| |
| |||||||
Log-Analyse und Auswertung: Windows 10: Trojaner Tnega!MSR kommt immer wieder - Teil IWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
18.02.2021, 21:48
| #1 |
| |  Windows 10: Trojaner Tnega!MSR kommt immer wieder - Teil I Hallo, schön, dass es euch gibt. Ich bin mir sicher, ihr könnt mir helfen. Seit einigen Tagen findet bei mir Windows Sicherheit bei jedem Start des PCs folgenden Trojaner: TrojanDropper:Win64/Tnega!MSR Windows Sicherheit hat gemeldet, dass die Bedrohung blockiert wurde und ich habe jedes Mal auf "Aktionen" "entfernen" geklickt. Trotzdem kommt der Trojaner immer wieder. Bisher habe ich nur den Windows Defender genutzt. Logfile FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 17-02-2021 01
durchgeführt von Odfried (Administrator) auf GARFIELD (ASUS All Series) (18-02-2021 21:20:17)
Gestartet von C:\Users\Odfried\Downloads
Geladene Profile: Odfried
Platform: Windows 10 Pro Version 1909 18363.1379 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Idera, Inc. -> Embarcadero Technologies, Inc.) C:\Users\Odfried\AppData\Roaming\Odfried.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <24>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\NisSrv.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [snpstd3] => C:\WINDOWS\vsnpstd3.exe [835584 2007-05-10] (SONIX TECHNOLOGY CO. , LTD -> )
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-02] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [tsnpstd3] => C:\Windows\tsnpstd3.exe [270336 2007-04-21] () [Datei ist nicht signiert]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [PC Suite for Smartphones] => C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe [548864 2007-12-25] () [Datei ist nicht signiert]
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl) [Datei ist nicht signiert]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [P17RunE] => C:\Windows\SysWOW64\P17RunE.dll [14848 2008-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [OpenVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [643200 2017-09-26] (OpenVPN Technologies, Inc. -> )
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [Dropbox Update] => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [Opera Browser Assistant] => C:\Users\Odfried\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\Odfried\AppData\Local\WebEx\ciscowebexstart.exe [2499272 2021-02-05] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\RunOnce: [Odfried] => powershell -Win Hi -Command "$r = [Environment]::GetEnvironmentVariable('Odfried', 'User').split();$p=$r[0];$r[0]='';Start-Process $p -ArgumentList ($r -join ' ') -Win Hi" <==== ACHTUNG
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\MountPoints2: {05c6e8b7-6ae7-11e7-8ff3-f07959620f10} - "H:\ting.exe"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\MountPoints2: {3d6c9de4-5921-11e3-88e0-00219b0a9324} - "D:\ting.exe"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [38400 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\Environment: [Odfried] "powershell.exe" -windowstyle hidden -En "PAAjACAAdgBuAHYAZwBnAHcAaAB6AHQAIAAjAD4AJAB1AD0AJABlAG4AdgA6AFUAcwBlAHIATgBhAG0AZQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAxADMAMAAwADs (Der Dateneintrag hat 1261 mehr Zeichen). <==== ACHTUNG
RegKey: [HKU\S-1-5-21-2726028846-1901948702-833121358-1001\Software\Odfried] <==== ACHTUNG
RegKey: [HKU\S-1-5-21-2726028846-1901948702-833121358-1001\Software\Odfried1] <==== ACHTUNG
HKLM\...\Windows x64\Print Processors\Canon MG6100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAG.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [100352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6100 series: C:\Windows\system32\CNMLMAG.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\Windows\system32\hpz3llhn.dll [36352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\Windows\system32\hpz3lw71.dll [46080 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\Installer\chrmstp.exe [2021-02-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2015-08-10]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe (Buhl Data Service GmbH -> )
Startup: C:\Users\Odfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2021-02-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02F16EF5-DA89-4C74-9F91-B445DA3E783A} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {05FCEBC4-A202-409F-9F5C-66793028EB4F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0FA8CCB1-19BA-49E6-9775-501FA81B9ECE} - System32\Tasks\Opera scheduled Autoupdate 1554660614 => C:\Users\Odfried\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software)
Task: {11AF8D37-58C4-4EA5-8443-7FE8BC43950E} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe
Task: {12D27C9A-BE70-4026-A661-DE7D774D1FDA} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {16DF50F4-806C-4034-BF5B-C8D083C373A4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {18789C37-5759-4B90-8E98-84C109E73459} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {22DD9189-E11D-4663-B309-C3245CCD7825} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {237AC49C-DA6C-4E70-ACC5-7B68320C8B28} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {243A36D8-C397-4D18-A651-33C5D4D58FA0} - System32\Tasks\Opera scheduled assistant Autoupdate 1556059648 => C:\Users\Odfried\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Odfried\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {24635473-8EB8-411A-9325-9E7FE2779A9C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {24D34A48-3892-4B8E-9743-985D9C68924A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {27AA67FB-FE5D-4637-9E55-257F55BA18E0} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {2F6D73C1-E4F7-4341-A6AE-7F85E3CEAA8E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {36D1B2E5-EA06-40E8-A631-D8EE48A1CF7A} - System32\Tasks\{E40A1890-E2CC-4608-9D46-3AC5F98A605B} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {3D56BF8A-244B-4C77-93C9-B7B17DDF893F} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {3FDA2CC5-528C-49CC-94A5-F3AB1EA036AC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4081750C-925B-4545-95C4-2F857C231373} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {45EB8795-8535-422F-82AB-C36BCBFDFE1D} - \Microsoft\Windows\Setup\EOSNotify -> Keine Datei <==== ACHTUNG
