskInfo\

GIMP 2.10.22 (64-bit), version 2.10.22
[+] Available Version : 2.10.36
[+] Size : 1186609152
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\GIMP 2\

Git (64-bit), version 2.42.0.2
[+] Available Version : 2.44.0
[+] Size : 337032192
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Git\

VLC media player (64-bit), version 3.0.18
[+] Available Version : 3.0.20
[+] Size : 0
[+] Wow6432 : No
[+] Portable : No
[+] update_location : D:\Programme\VLC

PDF24 Creator 11.8.0 (64-bit), version 11.8.0
[+] Available Version : 11.16.0
[+] Size : 779501568
[+] Wow6432 : No
[+] Portable : No
[+] update_location : D:\Programme\PDF24\

Inkscape (64-bit), version 1.2.2
[+] Available Version : 1.3.0
[+] Size : 623303680
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Inkscape\

Arduino (32-bit), version 1.8.13
[+] Available Version : 2.3.2
[+] Size : 558907392
[+] Wow6432 : Yes
[+] Portable : No

Google Chrome (32-bit), version 122.0.6261.71
[+] Available Version : 122.0.6261.95
[+] Size : 0
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\Google\Chrome\Application

Microsoft Edge (32-bit), version 122.0.2365.59
[+] Available Version : 122.0.2365.63
[+] Size : 0
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\Microsoft\Edge\Application

Ubisoft Connect (64-bit), version 2.0.0.0
[+] Available Version : 150.0.0.11037
[+] Size : 0
[+] Wow6432 : No
[+] Portable : No
[+] update_location : D:\Programme\Ubisoft Game Launcher\

WinSCP 6.1.1 (32-bit), version 6.1.1
[+] Available Version : 6.3.1
[+] Size : 94268416
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\WinSCP\

draw.io 22.0.2 (64-bit), version 22.0.2
[+] Available Version : 23.1.5
[+] Size : 434906112
[+] Wow6432 : No
[+] Portable : No

Altium Designer 23 (64-bit), version 23.11.1.41
[+] Available Version : 24.1.2.44
[+] Size : 2269675520
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Altium\AD23

Anaconda3 2023.03-1 (Python 3.10.9 64-bit) (64-bit), version 2023.03-1
[+] Available Version : 2023.09.0
[+] Size : 0
[+] Wow6432 : No
[+] Portable : No

Logitech Options (64-bit), version 8.54.161
[+] Available Version : 10.20.11
[+] Size : 309144576
[+] Wow6432 : No
[+] Portable : No

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (64-bit), version 10.0.60724
[+] Available Version : 10.0.60917
[+] Size : 0
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\

Microsoft Office Professional Plus 2019 - de-de (64-bit), version 16.0.10407.20032
[+] Available Version : 16.0.17231.20236
[+] Size : 0
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Microsoft Office

Prusa3D Version 2.5.0 (64-bit), version 2.5.0
[+] Available Version : 2.6.0
[+] Size : 97742848
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Prusa3D\

PrusaSlicer Version 2.5.0 (64-bit), version 2.5.0
[+] Available Version : 2.7.1
[+] Size : 145462272
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Prusa3D\PrusaSlicer\

Nextcloud (64-bit), version 3.4.1.20211221
[+] Available Version : 3.12.0.20240213
[+] Size : 241618944
[+] Wow6432 : No
[+] Portable : No

TeighaX 4.00 (x64) (64-bit), version 4.0.0
[+] Available Version : 4.3.1
[+] Size : 55300096
[+] Wow6432 : No
[+] Portable : No

Fritzing (64-bit), version 0.9.10.0
[+] Available Version : 1.0.2.0
[+] Size : 249592832
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\Fritzing\

NVIDIA Grafiktreiber 456.71 (64-bit), version 456.71
[+] Available Version : 551.61
[+] Size : 0
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{E31A8A04-98C8-4AEB-9DB1-DA6CEACD031C}

NVIDIA GeForce Experience 3.20.2.34 (64-bit), version 3.20.2.34
[+] Available Version : 3.27.0.120
[+] Size : 0
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\NVIDIA Corporation\Installer2\Display.GFExperience.{236CD307-C7A3-4281-A6E0-CDEE7876D31B}

NVIDIA PhysX-Systemsoftware 9.19.0218 (32-bit), version 9.19.0218
[+] Available Version : 9.21.0713
[+] Size : 0
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : C:\Program Files (x86)\NVIDIA Corporation\PhysX

AMD Ryzen Master SDK (64-bit), version 2.1.0.1236
[+] Available Version : 2.13.0.2819
[+] Size : 2529280
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\AMD\RyzenMasterSDK\

Qalculate! (64-bit), version 4.8.1
[+] Available Version : 4.9.0
[+] Size : 152961024
[+] Wow6432 : No
[+] Portable : No

SAP Crystal Reports runtime engine for .NET Framework (64-bit) (64-bit), version 13.0.9.1312
[+] Available Version : 13.0.34.4636
[+] Size : 247031808
[+] Wow6432 : No
[+] Portable : No

CLion 2022.1 (32-bit), version 221.5080.224
[+] Available Version : 2024.1
[+] Size : 0
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : D:\Programme\CLion 2022.1

FreeFileSync (32-bit), version 12.2
[+] Available Version : 13.4
[+] Size : 54606848
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : D:\Programme\FreeFileSync\

OrcaSlicer (32-bit), version 1.8.0
[+] Available Version : 2.0.0
[+] Size : 0
[+] Wow6432 : Yes
[+] Portable : No

UltiMaker Cura 5.3.1 (64-bit), version 5.3.1
[+] Available Version : 5.6.0
[+] Size : 0
[+] Wow6432 : No
[+] Portable : No

Dokan Library 1.5.1.1000 Bundle (32-bit), version 1.5.1.1000
[+] Available Version : 2.1.0.1000
[+] Size : 63703040
[+] Wow6432 : Yes
[+] Portable : No

PowerToys (Preview) x64 (32-bit), version 0.77.0
[+] Available Version : 0.78.0
[+] Size : 937605120
[+] Wow6432 : Yes
[+] Portable : No

CORSAIR iCUE Software (64-bit), version 3.24.52
[+] Available Version : 3.38.88
[+] Size : 659000320
[+] Wow6432 : No
[+] Portable : No
[+] update_location : D:\Programme\Corsair\CORSAIR iCUE Software

Minecraft Launcher (32-bit), version 1.0.0.0
[+] Available Version : 2.0.0.0
[+] Size : 2224128
[+] Wow6432 : Yes
[+] Portable : No
[+] update_location : D:\Programme\Minecraft\

************************* Processes *************************

************************* Modules *************************

************************* Services *************************

************************* Scheduled Tasks *************************

************************* Registry *************************
[QUOTE]
[QUOTE]
[QUOTE]
[QUOTE]
[QUOTE]
[QUOTE]
XX - Software
└── [PUP.Gen1 (Potenziell bösartig)] (X64) HKEY_USERS\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\OCS – N/A → Gefunden
[/QUOTE]
[/QUOTE]
[/QUOTE]
[/QUOTE]
[/QUOTE]
[/QUOTE]
************************* WMI *************************

************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts

************************* Filesystem *************************

************************* Web Browsers *************************
[QUOTE]
[QUOTE]
[QUOTE]
[QUOTE]
[QUOTE]
[QUOTE]
Chrome Addon
└── [PUP.Gen0 (Potenziell bösartig)] Video Downloader Professional (C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\ELICPJ~1) – elicpjhcidhpjomhibiffojpinpmmpil → Gefunden
[/QUOTE]
[/QUOTE]
[/QUOTE]
[/QUOTE]
[/QUOTE]
[/QUOTE]
************************* Antirootkit *************************
                      [/HEADING]

                        Comment

                        • Malnutrition
                          PCHF Moderator
                          • Jul 2016
                          • 7045
                          #7
                          Let’s see if services are intact .

                          Download and unzip farbar service scanner to your desktop, right click and run as admin…check all boxes and hit scan.
                          Post the log created.



                          What are these files?

                          C:\Users\eiko-\Downloads\624beffb-15e1-47fd-86e0-bf8de081bd29_Export-8ba90b14-8348-4300-9315-58890a9fcb66
                          C:\Users\eiko-\Downloads\70f01c28-7c35-43b7-84f4-7366f8fa2549_Export-5fdfccfe-4bbb-432d-8e8d-9a2e76d48e74



                          Name StartType Status

                          windefend [COLOR=rgb(184, 49, 47)]Manual Stopped
                          securityhealthservice [COLOR=rgb(184, 49, 47)]Manual Stopped
                          Microsoft.SecHealthUI Ok
                          bfe Automatic Running
                          bits Automatic Running
                          cryptsvc Automatic Running
                          dcomlaunch Automatic Running
                          mbamservice Automatic Running
                          mpsdrv Manual Running
                          mpssvc Automatic Running
                          RpcEptMapper Automatic Running
                          rpcss Automatic Running
                          SecurityHealthService Manual Stopped
                          WdNisDrv [COLOR=rgb(184, 49, 47)]Manual Stopped
                          WdNisSvc [COLOR=rgb(184, 49, 47)]Manual Stopped
                          Windefend [COLOR=rgb(184, 49, 47)] Manual Stopped
                          winmgmt Automatic Running
                          wscsvc Automatic Running
                          wuauserv Automatic Stopped

                          Start, Stop, and Restart Services in Windows 11
                          https://www.elevenforum.com/t/start-stop-and-restart-services-in-windows-11.3088/
                          This tutorial will show you how to start, stop, or restart services in Windows 11. Services are an application type that runs in the system background without a user interface. Services provide core operating system features (such as printing, networking, remote access, File Explorer, Windows...

                          What happens when you try and start the service in red?[/COLOR][/COLOR][/COLOR][/COLOR][/COLOR]

                            Comment

                            • Urenis
                              PCHF Member
                              • Feb 2024
                              • 14
                              #8
                              The download files mentioned are university documents from my professor.
                              If I try to manually start the services marked in red, they are immediately closed again.

                              FSS log:

                              Code:
                              Farbar Service Scanner Version: 03-11-2021
Ran by eiko- (administrator) on 01-03-2024 at 23:54:57
Running from “C:\Users\eiko-\Desktop\FSS”
Microsoft Windows 11 Home (X64)
Boot Mode: Normal
[HR][/HR]
[HEADING=1]Internet Services:[/HEADING]
[HEADING=1]Connection Status:[/HEADING]
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
[HEADING=1]Windows Firewall:[/HEADING]
[HEADING=1]Firewall Disabled Policy:[/HEADING]
[HEADING=1]System Restore:[/HEADING]
[HEADING=1]System Restore Policy:[/HEADING]
[HEADING=1]Security Center:[/HEADING]
[HEADING=1]Windows Update:[/HEADING]
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv: “%systemroot%\system32\svchost.exe -k netsvcs -p”.
The ServiceDll of wuauserv service is OK.
[HEADING=1]Windows Autoupdate Disabled Policy:[/HEADING]
[HEADING=1]Windows Defender:[/HEADING]
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ““C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe””.w
Checking ServiceDll of WinDefend: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
[HEADING=1]Windows Defender Disabled Policy:[/HEADING]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
“DisableAntiSpyware”=DWORD:1
[HEADING=1]Other Services:[/HEADING]
[HEADING=1]File Check:[/HEADING]
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

                                Comment

                                • Malnutrition
                                  PCHF Moderator
                                  • Jul 2016
                                  • 7045
                                  #9
                                  We have a problem.
                                  [HEADING=1]Windows Defender:[/HEADING]
                                  WinDefend Service is not running. Checking service configuration:
                                  The start type of WinDefend service is set to Demand. The default start type is Auto.
                                  The ImagePath of WinDefend: ““C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\MsMpEng.exe””.w
                                  Checking ServiceDll of WinDefend: ATTENTION!=====> Unable to open WinDefend registry key. [COLOR=rgb(184, 49, 47)]The service key does not exist.


                                  We will attempt to remedy that for you.
                                  Ok,. Download Windefend.reg Unzip to your desktop.
                                  Right click and select merge, then reboot your machine.
                                  If there are any errors then merge the file in safe mode.




                                  Next another FRST fix,.

                                  Copy the content of the code box below.
                                  [COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
                                  Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
                                  Attach it to your next message.
                                  Code:
                                  Start::
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
SetDefaultFilePermissions: C:\Windows\System32\SecurityHealthService.exe
SetDefaultFilePermissions: C:\Windows\System32\wscsvc.dll

StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService]
"Start"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Start"=dword:00000002
EndRegedit:

CMD: gpupdate /force
CMD: WMIC SERVICE WHERE Name="WdNisDrv" CALL startservice
CMD: WMIC SERVICE WHERE Name="WdNisSvc" CALL startservice
CMD: WMIC SERVICE WHERE Name="securityhealthservice" CALL startservice
CMD: WMIC SERVICE WHERE Name="windefend" CALL startservice
CMD: WMIC SERVICE WHERE Name="wscsvc" CALL startservice
CMD: WMIC SERVICE WHERE Name="SecurityHealthService" CALL startservice
CMD: WMIC SERVICE WHERE Name="wuauserv" CALL startservice
CMD: WMIC SERVICE WHERE Name="mpsdrv" CALL startservice
CMD: WMIC SERVICE WHERE Name="WdNisDrv" set startmode="auto"
CMD: WMIC SERVICE WHERE Name="WdNisSvc" set startmode="auto"
CMD: WMIC SERVICE WHERE Name="securityhealthservice" set startmode="auto"
CMD: WMIC SERVICE WHERE Name="windefend" set startmode="auto"
CMD: WMIC SERVICE WHERE Name="wscsvc" set startmode="auto"
CMD: WMIC SERVICE WHERE Name="SecurityHealthService" set startmode="auto"
CMD: WMIC SERVICE WHERE Name="wuauserv" set startmode="auto"
CMD: WMIC SERVICE WHERE Name="mpsdrv" set startmode="auto"
CMD: del /s /q "%userprofile%\AppData\Local\temp\*.*"
C:\Windows\Temp\*.*
C:\WINDOWS\system32\*.tmp
C:\WINDOWS\syswow64\*.tmp
emptytemp:
Reboot:
End::
                                  [/COLOR][/COLOR]

                                    Comment

                                    • Urenis
                                      PCHF Member
                                      • Feb 2024
                                      • 14
                                      #10
                                      How can it be possible that the registration key is missing? I merged the windefend.reg file without errors and then ran the FRST fix.
                                      After re-scanning with the FSS, the registration key is still gone.

                                      FRST:
                                      [HEADING=1]
                                      Code:
                                      Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by eiko- (02-03-2024 08:35:13) Run:5
Running from C:\Users\eiko-\Desktop
Loaded Profiles: eiko-
Boot Mode: Normal[/HEADING]
fixlist content:
[HR][/HR]
Start::
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
SetDefaultFilePermissions: C:\Windows\System32\SecurityHealthService.exe
SetDefaultFilePermissions: C:\Windows\System32\wscsvc.dll

StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService]
“Start”=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
“Start”=dword:00000002
EndRegedit:

CMD: gpupdate /force
CMD: WMIC SERVICE WHERE Name=“WdNisDrv” CALL startservice
CMD: WMIC SERVICE WHERE Name=“WdNisSvc” CALL startservice
CMD: WMIC SERVICE WHERE Name=“securityhealthservice” CALL startservice
CMD: WMIC SERVICE WHERE Name=“windefend” CALL startservice
CMD: WMIC SERVICE WHERE Name=“wscsvc” CALL startservice
CMD: WMIC SERVICE WHERE Name=“SecurityHealthService” CALL startservice
CMD: WMIC SERVICE WHERE Name=“wuauserv” CALL startservice
CMD: WMIC SERVICE WHERE Name=“mpsdrv” CALL startservice
CMD: WMIC SERVICE WHERE Name=“WdNisDrv” set startmode=“auto”
CMD: WMIC SERVICE WHERE Name=“WdNisSvc” set startmode=“auto”
CMD: WMIC SERVICE WHERE Name=“securityhealthservice” set startmode=“auto”
CMD: WMIC SERVICE WHERE Name=“windefend” set startmode=“auto”
CMD: WMIC SERVICE WHERE Name=“wscsvc” set startmode=“auto”
CMD: WMIC SERVICE WHERE Name=“SecurityHealthService” set startmode=“auto”
CMD: WMIC SERVICE WHERE Name=“wuauserv” set startmode=“auto”
CMD: WMIC SERVICE WHERE Name=“mpsdrv” set startmode=“auto”
CMD: del /s /q "%userprofile%\AppData\Local\temp*."
C:\Windows\Temp*.
C:\WINDOWS\system32*.tmp
C:\WINDOWS\syswow64*.tmp
emptytemp:
Reboot:
End::
[HR][/HR]
Restore point was successfully created.
Processes closed successfully.

========= RemoveProxy: =========

“HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings” => removed successfully

========= End of RemoveProxy: =========

HKLM\SOFTWARE\Microsoft\Windows Defender\“DisableAntiSpyware”=“0” => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\“DisableAntiVirus”=“0” => value restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center => not found
“C:\Windows\System32\SecurityHealthService.exe” => Default permissions restored successfully.
“C:\Windows\System32\wscsvc.dll” => Default permissions restored successfully.
Registry ====> Der Vorgang wurde erfolgreich beendet.

========= gpupdate /force =========

Die Richtlinie wird aktualisiert…

Die Aktualisierung der Computerrichtlinie wurde erfolgreich abgeschlossen.
Die Aktualisierung der Benutzerrichtlinie wurde erfolgreich abgeschlossen.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“WdNisDrv” CALL startservice =========

Keine Instanzen verfgbar.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“WdNisSvc” CALL startservice =========

(\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“WdNisSvc”)->startservice() wird ausgefhrt
Methode wurde ausgefhrt.
Ausgabeparameter:
instance of __PARAMETERS
{
ReturnValue = 0;
};

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“securityhealthservice” CALL startservice =========

(\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“SecurityHealthService”)->startservice() wird ausgefhrt
Methode wurde ausgefhrt.
Ausgabeparameter:
instance of __PARAMETERS
{
ReturnValue = 0;
};

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“windefend” CALL startservice =========

(\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“WinDefend”)->startservice() wird ausgefhrt
Methode wurde ausgefhrt.
Ausgabeparameter:
instance of __PARAMETERS
{
ReturnValue = 8;
};

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“wscsvc” CALL startservice =========

(\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“wscsvc”)->startservice() wird ausgefhrt
Methode wurde ausgefhrt.
Ausgabeparameter:
instance of __PARAMETERS
{
ReturnValue = 10;
};

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“SecurityHealthService” CALL startservice =========

(\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“SecurityHealthService”)->startservice() wird ausgefhrt
Methode wurde ausgefhrt.
Ausgabeparameter:
instance of __PARAMETERS
{
ReturnValue = 0;
};

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“wuauserv” CALL startservice =========

(\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“wuauserv”)->startservice() wird ausgefhrt
Methode wurde ausgefhrt.
Ausgabeparameter:
instance of __PARAMETERS
{
ReturnValue = 10;
};

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“mpsdrv” CALL startservice =========

Keine Instanzen verfgbar.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“WdNisDrv” set startmode=“auto” =========

Keine Instanzen verfgbar.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“WdNisSvc” set startmode=“auto” =========

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“WdNisSvc”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“securityhealthservice” set startmode=“auto” =========

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“SecurityHealthService”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“windefend” set startmode=“auto” =========

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“WinDefend”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“wscsvc” set startmode=“auto” =========

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“wscsvc”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“SecurityHealthService” set startmode=“auto” =========

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“SecurityHealthService”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“wuauserv” set startmode=“auto” =========

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“wuauserv”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“mpsdrv” set startmode=“auto” =========

Keine Instanzen verfgbar.

========= End of CMD: =========

========= del /s /q “%userprofile%\AppData\Local\temp*.*” =========

Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp.ses
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\1D2F.tmp
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\AdobeARM.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\bc3902d8132f43e3ae086a009979fa88.db
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\bc3902d8132f43e3ae086a009979fa88.db.ses
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\DESKTOP-OSDJ7D2-20240301-1539.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\eiko-.bmp
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\jusched.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-10308.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-11724.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-13688.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-15520.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-15564.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-16620.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-19296.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-2116.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-21640.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-21784.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-22204.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-22484.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-22492.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-24068.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-24076.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-4532.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-8620.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\mat-debug-8720.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\StructuredQuery.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\wct2AC4.tmp
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\wct67BA.tmp
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\wct7CA1.tmp
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\wctA97.tmp
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\is-PMV73.tmp\roguekillerdll.dll
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\SmartScreen\RemoteData\LastPing
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\SmartScreen\RemoteData\windowsSettings
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\SmartScreen\RemoteData\windowsSettings_1.0-1cc5da2fc505c79016279b1f03de96158e8f3ef178d55bc3f03c9ab395231805
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\system-commandline-sentinel-files\dotnet-suggest-registration-PowerToys.Awake, Version=0.77.0.0, Culture=neutral, PublicKeyToken=null

========= End of CMD: =========

=========== “C:\Windows\Temp*.*” ==========

C:\Windows\Temp\catalog.json => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1539.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1539a.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1541.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1544.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1546.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1551.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1557.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1705.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1715.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240301-1816.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240302-0827.log => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240302-0833.log => moved successfully
Could not move “C:\Windows\Temp\DESKTOP-OSDJ7D2-20240302-0835.log” => Scheduled to move on reboot.
C:\Windows\Temp\FXSAPIDebugLogFile.txt => moved successfully
C:\Windows\Temp\FXSTIFFDebugLogFile.txt => moved successfully
C:\Windows\Temp\gameinputredist.log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202403011541211948).log => moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(20240302083313160C).log => moved successfully
Could not move “C:\Windows\Temp\officeclicktorun.exe_streamserver(202403020835244508).log” => Scheduled to move on reboot.
C:\Windows\Temp\pdf24.exe.stdout._0_11110578_3915380095.log => moved successfully
C:\Windows\Temp\pdf24.exe.stdout._0_21421_2568532591.log => moved successfully
C:\Windows\Temp\pdf24.exe.stdout._0_8265_786196689.log => moved successfully
C:\Windows\Temp\pdf24.exe.stdout._0_8515_1272070730.log => moved successfully
C:\Windows\Temp\pdf24.exe.stdout._0_8750_2089731628.log => moved successfully

========= End → “C:\Windows\Temp*.*” ========

=========== “C:\WINDOWS\system32*.tmp” ==========

not found

========= End → “C:\WINDOWS\system32*.tmp” ========

=========== “C:\WINDOWS\syswow64*.tmp” ==========

not found

========= End → “C:\WINDOWS\syswow64*.tmp” ========

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 10600594 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 352904116 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 210215751 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 36200 B
NetworkService => 38536 B
eiko- => 1289329 B

RecycleBin => 0 B
EmptyTemp: => 549.7 MB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 02-03-2024 08:36:48)

C:\Windows\Temp\DESKTOP-OSDJ7D2-20240302-0835.log => Is moved successfully
C:\Windows\Temp\officeclicktorun.exe_streamserver(202403020835244508).log => Is moved successfully

==== End of Fixlog 08:36:48 ====
                                      Another FSS scan:

                                      Code:
                                      Farbar Service Scanner Version: 03-11-2021
Ran by eiko- (administrator) on 02-03-2024 at 08:40:28
Running from “C:\Users\eiko-\Desktop\FSS”
Microsoft Windows 11 Home (X64)
Boot Mode: Normal
[HR][/HR]
[HEADING=1]Internet Services:[/HEADING]
[HEADING=1]Connection Status:[/HEADING]
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
[HEADING=1]Windows Firewall:[/HEADING]
[HEADING=1]Firewall Disabled Policy:[/HEADING]
[HEADING=1]System Restore:[/HEADING]
[HEADING=1]System Restore Policy:[/HEADING]
[HEADING=1]Security Center:[/HEADING]
[HEADING=1]Windows Update:[/HEADING]
[HEADING=1]Windows Autoupdate Disabled Policy:[/HEADING]
[HEADING=1]Windows Defender:[/HEADING]
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend: ““C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe””.
Checking ServiceDll of WinDefend: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
[HEADING=1]Windows Defender Disabled Policy:[/HEADING]
[HEADING=1]Other Services:[/HEADING]
[HEADING=1]File Check:[/HEADING]
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\Drivers\afd.sys => File is digitally signed
C:\Windows\System32\Drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****
                                      [/HEADING]

                                        Comment

                                        • Malnutrition
                                          PCHF Moderator
                                          • Jul 2016
                                          • 7045
                                          #11
                                          I see that you have malwarebytes installed., I’d like you to scan with it please, to double check.

                                          Download Malwarebytes v.5 . Install and run.

                                          [ul]
                                          [li]Once the MBAM dashboard opens, click on Settings (gear icon).[/li][li]Click on Security tab and make sure that all four Scan options are enabled.[/li][li]Close Settings and click on the Scan button on the dashboard.[/li][li]Once the scan is completed make sure you have it quarantine any detections it finds.[/li][li]If no detections were found click on the Save results drop-down, then the Export to TXT button and save the file as a Text file to your desktop.[/li][li]If there were detections then once the quarantine has completed click on the View report button, then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.[/li][li]If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT button, and save the file as a Text file to your desktop or other location you can find and include that log on your next reply.[/li][/ul]



                                          Please perform this fix via safe mode.

                                          BootSafe
                                          https://www.d7xtech.com/free-software/bootsafe/
                                          BootSafe is a no-hassle utility to restart Windows in the Safe Mode of your choice. Current Version: 5.0  (Compatible with Windows XP – Windows 11) Windows ‘Safe Modes’ are design…


                                          Copy the content of the code box below.
                                          [COLOR=rgb(184, 49, 47)]Do not copy the word code!!!
                                          Click Fix once (!) and wait. The program will create a log file (Fixlog.txt).
                                          Attach it to your next message.
                                          Code:
                                          Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION

StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
"Description"="@%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-240"
"DisplayName"="@%ProgramFiles%\\Windows Defender\\MpAsDesc.dll,-310"
"ErrorControl"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
"ImagePath"=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,\
  6d,00,44,00,61,00,74,00,61,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,\
  00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,44,00,\
  65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,50,00,6c,00,61,00,74,00,66,\
  00,6f,00,72,00,6d,00,5c,00,34,00,2e,00,31,00,38,00,2e,00,32,00,32,00,30,00,\
  31,00,2e,00,31,00,30,00,2d,00,30,00,5c,00,4d,00,73,00,4d,00,70,00,45,00,6e,\
  00,67,00,2e,00,65,00,78,00,65,00,22,00,00,00
"LaunchProtected"=dword:00000003
"ObjectName"="LocalSystem"
"RequiredPrivileges"=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,\
  00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
  65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,\
  00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,\
  74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,\
  00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,\
  69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,\
  00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,\
  6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,61,00,64,00,44,00,72,\
  00,69,00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,\
  65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,\
  68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,\
  73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,\
  00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,\
  50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,\
  00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,\
  63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,\
  00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,42,00,61,00,73,00,\
  65,00,50,00,72,00,69,00,6f,00,72,00,69,00,74,00,79,00,50,00,72,00,69,00,76,\
  00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,\
  65,00,6d,00,45,00,6e,00,76,00,69,00,72,00,6f,00,6e,00,6d,00,65,00,6e,00,74,\
  00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,\
  54,00,61,00,6b,00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,00,70,\
  00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
"ServiceSidType"=dword:00000001
"Start"=dword:00000002
"Type"=dword:00000010

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Security]
"Security"=hex:01,00,14,80,cc,00,00,00,d8,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,9c,00,06,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,\
  05,20,00,00,00,21,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,\
  12,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,20,\
  02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,\
  14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,ff,01,0f,\
  00,01,06,00,00,00,00,00,05,50,00,00,00,bf,55,08,72,3b,e0,28,d0,89,79,4b,f8,\
  91,89,6e,7c,40,25,ec,f4,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,\
  00,00,05,12,00,00,00

EndRegedit:

Startbatch:
sc config AJRouter start= demand
sc config ALG start= demand
sc config AppIDSvc start= demand
sc config tzautoupdate start= demand
sc config AppMgmt start= demand
sc config AppReadiness start= demand
sc config AppXSvc start= demand
sc config AppVClient start= disabled
sc config AssignedAccessManagerSvc= Auto
sc config autotimesvc start= demand
sc config AxInstSV start= demand
sc config BDESVC start= demand
sc config BFE start= Auto
sc config BITS start= demand
sc config BTAGService start= demand
sc config BrokerInfrastructure start= Auto
sc config BthAvctpSvc start= demand
sc config bthserv start= demand
sc config Browser start= demand
sc config CDPSvc start= delayed-auto
sc config CertPropSvc start= demand
sc config ClipSVC start= demand
sc config cloudidsvc start= demand
sc config COMSysApp start= demand
sc config CoreMessagingRegistrar start= Auto
sc config CryptSvc start= Auto
sc config CscService start= demand
sc config camsvc start= demand
sc config DcomLaunch start= Auto
sc config defragsvc start= demand
sc config DeviceAssociationService start= Auto
sc config DeviceInstall start= demand
sc config DevQueryBroker start= demand
sc config Dhcp start= Auto
sc config diagnosticshub.standardcollector.service start= demand
sc config DiagTrack start= Auto
sc config DialogBlockingService start= disabled
sc config DisplayEnhancementService start= demand
sc config DispBrokerDesktopSvc start= Auto
sc config DmEnrollmentSvc start= demand
sc config dmwappushservice start= Auto
sc config Dnscache start= Auto
sc config DoSvc start= demand
sc config dot3svc start= demand
sc config DPS start= Auto
sc config DsmSvc start= demand
sc config DsSvc start= demand
sc config Eaphost start= demand
sc config EFS start= demand
sc config embeddedmode start= demand
sc config EntAppSvc start= demand
sc config EventLog start= Auto
sc config EventSystem start= Auto
sc config Fax start= demand
sc config fdPHost start= demand
sc config FDResPub start= demand
sc config FileSyncHelper start= demand
sc config fhsvc start= demand
sc config FontCache start= Auto
sc config FontCache3.0.0.0 start= demand
sc config ftpsvc start= Auto
sc config GraphicsPerfSvc start= demand
sc config gpsvc start= Auto
sc config hidserv start= demand
sc config HNS start= demand
sc config HvHost start= demand
sc config icssvc start= demand
sc config InstallService start= demand
sc config lfsvc start= demand
sc config InventorySvc start= demand
sc config IEEtwCollectorService start= demand
sc config IISADMIN start= Auto
sc config IKEEXT start= demand
sc config iphlpsvc start= Auto
sc config iprip start= Auto
sc config IpxlatCfgSvc start= demand
sc config KeyIso start= demand
sc config KtmRm start= demand
sc config LanmanServer start= Auto
sc config LanmanWorkstation start= Auto
sc config lfsvc start= demand
sc config lltdsvc start= demand
sc config lmhosts start= demand
sc config LSM start= Auto
sc config MapsBroker start= delayed-auto
sc config McpManagementService start= demand
sc config MpsSvc start= Auto
sc config MSDTC start= demand
sc config MsKeyboardFilter start= disabled
sc config MSiSCSI start= demand
sc config msiserver start= demand
sc config NaturalAuthentication start= demand
sc config NcaSvc start= demand
sc config NcbService start= demand
sc config NcdAutoSetup start= demand
sc config Netlogon start= Auto
sc config Netman start= demand
sc config netprofm start= demand
sc config NetSetupSvc start= demand
sc config NetTcpPortSharing start= disabled
sc config NgcCtnrSvc start= demand
sc config NgcSvc start= demand
sc config NlaSvc start= Auto
sc config nsi start= Auto
sc config nvagent start= demand
sc config p2pimsvc start= demand
sc config p2psvc start= demand
sc config PcaSvc start= delayed-auto
sc config PeerDistSvc start= demand
sc config PerfHost start= demand
sc config pla start= demand
sc config PlugPlay start= demand
sc config PNRPAutoReg start= demand
sc config PNRPsvc start= demand
sc config PolicyAgent start= demand
sc config Power start= Auto
sc config PrintNotify start= demand
sc config ProfSvc start= Auto
sc config QWAVE start= demand
sc config RasAuto start= demand
sc config RasMan start= Auto
sc config RemoteAccess start= Disabled
sc config RemoteRegistry start= Disabled
sc config RetailDemo start= demand
sc config RmSvc start= demand
sc config RpcEptMapper start= Auto
sc config RpcLocator start= demand
sc config RpcSs start= Auto
sc config SamSs start= Auto
sc config SCardSvr start= demand
sc config ScDeviceEnum start= demand
sc config Schedule start= Auto
sc config SCPolicySvc start= demand
sc config SDRSVC start= demand
sc config seclogon start= demand
sc config SENS start= Auto
sc config SEMgrSvc start= demand
sc config SensorDataService start= demand
sc config SensorService start= demand
sc config SensrSvc start= demand
sc config SessionEnv start= demand
sc config SharedAccess start= demand
sc config ShellHWDetection start= Auto
sc config ssh-agent start= disabled
sc config smphost start= demand
sc config SmsRouter start= demand
sc config SNMPTRAP start= demand
sc config Spooler start= Auto
sc config sppsvc start= delayed-auto
sc config SSDPSRV start= demand
sc config SstpSvc start= demand
sc config StateRepository start= Auto
sc config stisvc start= Auto
sc config StorSvc start= delayed-auto
sc config svsvc start= demand
sc config swprv start= demand
sc config SysMain start= Auto
sc config SystemEventsBroker start= Auto
sc config TapiSrv start= demand
sc config TermService start= demand
sc config Themes start= Auto
sc config TrkWks start= Auto
sc config TrustedInstaller start= demand
sc config TroubleshootingSvc start= demand
sc config UmRdpService start= demand
sc config upnphost start= demand
sc config UserManager start= Auto
sc config UsoSvc start= delayed-auto
sc config VaultSvc start= demand
sc config vds start= demand
sc config vmcompute start= demand
sc config vmicguestinterface start= demand
sc config vmicheartbeat start= demand
sc config vmicrdv start= demand
sc config vmicshutdown start= demand
sc config vmictimesync start= demand
sc config vmicvmsession start= demand
sc config vmicvss start= demand
sc config VSS start= demand
sc config W32Time start= demand
sc config WalletService start= demand
sc config wbengine start= demand
sc config WbioSrvc start= demand
sc config Wcmsvc start= Auto
sc config wcncsvc start= demand
sc config WdiServiceHost start= demand
sc config WdiSystemHost start= demand
sc config WdNisSvc start= demand
sc config WebClient start= demand
sc config Wecsvc start= demand
sc config WEPHOSTSVC start= demand
sc config wercplsupport start= demand
sc config WerSvc start= demand
sc config WiaRpc start= demand
sc config WinDefend start= Auto
sc config WinHttpAutoProxySvc start= demand
sc config Winmgmt start= Auto
sc config WinRM start= demand
sc config WlanSvc start= Auto
sc config wlidsvc start= demand
sc config wlpasvc start= demand
sc config wmiApSrv start= demand
sc config WMPNetworkSvc start= Auto
sc config workfolderssvc start= demand
sc config WPDBusEnum start= demand
sc config WpcMonSvc start= demand
sc config WpnService start= Auto
sc config wscsvc start= delayed-auto
sc config WSearch start= delayed-auto
sc config wuauserv start= demand
sc config WwanSvc start= demand
sc config XblAuthManager start= demand
sc config XblGameSave start= demand
sc config XboxNetApiSvc start= demand
Endbatch:

CMD: WMIC SERVICE WHERE Name="securityhealthservice" CALL startservice
CMD: WMIC SERVICE WHERE Name="windefend" CALL startservice
CMD: WMIC SERVICE WHERE Name="wscsvc" CALL startservice
CMD: WMIC SERVICE WHERE Name="mpsdrv" CALL startservice
CMD: WMIC SERVICE WHERE Name="securityhealthservice" set startmode="auto"
CMD: WMIC SERVICE WHERE Name="windefend" set startmode="auto"
CMD: WMIC SERVICE WHERE Name="wscsvc" set startmode="auto"
cmd: DISM.exe /Online /Cleanup-image /Restorehealth
cmd: sfc /scannow
cmd: winmgmt /salvagerepository
cmd: winmgmt /verifyrepository
cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R
cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R
cmd: "%WINDIR%\SYSTEM32\lodctr.exe" /R
cmd: "%WINDIR%\SysWOW64\lodctr.exe" /R
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
emptytemp:
Reboot:
End::


                                          If security center is not working please post Fresh Frst logs along with this.

                                          Download ZHP Suite to your desktop.
                                          Unzip it there.
                                          Right Click Run as admin.
                                          Hit the scanner button.
                                          Once it is complete a file name ZHPdiag.txt will be on your desktop.
                                          Attach it.[/COLOR]

                                            Comment

                                            • Malnutrition
                                              PCHF Moderator
                                              • Jul 2016
                                              • 7045
                                              #12
                                              Originally posted by Urenis
                                              How can it be possible that the registration key is missing?
                                              Originally posted by Malnutrition
                                              If there are any errors then merge the file in safe mode.
                                              @Urenis
                                              The last fix with FRST I provided will do the same as merging the registry file, it must be done in safe mode.

                                                Comment

                                                • Urenis
                                                  PCHF Member
                                                  • Feb 2024
                                                  • 14
                                                  #13
                                                  Sorry for the late reply, I was away over the weekend. I ran the FRST fixes in save mode. unfortunately windows defender still doesn’t work. All log files are listed below.
                                                  1. FRST fixlog in savemode:

                                                  [HEADING=1]
                                                  Code:
                                                  Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by eiko- (04-03-2024 09:17:55) Run:7
Running from C:\Users\eiko-\Desktop
Loaded Profiles: eiko-
Boot Mode: Safe Mode (minimal)[/HEADING]
fixlist content:
[HR][/HR]
Start::
CreateRestorePoint:
CloseProcesses:
RemoveProxy:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION
SetDefaultFilePermissions: C:\Windows\System32\SecurityHealthService.exe
SetDefaultFilePermissions: C:\Windows\System32\wscsvc.dll

StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService]
“Start”=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
“Start”=dword:00000002
EndRegedit:

CMD: gpupdate /force
CMD: WMIC SERVICE WHERE Name=“WdNisDrv” CALL startservice
CMD: WMIC SERVICE WHERE Name=“WdNisSvc” CALL startservice
CMD: WMIC SERVICE WHERE Name=“securityhealthservice” CALL startservice
CMD: WMIC SERVICE WHERE Name=“windefend” CALL startservice
CMD: WMIC SERVICE WHERE Name=“wscsvc” CALL startservice
CMD: WMIC SERVICE WHERE Name=“SecurityHealthService” CALL startservice
CMD: WMIC SERVICE WHERE Name=“wuauserv” CALL startservice
CMD: WMIC SERVICE WHERE Name=“mpsdrv” CALL startservice
CMD: WMIC SERVICE WHERE Name=“WdNisDrv” set startmode=“auto”
CMD: WMIC SERVICE WHERE Name=“WdNisSvc” set startmode=“auto”
CMD: WMIC SERVICE WHERE Name=“securityhealthservice” set startmode=“auto”
CMD: WMIC SERVICE WHERE Name=“windefend” set startmode=“auto”
CMD: WMIC SERVICE WHERE Name=“wscsvc” set startmode=“auto”
CMD: WMIC SERVICE WHERE Name=“SecurityHealthService” set startmode=“auto”
CMD: WMIC SERVICE WHERE Name=“wuauserv” set startmode=“auto”
CMD: WMIC SERVICE WHERE Name=“mpsdrv” set startmode=“auto”
CMD: del /s /q "%userprofile%\AppData\Local\temp*."
C:\Windows\Temp*.
C:\WINDOWS\system32*.tmp
C:\WINDOWS\syswow64*.tmp
emptytemp:
Reboot:
End::
[HR][/HR]
Error: Restore point can only be created in normal mode.
Processes closed successfully.

========= RemoveProxy: =========

“HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings” => removed successfully
“HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings” => removed successfully
“HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings” => removed successfully

========= End of RemoveProxy: =========

HKLM\SOFTWARE\Microsoft\Windows Defender\“DisableAntiSpyware”=“0” => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\“DisableAntiVirus”=“0” => value restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center => not found
“C:\Windows\System32\SecurityHealthService.exe” => Default permissions restored successfully.
“C:\Windows\System32\wscsvc.dll” => Default permissions restored successfully.
Registry ====> Der Vorgang wurde erfolgreich beendet.

========= gpupdate /force =========

Die Richtlinie wird aktualisiert…

Fehler bei der Aktualisierung der Computerrichtlinie.
Die Benutzerrichtlinie konnte nicht aktualisiert werden.

Lesen Sie zur Fehlerdiagnose das Ereignisprotokoll, oder fhren Sie den Befehl “GPRESULT /H GPReport.html” aus, um auf Informationen ber Gruppenrichtlinienergebnisse zuzugreifen.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“WdNisDrv” CALL startservice =========

Keine Instanzen verfgbar.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“WdNisSvc” CALL startservice =========

(\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“WdNisSvc”)->startservice() wird ausgefhrt
Methode wurde ausgefhrt.
Ausgabeparameter:
instance of __PARAMETERS
{
ReturnValue = 8;
};

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“securityhealthservice” CALL startservice =========

(\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“SecurityHealthService”)->startservice() wird ausgefhrt
Methode wurde ausgefhrt.
Ausgabeparameter:
instance of __PARAMETERS
{
ReturnValue = 8;
};

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“windefend” CALL startservice =========

(\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“WinDefend”)->startservice() wird ausgefhrt
Methode wurde ausgefhrt.
Ausgabeparameter:
instance of __PARAMETERS
{
ReturnValue = 8;
};

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“wscsvc” CALL startservice =========

(\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“wscsvc”)->startservice() wird ausgefhrt
Methode wurde ausgefhrt.
Ausgabeparameter:
instance of __PARAMETERS
{
ReturnValue = 8;
};

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“SecurityHealthService” CALL startservice =========

(\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“SecurityHealthService”)->startservice() wird ausgefhrt
Methode wurde ausgefhrt.
Ausgabeparameter:
instance of __PARAMETERS
{
ReturnValue = 8;
};

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“wuauserv” CALL startservice =========

(\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“wuauserv”)->startservice() wird ausgefhrt
Methode wurde ausgefhrt.
Ausgabeparameter:
instance of __PARAMETERS
{
ReturnValue = 8;
};

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“mpsdrv” CALL startservice =========

Keine Instanzen verfgbar.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“WdNisDrv” set startmode=“auto” =========

Keine Instanzen verfgbar.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“WdNisSvc” set startmode=“auto” =========

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“securityhealthservice” set startmode=“auto” =========

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“SecurityHealthService”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“windefend” set startmode=“auto” =========

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“WinDefend”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“wscsvc” set startmode=“auto” =========

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“wscsvc”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“SecurityHealthService” set startmode=“auto” =========

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“SecurityHealthService”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“wuauserv” set startmode=“auto” =========

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“wuauserv”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“mpsdrv” set startmode=“auto” =========

Keine Instanzen verfgbar.

========= End of CMD: =========

========= del /s /q “%userprofile%\AppData\Local\temp*.*” =========

Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\eiko-.bmp
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\jusched.log
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\NotifyIconGeneratedAumid_9916234647023583010.png
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp{d46db3f5-2595-451d-a6d5-7916b00b52cb}.png
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\SmartScreen\RemoteData\LastPing
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\SmartScreen\RemoteData\windowsSettings
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\SmartScreen\RemoteData\windowsSettings_1.0-1cc5da2fc505c79016279b1f03de96158e8f3ef178d55bc3f03c9ab395231805
Datei wurde gelöscht - C:\Users\eiko-\AppData\Local\temp\system-commandline-sentinel-files\dotnet-suggest-registration-PowerToys.Awake, Version=0.77.0.0, Culture=neutral, PublicKeyToken=null

========= End of CMD: =========

=========== “C:\Windows\Temp*.*” ==========

C:\Windows\Temp\catalog.json => moved successfully
C:\Windows\Temp\DESKTOP-OSDJ7D2-20240304-0913.log => moved successfully
C:\Windows\Temp\gameinputredist.log => moved successfully
C:\Windows\Temp\pdf24.exe.stdout._0_15375_2528243138.log => moved successfully

========= End → “C:\Windows\Temp*.*” ========

=========== “C:\WINDOWS\system32*.tmp” ==========

not found

========= End → “C:\WINDOWS\system32*.tmp” ========

=========== “C:\WINDOWS\syswow64*.tmp” ==========

not found

========= End → “C:\WINDOWS\syswow64*.tmp” ========

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 786432 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9509762 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 27692188 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 7852 B
NetworkService => 7852 B
eiko- => 28622 B

RecycleBin => 0 B
EmptyTemp: => 36.3 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 09:18:18 ====
                                                  1. FRST fixlog in savemode:

                                                  [HEADING=1]
                                                  Code:
                                                  Fix result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by eiko- (04-03-2024 09:21:46) Run:8
Running from C:\Users\eiko-\Desktop
Loaded Profiles: eiko-
Boot Mode: Safe Mode (minimal)[/HEADING]
fixlist content:
[HR][/HR]
Start::
CreateRestorePoint:
CloseProcesses:
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Restriction <==== ATTENTION
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center: Restriction <==== ATTENTION

StartRegedit:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]
“DependOnService”=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,00,00
“Description”=“@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-240”
“DisplayName”=“@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310”
“ErrorControl”=dword:00000001
“FailureActions”=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
“ImagePath”=hex(2):22,00,43,00,3a,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,
6d,00,44,00,61,00,74,00,61,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,
00,66,00,74,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,20,00,44,00,
65,00,66,00,65,00,6e,00,64,00,65,00,72,00,5c,00,50,00,6c,00,61,00,74,00,66,
00,6f,00,72,00,6d,00,5c,00,34,00,2e,00,31,00,38,00,2e,00,32,00,32,00,30,00,
31,00,2e,00,31,00,30,00,2d,00,30,00,5c,00,4d,00,73,00,4d,00,70,00,45,00,6e,
00,67,00,2e,00,65,00,78,00,65,00,22,00,00,00
“LaunchProtected”=dword:00000003
“ObjectName”=“LocalSystem”
“RequiredPrivileges”=hex(7):53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,
00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,
65,00,00,00,53,00,65,00,42,00,61,00,63,00,6b,00,75,00,70,00,50,00,72,00,69,
00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,52,00,65,00,73,00,
74,00,6f,00,72,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,
00,00,00,53,00,65,00,44,00,65,00,62,00,75,00,67,00,50,00,72,00,69,00,76,00,
69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,43,00,68,00,61,00,6e,00,67,
00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,
6c,00,65,00,67,00,65,00,00,00,53,00,65,00,4c,00,6f,00,61,00,64,00,44,00,72,
00,69,00,76,00,65,00,72,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,
65,00,00,00,53,00,65,00,53,00,65,00,63,00,75,00,72,00,69,00,74,00,79,00,50,
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,
68,00,75,00,74,00,64,00,6f,00,77,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,
00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,
73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,
00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,
50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,
00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,
63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,
00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,42,00,61,00,73,00,
65,00,50,00,72,00,69,00,6f,00,72,00,69,00,74,00,79,00,50,00,72,00,69,00,76,
00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,53,00,79,00,73,00,74,00,
65,00,6d,00,45,00,6e,00,76,00,69,00,72,00,6f,00,6e,00,6d,00,65,00,6e,00,74,
00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,
54,00,61,00,6b,00,65,00,4f,00,77,00,6e,00,65,00,72,00,73,00,68,00,69,00,70,
00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
“ServiceSidType”=dword:00000001
“Start”=dword:00000002
“Type”=dword:00000010

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend\Security]
“Security”=hex:01,00,14,80,cc,00,00,00,d8,00,00,00,14,00,00,00,30,00,00,00,02,
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,
00,00,02,00,9c,00,06,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,
05,20,00,00,00,21,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,
12,00,00,00,00,00,18,00,9d,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,20,
02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,
14,00,9d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,28,00,ff,01,0f,
00,01,06,00,00,00,00,00,05,50,00,00,00,bf,55,08,72,3b,e0,28,d0,89,79,4b,f8,
91,89,6e,7c,40,25,ec,f4,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,
00,00,05,12,00,00,00

EndRegedit:

Startbatch:
sc config AJRouter start= demand
sc config ALG start= demand
sc config AppIDSvc start= demand
sc config tzautoupdate start= demand
sc config AppMgmt start= demand
sc config AppReadiness start= demand
sc config AppXSvc start= demand
sc config AppVClient start= disabled
sc config AssignedAccessManagerSvc= Auto
sc config autotimesvc start= demand
sc config AxInstSV start= demand
sc config BDESVC start= demand
sc config BFE start= Auto
sc config BITS start= demand
sc config BTAGService start= demand
sc config BrokerInfrastructure start= Auto
sc config BthAvctpSvc start= demand
sc config bthserv start= demand
sc config Browser start= demand
sc config CDPSvc start= delayed-auto
sc config CertPropSvc start= demand
sc config ClipSVC start= demand
sc config cloudidsvc start= demand
sc config COMSysApp start= demand
sc config CoreMessagingRegistrar start= Auto
sc config CryptSvc start= Auto
sc config CscService start= demand
sc config camsvc start= demand
sc config DcomLaunch start= Auto
sc config defragsvc start= demand
sc config DeviceAssociationService start= Auto
sc config DeviceInstall start= demand
sc config DevQueryBroker start= demand
sc config Dhcp start= Auto
sc config diagnosticshub.standardcollector.service start= demand
sc config DiagTrack start= Auto
sc config DialogBlockingService start= disabled
sc config DisplayEnhancementService start= demand
sc config DispBrokerDesktopSvc start= Auto
sc config DmEnrollmentSvc start= demand
sc config dmwappushservice start= Auto
sc config Dnscache start= Auto
sc config DoSvc start= demand
sc config dot3svc start= demand
sc config DPS start= Auto
sc config DsmSvc start= demand
sc config DsSvc start= demand
sc config Eaphost start= demand
sc config EFS start= demand
sc config embeddedmode start= demand
sc config EntAppSvc start= demand
sc config EventLog start= Auto
sc config EventSystem start= Auto
sc config Fax start= demand
sc config fdPHost start= demand
sc config FDResPub start= demand
sc config FileSyncHelper start= demand
sc config fhsvc start= demand
sc config FontCache start= Auto
sc config FontCache3.0.0.0 start= demand
sc config ftpsvc start= Auto
sc config GraphicsPerfSvc start= demand
sc config gpsvc start= Auto
sc config hidserv start= demand
sc config HNS start= demand
sc config HvHost start= demand
sc config icssvc start= demand
sc config InstallService start= demand
sc config lfsvc start= demand
sc config InventorySvc start= demand
sc config IEEtwCollectorService start= demand
sc config IISADMIN start= Auto
sc config IKEEXT start= demand
sc config iphlpsvc start= Auto
sc config iprip start= Auto
sc config IpxlatCfgSvc start= demand
sc config KeyIso start= demand
sc config KtmRm start= demand
sc config LanmanServer start= Auto
sc config LanmanWorkstation start= Auto
sc config lfsvc start= demand
sc config lltdsvc start= demand
sc config lmhosts start= demand
sc config LSM start= Auto
sc config MapsBroker start= delayed-auto
sc config McpManagementService start= demand
sc config MpsSvc start= Auto
sc config MSDTC start= demand
sc config MsKeyboardFilter start= disabled
sc config MSiSCSI start= demand
sc config msiserver start= demand
sc config NaturalAuthentication start= demand
sc config NcaSvc start= demand
sc config NcbService start= demand
sc config NcdAutoSetup start= demand
sc config Netlogon start= Auto
sc config Netman start= demand
sc config netprofm start= demand
sc config NetSetupSvc start= demand
sc config NetTcpPortSharing start= disabled
sc config NgcCtnrSvc start= demand
sc config NgcSvc start= demand
sc config NlaSvc start= Auto
sc config nsi start= Auto
sc config nvagent start= demand
sc config p2pimsvc start= demand
sc config p2psvc start= demand
sc config PcaSvc start= delayed-auto
sc config PeerDistSvc start= demand
sc config PerfHost start= demand
sc config pla start= demand
sc config PlugPlay start= demand
sc config PNRPAutoReg start= demand
sc config PNRPsvc start= demand
sc config PolicyAgent start= demand
sc config Power start= Auto
sc config PrintNotify start= demand
sc config ProfSvc start= Auto
sc config QWAVE start= demand
sc config RasAuto start= demand
sc config RasMan start= Auto
sc config RemoteAccess start= Disabled
sc config RemoteRegistry start= Disabled
sc config RetailDemo start= demand
sc config RmSvc start= demand
sc config RpcEptMapper start= Auto
sc config RpcLocator start= demand
sc config RpcSs start= Auto
sc config SamSs start= Auto
sc config SCardSvr start= demand
sc config ScDeviceEnum start= demand
sc config Schedule start= Auto
sc config SCPolicySvc start= demand
sc config SDRSVC start= demand
sc config seclogon start= demand
sc config SENS start= Auto
sc config SEMgrSvc start= demand
sc config SensorDataService start= demand
sc config SensorService start= demand
sc config SensrSvc start= demand
sc config SessionEnv start= demand
sc config SharedAccess start= demand
sc config ShellHWDetection start= Auto
sc config ssh-agent start= disabled
sc config smphost start= demand
sc config SmsRouter start= demand
sc config SNMPTRAP start= demand
sc config Spooler start= Auto
sc config sppsvc start= delayed-auto
sc config SSDPSRV start= demand
sc config SstpSvc start= demand
sc config StateRepository start= Auto
sc config stisvc start= Auto
sc config StorSvc start= delayed-auto
sc config svsvc start= demand
sc config swprv start= demand
sc config SysMain start= Auto
sc config SystemEventsBroker start= Auto
sc config TapiSrv start= demand
sc config TermService start= demand
sc config Themes start= Auto
sc config TrkWks start= Auto
sc config TrustedInstaller start= demand
sc config TroubleshootingSvc start= demand
sc config UmRdpService start= demand
sc config upnphost start= demand
sc config UserManager start= Auto
sc config UsoSvc start= delayed-auto
sc config VaultSvc start= demand
sc config vds start= demand
sc config vmcompute start= demand
sc config vmicguestinterface start= demand
sc config vmicheartbeat start= demand
sc config vmicrdv start= demand
sc config vmicshutdown start= demand
sc config vmictimesync start= demand
sc config vmicvmsession start= demand
sc config vmicvss start= demand
sc config VSS start= demand
sc config W32Time start= demand
sc config WalletService start= demand
sc config wbengine start= demand
sc config WbioSrvc start= demand
sc config Wcmsvc start= Auto
sc config wcncsvc start= demand
sc config WdiServiceHost start= demand
sc config WdiSystemHost start= demand
sc config WdNisSvc start= demand
sc config WebClient start= demand
sc config Wecsvc start= demand
sc config WEPHOSTSVC start= demand
sc config wercplsupport start= demand
sc config WerSvc start= demand
sc config WiaRpc start= demand
sc config WinDefend start= Auto
sc config WinHttpAutoProxySvc start= demand
sc config Winmgmt start= Auto
sc config WinRM start= demand
sc config WlanSvc start= Auto
sc config wlidsvc start= demand
sc config wlpasvc start= demand
sc config wmiApSrv start= demand
sc config WMPNetworkSvc start= Auto
sc config workfolderssvc start= demand
sc config WPDBusEnum start= demand
sc config WpcMonSvc start= demand
sc config WpnService start= Auto
sc config wscsvc start= delayed-auto
sc config WSearch start= delayed-auto
sc config wuauserv start= demand
sc config WwanSvc start= demand
sc config XblAuthManager start= demand
sc config XblGameSave start= demand
sc config XboxNetApiSvc start= demand
Endbatch:

CMD: WMIC SERVICE WHERE Name=“securityhealthservice” CALL startservice
CMD: WMIC SERVICE WHERE Name=“windefend” CALL startservice
CMD: WMIC SERVICE WHERE Name=“wscsvc” CALL startservice
CMD: WMIC SERVICE WHERE Name=“mpsdrv” CALL startservice
CMD: WMIC SERVICE WHERE Name=“securityhealthservice” set startmode=“auto”
CMD: WMIC SERVICE WHERE Name=“windefend” set startmode=“auto”
CMD: WMIC SERVICE WHERE Name=“wscsvc” set startmode=“auto”
cmd: DISM.exe /Online /Cleanup-image /Restorehealth
cmd: sfc /scannow
cmd: winmgmt /salvagerepository
cmd: winmgmt /verifyrepository
cmd: “%WINDIR%\SYSTEM32\lodctr.exe” /R
cmd: “%WINDIR%\SysWOW64\lodctr.exe” /R
cmd: “%WINDIR%\SYSTEM32\lodctr.exe” /R
cmd: “%WINDIR%\SysWOW64\lodctr.exe” /R
ExportKey: HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions
emptytemp:
Reboot:
End::
[HR][/HR]
Error: Restore point can only be created in normal mode.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows Defender\“DisableAntiSpyware”=“0” => value restored successfully
HKLM\SOFTWARE\Microsoft\Windows Defender\“DisableAntiVirus”=“0” => value restored successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => not found
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender Security Center => not found
Registry ====> Der Vorgang wurde erfolgreich beendet.

========= Batch: =========
[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig FEHLER 5:

Zugriff verweigert

[SC] OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

BESCHREIBUNG:
Žndert einen Diensteintrag in der Registrierung und der Dienstdatenbank.
SYNTAX:
sc config [Dienstname] …

OPTIONEN:
HINWEIS: Der Optionsname enth„lt das Gleichheitszeichen.
Zwischen dem Gleichheitszeichen und dem Wert muss ein Leerzeichen eingefgt werden.
Um die Abh„ngigkeit zu entfernen, verwenden Sie einen einzelnen / (Schr„gstrich) als Abh„ngigkeitswert.
type= <own|share|interact|kernel|filesys|rec|adapt|userown|usershare>
start= <boot|system|auto|demand|disabled|delayed-auto>
error= <normal|severe|critical|ignore>
binPath= <Bin„rpfadname zur EXE-Datei>
group= 
tag= <yes|no>
depend= <Abh„ngigkeiten (getrennt durch / (Schr„gstrich))>
obj= <AccountName|ObjectName>
DisplayName= 
password=

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig2 (delayed autostart flag) FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

[SC] OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 1060:

Der angegebene Dienst ist kein installierter Dienst.

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] OpenService FEHLER 5:

Zugriff verweigert

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

[SC] ChangeServiceConfig ERFOLG

========= End of Batch: =========

========= WMIC SERVICE WHERE Name=“securityhealthservice” CALL startservice =========

(\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“SecurityHealthService”)->startservice() wird ausgefhrt
Methode wurde ausgefhrt.
Ausgabeparameter:
instance of __PARAMETERS
{
ReturnValue = 8;
};

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“windefend” CALL startservice =========

(\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“WinDefend”)->startservice() wird ausgefhrt
Methode wurde ausgefhrt.
Ausgabeparameter:
instance of __PARAMETERS
{
ReturnValue = 8;
};

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“wscsvc” CALL startservice =========

(\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“wscsvc”)->startservice() wird ausgefhrt
Methode wurde ausgefhrt.
Ausgabeparameter:
instance of __PARAMETERS
{
ReturnValue = 8;
};

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“mpsdrv” CALL startservice =========

Keine Instanzen verfgbar.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“securityhealthservice” set startmode=“auto” =========

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“SecurityHealthService”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“windefend” set startmode=“auto” =========

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“WinDefend”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

========= End of CMD: =========

========= WMIC SERVICE WHERE Name=“wscsvc” set startmode=“auto” =========

Eigenschaften von “\DESKTOP-OSDJ7D2\ROOT\CIMV2:Win32_Service.Name=“wscsvc”” werden aktualisiert
Eigenschaft(en) wurde(n) aktualisiert.

========= End of CMD: =========

========= DISM.exe /Online /Cleanup-image /Restorehealth =========

Tool zur Imageverwaltung fr die Bereitstellung
Version: 10.0.22621.2792

Abbildversion: 10.0.22631.3155

[== 3.8% ]

[== 4.8% ]

[=== 5.7% ]

[=== 6.7% ]

[==== 7.5% ]

[==== 8.5% ]

[===== 9.5% ]

[====== 10.5% ]

[====== 11.5% ]

[======= 12.5% ]

[======= 13.4% ]

[======== 14.4% ]

[======== 15.4% ]

[========= 16.4% ]

[========= 16.9% ]

[========== 17.7% ]

[========== 18.2% ]

[========== 18.9% ]

[=========== 19.8% ]

[============ 20.8% ]

[============ 21.8% ]

[============= 22.8% ]

[============= 23.8% ]

[============== 24.8% ]

[============== 25.7% ]

[=============== 26.7% ]

[================ 27.7% ]

[================ 28.7% ]

[================= 29.7% ]

[================= 30.5% ]

[================== 31.2% ]

[================== 32.0% ]

[=================== 33.0% ]

[=================== 34.0% ]

[=================== 34.4% ]

[==================== 35.2% ]

[===================== 36.2% ]

[===================== 37.0% ]

[===================== 37.7% ]

[====================== 38.5% ]

[====================== 39.5% ]

[======================= 40.5% ]

[======================== 41.4% ]

[======================== 42.4% ]

[========================= 43.4% ]

[========================= 44.4% ]

[========================== 45.4% ]

[========================== 46.3% ]

[===========================47.3% ]

[===========================48.3% ]

[===========================49.3% ]

[===========================50.3% ]

[===========================51.2% ]

[===========================52.2% ]

[===========================52.5% ]

[===========================52.5% ]

[===========================52.7% ]

[===========================52.8% ]

[===========================52.8% ]

[===========================52.9% ]

[===========================52.9% ]

[===========================53.1% ]

[===========================53.1% ]

[===========================53.2% ]

[===========================53.3% ]

[===========================53.4% ]

[===========================53.4% ]

[===========================53.5% ]

[===========================53.6% ]

[===========================53.7% ]

[===========================53.7% ]

[===========================54.0% ]

[===========================54.1% ]

[===========================54.2% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.3% ]

[===========================54.5% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.6% ]

[===========================54.7% ]

[===========================54.7% ]

[===========================54.7% ]

[===========================54.8% ]

[===========================54.8% ]

[===========================54.8% ]

[===========================54.9% ]

[===========================54.9% ]

[===========================54.9% ]

[===========================55.0% ]

[===========================55.2% ]

[===========================55.2% ]

[===========================55.3% ]

[===========================55.5% ]

[===========================55.7% ]

[===========================55.8% ]

[===========================55.9% ]

[===========================56.1% ]

[===========================56.2% ]

[===========================56.3% ]

[===========================56.3% ]

[===========================56.9%= ]

[===========================57.9%= ]

[===========================58.9%== ]

[===========================59.1%== ]

[===========================59.1%== ]

[===========================60.1%== ]

[===========================62.3%==== ]

[===========================84.9%================= ]

[==========================100.0%==========================]
Der Wiederherstellungsvorgang wurde erfolgreich abgeschlossen.
Der Vorgang wurde erfolgreich beendet.

========= End of CMD: =========

========= sfc /scannow =========

Systemsuche wird gestartet. Dieser Vorgang kann einige Zeit dauern.

Überprüfungsphase der Systemsuche wird gestartet.

Überprüfung 0 % abgeschlossen.
Überprüfung 1 % abgeschlossen.
Überprüfung 1 % abgeschlossen.
Überprüfung 2 % abgeschlossen.
Überprüfung 2 % abgeschlossen.
Überprüfung 3 % abgeschlossen.
Überprüfung 3 % abgeschlossen.
Überprüfung 4 % abgeschlossen.
Überprüfung 4 % abgeschlossen.
Überprüfung 5 % abgeschlossen.
Überprüfung 5 % abgeschlossen.
Überprüfung 6 % abgeschlossen.
Überprüfung 7 % abgeschlossen.
Überprüfung 7 % abgeschlossen.
Überprüfung 8 % abgeschlossen.
Überprüfung 8 % abgeschlossen.
Überprüfung 9 % abgeschlossen.
Überprüfung 9 % abgeschlossen.
Überprüfung 10 % abgeschlossen.
Überprüfung 10 % abgeschlossen.
Überprüfung 11 % abgeschlossen.
Überprüfung 11 % abgeschlossen.
Überprüfung 12 % abgeschlossen.
Überprüfung 12 % abgeschlossen.
Überprüfung 13 % abgeschlossen.
Überprüfung 14 % abgeschlossen.
Überprüfung 14 % abgeschlossen.
Überprüfung 15 % abgeschlossen.
Überprüfung 15 % abgeschlossen.
Überprüfung 16 % abgeschlossen.
Überprüfung 16 % abgeschlossen.
Überprüfung 17 % abgeschlossen.
Überprüfung 17 % abgeschlossen.
Überprüfung 18 % abgeschlossen.
Überprüfung 18 % abgeschlossen.
Überprüfung 19 % abgeschlossen.
Überprüfung 20 % abgeschlossen.
Überprüfung 20 % abgeschlossen.
Überprüfung 21 % abgeschlossen.
Überprüfung 21 % abgeschlossen.
Überprüfung 22 % abgeschlossen.
Überprüfung 22 % abgeschlossen.
Überprüfung 23 % abgeschlossen.
Überprüfung 23 % abgeschlossen.
Überprüfung 24 % abgeschlossen.
Überprüfung 24 % abgeschlossen.
Überprüfung 25 % abgeschlossen.
Überprüfung 25 % abgeschlossen.
Überprüfung 26 % abgeschlossen.
Überprüfung 27 % abgeschlossen.
Überprüfung 27 % abgeschlossen.
Überprüfung 28 % abgeschlossen.
Überprüfung 28 % abgeschlossen.
Überprüfung 29 % abgeschlossen.
Überprüfung 29 % abgeschlossen.
Überprüfung 30 % abgeschlossen.
Überprüfung 30 % abgeschlossen.
Überprüfung 31 % abgeschlossen.
Überprüfung 31 % abgeschlossen.
Überprüfung 32 % abgeschlossen.
Überprüfung 32 % abgeschlossen.
Überprüfung 33 % abgeschlossen.
Überprüfung 34 % abgeschlossen.
Überprüfung 34 % abgeschlossen.
Überprüfung 35 % abgeschlossen.
Überprüfung 35 % abgeschlossen.
Überprüfung 36 % abgeschlossen.
Überprüfung 36 % abgeschlossen.
Überprüfung 37 % abgeschlossen.
Überprüfung 37 % abgeschlossen.
Überprüfung 38 % abgeschlossen.
Überprüfung 38 % abgeschlossen.
Überprüfung 39 % abgeschlossen.
Überprüfung 40 % abgeschlossen.
Überprüfung 40 % abgeschlossen.
Überprüfung 41 % abgeschlossen.
Überprüfung 41 % abgeschlossen.
Überprüfung 42 % abgeschlossen.
Überprüfung 42 % abgeschlossen.
Überprüfung 43 % abgeschlossen.
Überprüfung 43 % abgeschlossen.
Überprüfung 44 % abgeschlossen.
Überprüfung 44 % abgeschlossen.
Überprüfung 45 % abgeschlossen.
Überprüfung 45 % abgeschlossen.
Überprüfung 46 % abgeschlossen.
Überprüfung 47 % abgeschlossen.
Überprüfung 47 % abgeschlossen.
Überprüfung 48 % abgeschlossen.
Überprüfung 48 % abgeschlossen.
Überprüfung 49 % abgeschlossen.
Überprüfung 49 % abgeschlossen.
Überprüfung 50 % abgeschlossen.
Überprüfung 50 % abgeschlossen.
Überprüfung 51 % abgeschlossen.
Überprüfung 51 % abgeschlossen.
Überprüfung 52 % abgeschlossen.
Überprüfung 52 % abgeschlossen.
Überprüfung 53 % abgeschlossen.
Überprüfung 54 % abgeschlossen.
Überprüfung 54 % abgeschlossen.
Überprüfung 55 % abgeschlossen.
Überprüfung 55 % abgeschlossen.
Überprüfung 56 % abgeschlossen.
Überprüfung 56 % abgeschlossen.
Überprüfung 57 % abgeschlossen.
Überprüfung 57 % abgeschlossen.
Überprüfung 58 % abgeschlossen.
Überprüfung 58 % abgeschlossen.
Überprüfung 59 % abgeschlossen.
Überprüfung 60 % abgeschlossen.
Überprüfung 60 % abgeschlossen.
Überprüfung 61 % abgeschlossen.
Überprüfung 61 % abgeschlossen.
Überprüfung 62 % abgeschlossen.
Überprüfung 62 % abgeschlossen.
Überprüfung 63 % abgeschlossen.
Überprüfung 63 % abgeschlossen.
Überprüfung 64 % abgeschlossen.
Überprüfung 64 % abgeschlossen.
Überprüfung 65 % abgeschlossen.
Überprüfung 65 % abgeschlossen.
Überprüfung 66 % abgeschlossen.
Überprüfung 67 % abgeschlossen.
Überprüfung 67 % abgeschlossen.
Überprüfung 68 % abgeschlossen.
Überprüfung 68 % abgeschlossen.
Überprüfung 69 % abgeschlossen.
Überprüfung 69 % abgeschlossen.
Überprüfung 70 % abgeschlossen.
Überprüfung 70 % abgeschlossen.
Überprüfung 71 % abgeschlossen.
Überprüfung 71 % abgeschlossen.
Überprüfung 72 % abgeschlossen.
Überprüfung 73 % abgeschlossen.
Überprüfung 73 % abgeschlossen.
Überprüfung 74 % abgeschlossen.
Überprüfung 74 % abgeschlossen.
Überprüfung 75 % abgeschlossen.
Überprüfung 75 % abgeschlossen.
Überprüfung 76 % abgeschlossen.
Überprüfung 76 % abgeschlossen.
Überprüfung 77 % abgeschlossen.
Überprüfung 77 % abgeschlossen.
Überprüfung 78 % abgeschlossen.
Überprüfung 78 % abgeschlossen.
Überprüfung 79 % abgeschlossen.
Überprüfung 80 % abgeschlossen.
Überprüfung 80 % abgeschlossen.
Überprüfung 81 % abgeschlossen.
Überprüfung 81 % abgeschlossen.
Überprüfung 82 % abgeschlossen.
Überprüfung 82 % abgeschlossen.
Überprüfung 83 % abgeschlossen.
Überprüfung 83 % abgeschlossen.
Überprüfung 84 % abgeschlossen.
Überprüfung 84 % abgeschlossen.
Überprüfung 85 % abgeschlossen.
Überprüfung 85 % abgeschlossen.
Überprüfung 86 % abgeschlossen.
Überprüfung 87 % abgeschlossen.
Überprüfung 87 % abgeschlossen.
Überprüfung 88 % abgeschlossen.
Überprüfung 88 % abgeschlossen.
Überprüfung 89 % abgeschlossen.
Überprüfung 89 % abgeschlossen.
Überprüfung 90 % abgeschlossen.
Überprüfung 90 % abgeschlossen.
Überprüfung 91 % abgeschlossen.
Überprüfung 91 % abgeschlossen.
Überprüfung 92 % abgeschlossen.
Überprüfung 93 % abgeschlossen.
Überprüfung 93 % abgeschlossen.
Überprüfung 94 % abgeschlossen.
Überprüfung 94 % abgeschlossen.
Überprüfung 95 % abgeschlossen.
Überprüfung 95 % abgeschlossen.
Überprüfung 96 % abgeschlossen.
Überprüfung 96 % abgeschlossen.
Überprüfung 97 % abgeschlossen.
Überprüfung 97 % abgeschlossen.
Überprüfung 98 % abgeschlossen.
Überprüfung 98 % abgeschlossen.
Überprüfung 99 % abgeschlossen.
Überprüfung 100 % abgeschlossen.

Der Windows-Ressourcenschutz hat keine Integritätsverletzungen gefunden.

========= End of CMD: =========

========= winmgmt /salvagerepository =========

Das WMI-Repository ist konsistent.

========= End of CMD: =========

========= winmgmt /verifyrepository =========

Das WMI-Repository ist konsistent.

========= End of CMD: =========

========= “%WINDIR%\SYSTEM32\lodctr.exe” /R =========

Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.

========= End of CMD: =========

========= “%WINDIR%\SysWOW64\lodctr.exe” /R =========

Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.

========= End of CMD: =========

========= “%WINDIR%\SYSTEM32\lodctr.exe” /R =========

Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.

========= End of CMD: =========

========= “%WINDIR%\SysWOW64\lodctr.exe” /R =========

Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.

========= End of CMD: =========

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Extensions]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\IpAddresses]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Processes]
[HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\TemporaryPaths]

=== End of ExportKey ===

=========== EmptyTemp: ==========

FlushDNS => completed
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8445640 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 23386 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
eiko- => 51155 B

RecycleBin => 0 B
EmptyTemp: => 8.1 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 09:26:15 ====
                                                  FRST new scan:

                                                  Code:
                                                  Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by eiko- (administrator) on DESKTOP-OSDJ7D2 (Micro-Star International Co., Ltd. MS-7B85) (04-03-2024 09:29:28)
Running from C:\Users\eiko-\Desktop\FRST64english.exe
Loaded Profiles: eiko-
Platform: Microsoft Windows 11 Home Version 23H2 22631.3155 (X64) Language: Deutsch (Deutschland)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(A-Volute SAS → A-Volute) C:\Users\eiko-\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe
(C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc → Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc → Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.CropAndLock.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe
(C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE → ) C:\Program Files\RogueKiller\RogueKiller64.exe
(cmd.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(D:\Programme\Dragon Center\APP_Dragon_Center_Keeper.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → MSI) D:\Programme\Dragon Center\CC_Engine_x64.exe
(explorer.exe ->) (Google LLC → Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <14>
(explorer.exe ->) (Logitech Inc → Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe
(Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe
(NVIDIA Corporation → Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Oracle America, Inc. → Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe
(services.exe ->) (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH) C:\Program Files (x86)\3S CODESYS\GatewayPLC\ServiceControl.exe
(services.exe ->) (520D4CDF-A287-4423-AB88-D88CCF7E866D → ) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAccount_1.23.12130.0_x64__3c1yjt4zspk6g\SAService\SAService.exe
(services.exe ->) (ADLICE → ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (Adobe Inc. → Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (A-Volute SAS → Nahimic) C:\Windows\System32\NahimicService.exe
(services.exe ->) (Corsair Memory, Inc. → Corsair Memory, Inc.) D:\Programme\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(services.exe ->) (geek software GmbH → geek software GmbH) D:\Programme\PDF24\pdf24.exe
(services.exe ->) (HP Inc. → HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\msiexec.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star Int’l Co., Ltd.) D:\Programme\Dragon Center\DragonCenter_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star INT’L CO., LTD.) D:\Programme\Dragon Center\Mystic_Light\LightKeeperService.exe
(services.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows → ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.170.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star Int’l Co., Ltd.) D:\Programme\Dragon Center\APP_Dragon_Center_Keeper.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star Int’l Co., Ltd.) D:\Programme\Dragon Center\Mystic_Light\LEDKeeper2.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star INT’L CO., LTD.) D:\Programme\Dragon Center\StorageMonitor\StorageMonitor.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1668000 2021-06-09] (Logitech Inc → Logitech, Inc.)
HKLM...\Run: [PDF24] => D:\Programme\PDF24\pdf24.exe [613560 2022-11-30] (geek software GmbH → geek software GmbH)
HKLM...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher → Logitech)
HKLM-x32...\Run: [CORSAIR iCUE Software] => D:\Programme\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [405032 2019-12-21] (Corsair Memory, Inc. → Corsair Memory, Inc.)
HKLM-x32...\Run: [GatewaySysTray] => C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewaySysTray.exe [690456 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
HKLM-x32...\Run: [CODESYSControlSysTray] => C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlSysTray.exe [509216 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [750680 2023-12-19] (Oracle America, Inc. → Oracle Corporation)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [Steam] => D:\Programme\Steam\steam.exe [4388712 2024-02-29] (Valve Corp. → Valve Corporation)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [Discord] => C:\Users\eiko-\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. → GitHub)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [Overwolf] => D:\Programme\Overwolf\OverwolfLauncher.exe [1789960 2024-02-29] (Overwolf Ltd → Overwolf Ltd.)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [com.squirrel.Teams.Teams] => C:\Users\eiko-\AppData\Local\Microsoft\Teams\Update.exe [2591080 2023-12-17] (Microsoft 3rd Party Application Component → Microsoft Corporation)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [MicrosoftEdgeAutoLaunch_322C183E72E821C8032805843FDA8DCC] => “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe” --no-startup-window --win-session-start [4060728 2024-03-01] (Microsoft Corporation → Microsoft Corporation)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [70912472 2023-11-16] (Riot Games, Inc. → Riot Games, Inc.)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37180368 2023-12-11] (Epic Games Inc. → Epic Games, Inc.)
HKLM...\Print\Monitors\Canon BJ FAX Language Monitor TR8500 series: C:\Windows\system32\CNCALDL.DLL [254464 2019-01-28] (CANON INC.) [File not signed]
HKLM...\Print\Monitors\Canon BJ Language Monitor TR8500 series: C:\Windows\system32\CNMLMDL.DLL [1302016 2019-01-10] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files (x86)\Google\Chrome\Application\122.0.6261.95\Installer\chrmstp.exe [2024-03-04] (Google LLC → Google LLC)
Startup: C:\Users\eiko-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2023-12-10]
ShortcutTarget: An OneNote senden.lnk → C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation → Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2023-05-22]
ShortcutTarget: CodeMeter Control Center.lnk → C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {FFE2FE1B-1C7C-4F94-B919-456BF6851F68} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. → Adobe Inc.)
Task: {4D56D740-F8FB-4DEF-B3F8-F64A144EC9D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-07] (Google LLC → Google LLC)
Task: {8815457D-F870-4FB9-8D26-51F492C61D7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-07] (Google LLC → Google LLC)
Task: {B97F7B1A-CBE7-4C2D-86CD-B753C4A1B075} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23570520 2024-02-02] (Microsoft Corporation → Microsoft Corporation)
Task: {EE86FD1B-4BC0-444A-8289-47ED15CFCF6E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23570520 2024-02-02] (Microsoft Corporation → Microsoft Corporation)
Task: {E68060AB-6DF7-4D04-AB8A-70607886A6EB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209384 2024-02-29] (Microsoft Corporation → Microsoft Corporation)
Task: {A15099C1-AED8-4FC6-8AE7-7509FDD536D2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209384 2024-02-29] (Microsoft Corporation → Microsoft Corporation)
Task: {76D75D59-EE92-4CE7-AE33-EEEF21398C3C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513808 2024-02-29] (Microsoft Corporation → Microsoft Corporation)
Task: {CC69A0EF-2A50-4EF2-8E51-142824E833DB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513808 2024-02-29] (Microsoft Corporation → Microsoft Corporation)
Task: {ED229EC7-51A0-4F98-8F03-603ECEB2184E} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\Schedule created by enrollment client to reattest client certificate => C:\WINDOWS\system32\deviceenroller.exe [516096 2024-02-14] (Microsoft Windows → Microsoft Corporation)
Task: {EFC003FD-C225-4E23-945C-7E84FD4E9554} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation → NVIDIA Corporation) → -d “C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck” -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {083D83A3-86B5-437E-BC21-E0CC35ACD65E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation → NVIDIA Corporation) → -d “C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck” -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {C60A0C92-E529-4A55-AA72-235D1AFBCA65} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-09] (NVIDIA Corporation → NVIDIA Corporation)
Task: {C2B2716D-476E-4B58-8A59-A18A77583588} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {CF9F5784-F165-4D6E-876F-A22475E89024} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {A6BB91CC-4F56-4B61-837F-A1AD7B9D49EF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {C2685297-C323-45CD-AA50-DCCE92F349E1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {6FB59C07-AF87-4EFC-9B03-68C8341BFA48} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {C0FF1705-9D3E-48A8-B840-7101B8E4D3BD} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {99CE4BA9-7C1E-4F0D-8CAF-E34C95AEA6D8} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {2F35FD26-5AB7-4952-B1E0-E558B0733762} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2642952 2024-02-29] (Overwolf Ltd → Overwolf LTD)
Task: {9FD15DBE-139A-4C6E-89E6-BDC9F0C92AFA} - System32\Tasks\PowerToys\Autorun for eiko- => C:\Program Files\PowerToys\PowerToys.exe [1216544 2024-01-05] (Microsoft Corporation → Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip..\Interfaces{3a305b48-12bf-40ef-b06c-e6fc35585716}: [DhcpNameServer] 192.168.178.1
Tcpip..\Interfaces{3a305b48-12bf-40ef-b06c-e6fc35585716}: [DhcpDomain] fritz.box
[HEADING=1]Edge:[/HEADING]
Edge Profile: C:\Users\eiko-\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-02]
Edge Extension: (Google Docs Offline) - C:\Users\eiko-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-24]
Edge Extension: (Edge relevant text changes) - C:\Users\eiko-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-02]
Edge HKLM...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
[HEADING=1]FireFox:[/HEADING]
FF Plugin: @java.com/DTPlugin,version=11.401.2 → C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-12-19] (Oracle America, Inc. → Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.401.2 → C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-12-19] (Oracle America, Inc. → Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.18 → D:\Programme\VLC\npvlc.dll [2022-11-08] (VideoLAN → VideoLAN)
FF Plugin: Adobe Acrobat → C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-22] (Adobe Inc. → Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
[HEADING=1]Chrome:[/HEADING]
CHR DefaultProfile: Default
CHR Profile: C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default [2024-03-04]
CHR Notifications: Default → hxxps://pchelpforum.net; hxxps://www.alleaktien.de
CHR Extension: (Honey: Automatische Coupons & Prämien) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-02-25]
CHR Extension: (Social Blade) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2022-09-04] [UpdateUrl:hxxps://addon.socialblade.com/updates.json] <==== ATTENTION
CHR Extension: (uBlock Origin) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-02-25]
CHR Extension: (Multi-File Downloader) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpecplbkinpdbedgejddhepkgcppgchk [2022-05-12]
CHR Extension: (Video Downloader Professional) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2023-04-19]
CHR Extension: (Just Focus) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\gefaddaengbodpiobpbgblajdboalmgc [2022-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-28]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-02-28]
CHR Extension: (Unpaywall) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplffkdpngmdjhlpjmppncnlhomiipha [2023-04-29]
CHR Extension: (Live Stream Downloader) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\looepbdllpjgdmkpdcdffhdbmpbcfekj [2023-12-10]
CHR Extension: (Shazam: Finde Songtitel in deinem Browser) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmioliijnhnoblpgimnlajmefafdfilb [2024-01-05]
CHR Extension: (Uncanny Cookie Clicker) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmdenlpgbgmeofmdkhimecmkcgabgno [2023-11-14]
CHR Extension: (MetaMask) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2024-01-30]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR HKLM...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. → Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15772456 2023-12-10] (BattlEye Innovations e.K. → )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9497696 2024-02-02] (Microsoft Corporation → Microsoft Corporation)
S3 CODESYS Control Win V3; C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe [5383968 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
R2 CODESYS Gateway V3; C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe [562968 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
R2 CODESYS ServiceControl; C:\Program Files (x86)\3S CODESYS\GatewayPLC\ServiceControl.exe [203544 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
R2 CorsairService; D:\Programme\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [55336 2019-12-21] (Corsair Memory, Inc. → Corsair Memory, Inc.)
R2 DragonCenter_Service; D:\Programme\Dragon Center\DragonCenter_Service.exe [142512 2019-08-29] (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star Int’l Co., Ltd.)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [955816 2023-12-10] (EasyAntiCheat Oy → Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. → Epic Games, Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2024-01-19] (HP Inc. → HP Inc.)
R2 LightKeeperService; D:\Programme\Dragon Center\Mystic_Light\LightKeeperService.exe [81552 2020-01-07] (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star INT’L CO., LTD.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-28] (Malwarebytes Inc. → Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-02-28] (Malwarebytes Inc. → Malwarebytes)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1909416 2024-01-01] (A-Volute SAS → Nahimic)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2642952 2024-02-29] (Overwolf Ltd → Overwolf LTD)
R2 PDF24; D:\Programme\PDF24\pdf24.exe [613560 2022-11-30] (geek software GmbH → geek software GmbH)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15246256 2024-02-19] (ADLICE → )
R2 SamsungAccountService; C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAccount_1.23.12130.0_x64__3c1yjt4zspk6g\SAService\SAService.exe [6656 2023-12-21] (520D4CDF-A287-4423-AB88-D88CCF7E866D → )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe [3191256 2024-02-28] (Microsoft Windows Publisher → Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S2 WinDefend; “C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe”

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 → Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 → Apple Inc.)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [58368 2023-11-16] (www.winchiphead.com) [File not signed]
S2 CorsairLLAccess2C5180972F76443B27B6BE38ADBF2AE99B374496; D:\Programme\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [20696 2019-12-12] (Microsoft Windows Hardware Compatibility Publisher → Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-06] (Microsoft Windows Hardware Compatibility Publisher → Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-06] (Microsoft Windows Hardware Compatibility Publisher → Corsair)
R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [386552 2021-11-26] (Microsoft Windows Hardware Compatibility Publisher → Dokan Project)
S1 EneIo; C:\Windows\system32\drivers\ene.sys [17624 2019-05-22] (Microsoft Windows Hardware Compatibility Publisher → )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-02-28] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
S3 ipadtst; C:\ProgramData\MSI\Super_Charger\ipadtst_64.sys [20464 2013-11-11] (MICRO-STAR INTERNATIONAL CO., LTD. → Windows (R) Win 7 DDK provider)
S3 ipadtst2; C:\ProgramData\MSI\Super_Charger\ipadtst2_64.sys [16336 2016-07-29] (MICRO-STAR INTERNATIONAL CO., LTD. → MSI)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-02-28] (Microsoft Windows Early Launch Anti-malware Publisher → Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt11.sys [233704 2024-03-04] (Malwarebytes Inc. → Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-03-04] (Malwarebytes Inc. → Malwarebytes)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [94784 2022-06-03] (A-Volute SAS → Windows (R) Win 7 DDK provider)
R3 NTIOLib_CC_COMM; D:\Programme\Dragon Center\Lib\SYS\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. → MSI)
R3 NTIOLib_CC_CPU; D:\Programme\Dragon Center\Lib\Super_Charger\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. → MSI)
R3 NTIOLib_MysticLight; D:\Programme\Dragon Center\Mystic_Light\Lib\NTIOLib_X64.sys [14288 2020-01-07] (MICRO-STAR INTERNATIONAL CO., LTD. → MSI)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James → Scarlet.Crush Productions)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. → The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [54208 2024-03-04] (ADLICE (Julien Ascoet) → )
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [81920 2023-04-19] (Microsoft Corporation) [File not signed]
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [165744 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher → Nefarius Software Solutions e.U.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [21040 2024-02-28] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [608648 2024-02-28] (Microsoft Windows → Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-02-28] (Microsoft Windows → Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-04 09:29 - 2024-03-04 09:29 - 003052134 _____ C:\Users\eiko-\Downloads\ZHPSuite.zip
2024-03-04 09:29 - 2024-03-04 09:29 - 000000000 ____D C:\Users\eiko-\Downloads\ZHPSuite
2024-03-04 09:27 - 2024-03-04 09:27 - 000233704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2024-03-04 09:27 - 2024-03-04 09:27 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-03-04 09:27 - 2024-03-04 09:27 - 000054208 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2024-03-04 09:27 - 2024-03-04 09:27 - 000000004 ____H C:\ProgramData\cm-lock
2024-03-04 09:26 - 2024-03-04 09:26 - 000758086 _____ C:\WINDOWS\system32\perfh007.dat
2024-03-04 09:26 - 2024-03-04 09:26 - 000156254 _____ C:\WINDOWS\system32\perfc007.dat
2024-03-04 09:15 - 2024-03-04 09:15 - 000002092 _____ C:\Users\eiko-\Desktop\SAVEMODECODE0.txt
2024-03-04 09:00 - 2024-03-04 09:00 - 000012913 _____ C:\Users\eiko-\Desktop\SAVEMODECODE.txt
2024-03-04 08:55 - 2024-03-04 09:21 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-03-04 08:54 - 2024-03-04 08:54 - 000028672 _____ C:\BCDbak
2024-03-04 08:53 - 2024-03-04 08:53 - 000001425 _____ C:\Users\eiko-\Desktop\Malwarebytes Scan-Bericht 2024-03-04 074755.txt
2024-03-04 08:50 - 2024-03-04 09:21 - 000000000 ____D C:\Users\eiko-\Desktop\BootSafe
2024-03-04 08:50 - 2024-03-04 08:50 - 000293638 _____ C:\Users\eiko-\Downloads\BootSafe.zip
2024-03-02 08:30 - 2024-03-02 08:30 - 000008150 _____ C:\Users\eiko-\Desktop\WinDefend.reg
2024-03-01 23:53 - 2024-03-02 08:40 - 000000000 ____D C:\Users\eiko-\Desktop\FSS
2024-03-01 23:53 - 2024-03-01 23:53 - 000475113 _____ C:\Users\eiko-\Downloads\FSS.zip
2024-03-01 23:53 - 2024-03-01 23:53 - 000475113 _____ C:\Users\eiko-\Desktop\FSS.zip
2024-03-01 19:01 - 2024-03-01 19:01 - 000000213 _____ C:\Users\eiko-\Desktop\Farming Simulator 22.url
2024-03-01 16:08 - 2024-03-01 16:08 - 000011496 _____ C:\Users\eiko-\Desktop\RogueKillerLog.txt,
2024-03-01 15:47 - 2024-03-01 16:02 - 000000000 ____D C:\ProgramData\RogueKiller
2024-03-01 15:47 - 2024-03-01 15:47 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2024-03-01 15:47 - 2024-03-01 15:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2024-03-01 15:47 - 2024-03-01 15:47 - 000000000 ____D C:\Program Files\RogueKiller
2024-03-01 15:46 - 2024-03-01 15:46 - 048358936 _____ (Adlice Software ) C:\Users\eiko-\Downloads\RogueKiller_setup.exe
2024-03-01 15:46 - 2024-03-01 15:46 - 048358936 _____ (Adlice Software ) C:\Users\eiko-\Desktop\RogueKiller_setup.exe
2024-03-01 13:10 - 2024-03-01 13:10 - 000000000 ____D C:\Users\eiko-\Downloads\logi7400-master
2024-03-01 13:09 - 2024-03-01 13:09 - 000490807 _____ C:\Users\eiko-\Downloads\logi7400-master.zip
2024-03-01 10:21 - 2024-03-01 10:21 - 000000000 ____D C:\KVRT2020_Data
2024-03-01 10:19 - 2024-03-01 10:20 - 109429104 _____ (AO Kaspersky Lab) C:\Users\eiko-\Desktop\KVRT.exe
2024-03-01 10:19 - 2024-03-01 10:19 - 109429104 _____ (AO Kaspersky Lab) C:\Users\eiko-\Downloads\KVRT.exe
2024-02-29 15:01 - 2024-02-29 15:01 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-02-28 16:51 - 2024-03-01 12:26 - 000077100 _____ C:\Users\eiko-\Desktop\Addition.txt
2024-02-28 16:50 - 2024-03-04 09:30 - 000030784 _____ C:\Users\eiko-\Desktop\FRST.txt
2024-02-28 16:35 - 2024-03-04 09:26 - 000041793 _____ C:\Users\eiko-\Desktop\Fixlog.txt
2024-02-28 16:35 - 2024-02-28 16:35 - 000009288 _____ C:\Users\eiko-\Desktop\rtcdqsmatz.txt
2024-02-28 16:34 - 2024-03-04 09:30 - 000000000 ____D C:\FRST
2024-02-28 16:34 - 2024-02-28 16:34 - 002386944 _____ (Farbar) C:\Users\eiko-\Downloads\FRST64.exe
2024-02-28 16:34 - 2024-02-28 16:34 - 002386944 _____ (Farbar) C:\Users\eiko-\Desktop\FRST64english.exe
2024-02-28 16:32 - 2024-02-28 16:32 - 000712333 _____ C:\Users\eiko-\Downloads\Fixlog.txt.txt
2024-02-28 16:29 - 2024-02-28 16:29 - 000004730 _____ C:\Users\eiko-\Desktop\Malwarebytes Scan-Bericht 2024-02-28 152400.txt
2024-02-28 16:21 - 2024-03-04 09:13 - 000000000 ____D C:\Users\eiko-\AppData\Local\Malwarebytes
2024-02-28 16:21 - 2024-02-28 16:21 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-02-28 16:21 - 2024-02-28 16:21 - 000002088 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-02-28 16:20 - 2024-02-28 16:20 - 002585496 _____ (Malwarebytes) C:\Users\eiko-\Downloads\MBSetup.exe
2024-02-28 16:20 - 2024-02-28 16:20 - 002585496 _____ (Malwarebytes) C:\Users\eiko-\Desktop\MBSetup.exe
2024-02-28 16:20 - 2024-02-28 16:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-02-28 16:20 - 2024-02-28 16:20 - 000000000 ____D C:\Program Files\Malwarebytes
2024-02-28 16:18 - 2024-02-28 16:17 - 008797968 _____ (Malwarebytes) C:\Users\eiko-\Desktop\adwcleaner.exe
2024-02-28 16:17 - 2024-02-28 16:19 - 000000000 ____D C:\AdwCleaner
2024-02-28 16:17 - 2024-02-28 16:17 - 008797968 _____ (Malwarebytes) C:\Users\eiko-\Downloads\adwcleaner.exe
2024-02-28 16:02 - 2024-02-28 16:03 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1421055718-2087356316-1872245878-1002
2024-02-28 16:02 - 2024-02-28 16:03 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1421055718-2087356316-1872245878-1002
2024-02-26 16:16 - 2024-02-26 16:16 - 000000000 ____D C:\Users\eiko-\AppData\LocalLow\Nokta Games
2024-02-26 16:14 - 2024-02-26 16:14 - 000000213 _____ C:\Users\eiko-\Desktop\Supermarket Simulator.url
2024-02-16 12:16 - 2024-02-16 12:16 - 032507592 _____ C:\Users\eiko-\Downloads\MKON Hausarbeit Gruppe 3.zip
2024-02-16 12:12 - 2024-02-16 12:12 - 000000000 ____D C:\Users\eiko-\Downloads\MKON Hausarbeit Gruppe 3
2024-02-14 16:01 - 2024-02-14 16:01 - 017224067 _____ C:\Users\eiko-\Downloads\Unbenanntes_Notizbuch.pdf
2024-02-14 14:21 - 2024-02-14 14:21 - 000019222 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-14 14:20 - 2024-02-14 14:20 - 000019222 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-14 14:17 - 2024-02-14 14:19 - 000000000 ___HD C:$WinREAgent
2024-02-14 11:50 - 2024-02-14 11:50 - 010669146 _____ C:\Users\eiko-\Downloads\978-3-8348-2581-0.pdf
2024-02-13 15:46 - 2024-02-13 15:46 - 006163244 _____ C:\Users\eiko-\Downloads\Anleitung MS2 Aufgabentype.pdf
2024-02-13 10:14 - 2024-02-13 10:14 - 000000000 ____D C:\Users\eiko-\Downloads\Photos-001 (2)
2024-02-13 10:13 - 2024-02-13 10:14 - 062952428 _____ C:\Users\eiko-\Downloads\Photos-001 (2).zip
2024-02-11 12:43 - 2024-02-11 12:43 - 000534937 _____ C:\Users\eiko-\Downloads\RL_Federn_Aufgabe (4).pdf
2024-02-11 12:21 - 2024-02-11 12:21 - 000936592 _____ C:\Users\eiko-\Downloads\624beffb-15e1-47fd-86e0-bf8de081bd29_Export-8ba90b14-8348-4300-9315-58890a9fcb66.zip
2024-02-11 12:21 - 2024-02-11 12:21 - 000000000 ____D C:\Users\eiko-\Downloads\624beffb-15e1-47fd-86e0-bf8de081bd29_Export-8ba90b14-8348-4300-9315-58890a9fcb66
2024-02-11 12:18 - 2024-02-11 12:18 - 003680011 _____ C:\Users\eiko-\Downloads\70f01c28-7c35-43b7-84f4-7366f8fa2549_Export-5fdfccfe-4bbb-432d-8e8d-9a2e76d48e74.zip
2024-02-11 12:18 - 2024-02-11 12:18 - 000000000 ____D C:\Users\eiko-\Downloads\70f01c28-7c35-43b7-84f4-7366f8fa2549_Export-5fdfccfe-4bbb-432d-8e8d-9a2e76d48e74
2024-02-11 11:43 - 2024-02-11 11:43 - 000876160 _____ C:\Users\eiko-\Downloads\Clicker_Kupplungen.pdf
2024-02-10 16:38 - 2024-02-10 16:38 - 000336378 _____ C:\Users\eiko-\Downloads\Kon3_Rechenlabor_Ketten.pdf
2024-02-10 16:38 - 2024-02-10 16:38 - 000225045 _____ C:\Users\eiko-\Downloads\Kon3_Rechenlabor_ZR.pdf
2024-02-10 16:38 - 2024-02-10 16:38 - 000152820 _____ C:\Users\eiko-\Downloads\Kon3_Rechenlabor_Riemen.pdf
2024-02-09 16:12 - 2024-02-09 16:12 - 002336867 _____ C:\Users\eiko-\Downloads\Probeklausur AT1.pdf
2024-02-09 14:38 - 2024-02-09 16:00 - 000000000 ____D C:\Users\eiko-\Downloads\OneDrive_1_9.2.2024
2024-02-09 14:38 - 2024-02-09 14:38 - 001064154 _____ C:\Users\eiko-\Downloads\OneDrive_1_9.2.2024.zip
2024-02-07 15:23 - 2024-02-07 15:23 - 000073710 _____ C:\Users\eiko-\Downloads\Clicker_Riemen (1).pdf
2024-02-05 16:01 - 2024-02-05 16:01 - 001424709 _____ C:\Users\eiko-\Downloads\MP_Codebeispiele_Klausur (1).pdf
2024-02-05 15:58 - 2024-02-05 15:58 - 001424709 _____ C:\Users\eiko-\Downloads\MP_Codebeispiele_Klausur.pdf
2024-02-05 15:49 - 2024-02-05 15:49 - 000656359 _____ C:\Users\eiko-\Downloads\MP_Ubersicht.pdf
2024-02-04 11:29 - 2024-02-04 11:29 - 003195103 _____ C:\Users\eiko-\Downloads\FTT-Rechnungen.pdf
2024-02-04 11:02 - 2024-02-04 11:02 - 000048937 _____ C:\Users\eiko-\Downloads\Belegungen und Prüfungsanmeldungen.pdf
2024-02-03 16:46 - 2024-03-04 09:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2024-02-03 16:46 - 2024-02-03 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerToys (Preview)
2024-02-03 16:45 - 2024-02-03 16:46 - 000000000 ____D C:\Program Files\PowerToys
2024-02-03 15:46 - 2024-02-03 15:46 - 000007484 _____ C:\Users\eiko-\Downloads\Endkappe LED-Profile stabiler V2.stl
2024-02-03 15:22 - 2024-02-03 15:22 - 000009084 _____ C:\Users\eiko-\Downloads\Endkappe LED-Profile stabiler (1).stl
2024-02-03 14:46 - 2024-02-03 14:46 - 000009084 _____ C:\Users\eiko-\Downloads\Endkappe LED-Profile stabiler.stl

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-04 09:29 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-03-04 09:29 - 2020-01-08 15:49 - 000000000 ____D C:\ProgramData\NVIDIA
2024-03-04 09:29 - 2020-01-07 21:17 - 000000000 ____D C:\Program Files (x86)\Google
2024-03-04 09:27 - 2023-05-22 12:01 - 000000068 __RSH C:\WINDOWS\system32\Drivers\WUDFRd.winsecurity
2024-03-04 09:27 - 2023-05-22 12:01 - 000000068 __RSH C:\WINDOWS\system32\Drivers\winhv.winsecurity
2024-03-04 09:27 - 2023-04-19 21:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-03-04 09:27 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-04 09:27 - 2022-05-07 06:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-03-04 09:27 - 2021-01-04 00:24 - 000012288 ___SH C:\DumpStack.log.tmp
2024-03-04 09:26 - 2023-04-19 21:07 - 001751300 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-03-04 09:26 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2024-03-04 09:25 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-03-04 09:14 - 2022-04-22 14:57 - 000000000 ____D C:\Users\eiko-\AppData\Local\D3DSCache
2024-03-04 09:13 - 2023-04-19 21:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-03-04 08:52 - 2020-01-07 21:17 - 000002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-03-02 21:54 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-03-02 20:10 - 2023-01-16 10:32 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-03-02 20:10 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-02 20:10 - 2020-07-04 09:55 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-03-02 08:43 - 2022-10-22 15:08 - 000108136 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2024-03-02 08:43 - 2022-10-22 15:08 - 000075368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2024-03-02 08:43 - 2022-02-11 19:58 - 002713080 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2024-03-02 08:43 - 2022-02-11 19:58 - 000689768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2024-03-02 08:43 - 2022-02-11 19:58 - 000218616 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2024-03-02 08:43 - 2022-02-11 19:58 - 000202344 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2024-03-02 08:43 - 2022-02-11 19:58 - 000144888 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2024-03-02 08:38 - 2020-01-07 22:07 - 000000000 ____D C:\Users\eiko-\AppData\Local\CrashDumps
2024-03-01 19:26 - 2021-11-02 16:11 - 000000000 ____D C:\Users\eiko-\Documents\My Games
2024-03-01 19:01 - 2021-11-02 15:02 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2024-03-01 15:35 - 2020-06-10 09:51 - 000000000 ____D C:\Users\eiko-\AppData\LocalLow\Temp
2024-03-01 15:34 - 2020-10-22 14:00 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\discord
2024-03-01 15:34 - 2020-01-07 20:22 - 000000000 ____D C:\Users\eiko-\AppData\Local\Packages
2024-03-01 15:32 - 2020-03-07 16:17 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Word
2024-03-01 15:22 - 2020-10-22 14:00 - 000000000 ____D C:\Users\eiko-\AppData\Local\Discord
2024-03-01 14:52 - 2020-03-07 16:18 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Excel
2024-03-01 13:11 - 2023-02-22 22:15 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\vlc
2024-03-01 13:10 - 2021-04-11 15:54 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Code
2024-02-29 15:01 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-02-29 15:00 - 2020-03-07 16:12 - 000000000 ____D C:\Program Files\Microsoft Office
2024-02-28 16:21 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-02-28 16:01 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-28 16:01 - 2020-01-07 20:22 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-02-28 15:59 - 2020-01-07 20:27 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\MMC
2024-02-28 15:37 - 2020-02-17 18:41 - 000000000 ____D C:\Users\eiko-\AppData\Local\ElevatedDiagnostics
2024-02-28 15:28 - 2022-05-07 06:24 - 000000000 __D C:\Program Files\Windows Defender
2024-02-28 15:28 - 2020-01-08 03:17 - 000000000 D C:\WINDOWS\system32\Drivers\wd
2024-02-28 15:25 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-28 15:25 - 2020-01-07 20:38 - 000918944 N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2024-02-28 15:12 - 2023-04-19 21:09 - 000003684 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-28 15:12 - 2023-04-19 21:09 - 000003568 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2024-02-28 15:12 - 2023-04-19 21:09 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-02-28 15:12 - 2023-04-19 21:09 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-28 15:12 - 2023-04-19 21:09 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000003344 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2024-02-28 15:12 - 2023-04-19 21:09 - 000003250 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task
2024-02-28 15:12 - 2023-04-19 21:09 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1421055718-2087356316-1872245878-1001
2024-02-28 15:12 - 2023-04-19 21:09 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1421055718-2087356316-1872245878-1001
2024-02-28 15:12 - 2023-04-19 21:09 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-25 13:20 - 2022-05-12 17:00 - 000000000 ____D C:\XboxGames
2024-02-24 20:04 - 2023-01-13 08:53 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-02-24 20:04 - 2022-10-13 19:02 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-02-24 20:03 - 2021-01-04 00:25 - 000002406 _____ C:\Users\eiko-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-16 12:40 - 2023-04-18 15:42 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\FreeFileSync
2024-02-14 22:21 - 2023-04-19 21:05 - 000512456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-14 22:20 - 2023-10-12 00:56 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-14 14:34 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-02-14 14:29 - 2020-01-07 20:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-14 14:27 - 2020-01-07 20:44 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-14 14:21 - 2023-04-19 21:06 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-13 10:38 - 2020-01-09 20:16 - 000000000 ____D C:\Users\eiko-\AppData\Local\Steam
2024-02-12 17:53 - 2023-12-18 13:41 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-02-11 22:35 - 2021-10-04 13:24 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Notion
2024-02-11 15:53 - 2024-02-02 15:38 - 000000000 ____D C:\Users\eiko-\Desktop\Papa schicken
2024-02-11 09:20 - 2021-04-06 10:21 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Teams
2024-02-09 12:12 - 2023-01-02 11:24 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Anki2
2024-02-06 07:45 - 2020-01-07 20:38 - 000000000 ____D C:\ProgramData\Packages
2024-02-05 10:14 - 2023-12-08 14:38 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\EQATEC Analytics
2024-02-03 20:30 - 2020-01-08 16:24 - 000000000 ____D C:\Users\eiko-\AppData\Roaming.minecraft
2024-02-03 20:29 - 2020-12-13 17:13 - 000000000 ____D C:\Users\eiko-\AppData\Local\Overwolf
2024-02-03 16:46 - 2020-01-07 22:03 - 000000000 ____D C:\ProgramData\Package Cache
2024-02-03 16:40 - 2023-11-12 18:07 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\OrcaSlicer

==================== Files in the root of some directories ========

2022-12-14 12:40 - 2022-12-14 16:29 - 000004216 _____ () C:\Users\eiko-\AppData\Roaming\LTspiceXVII.ini
2023-05-17 20:17 - 2023-05-17 20:17 - 000003249 _____ () C:\Users\eiko-\AppData\Local\recently-used.xbel
2022-02-20 02:10 - 2022-02-20 02:10 - 000007605 _____ () C:\Users\eiko-\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
                                                  Addition new scan:
                                                  [HEADING=1]
                                                  Code:
                                                  Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by eiko- (04-03-2024 09:30:43)
Running from C:\Users\eiko-\Desktop
Microsoft Windows 11 Home Version 23H2 22631.3155 (X64) (2023-04-20 14:28:59)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1421055718-2087356316-1872245878-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1421055718-2087356316-1872245878-503 - Limited - Disabled)
eiko- (S-1-5-21-1421055718-2087356316-1872245878-1001 - Administrator - Enabled) => C:\Users\eiko-
Gast (S-1-5-21-1421055718-2087356316-1872245878-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1421055718-2087356316-1872245878-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM...{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.008.20555 - Adobe)
Adobe Refresh Manager (HKLM-x32...{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Altium Designer 23 (HKLM...\Altium Designer {A9B34CD7-40BF-42A8-8F33-55BA03B6232C}) (Version: 23.11.1.41 - Altium Limited)
AMD Ryzen Master SDK (HKLM...{DBD50508-5F75-416B-995D-C42433A00944}) (Version: 2.1.0.1236 - Advanced Micro Devices, Inc.)
Anaconda3 2023.03-1 (Python 3.10.9 64-bit) (HKLM...\Anaconda3 2023.03-1 (Python 3.10.9 64-bit)) (Version: 2023.03-1 - Anaconda, Inc.)
Anki (HKLM-x32...\Anki) (Version: 2.1.55 - )
Anno 1800 (HKLM-x32...\Uplay Install 4553) (Version: - Ubisoft)
AnycubicPhotonWorkshop (HKLM...{C48D4F03-E59D-475F-B34D-E618A500C118}is1) (Version: - Anycubic)
Arduino (HKLM-x32...\Arduino) (Version: 1.8.13 - Arduino LLC)
Autodesk Fusion 360 (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.17954 - Autodesk, Inc.)
CLion 2022.1 (HKLM-x32...\CLion 2022.1) (Version: 221.5080.224 - JetBrains s.r.o.)
CodeMeter Runtime Kit v6.30d (HKLM...{627EBCBD-71C2-4FDE-9BEA-3AF7F03FBE10}) (Version: 6.30.2280.504 - WIBU-SYSTEMS AG)
CODESYS V3.5 SP10 Patch 4 (HKLM-x32...{91B73AA2-4B42-481F-9ECD-03AB9C6016DF}) (Version: 3.5.10.407 - 3S-Smart Software Solutions GmbH) Hidden
CODESYS V3.5 SP10 Patch 4 (HKLM-x32...\InstallShield{91B73AA2-4B42-481F-9ECD-03AB9C6016DF}) (Version: 3.5.10.407 - 3S-Smart Software Solutions GmbH)
CORSAIR iCUE Software (HKLM-x32...{30D73167-BD7C-473A-AF2F-BBC194FA42D4}) (Version: 3.24.52 - Corsair)
Crucial Storage Executive (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Crucial Storage Executive 9.01.012023.01) (Version: 9.01.012023.01 - Crucial)
CrystalDiskInfo 8.13.3 (HKLM...\CrystalDiskInfo_is1) (Version: 8.13.3 - Crystal Dew World)
CurseForge (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.244.4.1 - Overwolf app)
Discord (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Discord) (Version: 0.0.311 - Discord Inc.)
Dokan Library 1.5.1.1000 (x64) (HKLM...{65A3A964-3DC3-0105-0001-211126123627}) (Version: 1.5.1.1000 - Dokany Project) Hidden
Dokan Library 1.5.1.1000 Bundle (HKLM-x32...{05c046de-f751-48c8-b8d3-77259ea88eb7}) (Version: 1.5.1.1000 - Dokany Project)
Dragon Center (HKLM-x32...{B252FABF-9582-4824-B02B-6D2DC93685C7}}_is1) (Version: 1.0.0.63 - MSI)
draw.io 22.0.2 (HKLM...\27a75bf3-be48-5c35-934f-8491cf108abe) (Version: 22.0.2 - JGraph)
ENE RGB HAL (HKLM...{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32...{9f93601b-15ea-4e69-8d7c-dfa0f29ae04e}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM...{1CD178C9-BB49-4E59-9DA6-3C152E2A9844}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32...{fe81cfd3-9db4-409d-b0f9-26707d1423c6}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32...{9483ABD9-C772-487B-ADF8-09347CF8F2D2}) (Version: 1.3.93.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM...{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32...{57A956AB-4BCC-45C6-9B40-957E4E125568}) (Version: 2.0.44.0 - Epic Games, Inc.)
FreeFileSync (HKLM-x32...\FreeFileSync_is1) (Version: 12.2 - FreeFileSync.org)
Fritzing (HKLM...{62E4A8BF-5F3B-49E0-9ECE-3140C049FA34}) (Version: 0.9.10.0 - Fritzing GmbH)
GIMP 2.10.22 (HKLM...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team)
Git (HKLM...\Git_is1) (Version: 2.42.0.2 - The Git Development Community)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 122.0.6261.95 - Google LLC)
HWiNFO64 Version 6.12 (HKLM...\HWiNFO64_is1) (Version: 6.12 - Martin Malik - REALiX)
Immortals Fenyx Rising (HKLM-x32...\Uplay Install 5405) (Version: - Ubisoft)
Inkscape (HKLM...{B57F4693-8866-4053-B706-901E03F3301B}) (Version: 1.2.2 - Inkscape)
Java 8 Update 401 (64-bit) (HKLM...{71024AE4-039E-4CA4-87B4-2F64180401F0}) (Version: 8.0.4010.10 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32...{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
logisim-evolution (HKLM...{BFAB7B04-8835-36CF-87DB-D1E3A319406E}) (Version: 3.8.0 - logisim-evolution developers)
Logitech Options (HKLM...\LogiOptions) (Version: 8.54.161 - Logitech)
LTspice XVII (HKLM...\LTspice XVII) (Version: - Linear Technology Corporation)
Malwarebytes version 5.0.17.99 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.0.17.99 - Malwarebytes)
Microsoft .NET Host - 5.0.4 (x64) (HKLM...{DD901386-A294-4FF1-A683-0EFF5C66209A}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.4 (x86) (HKLM-x32...{9BFB6AF7-641C-4B52-82CA-43F5A4FD288E}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.8 (x64) (HKLM...{19FCE07F-2A75-44AC-9EA5-8E29FE2F8DBE}) (Version: 56.35.63143 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.4 (x64) (HKLM...{773EF543-570F-4746-953A-3CB19DFCB3E2}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.4 (x86) (HKLM-x32...{79D32D19-A148-4E8E-AC31-2FC90CDBBFA8}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.8 (x64) (HKLM...{174E0D7C-F2C9-49A2-83FB-95A0FE6FA023}) (Version: 56.35.63143 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.4 (x64) (HKLM...{879C9645-ADF3-4697-915B-00B76EBA629F}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.4 (x86) (HKLM-x32...{D523398E-D0EE-4F91-AE81-A27222A621DA}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.8 (x64) (HKLM...{B45C77BA-0B4E-4FBB-99B9-9774ECBE20AA}) (Version: 56.35.63143 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 122.0.2365.66 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32...\Microsoft EdgeWebView) (Version: 122.0.2365.59 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32...{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - de-de (HKLM...\ProPlus2019Volume - de-de) (Version: 16.0.10407.20032 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\OneDriveSetup.exe) (Version: 24.020.0128.0003 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Teams) (Version: 1.6.00.33567 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM...{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.23.35502 - Microsoft)
Microsoft Update Health Tools (HKLM...{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM...{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM...{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32...{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32...{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM...{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM...{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32...{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32...{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32...{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32...{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32...{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32...{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM...{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM...{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM...{7C0242A3-8B66-35D1-9FE0-13B426ACB609}) (Version: 10.0.60729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.86.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.4 (x64) (HKLM...{A04C83D6-2FC0-4F09-9166-E870E5A9E168}) (Version: 40.16.29817 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.4 (x64) (HKLM-x32...{ff817559-f11f-4faa-af52-26feb4b46fff}) (Version: 5.0.4.29817 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.4 (x86) (HKLM-x32...{0F1B4D8B-545C-4C65-BA29-3F564C2F6915}) (Version: 40.16.29817 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.4 (x86) (HKLM-x32...{a83b07f3-e0e5-4402-87d4-3d1acf79c42a}) (Version: 5.0.4.29817 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.8 (x64) (HKLM...{3133BC55-90BD-4B87-82A2-6670B3CAFB81}) (Version: 56.35.63153 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.8 (x64) (HKLM-x32...{d260fcb6-95b8-4c81-8e07-ce75876ffca2}) (Version: 7.0.8.32619 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32...{810F1419-7760-402E-8772-B4054FAA2B72}) (Version: 1.0.0.0 - Mojang)
Nefarius Virtual Gamepad Emulation Bus Driver (HKLM...{93D91F60-7C94-4A79-863F-EA713D2EB3F3}) (Version: 1.17.333.0 - Nefarius Software Solutions e.U.)
Nextcloud (HKLM...{27596A6F-750F-4996-A5C2-A980522ED1C4}) (Version: 3.4.1.20211221 - Nextcloud GmbH)
Notion 2.0.47 (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\fcdf0d7f-424b-5f10-a1c7-a8f643f21adf) (Version: 2.0.47 - Notion Labs, Inc)
Notion 3.1.0 (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\661f0cc6-343a-59cb-a5e8-8f6324cc6998) (Version: 3.1.0 - Notion Labs, Inc)
NVIDIA GeForce Experience 3.20.2.34 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.2.34 - NVIDIA Corporation)
NVIDIA Grafiktreiber 456.71 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM...{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10407.20032 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM...{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10407.20032 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM...{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.10407.20032 - Microsoft Corporation) Hidden
OnePlus USB Drivers 1.00 (HKLM-x32...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
OrcaSlicer (HKLM-x32...\OrcaSlicer) (Version: 1.8.0 - SoftFever)
Overwolf (HKLM-x32...\Overwolf) (Version: 0.242.0.12 - Overwolf Ltd.)
PDF24 Creator 11.8.0 (HKLM...{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.8.0 - PDF24.org)
PowerToys (Preview) (HKLM...{6F3910F2-DA29-490C-811F-D3691B134A61}) (Version: 0.77.0 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32...{1aada4d0-ca73-4389-8f63-73923c771fd4}) (Version: 0.77.0 - Microsoft Corporation)
Prusa3D Version 2.5.0 (HKLM...\Prusa3D_is1) (Version: 2.5.0 - Prusa Research a.s.)
PrusaSlicer Version 2.5.0 (HKLM...\PrusaSlicer_is1) (Version: 2.5.0 - Prusa Research s.r.o.)
Qalculate! (HKLM...{F4803C78-0331-4EE2-9103-33FB0673E2D3}) (Version: 4.8.1 - Hanna Knutsson)
Raspberry Pi Imager (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Raspberry Pi Imager) (Version: 1.7.5 - Raspberry Pi Ltd)
Recuva (HKLM...\Recuva) (Version: 1.53 - Piriform)
RogueKiller version 15.15.2.0 (HKLM...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.15.2.0 - Adlice Software)
SAP Crystal Reports runtime engine for .NET Framework (64-bit) (HKLM...{F9B436DD-8D48-430E-BA89-F85DFA452C55}) (Version: 13.0.9.1312 - SAP)
Snapmaker Luban 3.8.0 (HKLM...{4c329381-cbe6-5eac-8b35-1ff73ff2e943}) (Version: 3.8.0 - Snapmaker Dev Team)
Snapmaker Luban 4.4.0 (HKLM...\4c329381-cbe6-5eac-8b35-1ff73ff2e943) (Version: 4.4.0 - Snapmaker Dev Team)
SQLite ODBC Driver for Win64 (remove only) (HKLM-x32...\SQLite ODBC Driver for Win64) (Version: - )
Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeighaX 4.00 (x64) (HKLM...{2AB65377-C672-498E-BE74-5C60CCFEAC5C}) (Version: 4.0.0 - Open Design Alliance)
Trackmania (HKLM-x32...\Uplay Install 5595) (Version: - Ubisoft)
Ubisoft Connect (HKLM-x32...\Uplay) (Version: 101.0 - Ubisoft)
UltiMaker Cura 5.3.1 (HKLM-x32...\UltiMaker Cura 5.3.1-5.3.1) (Version: 5.3.1 - UltiMaker)
VHDPlus IDE (64bit) (HKLM...{715CFA00-2211-47A2-AD88-87EC71B9564E}) (Version: 0.11.1.0 - VHDPlus)
Virtual-C IDE (HKLM...{59A5E95F-ABEA-48BF-B3AC-B9A78A17E144}) (Version: 2.2.2 - VirtualC)
VLC media player (HKLM...\VLC media player) (Version: 3.0.18 - VideoLAN)
Windows-PC-Integritätsprüfung (HKLM...{63EFBDB5-01B0-4614-BE9F-7F1908E42275}) (Version: 3.1.2109.29003 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM...{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinSCP 6.1.1 (HKLM-x32...\winscp3_is1) (Version: 6.1.1 - Martin Prikryl)
Zoom (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\ZoomUMX) (Version: 5.16.10 (26186) - Zoom Video Communications, Inc.)
[HEADING=1]Packages:[/HEADING]
Adobe Acrobat Reader → C:\Program Files\Adobe\Acrobat DC [2024-02-16] ()
Any Zip → C:\Program Files\WindowsApps\AnywaySoftInc.AnyZip_2.1.2.0_x64__0qkrc2qacwvfm [2024-02-28] (AnywaySoft, Inc.) [MS Ad]
Dev Home → C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1100.416.0_x64__8wekyb3d8bbwe [2024-02-24] (Microsoft Corporation)
HP Smart → C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_151.3.1092.0_x64__v10z8vjag6ke6 [2024-02-28] (HP Inc.)
Media Engine-Add-On für Fotos → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-03-29] (Microsoft Corporation)
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2024-02-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2024-02-28] (Microsoft Corporation) [MS Ad]
Microsoft Family → C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-14] (Microsoft Corp.)
Microsoft Teams (work or school) → C:\Program Files\WindowsApps\MSTeams_24004.1309.2689.2246_x64__8wekyb3d8bbwe [2024-03-01] (Microsoft) [Startup Task]
Microsoft.AV1VideoExtension → C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-08-17] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS → C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-01-10] (Microsoft Corporation)
NVIDIA Control Panel → C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-04-20] (NVIDIA Corp.)
PowerToys ImageResizer Context Menu → C:\Program Files\PowerToys [2024-02-03] (Microsoft)
PowerToys PowerRename Context Menu → C:\Program Files\PowerToys\WinUI3Apps [2024-02-03] (Microsoft)
Prime Video for Windows → C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.153.0_x64__pwbj9vvecjh7j [2024-01-13] (Amazon Development Centre (London) Ltd)
Samsung Account → C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAccount_1.23.12130.0_x64__3c1yjt4zspk6g [2024-01-13] (Samsung Electronics Co. Ltd.)
Samsung Notes → C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungNotes_4.3.239.0_x64__wyx1vj98g3asy [2024-02-06] (Samsung Electronics Co, Ltd.) [Startup Task]
Solitaire & Casual Games → C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-29] (Microsoft Studios) [MS Ad]
Spotify Music → C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0 [2024-02-29] (Spotify AB) [Startup Task]
WhatsApp → C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2407.10.0_x64__cv1g1gvanyjgm [2024-02-28] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack → C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-02-14] (Microsoft Corporation)
WinZipComputing.WinZipDesktopSubscription → C:\Program Files\WindowsApps\WinZipComputing.WinZipDesktopSubscription_76.5.15635.0_x64__3ykzqggjzj4z0 [2023-10-08] (WinZip Computing) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{04271989-C4D2-AE62-65FD-0434D8A5067B} → [OneDrive - haw-hamburg.de] => D:\OneDrive - haw-hamburg.de [2021-10-28 13:10]
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{10144713-1526-46C9-88DA-1FB52807A9FF}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.SvgThumbnailProviderCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{13357088-9834-0409-1600-134951500000}\localserver32 → C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. → Adobe)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 → C:\Users\eiko-\AppData\Local\Microsoft\TeamsMeetingAddin\1.23.35502\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{38142727-3008-9161-1521-349515000000}\localserver32 → C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. → Adobe)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{38398caf-42a4-4800-b39a-6721ecbcf0e4} → [Nextcloud - Eiko@192.168.100.220] => C:\Users\eiko-\Nextcloud2 [2022-05-02 17:15]
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{5ea9a442-5352-ed6e-d37f-9d511e7e2caa}\localserver32 → C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{60789D87-9C3C-44AF-B18C-3DE2C2820ED3}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.MarkdownPreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{729B72CD-B72E-4FE9-BCBF-E954B33FE699}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.QoiPreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 → C:\Users\eiko-\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS → A-Volute)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{84696c5b-1f1c-44ab-ac43-c9c6ce85c2dc} → [Nextcloud - Eiko@192.168.100.220] => C:\Users\eiko-\Nextcloud
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{A0257634-8812-4CE8-AF11-FA69ACAEAFAE}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.GcodePreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{AD856B15-D25E-4008-AFB7-AFAA55586188}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.QoiThumbnailProviderCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 → C:\Users\eiko-\AppData\Local\Autodesk\webdeploy\production\b0c303e70bd97cfdc195adab65922cfeffcb363a\NPreview10.dll (Autodesk, Inc. → )
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 → C:\Users\eiko-\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{F2847CBE-CD03-4C83-A359-1A8052C1B9D5}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.GcodeThumbnailProviderCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{FCDD4EED-41AA-492F-8A84-31A1546226E0}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.SvgPreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ NextcloudError] → {E0342B74-7593-4C70-9D61-22F294AAFE05} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudOK] → {E1094E94-BE93-4EA2-9639-8475C68F3886} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudOKShared] → {E243AD85-F71B-496B-B17E-B8091CBE93D2} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudSync] → {E3D6DB20-1D83-4829-B5C9-941B31C0C35A} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudWarning] → {E4977F33-F93A-4A0A-9D3C-83DEA0EE8483} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ContextMenuHandlers2: [FileLocksmithExt] → {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2024-01-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers3: [FileLocksmithExt] → {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2024-01-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-28] (Malwarebytes Inc. → Malwarebytes)
ContextMenuHandlers3: [NextcloudContextMenuHandler] → {BC6988AB-ACE2-4B81-84DC-DC34F9B24401} => C:\Program Files\Nextcloud\shellext\NCContextMenu.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ContextMenuHandlers3: [PowerRenameExt] → {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2024-01-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers4: [RecuvaShellExt] → {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED → Piriform Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] → {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvshext.dll [2020-10-07] (NVIDIA Corporation → NVIDIA Corporation)
ContextMenuHandlers5: [PowerRenameExt] → {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2024-01-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-28] (Malwarebytes Inc. → Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] → {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED → Piriform Software Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-06-19 10:25 - 2019-06-19 10:25 - 000209920 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\AacHal_x86.dll
2018-03-20 14:34 - 2018-03-20 14:34 - 000265728 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\SB_SMBUS_SDK.dll
2019-06-28 10:51 - 2019-06-28 10:51 - 000184832 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE_EHD_M2_HAL\AacHal_x86.dll
2020-01-07 22:07 - 2020-01-07 22:05 - 000237568 _____ () [File not signed] D:\Programme\Dragon Center\Mystic_Light\LEDControl.dll
2020-01-09 18:18 - 2019-01-28 06:00 - 000254464 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNCALDL.DLL
2020-01-09 18:18 - 2019-01-10 05:00 - 001302016 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMLMDL.DLL
2020-01-07 22:07 - 2020-01-07 22:05 - 002200784 _____ (Dexin Corp → MICRO-STAR INTERNATIONAL) [File not signed] D:\Programme\Dragon Center\Mystic_Light\IcMSIDll.dll
2020-01-07 22:07 - 2020-01-07 22:07 - 002200784 _____ (Dexin Corp → MICRO-STAR INTERNATIONAL) [File not signed] D:\Programme\Dragon Center\Mystic_Light\Lib\IcMSIDll.dll
2019-11-15 10:53 - 2019-11-15 10:53 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] D:\Programme\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2020-01-07 22:07 - 2020-01-07 22:07 - 000399872 _____ (TODO: <公司名稱>) [File not signed] D:\Programme\Dragon Center\Mystic_Light\Lib\SDKDLL.dll
2016-09-29 05:30 - 2016-09-29 05:30 - 000220160 _____ (WIBU-SYSTEMS AG) [File not signed] C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.lDe

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:CM_2a732c3f1e3eb40b63fe062d0180f157c71684af0a0442ab953224075801bb78 [74]
AlternateDataStreams: C:\Windows:CM_bf41c588bad5a092a453669c0d3c66d1ec2c072fbf5c15cc6acda24c9e4d0955 [74]
AlternateDataStreams: C:\Users\eiko-\Desktop\RogueKiller_setup.exe:MBAM.Zone.Identifier [187]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => “”=“Service”

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes\regfile: <==== ATTENTION

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre-1.8\bin\ssv.dll [2023-12-19] (Oracle America, Inc. → Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll [2023-12-19] (Oracle America, Inc. → Oracle Corporation)
BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2024-01-13] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\localhost → localhost
IE trusted site: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\sharepoint.com → hxxps://hawhamburgde-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2024-02-28 16:35 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path → C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Windows\System32\OpenSSH;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;%SYSTEMROOT%\System32\OpenSSH;C:\Program Files\dotnet;C:\Program Files (x86)\dotnet;C:\Program Files\Crucial\Crucial Storage Executive;C:\Program Files\Git\cmd
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Control Panel\Desktop\Wallpaper → C:\Users\eiko-\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\15248146012458418531\133536187855421893.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM...\StartupApproved\StartupFolder: => “WinZip Preloader.lnk”
HKLM...\StartupApproved\StartupFolder: => “CodeMeter Control Center.lnk”
HKLM...\StartupApproved\Run: => “PDF24”
HKLM...\StartupApproved\Run32: => “CORSAIR iCUE Software”
HKLM...\StartupApproved\Run32: => “IJNetworkScannerSelectorEX2”
HKLM...\StartupApproved\Run32: => “CanonQuickMenu”
HKLM...\StartupApproved\Run32: => “PDFPrint”
HKLM...\StartupApproved\Run32: => “GatewaySysTray”
HKLM...\StartupApproved\Run32: => “CODESYSControlSysTray”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\StartupFolder: => “An OneNote senden.lnk”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “OneDrive”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “Steam”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “Discord”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “Overwolf”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “Nextcloud”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “MicrosoftEdgeAutoLaunch_322C183E72E821C8032805843FDA8DCC”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “com.squirrel.Teams.Teams”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “RiotClient”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “EpicGamesLauncher”

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DC38C056-7BC6-402C-8C7E-0D09D1A7B84F}] => (Block) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [{81AACDE4-9800-490D-B67E-F513665C9918}] => (Block) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [UDP Query User{AD788EA4-4AC7-4DEB-AD15-60BB29596564}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{92CF064D-57DB-46A0-9AFF-4D88B7A620E5}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [UDP Query User{0F4A798B-5889-4F92-9609-5A18A87BE9D1}D:\programme\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) D:\programme\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{5BDA5EB0-9575-4832-80AC-C853FD95A948}D:\programme\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) D:\programme\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{8330EB73-AB1C-41CA-9755-39A390E36176}D:\programme\freefilesync\bin\freefilesync_x64.exe] => (Allow) D:\programme\freefilesync\bin\freefilesync_x64.exe (Florian BAUER → FreeFileSync.org)
FirewallRules: [TCP Query User{8D7F5CE9-0C93-4AA4-A37F-7964AA9BAD77}D:\programme\freefilesync\bin\freefilesync_x64.exe] => (Allow) D:\programme\freefilesync\bin\freefilesync_x64.exe (Florian BAUER → FreeFileSync.org)
FirewallRules: [{2B27175F-CF4D-4A4F-AD7D-65A0B35F8935}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{E1B86E19-0D33-4630-8FF7-277C68AABBFC}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{6B3EADBD-3708-4F4B-9EF5-06BA20CE694F}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{F4CFF23C-172A-431D-B83E-990FD7F8C7F4}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [UDP Query User{043ECEF8-8109-40B8-84AD-19CFAE5B6E76}D:\programme\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) D:\programme\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [TCP Query User{BE6CA684-F767-440E-B229-7C99913C3337}D:\programme\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) D:\programme\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{65184F1F-8F38-4CE4-AA73-22C8F93537CB}D:\programme\install\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\programme\install\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{FCBF3D6D-D1A2-497A-AC73-647AAF1DA470}D:\programme\install\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\programme\install\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{38F4B99D-25BE-4655-9C28-43100D3F530D}] => (Allow) C:\Users\eiko-\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{055487D4-80A4-4764-B807-1424EE5FD5F4}] => (Allow) D:\Programme\Ubisoft Game Launcher\games\Anno 1800\Bin\Win64\Anno1800.exe (UBISOFT ENTERTAINMENT INC. → Ubisoft)
FirewallRules: [{9512345D-6394-465C-8E3B-5F33DE5EC10B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{C675973E-8322-4C2C-97EB-5D07079A99F0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{D1330097-8553-48E2-BFE5-3EEEB543BB39}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{287A857D-70DA-42BB-BFF6-F454D73B29F5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{45AE92CD-EA04-4379-8578-613E0030B301}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{91039128-6EF6-4727-9C42-C448B4C5D10F}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Mythology\AoMX.exe (Microsoft Corp) [File not signed]
FirewallRules: [{6B4D91F0-7455-4AC3-884B-98C1803A6167}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Mythology\AoMX.exe (Microsoft Corp) [File not signed]
FirewallRules: [{EBF76231-D441-433F-8DAD-7CDFC8468D3E}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Mythology\Launcher.exe (TODO: ) [File not signed]
FirewallRules: [{217F66B7-11A6-4DFD-80CC-B6D79F5CEC18}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Mythology\Launcher.exe (TODO: ) [File not signed]
FirewallRules: [{DFC0EB80-5C53-4CFD-B783-86F6FE6C8D24}] => (Allow) D:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{E9B135D1-5AEC-4E80-9760-758BC2ED25E5}] => (Allow) D:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{DBA546C7-062E-4537-BBAC-803DDD3D6A7E}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC → Futuremark)
FirewallRules: [{7387F38A-6876-49EC-B2B0-9E71D96ECC72}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC → Futuremark)
FirewallRules: [{9A7F8F80-CAB5-4216-8F4E-483D2684F91B}] => (Allow) D:\Programme\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{C6BB91F1-1D99-4F69-A490-B20D99D436CF}] => (Allow) D:\Programme\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{C41D44F6-ED97-461A-AA06-94A5A39A07A1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{5976B0C1-5ACC-4485-BDA9-EEA8754EEE6F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{6E369597-3084-4050-B043-600D6ABA1FB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{C66A0230-400B-493A-8C1B-F00C17D1BEF2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{F871D8FB-3F4D-421D-AAE3-9F6B20048843}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{454E7A75-1C3C-4DFD-8207-0E864B2F1ABA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [TCP Query User{D4BA32A3-FDF4-4C07-BC62-83B179C6506E}D:\programme\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\programme\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{936F2D13-DF5E-458B-A955-851D5B4FB563}D:\programme\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\programme\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{CCA06AF5-66CF-4F13-AB71-F9C39825990B}D:\programme\arduino\java\bin\javaw.exe] => (Allow) D:\programme\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{2AA2A08E-9AD4-4EB0-B55E-469CDF39360F}D:\programme\arduino\java\bin\javaw.exe] => (Allow) D:\programme\arduino\java\bin\javaw.exe
FirewallRules: [{495F5E7C-5384-436C-B273-A178C723B2DD}] => (Allow) D:\Programme\Ubisoft Game Launcher\games\Trackmania\trackmania.exe (NADEO SASU → Nadeo)
FirewallRules: [{F362C656-6E2B-41BC-BFBB-8CE01081C3C5}] => (Allow) D:\Programme\Ubisoft Game Launcher\games\Trackmania\trackmania.exe (NADEO SASU → Nadeo)
FirewallRules: [TCP Query User{35E3D4E4-4F09-440B-AB5B-45B905483E2C}C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [UDP Query User{B757C28E-7F67-4FC1-A65A-A42EB464EA26}C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{2E361E33-CE02-4280-9B42-54AA9EA954D8}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{E46CE610-C8BD-47B6-8BD8-6F88F29BF20A}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{CE0A55A3-B0F5-40D0-A062-62FBE8739C3C}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{C7F1E4E8-58A9-43F1-AA76-79CECBD2D03F}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{2AB7E746-53EB-4DAD-9654-236D5600CAD2}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc → Logitech, Inc.)
FirewallRules: [{3268EFBE-4C81-49C9-AD48-EDC3335758F9}] => (Allow) C:\Users\eiko-\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{7D17E545-BF8E-4FA8-A01A-08972AEF9CBB}] => (Allow) C:\Users\eiko-\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{80574D36-E00A-4A9A-8191-87D405ED45C3}] => (Allow) C:\Users\eiko-\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{75C4C195-B5F7-4632-8014-53F1FCE8B0ED}C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [UDP Query User{0A70D895-87A9-4B9C-82F2-97CFA3FC0A7F}C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{FF239137-D032-45F6-B263-143C815C103C}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Empires IV\RelicCardinal.exe (RELIC ENTERTAINMENT, INC. → Relic Entertainment)
FirewallRules: [{8F25C6C8-5F22-43F1-AD9A-25875FCB0E98}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Empires IV\RelicCardinal.exe (RELIC ENTERTAINMENT, INC. → Relic Entertainment)
FirewallRules: [TCP Query User{306288FF-4DE5-4EB1-8866-D00FE9C273A8}D:\programme\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\programme\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{EC39A673-930D-49EC-9135-9B866A1A0033}D:\programme\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\programme\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{17BBF18F-A806-495E-93D3-6C38E8158BD2}D:\programme\arduino\java\bin\javaw.exe] => (Allow) D:\programme\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{4CCC7730-F912-4056-BBA6-F50BE4F9EE6A}D:\programme\arduino\java\bin\javaw.exe] => (Allow) D:\programme\arduino\java\bin\javaw.exe
FirewallRules: [{F0B59BBA-FB70-48B0-8CF3-9153EF7B7BC3}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG)
FirewallRules: [{3D58B04D-AFD0-4482-A115-7571E50C4558}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG)
FirewallRules: [{08D56A1D-3837-4F57-90CF-849116B7E206}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG)
FirewallRules: [{5B29FA0B-29F5-416D-ABB2-290897BC05FA}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\CODESYS.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{015A8D3D-F40C-4BB5-A5A7-74AA118AAD76}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\CODESYS.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{475F8A65-BC13-4BB3-A1EA-1FF2C99EC3C5}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\CODESYS.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{395F3D88-3380-4201-873C-014EC07E72EE}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\CODESYS.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{15ECB879-60C4-42F4-94BE-66A38BB6CC48}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\RepTool.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{E3B1E9C9-200D-465E-AD9C-622FDA031CF3}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\RepTool.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{9BAB2765-B9DE-4A99-8182-1B1981DC23B1}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\RepTool.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{8B99EB7C-E07A-4126-B1D6-52FF044E7862}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\RepTool.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{CBB56258-647F-4608-8384-296265CCADBB}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\IPMCLI.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{99C74BD9-106E-4CD6-A6C5-0E39F9097B6D}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\IPMCLI.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{2937A2BD-18E2-46CB-A6F2-83A475A1BF2D}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\IPMCLI.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{D6ED8DD3-E2F1-4B55-95B0-16309EE0B082}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\IPMCLI.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{AA40FF9F-72BC-42D8-A8C0-D330563CE228}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{F2BD632C-2FA0-4AAC-9024-26D7A1A99CEC}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{91238EAC-87E7-4297-9329-E302BE237483}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{FFE70F5B-1EAA-4C55-954C-E763DCD1E0B1}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{CEE39792-4A68-4970-8615-FEBA29CF7019}] => (Allow) C:\Windows\SysWOW64\Gateway.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{6B8FB6D7-1CFB-412D-9CF5-23706446F401}] => (Allow) C:\Windows\SysWOW64\Gateway.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{DD5D6F82-F8CD-45DF-8BCD-4B52EE5C701F}] => (Allow) C:\Windows\SysWOW64\Gateway.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{C0A7C768-654B-46F7-AA9E-6D111B46F844}] => (Allow) C:\Windows\SysWOW64\Gateway.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{EC09C64B-FC0B-4DB8-8905-631E7C445096}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{3E8FC8EC-4359-4FAB-9653-F65D906A650A}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{B852E5C9-F6BA-4C97-9785-569D1E33A681}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{D80E72AE-7250-42D7-846D-0FA9AA12ACE8}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{B8951E4A-334B-4072-8C39-BED285225477}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{464A1A85-0515-435B-9086-C2EF53D93886}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{67625BC9-F345-4610-8730-700695486F99}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{5C710ECE-9777-4488-9D5E-CB7990EE78AA}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [TCP Query User{5286CD36-1CA4-4B8A-BFA6-9CCB2E7B2A50}C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe] => (Allow) C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe () [File not signed]
FirewallRules: [UDP Query User{E0515BBA-3DB8-46D5-B642-49EA0C99180B}C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe] => (Allow) C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe () [File not signed]
FirewallRules: [{F2FEF788-42EB-4946-BE43-66B4627CB7E6}] => (Block) C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe () [File not signed]
FirewallRules: [{AF9965FD-F81F-44F1-AF57-9CC445DD513F}] => (Block) C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe () [File not signed]
FirewallRules: [TCP Query User{68E6CF3C-38A7-4EB9-96CC-F84EFFE857A4}C:\program files\orcaslicer\orca-slicer.exe] => (Allow) C:\program files\orcaslicer\orca-slicer.exe (SoftFever) [File not signed]
FirewallRules: [UDP Query User{4A6434BA-95EE-4311-802B-664A774B682E}C:\program files\orcaslicer\orca-slicer.exe] => (Allow) C:\program files\orcaslicer\orca-slicer.exe (SoftFever) [File not signed]
FirewallRules: [TCP Query User{58C3F345-F0B7-4F88-B4FB-7D5FB56FF212}C:\program files\altium\ad23\x2.exe] => (Allow) C:\program files\altium\ad23\x2.exe (Altium LLC → Altium LLC)
FirewallRules: [UDP Query User{E6831222-A353-4556-8C88-C187BBE6FB54}C:\program files\altium\ad23\x2.exe] => (Allow) C:\program files\altium\ad23\x2.exe (Altium LLC → Altium LLC)
FirewallRules: [TCP Query User{B658F0F2-0674-4EAF-97A3-24F9862C0969}C:\program files\logisim-evolution\logisim-evolution.exe] => (Allow) C:\program files\logisim-evolution\logisim-evolution.exe () [File not signed]
FirewallRules: [UDP Query User{82C35AEA-279C-4D8D-BE9A-1141D3EB63BD}C:\program files\logisim-evolution\logisim-evolution.exe] => (Allow) C:\program files\logisim-evolution\logisim-evolution.exe () [File not signed]
FirewallRules: [{607F91DD-70EF-4778-A667-37E964C97E6C}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24004.1403.2634.2418_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{4E963323-DBE0-4EB8-BE46-948D296EF8C5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24004.1403.2634.2418_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{AD6D52A6-184E-4609-A83F-3B1BFDE17A5D}] => (Allow) C:\Program Files\PowerToys\PowerToys.MouseWithoutBorders.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{5FD1FC2C-9153-4A41-A69D-61626F835630}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{ADFA4932-EA8F-4E46-AAAE-E58B935BE380}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{79068DF1-AF19-45E5-8157-7A928B4CB6D4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{87149421-DD07-4E19-9819-17347BB6C14A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{08C12255-4807-4EA2-B22B-5987EF309E67}] => (Allow) D:\Programme\Steam\steamapps\common\Supermarket Simulator\Supermarket Simulator.exe () [File not signed]
FirewallRules: [{CE7704F2-FF6A-484C-A27E-40464706FE3A}] => (Allow) D:\Programme\Steam\steamapps\common\Supermarket Simulator\Supermarket Simulator.exe () [File not signed]
FirewallRules: [{D852E223-3EF6-4721-BF19-6272F579654F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{19D9484A-641B-45B8-B664-A9C371F01661}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{689D3F45-EE85-48AF-8302-A98FEB500ABC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{8E5064E6-A832-42FF-B94D-F2C1C77EB730}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{DA8157EF-5A48-45D9-9F37-342773C8472F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{35BF3957-EA38-4892-A47D-A78804388403}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{48E1678E-D52E-43C2-8FE4-5DC3EE9E5432}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{DFD79D3E-4338-4EEA-999C-528A5CAC8483}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{C172A26F-78BB-48C2-BD26-EA96E4822135}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{0E857EA6-A4E5-4ED8-9C54-64D13821B44E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{B837D140-10B7-4DDF-8269-D941A4CAF4D9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.59\msedgewebview2.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{B2A138D0-F9E4-4698-9DD1-1EB7C7AD2D8A}] => (Allow) D:\Programme\Overwolf\0.242.0.11\OverwolfBrowser.exe => No File
FirewallRules: [{415602F8-E1B7-4ABF-9E7D-6815C6D59696}] => (Allow) D:\Programme\Overwolf\0.242.0.11\OverwolfBrowser.exe => No File
FirewallRules: [{45244B3F-8373-4486-A556-B3E76E3EECE6}] => (Block) D:\Programme\Overwolf\0.242.0.11\OverwolfBrowser.exe => No File
FirewallRules: [{DA1A8918-44D1-4DA1-A159-037A7957C8FC}] => (Block) D:\Programme\Overwolf\0.242.0.11\OverwolfBrowser.exe => No File
FirewallRules: [{A7F73065-A310-4FA7-B8E8-AC28FEC462BB}] => (Allow) D:\Programme\Overwolf\0.241.0.10\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{53BE1FB6-6D7C-4016-9BE9-ACA17B30CAD8}] => (Allow) D:\Programme\Overwolf\0.241.0.10\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{AE99B29D-2626-46F7-9F22-501881F2E445}] => (Block) D:\Programme\Overwolf\0.241.0.10\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{B47387AD-2143-488F-B24F-E00E7DE32978}] => (Block) D:\Programme\Overwolf\0.241.0.10\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{0DC44328-1923-4AF2-867A-25D5C7ECE9F7}] => (Allow) D:\Programme\Overwolf\0.242.0.12\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{4037986D-C99D-4775-8AFC-BF55CE36CAC9}] => (Allow) D:\Programme\Overwolf\0.242.0.12\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{C4E667EE-64CF-4F90-8CDD-2183265666FE}] => (Allow) D:\Programme\Steam\steamapps\common\Farming Simulator 22\x64\FarmingSimulator2022Game.exe (GIANTS Software GmbH → GIANTS Software GmbH)
FirewallRules: [{5AFEC480-363F-4323-AD7C-DCBDFE540457}] => (Allow) D:\Programme\Steam\steamapps\common\Farming Simulator 22\x64\FarmingSimulator2022Game.exe (GIANTS Software GmbH → GIANTS Software GmbH)
FirewallRules: [{F8ACB089-BB54-45B0-B751-BD5AF952905C}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24004.1309.2689.2246_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{3E606B86-BD68-4A44-8CEC-7E0105D17D00}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24004.1309.2689.2246_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{3DE411ED-C84C-4DFD-BF00-CDAA974F85F4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC)
FirewallRules: [{58963355-4A3E-44B9-9C42-5E84E86DFC04}] => (Allow) LPort=26820
FirewallRules: [{5D09B55C-3DD2-4CFA-906F-0AA480ADEC0C}] => (Allow) LPort=26822
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Restore Points =========================

==================== Faulty Device Manager Devices ============

Name: Phantom TAP-Windows Adapter V9
Description: Phantom TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Phantom TAP-Windows Provider V9
Service: phantomtap
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the “General Properties” tab of the device, click “Troubleshoot” to start the troubleshooting wizard.
Click “Uninstall”, and then click “Scan for hardware changes” to load a usable driver.

==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (03/04/2024 09:31:16 AM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Das Programm SecHealthUI.exe Version 10.0.22621.1 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.

Error: (03/04/2024 09:27:40 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-OSDJ7D2$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Mon, 04 Mar 2024 08:27:40 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 7eb7b5f7-8af1-4563-bce4-bf880b8ef476

Methode: GET(172ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (03/04/2024 09:27:40 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Mon, 04 Mar 2024 08:27:39 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: b934cea6-7e3d-4b98-b0d2-77e9be58f481

Methode: GET(234ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (03/04/2024 09:19:29 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-OSDJ7D2$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Mon, 04 Mar 2024 08:19:28 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: d47bfd28-5a72-4e73-94bd-6f4c24152a3c

Methode: GET(172ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (03/04/2024 09:19:29 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Mon, 04 Mar 2024 08:19:28 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: daeb0517-ccc6-49da-84c0-2cca60b6f596

Methode: GET(1125ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (03/04/2024 09:13:22 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-OSDJ7D2$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Mon, 04 Mar 2024 08:13:22 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 36399955-7eba-4cf6-be3a-7fb95e44f36b

Methode: GET(172ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (03/04/2024 09:13:21 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Mon, 04 Mar 2024 08:13:21 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: b8507d79-93b5-46a6-a2c8-8ca5ef65eb5c

Methode: GET(391ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (03/04/2024 08:59:23 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-OSDJ7D2$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Mon, 04 Mar 2024 07:59:22 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: f2b7a7a9-e86e-4732-98e9-78dab59e1ca7

Methode: GET(187ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
[HEADING=1]System errors:[/HEADING]
Error: (03/04/2024 09:30:26 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OSDJ7D2)
Description: Der Server “{F99A566C-42AE-4DE2-AD4D-D297A04C5433}” konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (03/04/2024 09:29:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst “Microsoft Defender Antivirus-Dienst” wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (03/04/2024 09:27:41 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst “GameInput Service” wurde unerwartet beendet. Dies ist bereits 6 Mal passiert.

Error: (03/04/2024 09:27:41 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst “GameInput Service” wurde mit folgendem Fehler beendet:
Die Verbunddatei “GameInput Service” wurde mit einer neueren Version erstellt.

Error: (03/04/2024 09:27:40 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst “GameInput Service” wurde unerwartet beendet. Dies ist bereits 5 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/04/2024 09:27:40 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst “GameInput Service” wurde mit folgendem Fehler beendet:
Die Verbunddatei “GameInput Service” wurde mit einer neueren Version erstellt.

Error: (03/04/2024 09:27:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst “GameInput Service” wurde unerwartet beendet. Dies ist bereits 4 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/04/2024 09:27:39 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst “GameInput Service” wurde mit folgendem Fehler beendet:
Die Verbunddatei “GameInput Service” wurde mit einer neueren Version erstellt.

Windows Defender:
================Event[0]

Date: 2024-03-02 00:14:02
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren.
Security Intelligence versucht: Aktuell
Fehlercode: 0x80501102
Fehlerbeschreibung: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter “Hilfe und Support”.
Security Intelligence-Version: 1.405.757.0;1.405.757.0
Modulversion: 1.1.24010.10

Date: 2024-02-28 15:24:21
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.349.1208.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiSpyware
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18500.10
Fehlercode: 0x80072f8f
Fehlerbeschreibung: Es ist ein Sicherheitsfehler aufgetreten.

Date: 2024-02-28 15:24:21
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.349.1208.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18500.10
Fehlercode: 0x80072f8f
Fehlerbeschreibung: Es ist ein Sicherheitsfehler aufgetreten.

Date: 2024-02-28 15:24:20
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.349.1208.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18500.10
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.

Date: 2024-02-28 15:24:20
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.349.1208.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18500.10
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2024-03-04 09:29:31
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1.B0 11/08/2019
Motherboard: Micro-Star International Co., Ltd. B450 GAMING PRO CARBON AC (MS-7B85)
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 18%
Total physical RAM: 32716.52 MB
Available physical RAM: 26692.64 MB
Total Virtual: 34764.52 MB
Available Virtual: 26895.19 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.09 GB) (Free:668.08 GB) (Model: CT1000P3SSD8) NTFS
Drive d: (Speicher) (Fixed) (Total:894.24 GB) (Free:422.17 GB) (Model: Patriot Burst) NTFS
Drive e: (SSD Speicher) (Fixed) (Total:119.24 GB) (Free:119.15 GB) (Model: SAMSUNG MZVLW128HEGR-00000) NTFS
Drive x: () (Network) (Total:0 GB) (Free:0 GB)

\?\Volume{e5fef1f2-14bc-41e5-a2cb-6fec93bb4729}\ () (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS
\?\Volume{41e65462-6f71-4c4a-9c2b-c5457b66e6f2}\ () (Fixed) (Total:0.69 GB) (Free:0.06 GB) NTFS
\?\Volume{9ac877f4-f51d-470b-8acb-437c47e286b7}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 894.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
                                                  [/HEADING][/HEADING][/HEADING]

                                                    Comment

                                                    • Malnutrition
                                                      PCHF Moderator
                                                      • Jul 2016
                                                      • 7045
                                                      #14
                                                      OK. I am headed to work for now, you posted the FRST fix twice, and I am assuming that the registry key has been replaced.

                                                      So could you post the malwarebytes log if anything was found, skip that if not and post a new FSS log so that I can see that the key was replaced. I’ll take a look at the logs when I return home.

                                                        Comment

                                                        • Urenis
                                                          PCHF Member
                                                          • Feb 2024
                                                          • 14
                                                          #15
                                                          okay here are the logs from malewarebytes and FRST. malewarebytes found nothing.

                                                          Malewarebytes:

                                                          Code:
                                                          Malwarebytes

https://www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 04.03.2024
Scan-Zeit: 15:30
Protokolldatei: b7356a46-da33-11ee-9584-00d861d1e59f.json

-Softwaredaten-
Version: 5.0.17.99
Komponentenversion: 1.0.1169
Version des Aktualisierungspakets: 1.0.81754
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 11 (Build 22631.3155)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-OSDJ7D2\eiko-

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 344194
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 3 Min., 27 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)

(end)
                                                          FRST:

                                                          Code:
                                                          Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
Ran by eiko- (administrator) on DESKTOP-OSDJ7D2 (Micro-Star International Co., Ltd. MS-7B85) (04-03-2024 15:30:21)
Running from C:\Users\eiko-\Desktop\FRST64english.exe
Loaded Profiles: eiko-
Platform: Microsoft Windows 11 Home Version 23H2 22631.3155 (X64) Language: Deutsch (Deutschland)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. → Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(A-Volute SAS → A-Volute) C:\Users\eiko-\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe
(C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc → Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(C:\Program Files\Logitech\LogiOptions\LogiOptions.exe ->) (Logitech Inc → Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.AlwaysOnTop.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.Awake.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.ColorPickerUI.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.CropAndLock.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.FancyZones.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe
(C:\Program Files\PowerToys\PowerToys.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe
(C:\Program Files\RogueKiller\RogueKillerSvc.exe ->) (ADLICE → ) C:\Program Files\RogueKiller\RogueKiller64.exe
(cmd.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(D:\Programme\Dragon Center\APP_Dragon_Center_Keeper.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → MSI) D:\Programme\Dragon Center\CC_Engine_x64.exe
(D:\Programme\Steam\steam.exe ->) (Valve Corp. → Valve Corporation) D:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(explorer.exe ->) (Google LLC → Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <19>
(explorer.exe ->) (Logitech Inc → Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(explorer.exe ->) (Valve Corp. → Valve Corporation) D:\Programme\Steam\steam.exe
(Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe
(Google LLC → Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe
(Microsoft Windows → Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(NVIDIA Corporation → Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Oracle America, Inc. → Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe
(services.exe ->) (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH) C:\Program Files (x86)\3S CODESYS\GatewayPLC\ServiceControl.exe
(services.exe ->) (520D4CDF-A287-4423-AB88-D88CCF7E866D → ) C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAccount_1.23.12130.0_x64__3c1yjt4zspk6g\SAService\SAService.exe
(services.exe ->) (ADLICE → ) C:\Program Files\RogueKiller\RogueKillerSvc.exe
(services.exe ->) (Adobe Inc. → Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (A-Volute SAS → Nahimic) C:\Windows\System32\NahimicService.exe
(services.exe ->) (Corsair Memory, Inc. → Corsair Memory, Inc.) D:\Programme\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
(services.exe ->) (geek software GmbH → geek software GmbH) D:\Programme\PDF24\pdf24.exe
(services.exe ->) (HP Inc. → HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. → Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star Int’l Co., Ltd.) D:\Programme\Dragon Center\DragonCenter_Service.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star INT’L CO., LTD.) D:\Programme\Dragon Center\Mystic_Light\LightKeeperService.exe
(services.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation → NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Valve Corp. → Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(services.exe ->) (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 → ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2407.10.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Microsoft Corporation → Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows → ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.170.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\dllhost.exe <5>
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows → Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star Int’l Co., Ltd.) D:\Programme\Dragon Center\APP_Dragon_Center_Keeper.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star Int’l Co., Ltd.) D:\Programme\Dragon Center\Mystic_Light\LEDKeeper2.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star INT’L CO., LTD.) D:\Programme\Dragon Center\StorageMonitor\StorageMonitor.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1668000 2021-06-09] (Logitech Inc → Logitech, Inc.)
HKLM...\Run: [PDF24] => D:\Programme\PDF24\pdf24.exe [613560 2022-11-30] (geek software GmbH → geek software GmbH)
HKLM...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher → Logitech)
HKLM-x32...\Run: [CORSAIR iCUE Software] => D:\Programme\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe [405032 2019-12-21] (Corsair Memory, Inc. → Corsair Memory, Inc.)
HKLM-x32...\Run: [GatewaySysTray] => C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewaySysTray.exe [690456 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
HKLM-x32...\Run: [CODESYSControlSysTray] => C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlSysTray.exe [509216 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
HKLM-x32...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [750680 2023-12-19] (Oracle America, Inc. → Oracle Corporation)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [Steam] => D:\Programme\Steam\steam.exe [4388712 2024-02-29] (Valve Corp. → Valve Corporation)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [Discord] => C:\Users\eiko-\AppData\Local\Discord\Update.exe [1512608 2021-09-21] (Discord Inc. → GitHub)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [Overwolf] => D:\Programme\Overwolf\OverwolfLauncher.exe [1789960 2024-02-29] (Overwolf Ltd → Overwolf Ltd.)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [com.squirrel.Teams.Teams] => C:\Users\eiko-\AppData\Local\Microsoft\Teams\Update.exe [2591080 2023-12-17] (Microsoft 3rd Party Application Component → Microsoft Corporation)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [MicrosoftEdgeAutoLaunch_322C183E72E821C8032805843FDA8DCC] => “C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe” --no-startup-window --win-session-start [4060728 2024-03-01] (Microsoft Corporation → Microsoft Corporation)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [70912472 2023-11-16] (Riot Games, Inc. → Riot Games, Inc.)
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [37180368 2023-12-11] (Epic Games Inc. → Epic Games, Inc.)
HKLM...\Print\Monitors\Canon BJ FAX Language Monitor TR8500 series: C:\Windows\system32\CNCALDL.DLL [254464 2019-01-28] (CANON INC.) [File not signed]
HKLM...\Print\Monitors\Canon BJ Language Monitor TR8500 series: C:\Windows\system32\CNMLMDL.DLL [1302016 2019-01-10] (CANON INC.) [File not signed]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] → C:\Program Files (x86)\Google\Chrome\Application\122.0.6261.95\Installer\chrmstp.exe [2024-03-04] (Google LLC → Google LLC)
Startup: C:\Users\eiko-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2023-12-10]
ShortcutTarget: An OneNote senden.lnk → C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation → Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2023-05-22]
ShortcutTarget: CodeMeter Control Center.lnk → C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG)

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {FFE2FE1B-1C7C-4F94-B919-456BF6851F68} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. → Adobe Inc.)
Task: {4D56D740-F8FB-4DEF-B3F8-F64A144EC9D3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-07] (Google LLC → Google LLC)
Task: {8815457D-F870-4FB9-8D26-51F492C61D7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-01-07] (Google LLC → Google LLC)
Task: {B97F7B1A-CBE7-4C2D-86CD-B753C4A1B075} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23570520 2024-02-02] (Microsoft Corporation → Microsoft Corporation)
Task: {EE86FD1B-4BC0-444A-8289-47ED15CFCF6E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23570520 2024-02-02] (Microsoft Corporation → Microsoft Corporation)
Task: {E68060AB-6DF7-4D04-AB8A-70607886A6EB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209384 2024-02-29] (Microsoft Corporation → Microsoft Corporation)
Task: {A15099C1-AED8-4FC6-8AE7-7509FDD536D2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209384 2024-02-29] (Microsoft Corporation → Microsoft Corporation)
Task: {76D75D59-EE92-4CE7-AE33-EEEF21398C3C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513808 2024-02-29] (Microsoft Corporation → Microsoft Corporation)
Task: {CC69A0EF-2A50-4EF2-8E51-142824E833DB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513808 2024-02-29] (Microsoft Corporation → Microsoft Corporation)
Task: {ED229EC7-51A0-4F98-8F03-603ECEB2184E} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\Schedule created by enrollment client to reattest client certificate => C:\WINDOWS\system32\deviceenroller.exe [516096 2024-02-14] (Microsoft Windows → Microsoft Corporation)
Task: {EFC003FD-C225-4E23-945C-7E84FD4E9554} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation → NVIDIA Corporation) → -d “C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck” -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {083D83A3-86B5-437E-BC21-E0CC35ACD65E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [858480 2019-12-05] (NVIDIA Corporation → NVIDIA Corporation) → -d “C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck” -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {C60A0C92-E529-4A55-AA72-235D1AFBCA65} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3302880 2019-12-09] (NVIDIA Corporation → NVIDIA Corporation)
Task: {C2B2716D-476E-4B58-8A59-A18A77583588} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [653848 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {CF9F5784-F165-4D6E-876F-A22475E89024} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {A6BB91CC-4F56-4B61-837F-A1AD7B9D49EF} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [914456 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {C2685297-C323-45CD-AA50-DCCE92F349E1} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {6FB59C07-AF87-4EFC-9B03-68C8341BFA48} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {C0FF1705-9D3E-48A8-B840-7101B8E4D3BD} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {99CE4BA9-7C1E-4F0D-8CAF-E34C95AEA6D8} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1134104 2019-12-08] (NVIDIA Corporation → NVIDIA Corporation)
Task: {2F35FD26-5AB7-4952-B1E0-E558B0733762} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2642952 2024-02-29] (Overwolf Ltd → Overwolf LTD)
Task: {9FD15DBE-139A-4C6E-89E6-BDC9F0C92AFA} - System32\Tasks\PowerToys\Autorun for eiko- => C:\Program Files\PowerToys\PowerToys.exe [1216544 2024-01-05] (Microsoft Corporation → Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip..\Interfaces{3a305b48-12bf-40ef-b06c-e6fc35585716}: [DhcpNameServer] 192.168.178.1
Tcpip..\Interfaces{3a305b48-12bf-40ef-b06c-e6fc35585716}: [DhcpDomain] fritz.box
[HEADING=1]Edge:[/HEADING]
Edge Profile: C:\Users\eiko-\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-02]
Edge Extension: (Google Docs Offline) - C:\Users\eiko-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-24]
Edge Extension: (Edge relevant text changes) - C:\Users\eiko-\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-02]
Edge HKLM...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
[HEADING=1]FireFox:[/HEADING]
FF Plugin: @java.com/DTPlugin,version=11.401.2 → C:\Program Files\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2023-12-19] (Oracle America, Inc. → Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.401.2 → C:\Program Files\Java\jre-1.8\bin\plugin2\npjp2.dll [2023-12-19] (Oracle America, Inc. → Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.18 → D:\Programme\VLC\npvlc.dll [2022-11-08] (VideoLAN → VideoLAN)
FF Plugin: Adobe Acrobat → C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-22] (Adobe Inc. → Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
[HEADING=1]Chrome:[/HEADING]
CHR DefaultProfile: Default
CHR Profile: C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default [2024-03-04]
CHR Notifications: Default → hxxps://pchelpforum.net; hxxps://www.alleaktien.de
CHR Extension: (Honey: Automatische Coupons & Prämien) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2024-02-25]
CHR Extension: (Social Blade) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfidkbgamfhdgmedldkagjopnbobdmdn [2022-09-04] [UpdateUrl:hxxps://addon.socialblade.com/updates.json] <==== ATTENTION
CHR Extension: (uBlock Origin) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2024-02-25]
CHR Extension: (Multi-File Downloader) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpecplbkinpdbedgejddhepkgcppgchk [2022-05-12]
CHR Extension: (Video Downloader Professional) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2023-04-19]
CHR Extension: (Just Focus) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\gefaddaengbodpiobpbgblajdboalmgc [2022-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-28]
CHR Extension: (Malwarebytes Browser Guard) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-02-28]
CHR Extension: (Unpaywall) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\iplffkdpngmdjhlpjmppncnlhomiipha [2023-04-29]
CHR Extension: (Live Stream Downloader) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\looepbdllpjgdmkpdcdffhdbmpbcfekj [2023-12-10]
CHR Extension: (Shazam: Finde Songtitel in deinem Browser) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmioliijnhnoblpgimnlajmefafdfilb [2024-01-05]
CHR Extension: (Uncanny Cookie Clicker) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmdenlpgbgmeofmdkhimecmkcgabgno [2023-11-14]
CHR Extension: (MetaMask) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2024-01-30]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\eiko-\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR HKLM...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\SOFTWARE\Google\Chrome\Extensions...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. → Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15772456 2023-12-10] (BattlEye Innovations e.K. → )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9497696 2024-02-02] (Microsoft Corporation → Microsoft Corporation)
S3 CODESYS Control Win V3; C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe [5383968 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
R2 CODESYS Gateway V3; C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe [562968 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
R2 CODESYS ServiceControl; C:\Program Files (x86)\3S CODESYS\GatewayPLC\ServiceControl.exe [203544 2017-05-15] (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
R2 CorsairService; D:\Programme\Corsair\CORSAIR iCUE Software\Corsair.Service.exe [55336 2019-12-21] (Corsair Memory, Inc. → Corsair Memory, Inc.)
R2 DragonCenter_Service; D:\Programme\Dragon Center\DragonCenter_Service.exe [142512 2019-08-29] (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star Int’l Co., Ltd.)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [955816 2023-12-10] (EasyAntiCheat Oy → Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. → Epic Games, Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2024-01-19] (HP Inc. → HP Inc.)
R2 LightKeeperService; D:\Programme\Dragon Center\Mystic_Light\LightKeeperService.exe [81552 2020-01-07] (MICRO-STAR INTERNATIONAL CO., LTD. → Micro-Star INT’L CO., LTD.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-28] (Malwarebytes Inc. → Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-02-28] (Malwarebytes Inc. → Malwarebytes)
R2 NahimicService; C:\WINDOWS\system32\NahimicService.exe [1909416 2024-01-01] (A-Volute SAS → Nahimic)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2642952 2024-02-29] (Overwolf Ltd → Overwolf LTD)
R2 PDF24; D:\Programme\PDF24\pdf24.exe [613560 2022-11-30] (geek software GmbH → geek software GmbH)
R2 rkrtservice; C:\Program Files\RogueKiller\RogueKillerSvc.exe [15246256 2024-02-19] (ADLICE → )
R2 SamsungAccountService; C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAccount_1.23.12130.0_x64__3c1yjt4zspk6g\SAService\SAService.exe [6656 2023-12-21] (520D4CDF-A287-4423-AB88-D88CCF7E866D → )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.12-0\NisSrv.exe [3191256 2024-02-28] (Microsoft Windows Publisher → Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
S2 WinDefend; “C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe”

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 → Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 → Apple Inc.)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [58368 2023-11-16] (www.winchiphead.com) [File not signed]
S2 CorsairLLAccess2C5180972F76443B27B6BE38ADBF2AE99B374496; D:\Programme\Corsair\CORSAIR iCUE Software\CorsairLLAccess64.sys [20696 2019-12-12] (Microsoft Windows Hardware Compatibility Publisher → Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45984 2020-07-06] (Microsoft Windows Hardware Compatibility Publisher → Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [21920 2020-07-06] (Microsoft Windows Hardware Compatibility Publisher → Corsair)
R1 dokan1; C:\WINDOWS\System32\DRIVERS\dokan1.sys [386552 2021-11-26] (Microsoft Windows Hardware Compatibility Publisher → Dokan Project)
S1 EneIo; C:\Windows\system32\drivers\ene.sys [17624 2019-05-22] (Microsoft Windows Hardware Compatibility Publisher → )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-02-28] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
S3 ipadtst; C:\ProgramData\MSI\Super_Charger\ipadtst_64.sys [20464 2013-11-11] (MICRO-STAR INTERNATIONAL CO., LTD. → Windows (R) Win 7 DDK provider)
S3 ipadtst2; C:\ProgramData\MSI\Super_Charger\ipadtst2_64.sys [16336 2016-07-29] (MICRO-STAR INTERNATIONAL CO., LTD. → MSI)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-02-28] (Microsoft Windows Early Launch Anti-malware Publisher → Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt11.sys [233704 2024-03-04] (Malwarebytes Inc. → Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher → Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-03-04] (Malwarebytes Inc. → Malwarebytes)
R3 Nahimic_Mirroring; C:\WINDOWS\System32\drivers\Nahimic_Mirroring.sys [94784 2022-06-03] (A-Volute SAS → Windows (R) Win 7 DDK provider)
R3 NTIOLib_CC_COMM; D:\Programme\Dragon Center\Lib\SYS\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. → MSI)
R3 NTIOLib_CC_CPU; D:\Programme\Dragon Center\Lib\Super_Charger\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. → MSI)
R3 NTIOLib_MysticLight; D:\Programme\Dragon Center\Mystic_Light\Lib\NTIOLib_X64.sys [14288 2020-01-07] (MICRO-STAR INTERNATIONAL CO., LTD. → MSI)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James → Scarlet.Crush Productions)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. → The OpenVPN Project)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [54208 2024-03-04] (ADLICE (Julien Ascoet) → )
S3 usbscan; C:\WINDOWS\System32\drivers\usbscan.sys [81920 2023-04-19] (Microsoft Corporation) [File not signed]
R1 ViGEmBus; C:\WINDOWS\System32\drivers\ViGEmBus.sys [165744 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher → Nefarius Software Solutions e.U.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [21040 2024-02-28] (Microsoft Windows Early Launch Anti-malware Publisher → Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [608648 2024-02-28] (Microsoft Windows → Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-02-28] (Microsoft Windows → Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-04 15:27 - 2024-03-04 15:27 - 000000000 ____D C:\Users\eiko-\AppData\LocalLow\IGDump
2024-03-04 09:37 - 2024-03-04 09:37 - 000525365 _____ C:\Users\eiko-\Desktop\ZHPDiag.html
2024-03-04 09:37 - 2024-03-04 09:37 - 000423368 _____ C:\Users\eiko-\Desktop\ZHPDiag.txt
2024-03-04 09:34 - 2024-03-04 09:34 - 000758086 _____ C:\WINDOWS\system32\perfh007.dat
2024-03-04 09:34 - 2024-03-04 09:34 - 000156254 _____ C:\WINDOWS\system32\perfc007.dat
2024-03-04 09:32 - 2024-03-04 09:46 - 000000872 _____ C:\Users\eiko-\Desktop\ZHPSuite.lnk
2024-03-04 09:32 - 2024-03-04 09:46 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\ZHP
2024-03-04 09:32 - 2024-03-04 09:32 - 000000000 ____D C:\Users\eiko-\AppData\Local\ZHP
2024-03-04 09:29 - 2024-03-04 09:35 - 000000000 ____D C:\Users\eiko-\Downloads\ZHPSuite
2024-03-04 09:29 - 2024-03-04 09:29 - 003052134 _____ C:\Users\eiko-\Downloads\ZHPSuite.zip
2024-03-04 09:27 - 2024-03-04 09:27 - 000233704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2024-03-04 09:27 - 2024-03-04 09:27 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-03-04 09:27 - 2024-03-04 09:27 - 000054208 _____ C:\WINDOWS\system32\Drivers\truesight.sys
2024-03-04 09:27 - 2024-03-04 09:27 - 000000004 ____H C:\ProgramData\cm-lock
2024-03-04 09:15 - 2024-03-04 09:15 - 000002092 _____ C:\Users\eiko-\Desktop\SAVEMODECODE0.txt
2024-03-04 09:00 - 2024-03-04 09:00 - 000012913 _____ C:\Users\eiko-\Desktop\SAVEMODECODE.txt
2024-03-04 08:55 - 2024-03-04 09:21 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2024-03-04 08:54 - 2024-03-04 08:54 - 000028672 _____ C:\BCDbak
2024-03-04 08:53 - 2024-03-04 08:53 - 000001425 _____ C:\Users\eiko-\Desktop\Malwarebytes Scan-Bericht 2024-03-04 074755.txt
2024-03-04 08:50 - 2024-03-04 09:21 - 000000000 ____D C:\Users\eiko-\Desktop\BootSafe
2024-03-04 08:50 - 2024-03-04 08:50 - 000293638 _____ C:\Users\eiko-\Downloads\BootSafe.zip
2024-03-02 08:30 - 2024-03-02 08:30 - 000008150 _____ C:\Users\eiko-\Desktop\WinDefend.reg
2024-03-02 00:25 - 2024-03-04 09:32 - 003538592 _____ (Nicolas Coolman) C:\Users\eiko-\Desktop\ZHPSuite.exe
2024-03-01 23:53 - 2024-03-02 08:40 - 000000000 ____D C:\Users\eiko-\Desktop\FSS
2024-03-01 23:53 - 2024-03-01 23:53 - 000475113 _____ C:\Users\eiko-\Downloads\FSS.zip
2024-03-01 23:53 - 2024-03-01 23:53 - 000475113 _____ C:\Users\eiko-\Desktop\FSS.zip
2024-03-01 19:01 - 2024-03-01 19:01 - 000000213 _____ C:\Users\eiko-\Desktop\Farming Simulator 22.url
2024-03-01 16:08 - 2024-03-01 16:08 - 000011496 _____ C:\Users\eiko-\Desktop\RogueKillerLog.txt,
2024-03-01 15:47 - 2024-03-01 16:02 - 000000000 ____D C:\ProgramData\RogueKiller
2024-03-01 15:47 - 2024-03-01 15:47 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2024-03-01 15:47 - 2024-03-01 15:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2024-03-01 15:47 - 2024-03-01 15:47 - 000000000 ____D C:\Program Files\RogueKiller
2024-03-01 15:46 - 2024-03-01 15:46 - 048358936 _____ (Adlice Software ) C:\Users\eiko-\Downloads\RogueKiller_setup.exe
2024-03-01 15:46 - 2024-03-01 15:46 - 048358936 _____ (Adlice Software ) C:\Users\eiko-\Desktop\RogueKiller_setup.exe
2024-03-01 13:10 - 2024-03-01 13:10 - 000000000 ____D C:\Users\eiko-\Downloads\logi7400-master
2024-03-01 13:09 - 2024-03-01 13:09 - 000490807 _____ C:\Users\eiko-\Downloads\logi7400-master.zip
2024-03-01 10:21 - 2024-03-01 10:21 - 000000000 ____D C:\KVRT2020_Data
2024-03-01 10:19 - 2024-03-01 10:20 - 109429104 _____ (AO Kaspersky Lab) C:\Users\eiko-\Desktop\KVRT.exe
2024-03-01 10:19 - 2024-03-01 10:19 - 109429104 _____ (AO Kaspersky Lab) C:\Users\eiko-\Downloads\KVRT.exe
2024-02-29 15:01 - 2024-02-29 15:01 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-02-28 16:51 - 2024-03-04 09:31 - 000079559 _____ C:\Users\eiko-\Desktop\Addition.txt
2024-02-28 16:50 - 2024-03-04 15:30 - 000031355 _____ C:\Users\eiko-\Desktop\FRST.txt
2024-02-28 16:35 - 2024-03-04 09:26 - 000041793 _____ C:\Users\eiko-\Desktop\Fixlog.txt
2024-02-28 16:35 - 2024-02-28 16:35 - 000009288 _____ C:\Users\eiko-\Desktop\rtcdqsmatz.txt
2024-02-28 16:34 - 2024-03-04 15:30 - 000000000 ____D C:\FRST
2024-02-28 16:34 - 2024-02-28 16:34 - 002386944 _____ (Farbar) C:\Users\eiko-\Downloads\FRST64.exe
2024-02-28 16:34 - 2024-02-28 16:34 - 002386944 _____ (Farbar) C:\Users\eiko-\Desktop\FRST64english.exe
2024-02-28 16:32 - 2024-02-28 16:32 - 000712333 _____ C:\Users\eiko-\Downloads\Fixlog.txt.txt
2024-02-28 16:29 - 2024-02-28 16:29 - 000004730 _____ C:\Users\eiko-\Desktop\Malwarebytes Scan-Bericht 2024-02-28 152400.txt
2024-02-28 16:21 - 2024-03-04 15:22 - 000000000 ____D C:\Users\eiko-\AppData\Local\Malwarebytes
2024-02-28 16:21 - 2024-02-28 16:21 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-02-28 16:21 - 2024-02-28 16:21 - 000002088 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-02-28 16:20 - 2024-02-28 16:20 - 002585496 _____ (Malwarebytes) C:\Users\eiko-\Downloads\MBSetup.exe
2024-02-28 16:20 - 2024-02-28 16:20 - 002585496 _____ (Malwarebytes) C:\Users\eiko-\Desktop\MBSetup.exe
2024-02-28 16:20 - 2024-02-28 16:20 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-02-28 16:20 - 2024-02-28 16:20 - 000000000 ____D C:\Program Files\Malwarebytes
2024-02-28 16:18 - 2024-02-28 16:17 - 008797968 _____ (Malwarebytes) C:\Users\eiko-\Desktop\adwcleaner.exe
2024-02-28 16:17 - 2024-02-28 16:19 - 000000000 ____D C:\AdwCleaner
2024-02-28 16:17 - 2024-02-28 16:17 - 008797968 _____ (Malwarebytes) C:\Users\eiko-\Downloads\adwcleaner.exe
2024-02-28 16:02 - 2024-02-28 16:03 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1421055718-2087356316-1872245878-1002
2024-02-28 16:02 - 2024-02-28 16:03 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1421055718-2087356316-1872245878-1002
2024-02-26 16:16 - 2024-02-26 16:16 - 000000000 ____D C:\Users\eiko-\AppData\LocalLow\Nokta Games
2024-02-26 16:14 - 2024-02-26 16:14 - 000000213 _____ C:\Users\eiko-\Desktop\Supermarket Simulator.url
2024-02-16 12:16 - 2024-02-16 12:16 - 032507592 _____ C:\Users\eiko-\Downloads\MKON Hausarbeit Gruppe 3.zip
2024-02-16 12:12 - 2024-02-16 12:12 - 000000000 ____D C:\Users\eiko-\Downloads\MKON Hausarbeit Gruppe 3
2024-02-14 16:01 - 2024-02-14 16:01 - 017224067 _____ C:\Users\eiko-\Downloads\Unbenanntes_Notizbuch.pdf
2024-02-14 14:21 - 2024-02-14 14:21 - 000019222 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-14 14:20 - 2024-02-14 14:20 - 000019222 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-14 14:17 - 2024-02-14 14:19 - 000000000 ___HD C:$WinREAgent
2024-02-14 11:50 - 2024-02-14 11:50 - 010669146 _____ C:\Users\eiko-\Downloads\978-3-8348-2581-0.pdf
2024-02-13 15:46 - 2024-02-13 15:46 - 006163244 _____ C:\Users\eiko-\Downloads\Anleitung MS2 Aufgabentype.pdf
2024-02-13 10:14 - 2024-02-13 10:14 - 000000000 ____D C:\Users\eiko-\Downloads\Photos-001 (2)
2024-02-13 10:13 - 2024-02-13 10:14 - 062952428 _____ C:\Users\eiko-\Downloads\Photos-001 (2).zip
2024-02-11 12:43 - 2024-02-11 12:43 - 000534937 _____ C:\Users\eiko-\Downloads\RL_Federn_Aufgabe (4).pdf
2024-02-11 12:21 - 2024-02-11 12:21 - 000936592 _____ C:\Users\eiko-\Downloads\624beffb-15e1-47fd-86e0-bf8de081bd29_Export-8ba90b14-8348-4300-9315-58890a9fcb66.zip
2024-02-11 12:21 - 2024-02-11 12:21 - 000000000 ____D C:\Users\eiko-\Downloads\624beffb-15e1-47fd-86e0-bf8de081bd29_Export-8ba90b14-8348-4300-9315-58890a9fcb66
2024-02-11 12:18 - 2024-02-11 12:18 - 003680011 _____ C:\Users\eiko-\Downloads\70f01c28-7c35-43b7-84f4-7366f8fa2549_Export-5fdfccfe-4bbb-432d-8e8d-9a2e76d48e74.zip
2024-02-11 12:18 - 2024-02-11 12:18 - 000000000 ____D C:\Users\eiko-\Downloads\70f01c28-7c35-43b7-84f4-7366f8fa2549_Export-5fdfccfe-4bbb-432d-8e8d-9a2e76d48e74
2024-02-11 11:43 - 2024-02-11 11:43 - 000876160 _____ C:\Users\eiko-\Downloads\Clicker_Kupplungen.pdf
2024-02-10 16:38 - 2024-02-10 16:38 - 000336378 _____ C:\Users\eiko-\Downloads\Kon3_Rechenlabor_Ketten.pdf
2024-02-10 16:38 - 2024-02-10 16:38 - 000225045 _____ C:\Users\eiko-\Downloads\Kon3_Rechenlabor_ZR.pdf
2024-02-10 16:38 - 2024-02-10 16:38 - 000152820 _____ C:\Users\eiko-\Downloads\Kon3_Rechenlabor_Riemen.pdf
2024-02-09 16:12 - 2024-02-09 16:12 - 002336867 _____ C:\Users\eiko-\Downloads\Probeklausur AT1.pdf
2024-02-09 14:38 - 2024-02-09 16:00 - 000000000 ____D C:\Users\eiko-\Downloads\OneDrive_1_9.2.2024
2024-02-09 14:38 - 2024-02-09 14:38 - 001064154 _____ C:\Users\eiko-\Downloads\OneDrive_1_9.2.2024.zip
2024-02-07 15:23 - 2024-02-07 15:23 - 000073710 _____ C:\Users\eiko-\Downloads\Clicker_Riemen (1).pdf
2024-02-05 16:01 - 2024-02-05 16:01 - 001424709 _____ C:\Users\eiko-\Downloads\MP_Codebeispiele_Klausur (1).pdf
2024-02-05 15:58 - 2024-02-05 15:58 - 001424709 _____ C:\Users\eiko-\Downloads\MP_Codebeispiele_Klausur.pdf
2024-02-05 15:49 - 2024-02-05 15:49 - 000656359 _____ C:\Users\eiko-\Downloads\MP_Ubersicht.pdf
2024-02-04 11:29 - 2024-02-04 11:29 - 003195103 _____ C:\Users\eiko-\Downloads\FTT-Rechnungen.pdf
2024-02-04 11:02 - 2024-02-04 11:02 - 000048937 _____ C:\Users\eiko-\Downloads\Belegungen und Prüfungsanmeldungen.pdf
2024-02-03 16:46 - 2024-03-04 09:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2024-02-03 16:46 - 2024-02-03 16:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerToys (Preview)
2024-02-03 16:45 - 2024-02-03 16:46 - 000000000 ____D C:\Program Files\PowerToys
2024-02-03 15:46 - 2024-02-03 15:46 - 000007484 _____ C:\Users\eiko-\Downloads\Endkappe LED-Profile stabiler V2.stl
2024-02-03 15:22 - 2024-02-03 15:22 - 000009084 _____ C:\Users\eiko-\Downloads\Endkappe LED-Profile stabiler (1).stl
2024-02-03 14:46 - 2024-02-03 14:46 - 000009084 _____ C:\Users\eiko-\Downloads\Endkappe LED-Profile stabiler.stl

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-03-04 15:15 - 2023-05-22 12:01 - 000000068 __RSH C:\WINDOWS\system32\Drivers\WUDFRd.winsecurity
2024-03-04 14:54 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-03-04 14:54 - 2020-01-07 21:17 - 000000000 ____D C:\Program Files (x86)\Google
2024-03-04 14:49 - 2023-05-22 12:01 - 000000068 __RSH C:\WINDOWS\system32\Drivers\winhv.winsecurity
2024-03-04 12:25 - 2020-01-08 15:49 - 000000000 ____D C:\ProgramData\NVIDIA
2024-03-04 11:47 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-03-04 09:54 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-03-04 09:53 - 2022-04-22 14:57 - 000000000 ____D C:\Users\eiko-\AppData\Local\D3DSCache
2024-03-04 09:34 - 2023-04-19 21:07 - 001751300 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-03-04 09:34 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2024-03-04 09:27 - 2023-04-19 21:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-03-04 09:27 - 2022-05-07 06:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-03-04 09:27 - 2021-01-04 00:24 - 000012288 ___SH C:\DumpStack.log.tmp
2024-03-04 09:25 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-03-04 09:13 - 2023-04-19 21:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-03-04 08:52 - 2020-01-07 21:17 - 000002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-03-02 20:10 - 2023-01-16 10:32 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-03-02 20:10 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-03-02 20:10 - 2020-07-04 09:55 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-03-02 08:43 - 2022-10-22 15:08 - 000108136 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2024-03-02 08:43 - 2022-10-22 15:08 - 000075368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2024-03-02 08:43 - 2022-02-11 19:58 - 002713080 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2024-03-02 08:43 - 2022-02-11 19:58 - 000689768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2024-03-02 08:43 - 2022-02-11 19:58 - 000218616 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2024-03-02 08:43 - 2022-02-11 19:58 - 000202344 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2024-03-02 08:43 - 2022-02-11 19:58 - 000144888 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2024-03-02 08:38 - 2020-01-07 22:07 - 000000000 ____D C:\Users\eiko-\AppData\Local\CrashDumps
2024-03-01 19:26 - 2021-11-02 16:11 - 000000000 ____D C:\Users\eiko-\Documents\My Games
2024-03-01 19:01 - 2021-11-02 15:02 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2024-03-01 15:35 - 2020-06-10 09:51 - 000000000 ____D C:\Users\eiko-\AppData\LocalLow\Temp
2024-03-01 15:34 - 2020-10-22 14:00 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\discord
2024-03-01 15:34 - 2020-01-07 20:22 - 000000000 ____D C:\Users\eiko-\AppData\Local\Packages
2024-03-01 15:32 - 2020-03-07 16:17 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Word
2024-03-01 15:22 - 2020-10-22 14:00 - 000000000 ____D C:\Users\eiko-\AppData\Local\Discord
2024-03-01 14:52 - 2020-03-07 16:18 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Excel
2024-03-01 13:11 - 2023-02-22 22:15 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\vlc
2024-03-01 13:10 - 2021-04-11 15:54 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Code
2024-02-29 15:01 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-02-29 15:00 - 2020-03-07 16:12 - 000000000 ____D C:\Program Files\Microsoft Office
2024-02-28 16:21 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-02-28 16:01 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-28 16:01 - 2020-01-07 20:22 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-02-28 15:59 - 2020-01-07 20:27 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\MMC
2024-02-28 15:37 - 2020-02-17 18:41 - 000000000 ____D C:\Users\eiko-\AppData\Local\ElevatedDiagnostics
2024-02-28 15:28 - 2022-05-07 06:24 - 000000000 __D C:\Program Files\Windows Defender
2024-02-28 15:28 - 2020-01-08 03:17 - 000000000 D C:\WINDOWS\system32\Drivers\wd
2024-02-28 15:25 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-28 15:25 - 2020-01-07 20:38 - 000918944 N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2024-02-28 15:12 - 2023-04-19 21:09 - 000003684 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-28 15:12 - 2023-04-19 21:09 - 000003568 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2024-02-28 15:12 - 2023-04-19 21:09 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-02-28 15:12 - 2023-04-19 21:09 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-28 15:12 - 2023-04-19 21:09 - 000003398 _____ C:\WINDOWS\system32\Tasks\NvDriverUpdateCheckDaily{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000003344 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2024-02-28 15:12 - 2023-04-19 21:09 - 000003250 _____ C:\WINDOWS\system32\Tasks\Overwolf Updater Task
2024-02-28 15:12 - 2023-04-19 21:09 - 000003196 _____ C:\WINDOWS\system32\Tasks\NvBatteryBoostCheckOnLogon{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000003152 _____ C:\WINDOWS\system32\Tasks\NVIDIA GeForce Experience SelfUpdate{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000003066 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1421055718-2087356316-1872245878-1001
2024-02-28 15:12 - 2023-04-19 21:09 - 000002984 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterDaily{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport4{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport3{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport2{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002948 _____ C:\WINDOWS\system32\Tasks\NvTmRep_CrashReport1{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002914 _____ C:\WINDOWS\system32\Tasks\NvNodeLauncher{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-28 15:12 - 2023-04-19 21:09 - 000002862 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1421055718-2087356316-1872245878-1001
2024-02-28 15:12 - 2023-04-19 21:09 - 000002744 _____ C:\WINDOWS\system32\Tasks\NvProfileUpdaterOnLogon{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2024-02-25 13:20 - 2022-05-12 17:00 - 000000000 ____D C:\XboxGames
2024-02-24 20:04 - 2023-01-13 08:53 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-02-24 20:04 - 2022-10-13 19:02 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-02-24 20:03 - 2021-01-04 00:25 - 000002406 _____ C:\Users\eiko-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-16 12:40 - 2023-04-18 15:42 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\FreeFileSync
2024-02-14 22:21 - 2023-04-19 21:05 - 000512456 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-14 22:20 - 2023-10-12 00:56 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\BrowserCore
2024-02-14 22:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-14 14:34 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-02-14 14:29 - 2020-01-07 20:44 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-14 14:27 - 2020-01-07 20:44 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-14 14:21 - 2023-04-19 21:06 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-13 10:38 - 2020-01-09 20:16 - 000000000 ____D C:\Users\eiko-\AppData\Local\Steam
2024-02-12 17:53 - 2023-12-18 13:41 - 000000000 ____D C:\ProgramData\boost_interprocess
2024-02-11 22:35 - 2021-10-04 13:24 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Notion
2024-02-11 15:53 - 2024-02-02 15:38 - 000000000 ____D C:\Users\eiko-\Desktop\Papa schicken
2024-02-11 09:20 - 2021-04-06 10:21 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Microsoft\Teams
2024-02-09 12:12 - 2023-01-02 11:24 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\Anki2
2024-02-06 07:45 - 2020-01-07 20:38 - 000000000 ____D C:\ProgramData\Packages
2024-02-05 10:14 - 2023-12-08 14:38 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\EQATEC Analytics
2024-02-03 20:30 - 2020-01-08 16:24 - 000000000 ____D C:\Users\eiko-\AppData\Roaming.minecraft
2024-02-03 20:29 - 2020-12-13 17:13 - 000000000 ____D C:\Users\eiko-\AppData\Local\Overwolf
2024-02-03 16:46 - 2020-01-07 22:03 - 000000000 ____D C:\ProgramData\Package Cache
2024-02-03 16:40 - 2023-11-12 18:07 - 000000000 ____D C:\Users\eiko-\AppData\Roaming\OrcaSlicer

==================== Files in the root of some directories ========

2022-12-14 12:40 - 2022-12-14 16:29 - 000004216 _____ () C:\Users\eiko-\AppData\Roaming\LTspiceXVII.ini
2023-05-17 20:17 - 2023-05-17 20:17 - 000003249 _____ () C:\Users\eiko-\AppData\Local\recently-used.xbel
2022-02-20 02:10 - 2022-02-20 02:10 - 000007605 _____ () C:\Users\eiko-\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
                                                          Addition:
                                                          [HEADING=1]
                                                          Code:
                                                          Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26.02.2024 01
Ran by eiko- (04-03-2024 15:31:15)
Running from C:\Users\eiko-\Desktop
Microsoft Windows 11 Home Version 23H2 22631.3155 (X64) (2023-04-20 14:28:59)
Boot Mode: Normal[/HEADING]
==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-1421055718-2087356316-1872245878-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1421055718-2087356316-1872245878-503 - Limited - Disabled)
eiko- (S-1-5-21-1421055718-2087356316-1872245878-1001 - Administrator - Enabled) => C:\Users\eiko-
Gast (S-1-5-21-1421055718-2087356316-1872245878-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1421055718-2087356316-1872245878-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat (64-bit) (HKLM...{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.008.20555 - Adobe)
Adobe Refresh Manager (HKLM-x32...{AC76BA86-0804-1033-1959-018244601067}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Altium Designer 23 (HKLM...\Altium Designer {A9B34CD7-40BF-42A8-8F33-55BA03B6232C}) (Version: 23.11.1.41 - Altium Limited)
AMD Ryzen Master SDK (HKLM...{DBD50508-5F75-416B-995D-C42433A00944}) (Version: 2.1.0.1236 - Advanced Micro Devices, Inc.)
Anaconda3 2023.03-1 (Python 3.10.9 64-bit) (HKLM...\Anaconda3 2023.03-1 (Python 3.10.9 64-bit)) (Version: 2023.03-1 - Anaconda, Inc.)
Anki (HKLM-x32...\Anki) (Version: 2.1.55 - )
Anno 1800 (HKLM-x32...\Uplay Install 4553) (Version: - Ubisoft)
AnycubicPhotonWorkshop (HKLM...{C48D4F03-E59D-475F-B34D-E618A500C118}is1) (Version: - Anycubic)
Arduino (HKLM-x32...\Arduino) (Version: 1.8.13 - Arduino LLC)
Autodesk Fusion 360 (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\73e72ada57b7480280f7a6f4a289729f) (Version: 2.0.17954 - Autodesk, Inc.)
CLion 2022.1 (HKLM-x32...\CLion 2022.1) (Version: 221.5080.224 - JetBrains s.r.o.)
CodeMeter Runtime Kit v6.30d (HKLM...{627EBCBD-71C2-4FDE-9BEA-3AF7F03FBE10}) (Version: 6.30.2280.504 - WIBU-SYSTEMS AG)
CODESYS V3.5 SP10 Patch 4 (HKLM-x32...{91B73AA2-4B42-481F-9ECD-03AB9C6016DF}) (Version: 3.5.10.407 - 3S-Smart Software Solutions GmbH) Hidden
CODESYS V3.5 SP10 Patch 4 (HKLM-x32...\InstallShield{91B73AA2-4B42-481F-9ECD-03AB9C6016DF}) (Version: 3.5.10.407 - 3S-Smart Software Solutions GmbH)
CORSAIR iCUE Software (HKLM-x32...{30D73167-BD7C-473A-AF2F-BBC194FA42D4}) (Version: 3.24.52 - Corsair)
Crucial Storage Executive (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Crucial Storage Executive 9.01.012023.01) (Version: 9.01.012023.01 - Crucial)
CrystalDiskInfo 8.13.3 (HKLM...\CrystalDiskInfo_is1) (Version: 8.13.3 - Crystal Dew World)
CurseForge (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Overwolf_cchhcaiapeikjbdbpfplgmpobbcdkdaphclbmkbj) (Version: 0.244.4.1 - Overwolf app)
Discord (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Discord) (Version: 0.0.311 - Discord Inc.)
Dokan Library 1.5.1.1000 (x64) (HKLM...{65A3A964-3DC3-0105-0001-211126123627}) (Version: 1.5.1.1000 - Dokany Project) Hidden
Dokan Library 1.5.1.1000 Bundle (HKLM-x32...{05c046de-f751-48c8-b8d3-77259ea88eb7}) (Version: 1.5.1.1000 - Dokany Project)
Dragon Center (HKLM-x32...{B252FABF-9582-4824-B02B-6D2DC93685C7}}_is1) (Version: 1.0.0.63 - MSI)
draw.io 22.0.2 (HKLM...\27a75bf3-be48-5c35-934f-8491cf108abe) (Version: 22.0.2 - JGraph)
ENE RGB HAL (HKLM...{87316426-A33E-41E9-942B-968E928A9A47}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE RGB HAL (HKLM-x32...{9f93601b-15ea-4e69-8d7c-dfa0f29ae04e}) (Version: 1.00.10 - Ene Tech.) Hidden
ENE_EHD_M2_HAL (HKLM...{1CD178C9-BB49-4E59-9DA6-3C152E2A9844}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
ENE_EHD_M2_HAL (HKLM-x32...{fe81cfd3-9db4-409d-b0f9-26707d1423c6}) (Version: 1.00.01 - ENE TECHNOLOGY INC.) Hidden
Epic Games Launcher (HKLM-x32...{9483ABD9-C772-487B-ADF8-09347CF8F2D2}) (Version: 1.3.93.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM...{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32...{57A956AB-4BCC-45C6-9B40-957E4E125568}) (Version: 2.0.44.0 - Epic Games, Inc.)
FreeFileSync (HKLM-x32...\FreeFileSync_is1) (Version: 12.2 - FreeFileSync.org)
Fritzing (HKLM...{62E4A8BF-5F3B-49E0-9ECE-3140C049FA34}) (Version: 0.9.10.0 - Fritzing GmbH)
GIMP 2.10.22 (HKLM...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team)
Git (HKLM...\Git_is1) (Version: 2.42.0.2 - The Git Development Community)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 122.0.6261.95 - Google LLC)
HWiNFO64 Version 6.12 (HKLM...\HWiNFO64_is1) (Version: 6.12 - Martin Malik - REALiX)
Immortals Fenyx Rising (HKLM-x32...\Uplay Install 5405) (Version: - Ubisoft)
Inkscape (HKLM...{B57F4693-8866-4053-B706-901E03F3301B}) (Version: 1.2.2 - Inkscape)
Java 8 Update 401 (64-bit) (HKLM...{71024AE4-039E-4CA4-87B4-2F64180401F0}) (Version: 8.0.4010.10 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32...{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Riot Game league_of_legends.live) (Version: - Riot Games, Inc)
logisim-evolution (HKLM...{BFAB7B04-8835-36CF-87DB-D1E3A319406E}) (Version: 3.8.0 - logisim-evolution developers)
Logitech Options (HKLM...\LogiOptions) (Version: 8.54.161 - Logitech)
LTspice XVII (HKLM...\LTspice XVII) (Version: - Linear Technology Corporation)
Malwarebytes version 5.0.17.99 (HKLM...{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.0.17.99 - Malwarebytes)
Microsoft .NET Host - 5.0.4 (x64) (HKLM...{DD901386-A294-4FF1-A683-0EFF5C66209A}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Host - 5.0.4 (x86) (HKLM-x32...{9BFB6AF7-641C-4B52-82CA-43F5A4FD288E}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Host - 7.0.8 (x64) (HKLM...{19FCE07F-2A75-44AC-9EA5-8E29FE2F8DBE}) (Version: 56.35.63143 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.4 (x64) (HKLM...{773EF543-570F-4746-953A-3CB19DFCB3E2}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.4 (x86) (HKLM-x32...{79D32D19-A148-4E8E-AC31-2FC90CDBBFA8}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 7.0.8 (x64) (HKLM...{174E0D7C-F2C9-49A2-83FB-95A0FE6FA023}) (Version: 56.35.63143 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.4 (x64) (HKLM...{879C9645-ADF3-4697-915B-00B76EBA629F}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.4 (x86) (HKLM-x32...{D523398E-D0EE-4F91-AE81-A27222A621DA}) (Version: 40.16.29816 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 7.0.8 (x64) (HKLM...{B45C77BA-0B4E-4FBB-99B9-9774ECBE20AA}) (Version: 56.35.63143 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32...\Microsoft Edge) (Version: 122.0.2365.66 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32...\Microsoft EdgeWebView) (Version: 122.0.2365.59 - Microsoft Corporation)
Microsoft GameInput (HKLM-x32...{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - de-de (HKLM...\ProPlus2019Volume - de-de) (Version: 16.0.10407.20032 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\OneDriveSetup.exe) (Version: 24.020.0128.0003 - Microsoft Corporation)
Microsoft Teams classic (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Teams) (Version: 1.6.00.33567 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM...{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.23.35502 - Microsoft)
Microsoft Update Health Tools (HKLM...{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM...{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM...{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32...{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32...{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM...{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM...{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32...{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32...{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM...{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM...{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32...{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32...{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.28.29334 (HKLM-x32...{b2d0f752-adc5-496e-8f70-8669de01f746}) (Version: 14.28.29334.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32...{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.28.29334 (HKLM-x32...{14C49FC8-3E9B-4F29-8526-26629B5CF30B}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.28.29334 (HKLM-x32...{0D01A812-82A1-481F-8546-8E28E976F8DF}) (Version: 14.28.29334 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM...{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM...{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM...{7C0242A3-8B66-35D1-9FE0-13B426ACB609}) (Version: 10.0.60729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio Code (User) (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...{771FD6B0-FA20-440A-A002-3B3BAC16DC50}_is1) (Version: 1.86.0 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.4 (x64) (HKLM...{A04C83D6-2FC0-4F09-9166-E870E5A9E168}) (Version: 40.16.29817 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.4 (x64) (HKLM-x32...{ff817559-f11f-4faa-af52-26feb4b46fff}) (Version: 5.0.4.29817 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 5.0.4 (x86) (HKLM-x32...{0F1B4D8B-545C-4C65-BA29-3F564C2F6915}) (Version: 40.16.29817 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 5.0.4 (x86) (HKLM-x32...{a83b07f3-e0e5-4402-87d4-3d1acf79c42a}) (Version: 5.0.4.29817 - Microsoft Corporation)
Microsoft Windows Desktop Runtime - 7.0.8 (x64) (HKLM...{3133BC55-90BD-4B87-82A2-6670B3CAFB81}) (Version: 56.35.63153 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 7.0.8 (x64) (HKLM-x32...{d260fcb6-95b8-4c81-8e07-ce75876ffca2}) (Version: 7.0.8.32619 - Microsoft Corporation)
Minecraft Launcher (HKLM-x32...{810F1419-7760-402E-8772-B4054FAA2B72}) (Version: 1.0.0.0 - Mojang)
Nefarius Virtual Gamepad Emulation Bus Driver (HKLM...{93D91F60-7C94-4A79-863F-EA713D2EB3F3}) (Version: 1.17.333.0 - Nefarius Software Solutions e.U.)
Nextcloud (HKLM...{27596A6F-750F-4996-A5C2-A980522ED1C4}) (Version: 3.4.1.20211221 - Nextcloud GmbH)
Notion 2.0.47 (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\fcdf0d7f-424b-5f10-a1c7-a8f643f21adf) (Version: 2.0.47 - Notion Labs, Inc)
Notion 3.1.0 (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\661f0cc6-343a-59cb-a5e8-8f6324cc6998) (Version: 3.1.0 - Notion Labs, Inc)
NVIDIA GeForce Experience 3.20.2.34 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.20.2.34 - NVIDIA Corporation)
NVIDIA Grafiktreiber 456.71 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 456.71 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.19.0218 (HKLM...{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.19.0218 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM...{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10407.20032 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM...{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10407.20032 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM...{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.10407.20032 - Microsoft Corporation) Hidden
OnePlus USB Drivers 1.00 (HKLM-x32...\OnePlus USB Drivers 1.00) (Version: 1.00 - OnePlus, Inc)
OrcaSlicer (HKLM-x32...\OrcaSlicer) (Version: 1.8.0 - SoftFever)
Overwolf (HKLM-x32...\Overwolf) (Version: 0.242.0.12 - Overwolf Ltd.)
PDF24 Creator 11.8.0 (HKLM...{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.8.0 - PDF24.org)
PowerToys (Preview) (HKLM...{6F3910F2-DA29-490C-811F-D3691B134A61}) (Version: 0.77.0 - Microsoft Corporation) Hidden
PowerToys (Preview) x64 (HKLM-x32...{1aada4d0-ca73-4389-8f63-73923c771fd4}) (Version: 0.77.0 - Microsoft Corporation)
Prusa3D Version 2.5.0 (HKLM...\Prusa3D_is1) (Version: 2.5.0 - Prusa Research a.s.)
PrusaSlicer Version 2.5.0 (HKLM...\PrusaSlicer_is1) (Version: 2.5.0 - Prusa Research s.r.o.)
Qalculate! (HKLM...{F4803C78-0331-4EE2-9103-33FB0673E2D3}) (Version: 4.8.1 - Hanna Knutsson)
Raspberry Pi Imager (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\Raspberry Pi Imager) (Version: 1.7.5 - Raspberry Pi Ltd)
Recuva (HKLM...\Recuva) (Version: 1.53 - Piriform)
RogueKiller version 15.15.2.0 (HKLM...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 15.15.2.0 - Adlice Software)
SAP Crystal Reports runtime engine for .NET Framework (64-bit) (HKLM...{F9B436DD-8D48-430E-BA89-F85DFA452C55}) (Version: 13.0.9.1312 - SAP)
Snapmaker Luban 3.8.0 (HKLM...{4c329381-cbe6-5eac-8b35-1ff73ff2e943}) (Version: 3.8.0 - Snapmaker Dev Team)
Snapmaker Luban 4.4.0 (HKLM...\4c329381-cbe6-5eac-8b35-1ff73ff2e943) (Version: 4.4.0 - Snapmaker Dev Team)
SQLite ODBC Driver for Win64 (remove only) (HKLM-x32...\SQLite ODBC Driver for Win64) (Version: - )
Steam (HKLM-x32...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeighaX 4.00 (x64) (HKLM...{2AB65377-C672-498E-BE74-5C60CCFEAC5C}) (Version: 4.0.0 - Open Design Alliance)
Trackmania (HKLM-x32...\Uplay Install 5595) (Version: - Ubisoft)
Ubisoft Connect (HKLM-x32...\Uplay) (Version: 101.0 - Ubisoft)
UltiMaker Cura 5.3.1 (HKLM-x32...\UltiMaker Cura 5.3.1-5.3.1) (Version: 5.3.1 - UltiMaker)
VHDPlus IDE (64bit) (HKLM...{715CFA00-2211-47A2-AD88-87EC71B9564E}) (Version: 0.11.1.0 - VHDPlus)
Virtual-C IDE (HKLM...{59A5E95F-ABEA-48BF-B3AC-B9A78A17E144}) (Version: 2.2.2 - VirtualC)
VLC media player (HKLM...\VLC media player) (Version: 3.0.18 - VideoLAN)
Windows-PC-Integritätsprüfung (HKLM...{63EFBDB5-01B0-4614-BE9F-7F1908E42275}) (Version: 3.1.2109.29003 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM...{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WinSCP 6.1.1 (HKLM-x32...\winscp3_is1) (Version: 6.1.1 - Martin Prikryl)
Zoom (HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\ZoomUMX) (Version: 5.16.10 (26186) - Zoom Video Communications, Inc.)
[HEADING=1]Packages:[/HEADING]
Adobe Acrobat Reader → C:\Program Files\Adobe\Acrobat DC [2024-02-16] ()
Any Zip → C:\Program Files\WindowsApps\AnywaySoftInc.AnyZip_2.1.2.0_x64__0qkrc2qacwvfm [2024-02-28] (AnywaySoft, Inc.) [MS Ad]
Dev Home → C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1100.416.0_x64__8wekyb3d8bbwe [2024-02-24] (Microsoft Corporation)
HP Smart → C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_151.3.1092.0_x64__v10z8vjag6ke6 [2024-02-28] (HP Inc.)
Media Engine-Add-On für Fotos → C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-03-29] (Microsoft Corporation)
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2024-02-28] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML → C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2024-02-28] (Microsoft Corporation) [MS Ad]
Microsoft Family → C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-14] (Microsoft Corp.)
Microsoft Teams (work or school) → C:\Program Files\WindowsApps\MSTeams_24004.1309.2689.2246_x64__8wekyb3d8bbwe [2024-03-01] (Microsoft) [Startup Task]
Microsoft.AV1VideoExtension → C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.61781.0_x64__8wekyb3d8bbwe [2023-08-17] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS → C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-01-10] (Microsoft Corporation)
NVIDIA Control Panel → C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj [2023-04-20] (NVIDIA Corp.)
PowerToys ImageResizer Context Menu → C:\Program Files\PowerToys [2024-02-03] (Microsoft)
PowerToys PowerRename Context Menu → C:\Program Files\PowerToys\WinUI3Apps [2024-02-03] (Microsoft)
Prime Video for Windows → C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.153.0_x64__pwbj9vvecjh7j [2024-01-13] (Amazon Development Centre (London) Ltd)
Samsung Account → C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungAccount_1.23.12130.0_x64__3c1yjt4zspk6g [2024-01-13] (Samsung Electronics Co. Ltd.)
Samsung Notes → C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungNotes_4.3.239.0_x64__wyx1vj98g3asy [2024-02-06] (Samsung Electronics Co, Ltd.) [Startup Task]
Solitaire & Casual Games → C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.19.1262.0_x64__8wekyb3d8bbwe [2024-02-29] (Microsoft Studios) [MS Ad]
Spotify Music → C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0 [2024-02-29] (Spotify AB) [Startup Task]
WhatsApp → C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2407.10.0_x64__cv1g1gvanyjgm [2024-02-28] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack → C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-02-14] (Microsoft Corporation)
WinZipComputing.WinZipDesktopSubscription → C:\Program Files\WindowsApps\WinZipComputing.WinZipDesktopSubscription_76.5.15635.0_x64__3ykzqggjzj4z0 [2023-10-08] (WinZip Computing) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{04271989-C4D2-AE62-65FD-0434D8A5067B} → [OneDrive - haw-hamburg.de] => D:\OneDrive - haw-hamburg.de [2021-10-28 13:10]
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{10144713-1526-46C9-88DA-1FB52807A9FF}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.SvgThumbnailProviderCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{13357088-9834-0409-1600-134951500000}\localserver32 → C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. → Adobe)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 → C:\Users\eiko-\AppData\Local\Microsoft\TeamsMeetingAddin\1.23.35502\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{38142727-3008-9161-1521-349515000000}\localserver32 → C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. → Adobe)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{38398caf-42a4-4800-b39a-6721ecbcf0e4} → [Nextcloud - Eiko@192.168.100.220] => C:\Users\eiko-\Nextcloud2 [2022-05-02 17:15]
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{5ea9a442-5352-ed6e-d37f-9d511e7e2caa}\localserver32 → C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{60789D87-9C3C-44AF-B18C-3DE2C2820ED3}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.MarkdownPreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{729B72CD-B72E-4FE9-BCBF-E954B33FE699}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.QoiPreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{77257004-6F25-4521-B602-50ECC6EC62A6}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.StlThumbnailProviderCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{80172dde-4e20-4df0-81a2-0a48553e80bb}\localserver32 → C:\Users\eiko-\AppData\Local\NhNotifSys\nahimic\nahimicNotifSys.exe (A-Volute SAS → A-Volute)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{84696c5b-1f1c-44ab-ac43-c9c6ce85c2dc} → [Nextcloud - Eiko@192.168.100.220] => C:\Users\eiko-\Nextcloud
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{A0257634-8812-4CE8-AF11-FA69ACAEAFAE}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.GcodePreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{AD856B15-D25E-4008-AFB7-AFAA55586188}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.QoiThumbnailProviderCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{C4F0910E-E0B4-4E68-8086-452730C7A26A}\InprocServer32 → C:\Users\eiko-\AppData\Local\Autodesk\webdeploy\production\b0c303e70bd97cfdc195adab65922cfeffcb363a\NPreview10.dll (Autodesk, Inc. → )
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 → C:\Users\eiko-\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{D8034CFA-F34B-41FE-AD45-62FCBB52A6DA}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.MonacoPreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{F2847CBE-CD03-4C83-A359-1A8052C1B9D5}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.GcodeThumbnailProviderCpp.dll (Microsoft Corporation → Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001_Classes\CLSID{FCDD4EED-41AA-492F-8A84-31A1546226E0}\InprocServer32 → C:\Program Files\PowerToys\PowerToys.SvgPreviewHandlerCpp.dll (Microsoft Corporation → Microsoft Corporation)
ShellIconOverlayIdentifiers: [ NextcloudError] → {E0342B74-7593-4C70-9D61-22F294AAFE05} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudOK] → {E1094E94-BE93-4EA2-9639-8475C68F3886} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudOKShared] → {E243AD85-F71B-496B-B17E-B8091CBE93D2} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudSync] → {E3D6DB20-1D83-4829-B5C9-941B31C0C35A} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudWarning] → {E4977F33-F93A-4A0A-9D3C-83DEA0EE8483} => C:\Program Files\Nextcloud\shellext\NCOverlays.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ContextMenuHandlers2: [FileLocksmithExt] → {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2024-01-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers3: [FileLocksmithExt] → {84D68575-E186-46AD-B0CB-BAEB45EE29C0} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.FileLocksmithExt.dll [2024-01-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-28] (Malwarebytes Inc. → Malwarebytes)
ContextMenuHandlers3: [NextcloudContextMenuHandler] → {BC6988AB-ACE2-4B81-84DC-DC34F9B24401} => C:\Program Files\Nextcloud\shellext\NCContextMenu.dll [2021-12-21] (Nextcloud GmbH → Nextcloud GmbH)
ContextMenuHandlers3: [PowerRenameExt] → {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2024-01-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers4: [RecuvaShellExt] → {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED → Piriform Software Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] → {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvshext.dll [2020-10-07] (NVIDIA Corporation → NVIDIA Corporation)
ContextMenuHandlers5: [PowerRenameExt] → {0440049F-D1DC-4E46-B27B-98393D79486B} => C:\Program Files\PowerToys\WinUI3Apps\PowerToys.PowerRenameExt.dll [2024-01-05] (Microsoft Corporation → Microsoft Corporation)
ContextMenuHandlers6: [MBAMShlExt] → {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-02-28] (Malwarebytes Inc. → Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] → {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2023-06-02] (PIRIFORM SOFTWARE LIMITED → Piriform Software Ltd)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2019-06-19 10:25 - 2019-06-19 10:25 - 000209920 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\AacHal_x86.dll
2018-03-20 14:34 - 2018-03-20 14:34 - 000265728 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE RGB HAL\x86\SB_SMBUS_SDK.dll
2019-06-28 10:51 - 2019-06-28 10:51 - 000184832 _____ () [File not signed] C:\Program Files\ENE\Aac_ENE_EHD_M2_HAL\AacHal_x86.dll
2020-01-07 22:07 - 2020-01-07 22:05 - 000237568 _____ () [File not signed] D:\Programme\Dragon Center\Mystic_Light\LEDControl.dll
2020-01-09 18:18 - 2019-01-28 06:00 - 000254464 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNCALDL.DLL
2020-01-09 18:18 - 2019-01-10 05:00 - 001302016 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMLMDL.DLL
2020-01-07 22:07 - 2020-01-07 22:05 - 002200784 _____ (Dexin Corp → MICRO-STAR INTERNATIONAL) [File not signed] D:\Programme\Dragon Center\Mystic_Light\IcMSIDll.dll
2020-01-07 22:07 - 2020-01-07 22:07 - 002200784 _____ (Dexin Corp → MICRO-STAR INTERNATIONAL) [File not signed] D:\Programme\Dragon Center\Mystic_Light\Lib\IcMSIDll.dll
2019-11-15 10:53 - 2019-11-15 10:53 - 000090112 _____ (Silicon Laboratories, Inc.) [File not signed] D:\Programme\Corsair\CORSAIR iCUE Software\SiUSBXp.dll
2020-01-07 22:07 - 2020-01-07 22:07 - 000399872 _____ (TODO: <公司名稱>) [File not signed] D:\Programme\Dragon Center\Mystic_Light\Lib\SDKDLL.dll
2016-09-29 05:30 - 2016-09-29 05:30 - 000220160 _____ (WIBU-SYSTEMS AG) [File not signed] C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.lDe

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:CM_2a732c3f1e3eb40b63fe062d0180f157c71684af0a0442ab953224075801bb78 [74]
AlternateDataStreams: C:\Windows:CM_bf41c588bad5a092a453669c0d3c66d1ec2c072fbf5c15cc6acda24c9e4d0955 [74]
AlternateDataStreams: C:\Users\eiko-\Desktop\RogueKiller_setup.exe:MBAM.Zone.Identifier [187]
AlternateDataStreams: C:\Users\eiko-\Desktop\ZHPSuite.exe:MBAM.Zone.Identifier [77]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => “”=“Service”
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => “”=“Service”

==================== Association (Whitelisted) =================

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Software\Classes\regfile: <==== ATTENTION

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper → {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} → C:\Program Files\Java\jre-1.8\bin\ssv.dll [2023-12-19] (Oracle America, Inc. → Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper → {DBC80044-A445-435b-BC74-9C25C1C588A9} → C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll [2023-12-19] (Oracle America, Inc. → Oracle Corporation)
BHO-x32: Skype for Business Browser Helper → {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-03-08] (Microsoft Corporation → Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper → {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} → C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2024-01-13] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-22] (Microsoft Corporation → Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\localhost → localhost
IE trusted site: HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\sharepoint.com → hxxps://hawhamburgde-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-03-19 05:49 - 2024-02-28 16:35 - 000000027 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\Path → C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Windows\System32\OpenSSH;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;%SYSTEMROOT%\System32\OpenSSH;C:\Program Files\dotnet;C:\Program Files (x86)\dotnet;C:\Program Files\Crucial\Crucial Storage Executive;C:\Program Files\Git\cmd
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001\Control Panel\Desktop\Wallpaper → C:\Users\eiko-\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\15248146012458418531\133536187855421893.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM...\StartupApproved\StartupFolder: => “WinZip Preloader.lnk”
HKLM...\StartupApproved\StartupFolder: => “CodeMeter Control Center.lnk”
HKLM...\StartupApproved\Run: => “PDF24”
HKLM...\StartupApproved\Run32: => “CORSAIR iCUE Software”
HKLM...\StartupApproved\Run32: => “IJNetworkScannerSelectorEX2”
HKLM...\StartupApproved\Run32: => “CanonQuickMenu”
HKLM...\StartupApproved\Run32: => “PDFPrint”
HKLM...\StartupApproved\Run32: => “GatewaySysTray”
HKLM...\StartupApproved\Run32: => “CODESYSControlSysTray”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\StartupFolder: => “An OneNote senden.lnk”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “OneDrive”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “Steam”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “Discord”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “Overwolf”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “Nextcloud”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “MicrosoftEdgeAutoLaunch_322C183E72E821C8032805843FDA8DCC”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “com.squirrel.Teams.Teams”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “RiotClient”
HKU\S-1-5-21-1421055718-2087356316-1872245878-1001...\StartupApproved\Run: => “EpicGamesLauncher”

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{DC38C056-7BC6-402C-8C7E-0D09D1A7B84F}] => (Block) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [{81AACDE4-9800-490D-B67E-F513665C9918}] => (Block) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [UDP Query User{AD788EA4-4AC7-4DEB-AD15-60BB29596564}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [TCP Query User{92CF064D-57DB-46A0-9AFF-4D88B7A620E5}C:\program files\crucial\crucial storage executive\java\bin\javaw.exe] => (Allow) C:\program files\crucial\crucial storage executive\java\bin\javaw.exe
FirewallRules: [UDP Query User{0F4A798B-5889-4F92-9609-5A18A87BE9D1}D:\programme\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) D:\programme\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [TCP Query User{5BDA5EB0-9575-4832-80AC-C853FD95A948}D:\programme\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Block) D:\programme\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{8330EB73-AB1C-41CA-9755-39A390E36176}D:\programme\freefilesync\bin\freefilesync_x64.exe] => (Allow) D:\programme\freefilesync\bin\freefilesync_x64.exe (Florian BAUER → FreeFileSync.org)
FirewallRules: [TCP Query User{8D7F5CE9-0C93-4AA4-A37F-7964AA9BAD77}D:\programme\freefilesync\bin\freefilesync_x64.exe] => (Allow) D:\programme\freefilesync\bin\freefilesync_x64.exe (Florian BAUER → FreeFileSync.org)
FirewallRules: [{2B27175F-CF4D-4A4F-AD7D-65A0B35F8935}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{E1B86E19-0D33-4630-8FF7-277C68AABBFC}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{6B3EADBD-3708-4F4B-9EF5-06BA20CE694F}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{F4CFF23C-172A-431D-B83E-990FD7F8C7F4}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [UDP Query User{043ECEF8-8109-40B8-84AD-19CFAE5B6E76}D:\programme\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) D:\programme\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [TCP Query User{BE6CA684-F767-440E-B229-7C99913C3337}D:\programme\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) D:\programme\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{65184F1F-8F38-4CE4-AA73-22C8F93537CB}D:\programme\install\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\programme\install\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{FCBF3D6D-D1A2-497A-AC73-647AAF1DA470}D:\programme\install\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\programme\install\runtime\jre-x64\bin\javaw.exe
FirewallRules: [{38F4B99D-25BE-4655-9C28-43100D3F530D}] => (Allow) C:\Users\eiko-\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{055487D4-80A4-4764-B807-1424EE5FD5F4}] => (Allow) D:\Programme\Ubisoft Game Launcher\games\Anno 1800\Bin\Win64\Anno1800.exe (UBISOFT ENTERTAINMENT INC. → Ubisoft)
FirewallRules: [{9512345D-6394-465C-8E3B-5F33DE5EC10B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{C675973E-8322-4C2C-97EB-5D07079A99F0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{D1330097-8553-48E2-BFE5-3EEEB543BB39}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{287A857D-70DA-42BB-BFF6-F454D73B29F5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{45AE92CD-EA04-4379-8578-613E0030B301}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{91039128-6EF6-4727-9C42-C448B4C5D10F}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Mythology\AoMX.exe (Microsoft Corp) [File not signed]
FirewallRules: [{6B4D91F0-7455-4AC3-884B-98C1803A6167}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Mythology\AoMX.exe (Microsoft Corp) [File not signed]
FirewallRules: [{EBF76231-D441-433F-8DAD-7CDFC8468D3E}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Mythology\Launcher.exe (TODO: ) [File not signed]
FirewallRules: [{217F66B7-11A6-4DFD-80CC-B6D79F5CEC18}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Mythology\Launcher.exe (TODO: ) [File not signed]
FirewallRules: [{DFC0EB80-5C53-4CFD-B783-86F6FE6C8D24}] => (Allow) D:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{E9B135D1-5AEC-4E80-9760-758BC2ED25E5}] => (Allow) D:\Programme\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{DBA546C7-062E-4537-BBAC-803DDD3D6A7E}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC → Futuremark)
FirewallRules: [{7387F38A-6876-49EC-B2B0-9E71D96ECC72}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\3DMarkLauncher.exe (FUTUREMARK INC → Futuremark)
FirewallRules: [{9A7F8F80-CAB5-4216-8F4E-483D2684F91B}] => (Allow) D:\Programme\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{C6BB91F1-1D99-4F69-A490-B20D99D436CF}] => (Allow) D:\Programme\Steam\Steam.exe (Valve Corp. → Valve Corporation)
FirewallRules: [{C41D44F6-ED97-461A-AA06-94A5A39A07A1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{5976B0C1-5ACC-4485-BDA9-EEA8754EEE6F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{6E369597-3084-4050-B043-600D6ABA1FB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{C66A0230-400B-493A-8C1B-F00C17D1BEF2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{F871D8FB-3F4D-421D-AAE3-9F6B20048843}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [{454E7A75-1C3C-4DFD-8207-0E864B2F1ABA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation → NVIDIA Corporation)
FirewallRules: [TCP Query User{D4BA32A3-FDF4-4C07-BC62-83B179C6506E}D:\programme\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\programme\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [UDP Query User{936F2D13-DF5E-458B-A955-851D5B4FB563}D:\programme\minecraft\runtime\jre-x64\bin\javaw.exe] => (Allow) D:\programme\minecraft\runtime\jre-x64\bin\javaw.exe
FirewallRules: [TCP Query User{CCA06AF5-66CF-4F13-AB71-F9C39825990B}D:\programme\arduino\java\bin\javaw.exe] => (Allow) D:\programme\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{2AA2A08E-9AD4-4EB0-B55E-469CDF39360F}D:\programme\arduino\java\bin\javaw.exe] => (Allow) D:\programme\arduino\java\bin\javaw.exe
FirewallRules: [{495F5E7C-5384-436C-B273-A178C723B2DD}] => (Allow) D:\Programme\Ubisoft Game Launcher\games\Trackmania\trackmania.exe (NADEO SASU → Nadeo)
FirewallRules: [{F362C656-6E2B-41BC-BFBB-8CE01081C3C5}] => (Allow) D:\Programme\Ubisoft Game Launcher\games\Trackmania\trackmania.exe (NADEO SASU → Nadeo)
FirewallRules: [TCP Query User{35E3D4E4-4F09-440B-AB5B-45B905483E2C}C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [UDP Query User{B757C28E-7F67-4FC1-A65A-A42EB464EA26}C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{2E361E33-CE02-4280-9B42-54AA9EA954D8}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{E46CE610-C8BD-47B6-8BD8-6F88F29BF20A}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x86\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{CE0A55A3-B0F5-40D0-A062-62FBE8739C3C}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{C7F1E4E8-58A9-43F1-AA76-79CECBD2D03F}] => (Allow) D:\Programme\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe (Underwriters Laboratories Inc. → )
FirewallRules: [{2AB7E746-53EB-4DAD-9654-236D5600CAD2}] => (Allow) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.EXE (Logitech Inc → Logitech, Inc.)
FirewallRules: [{3268EFBE-4C81-49C9-AD48-EDC3335758F9}] => (Allow) C:\Users\eiko-\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{7D17E545-BF8E-4FA8-A01A-08972AEF9CBB}] => (Allow) C:\Users\eiko-\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [{80574D36-E00A-4A9A-8191-87D405ED45C3}] => (Allow) C:\Users\eiko-\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. → Zoom Video Communications, Inc.)
FirewallRules: [TCP Query User{75C4C195-B5F7-4632-8014-53F1FCE8B0ED}C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [UDP Query User{0A70D895-87A9-4B9C-82F2-97CFA3FC0A7F}C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\eiko-\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{FF239137-D032-45F6-B263-143C815C103C}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Empires IV\RelicCardinal.exe (RELIC ENTERTAINMENT, INC. → Relic Entertainment)
FirewallRules: [{8F25C6C8-5F22-43F1-AD9A-25875FCB0E98}] => (Allow) D:\Programme\Steam\steamapps\common\Age of Empires IV\RelicCardinal.exe (RELIC ENTERTAINMENT, INC. → Relic Entertainment)
FirewallRules: [TCP Query User{306288FF-4DE5-4EB1-8866-D00FE9C273A8}D:\programme\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\programme\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{EC39A673-930D-49EC-9135-9B866A1A0033}D:\programme\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) D:\programme\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{17BBF18F-A806-495E-93D3-6C38E8158BD2}D:\programme\arduino\java\bin\javaw.exe] => (Allow) D:\programme\arduino\java\bin\javaw.exe
FirewallRules: [UDP Query User{4CCC7730-F912-4056-BBA6-F50BE4F9EE6A}D:\programme\arduino\java\bin\javaw.exe] => (Allow) D:\programme\arduino\java\bin\javaw.exe
FirewallRules: [{F0B59BBA-FB70-48B0-8CF3-9153EF7B7BC3}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG)
FirewallRules: [{3D58B04D-AFD0-4482-A115-7571E50C4558}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG)
FirewallRules: [{08D56A1D-3837-4F57-90CF-849116B7E206}] => (Allow) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG → WIBU-SYSTEMS AG)
FirewallRules: [{5B29FA0B-29F5-416D-ABB2-290897BC05FA}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\CODESYS.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{015A8D3D-F40C-4BB5-A5A7-74AA118AAD76}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\CODESYS.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{475F8A65-BC13-4BB3-A1EA-1FF2C99EC3C5}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\CODESYS.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{395F3D88-3380-4201-873C-014EC07E72EE}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\CODESYS.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{15ECB879-60C4-42F4-94BE-66A38BB6CC48}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\RepTool.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{E3B1E9C9-200D-465E-AD9C-622FDA031CF3}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\RepTool.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{9BAB2765-B9DE-4A99-8182-1B1981DC23B1}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\RepTool.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{8B99EB7C-E07A-4126-B1D6-52FF044E7862}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\RepTool.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{CBB56258-647F-4608-8384-296265CCADBB}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\IPMCLI.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{99C74BD9-106E-4CD6-A6C5-0E39F9097B6D}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\IPMCLI.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{2937A2BD-18E2-46CB-A6F2-83A475A1BF2D}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\IPMCLI.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{D6ED8DD3-E2F1-4B55-95B0-16309EE0B082}] => (Allow) C:\Program Files (x86)\3S CODESYS\CODESYS\Common\IPMCLI.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{AA40FF9F-72BC-42D8-A8C0-D330563CE228}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{F2BD632C-2FA0-4AAC-9024-26D7A1A99CEC}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{91238EAC-87E7-4297-9329-E302BE237483}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{FFE70F5B-1EAA-4C55-954C-E763DCD1E0B1}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\GatewayService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{CEE39792-4A68-4970-8615-FEBA29CF7019}] => (Allow) C:\Windows\SysWOW64\Gateway.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{6B8FB6D7-1CFB-412D-9CF5-23706446F401}] => (Allow) C:\Windows\SysWOW64\Gateway.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{DD5D6F82-F8CD-45DF-8BCD-4B52EE5C701F}] => (Allow) C:\Windows\SysWOW64\Gateway.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{C0A7C768-654B-46F7-AA9E-6D111B46F844}] => (Allow) C:\Windows\SysWOW64\Gateway.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{EC09C64B-FC0B-4DB8-8905-631E7C445096}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{3E8FC8EC-4359-4FAB-9653-F65D906A650A}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{B852E5C9-F6BA-4C97-9785-569D1E33A681}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{D80E72AE-7250-42D7-846D-0FA9AA12ACE8}] => (Allow) C:\Windows\SysWOW64\GatewayDDE.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{B8951E4A-334B-4072-8C39-BED285225477}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{464A1A85-0515-435B-9086-C2EF53D93886}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{67625BC9-F345-4610-8730-700695486F99}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [{5C710ECE-9777-4488-9D5E-CB7990EE78AA}] => (Allow) C:\Program Files (x86)\3S CODESYS\GatewayPLC\CODESYSControlService.exe (3S-Smart Software Solutions GmbH → 3S-Smart Software Solutions GmbH)
FirewallRules: [TCP Query User{5286CD36-1CA4-4B8A-BFA6-9CCB2E7B2A50}C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe] => (Allow) C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe () [File not signed]
FirewallRules: [UDP Query User{E0515BBA-3DB8-46D5-B642-49EA0C99180B}C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe] => (Allow) C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe () [File not signed]
FirewallRules: [{F2FEF788-42EB-4946-BE43-66B4627CB7E6}] => (Block) C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe () [File not signed]
FirewallRules: [{AF9965FD-F81F-44F1-AF57-9CC445DD513F}] => (Block) C:\program files\ultimaker cura 5.3.1\ultimaker-cura.exe () [File not signed]
FirewallRules: [TCP Query User{68E6CF3C-38A7-4EB9-96CC-F84EFFE857A4}C:\program files\orcaslicer\orca-slicer.exe] => (Allow) C:\program files\orcaslicer\orca-slicer.exe (SoftFever) [File not signed]
FirewallRules: [UDP Query User{4A6434BA-95EE-4311-802B-664A774B682E}C:\program files\orcaslicer\orca-slicer.exe] => (Allow) C:\program files\orcaslicer\orca-slicer.exe (SoftFever) [File not signed]
FirewallRules: [TCP Query User{58C3F345-F0B7-4F88-B4FB-7D5FB56FF212}C:\program files\altium\ad23\x2.exe] => (Allow) C:\program files\altium\ad23\x2.exe (Altium LLC → Altium LLC)
FirewallRules: [UDP Query User{E6831222-A353-4556-8C88-C187BBE6FB54}C:\program files\altium\ad23\x2.exe] => (Allow) C:\program files\altium\ad23\x2.exe (Altium LLC → Altium LLC)
FirewallRules: [TCP Query User{B658F0F2-0674-4EAF-97A3-24F9862C0969}C:\program files\logisim-evolution\logisim-evolution.exe] => (Allow) C:\program files\logisim-evolution\logisim-evolution.exe () [File not signed]
FirewallRules: [UDP Query User{82C35AEA-279C-4D8D-BE9A-1141D3EB63BD}C:\program files\logisim-evolution\logisim-evolution.exe] => (Allow) C:\program files\logisim-evolution\logisim-evolution.exe () [File not signed]
FirewallRules: [{607F91DD-70EF-4778-A667-37E964C97E6C}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24004.1403.2634.2418_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{4E963323-DBE0-4EB8-BE46-948D296EF8C5}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24004.1403.2634.2418_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{AD6D52A6-184E-4609-A83F-3B1BFDE17A5D}] => (Allow) C:\Program Files\PowerToys\PowerToys.MouseWithoutBorders.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{5FD1FC2C-9153-4A41-A69D-61626F835630}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{ADFA4932-EA8F-4E46-AAAE-E58B935BE380}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{79068DF1-AF19-45E5-8157-7A928B4CB6D4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{87149421-DD07-4E19-9819-17347BB6C14A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.113.3210.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl → Skype Technologies S.A.)
FirewallRules: [{08C12255-4807-4EA2-B22B-5987EF309E67}] => (Allow) D:\Programme\Steam\steamapps\common\Supermarket Simulator\Supermarket Simulator.exe () [File not signed]
FirewallRules: [{CE7704F2-FF6A-484C-A27E-40464706FE3A}] => (Allow) D:\Programme\Steam\steamapps\common\Supermarket Simulator\Supermarket Simulator.exe () [File not signed]
FirewallRules: [{D852E223-3EF6-4721-BF19-6272F579654F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{19D9484A-641B-45B8-B664-A9C371F01661}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{689D3F45-EE85-48AF-8302-A98FEB500ABC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{8E5064E6-A832-42FF-B94D-F2C1C77EB730}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{DA8157EF-5A48-45D9-9F37-342773C8472F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{35BF3957-EA38-4892-A47D-A78804388403}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{48E1678E-D52E-43C2-8FE4-5DC3EE9E5432}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{DFD79D3E-4338-4EEA-999C-528A5CAC8483}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{C172A26F-78BB-48C2-BD26-EA96E4822135}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{0E857EA6-A4E5-4ED8-9C54-64D13821B44E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.232.997.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF → Spotify Ltd)
FirewallRules: [{B837D140-10B7-4DDF-8269-D941A4CAF4D9}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.59\msedgewebview2.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{B2A138D0-F9E4-4698-9DD1-1EB7C7AD2D8A}] => (Allow) D:\Programme\Overwolf\0.242.0.11\OverwolfBrowser.exe => No File
FirewallRules: [{415602F8-E1B7-4ABF-9E7D-6815C6D59696}] => (Allow) D:\Programme\Overwolf\0.242.0.11\OverwolfBrowser.exe => No File
FirewallRules: [{45244B3F-8373-4486-A556-B3E76E3EECE6}] => (Block) D:\Programme\Overwolf\0.242.0.11\OverwolfBrowser.exe => No File
FirewallRules: [{DA1A8918-44D1-4DA1-A159-037A7957C8FC}] => (Block) D:\Programme\Overwolf\0.242.0.11\OverwolfBrowser.exe => No File
FirewallRules: [{A7F73065-A310-4FA7-B8E8-AC28FEC462BB}] => (Allow) D:\Programme\Overwolf\0.241.0.10\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{53BE1FB6-6D7C-4016-9BE9-ACA17B30CAD8}] => (Allow) D:\Programme\Overwolf\0.241.0.10\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{AE99B29D-2626-46F7-9F22-501881F2E445}] => (Block) D:\Programme\Overwolf\0.241.0.10\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{B47387AD-2143-488F-B24F-E00E7DE32978}] => (Block) D:\Programme\Overwolf\0.241.0.10\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{0DC44328-1923-4AF2-867A-25D5C7ECE9F7}] => (Allow) D:\Programme\Overwolf\0.242.0.12\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{4037986D-C99D-4775-8AFC-BF55CE36CAC9}] => (Allow) D:\Programme\Overwolf\0.242.0.12\OverwolfBrowser.exe (Overwolf Ltd → Overwolf LTD)
FirewallRules: [{C4E667EE-64CF-4F90-8CDD-2183265666FE}] => (Allow) D:\Programme\Steam\steamapps\common\Farming Simulator 22\x64\FarmingSimulator2022Game.exe (GIANTS Software GmbH → GIANTS Software GmbH)
FirewallRules: [{5AFEC480-363F-4323-AD7C-DCBDFE540457}] => (Allow) D:\Programme\Steam\steamapps\common\Farming Simulator 22\x64\FarmingSimulator2022Game.exe (GIANTS Software GmbH → GIANTS Software GmbH)
FirewallRules: [{F8ACB089-BB54-45B0-B751-BD5AF952905C}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24004.1309.2689.2246_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{3E606B86-BD68-4A44-8CEC-7E0105D17D00}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24004.1309.2689.2246_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation → Microsoft Corporation)
FirewallRules: [{3DE411ED-C84C-4DFD-BF00-CDAA974F85F4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC → Google LLC)
FirewallRules: [{58963355-4A3E-44B9-9C42-5E84E86DFC04}] => (Allow) LPort=26820
FirewallRules: [{5D09B55C-3DD2-4CFA-906F-0AA480ADEC0C}] => (Allow) LPort=26822
DomainProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe] => Enabled:CodeMeter Runtime Server

==================== Restore Points =========================

04-03-2024 09:53:42 Windows Update
04-03-2024 09:53:42 Windows Update

==================== Faulty Device Manager Devices ============

Name: Phantom TAP-Windows Adapter V9
Description: Phantom TAP-Windows Adapter V9
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Phantom TAP-Windows Provider V9
Service: phantomtap
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the “General Properties” tab of the device, click “Troubleshoot” to start the troubleshooting wizard.
Click “Uninstall”, and then click “Scan for hardware changes” to load a usable driver.

==================== Event log errors: ========================
[HEADING=1]Application errors:[/HEADING]
Error: (03/04/2024 10:53:00 AM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Das Programm SecHealthUI.exe Version 10.0.22621.1 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.

Error: (03/04/2024 09:39:26 AM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Das Programm SecHealthUI.exe Version 10.0.22621.1 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.

Error: (03/04/2024 09:31:16 AM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Das Programm SecHealthUI.exe Version 10.0.22621.1 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.

Error: (03/04/2024 09:27:40 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-OSDJ7D2$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Mon, 04 Mar 2024 08:27:40 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 7eb7b5f7-8af1-4563-bce4-bf880b8ef476

Methode: GET(172ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (03/04/2024 09:27:40 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Mon, 04 Mar 2024 08:27:39 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: b934cea6-7e3d-4b98-b0d2-77e9be58f481

Methode: GET(234ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (03/04/2024 09:19:29 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-OSDJ7D2$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Mon, 04 Mar 2024 08:19:28 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: d47bfd28-5a72-4e73-94bd-6f4c24152a3c

Methode: GET(172ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (03/04/2024 09:19:29 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für Lokales System über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Mon, 04 Mar 2024 08:19:28 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: daeb0517-ccc6-49da-84c0-2cca60b6f596

Methode: GET(1125ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)

Error: (03/04/2024 09:13:22 AM) (Source: CertEnroll) (EventID: 86) (User: NT-AUTORITÄT)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-OSDJ7D2$ über https://AMD-KeyId-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps
GetCACaps: Not Found
{“Message”:“The authority "amd-keyid-907d65e9b562315997dd5ad086b2b7598957b92c.microsoftaik.azure.net" does not exist.”}
HTTP/1.1 404 Not Found
Date: Mon, 04 Mar 2024 08:13:22 GMT
Content-Length: 121
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
x-ms-request-id: 36399955-7eba-4cf6-be3a-7fb95e44f36b

Methode: GET(172ms)
Phase: GetCACaps
Nicht gefunden (404). 0x80190194 (-2145844844 HTTP_E_STATUS_NOT_FOUND)
[HEADING=1]System errors:[/HEADING]
Error: (03/04/2024 11:47:06 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OSDJ7D2)
Description: Der Server “Windows.Gaming.GameBar.PresenceServer.Internal.PresenceWriter” konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (03/04/2024 11:44:37 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200b fehlgeschlagen: Security Intelligence-Update für Microsoft Defender Antivirus – KB2267602 (Version 1.405.1022.0) – Aktueller Kanal (Allgemein)

Error: (03/04/2024 11:44:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst “Microsoft Defender Antivirus-Dienst” wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.

Error: (03/04/2024 11:00:02 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OSDJ7D2)
Description: Der Server “{A2A6D7C6-ECBD-439E-9244-9E784608439F}” konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (03/04/2024 10:58:02 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OSDJ7D2)
Description: Der Server “{CC66E708-C687-42EA-806E-83D41C9D1A5F}” konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (03/04/2024 10:56:02 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OSDJ7D2)
Description: Der Server “{470B9B9B-0E95-4963-B265-5D58E5808C3D}” konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (03/04/2024 10:54:02 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-OSDJ7D2)
Description: Der Server “{434AEC1C-8583-45EC-B88F-750D6F380BC3}” konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (03/04/2024 10:03:36 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server “{470B9B9B-0E95-4963-B265-5D58E5808C3D}” konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Windows Defender:
================Event[0]

Date: 2024-03-02 00:14:02
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren.
Security Intelligence versucht: Aktuell
Fehlercode: 0x80501102
Fehlerbeschreibung: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter “Hilfe und Support”.
Security Intelligence-Version: 1.405.757.0;1.405.757.0
Modulversion: 1.1.24010.10

Date: 2024-02-28 15:24:21
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.349.1208.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiSpyware
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18500.10
Fehlercode: 0x80072f8f
Fehlerbeschreibung: Es ist ein Sicherheitsfehler aufgetreten.

Date: 2024-02-28 15:24:21
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.349.1208.0
Update Source: Microsoft Center zum Schutz vor Schadsoftware
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\Netzwerkdienst
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18500.10
Fehlercode: 0x80072f8f
Fehlerbeschreibung: Es ist ein Sicherheitsfehler aufgetreten.

Date: 2024-02-28 15:24:20
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.349.1208.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18500.10
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.

Date: 2024-02-28 15:24:20
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.349.1208.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.18500.10
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.
[HEADING=1]CodeIntegrity:[/HEADING]
Date: 2024-03-04 15:32:14
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

BIOS: American Megatrends Inc. 1.B0 11/08/2019
Motherboard: Micro-Star International Co., Ltd. B450 GAMING PRO CARBON AC (MS-7B85)
Processor: AMD Ryzen 5 3600 6-Core Processor
Percentage of memory in use: 27%
Total physical RAM: 32716.52 MB
Available physical RAM: 23615.32 MB
Total Virtual: 34764.52 MB
Available Virtual: 22577.44 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:930.09 GB) (Free:665.62 GB) (Model: CT1000P3SSD8) NTFS
Drive d: (Speicher) (Fixed) (Total:894.24 GB) (Free:422.2 GB) (Model: Patriot Burst) NTFS
Drive e: (SSD Speicher) (Fixed) (Total:119.24 GB) (Free:119.15 GB) (Model: SAMSUNG MZVLW128HEGR-00000) NTFS
Drive x: () (Network) (Total:0 GB) (Free:0 GB)

\?\Volume{e5fef1f2-14bc-41e5-a2cb-6fec93bb4729}\ () (Fixed) (Total:0.52 GB) (Free:0.5 GB) NTFS
\?\Volume{41e65462-6f71-4c4a-9c2b-c5457b66e6f2}\ () (Fixed) (Total:0.69 GB) (Free:0.06 GB) NTFS
\?\Volume{9ac877f4-f51d-470b-8acb-437c47e286b7}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Protective MBR) (Size: 894.3 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt =======================
                                                          [/HEADING]

                                                            Comment

                                                            Previous 1 2 3 template Next
                                                            Working...

                                                              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                              I Agree