Task: {465EB530-CC48-4D84-8129-4B220AEE6711} - System32\Tasks\{A60F6C2A-9D6F-46CF-97DC-5C4FE0E4B1A2} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {46E22D31-6554-488D-852F-CB1A361C50D8} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {47595455-0496-41A1-9B92-84F6EC0F9F2B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4B3C1AC7-62C5-46D0-8C1D-1EA96F241576} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {4CA78609-8915-4631-9236-CF4F0780F9F4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {4DAEA773-B9BE-428A-BE0F-05EA40B43037} - System32\Tasks\{1E1E9B51-1923-4F42-A29D-1A4772FE7542} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {511BDB6F-D447-4C31-B23A-372D09CC879A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5189F503-B5C4-4310-9357-E43F857F6A34} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {565B10CF-9FF9-43BD-8A7A-EC8E09511D72} - System32\Tasks\{EBF172FD-0BAA-42AF-88F2-9166E166AEB1} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5D22340B-4E4A-49E8-BB83-77823B58C717} - System32\Tasks\{76BEFD47-23C8-47B7-A1D9-0FD4EFE7201F} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {633B1526-1E3E-4431-9616-706DE6876574} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {657EC7F2-E145-402E-8DB4-8A64795B840B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-18] (Google Inc -> Google Inc.)
Task: {770D324A-DA2F-4F90-A3CB-9251B223B511} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {78D52AA8-0E3A-4B19-A6C2-CDC8C73AB176} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {83B1D6D6-CE7B-4C8D-B420-C3DA25B9B446} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001UA1d5d6e686e592d1 => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {844AD169-9956-4A09-B7AF-B23BF411E026} - System32\Tasks\Digital Sites => C:\Users\Odfried\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ACHTUNG
Task: {85D6AEEC-BD54-40B7-86EF-5F8E0C3830D5} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {88584F67-F850-4681-96FF-4B3DF5E1D43E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8AA5ADBC-1412-423F-91E3-3077D3DC2E34} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1134752 2014-03-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [Datei ist nicht signiert]
Task: {8CD52123-AF76-4018-959A-D57CF46FB158} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8F9D11D4-DB81-437E-B865-31E8BBB979EF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {918D1FBD-F26A-42F8-866F-21154646E19C} - System32\Tasks\{F4AC3217-7AA7-4DF2-866F-F6AA758A2B1B} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.59.124/de/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {97B4B1AA-14F5-4F6F-AE2C-221D976C6FEC} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [677344 2021-02-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {98997B55-CBCC-4230-ABF1-70A0B7F84F55} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A3FE64E2-40E8-4A99-B576-DC5C0632588E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A7F7D24E-64CB-485F-A927-936D664F4CBA} - System32\Tasks\{6AB72824-5BE2-4ED1-9D81-4BC62E506490} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {A9D85489-5A0A-4A6D-8B96-4A55E1635F82} - System32\Tasks\{662BE1F1-2EB0-49D4-B3DC-E8B861B34561} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {AEDBFB8E-8D04-4C15-9218-BBF3A4D61D7F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {B0AE2568-3D92-40AE-9FF2-3AC43CCA8226} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B1E811CC-575A-4452-9C20-F8BB40FF56EC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B218DDBC-F035-472C-A46D-8DC8CE24B112} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B2B53B78-00E4-468D-B90A-6D184568B2B0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B2BC6668-1903-48DC-A818-E6D2D1CDC918} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B3B7B085-3ABB-4131-9CA8-DDF7B9602E79} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B52E1054-CBAA-4186-8030-7241D19D8246} - \Microsoft\Windows\Setup\EOSNotify2 -> Keine Datei <==== ACHTUNG
Task: {B60D549B-FD6B-454A-BEFE-6929A10CBD90} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BA566C26-280D-4AE6-BA13-4DDB8CB0EEFB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD701784-6CBB-4B62-9C91-140066EEB9F7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BFDDF7E0-7363-4D50-8806-4E633D8E5BA3} - System32\Tasks\{B1B76516-D9B3-468D-A754-2E1B55C3989E} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {CA09EA7E-DCA4-4766-8C24-A33A9304AC3F} - System32\Tasks\{755E9608-94CD-4E91-B7DE-29DCEC3FA01D} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {D04CFDF6-EFA9-4A44-992E-E1BB36E508E1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D48B5812-B46E-4069-B2B7-2EBF5B632B26} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {D7EE41C8-9231-41C5-9A9D-86CBCD8F34F4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {DA7FD33A-A65A-4D7F-B775-F66E56B8BABD} - System32\Tasks\{9AE08988-8A99-4777-80FD-FB009CD6424A} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {DAA9A05C-5C19-402D-962B-A93139CCD392} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001Core1d5d6e686de6c49 => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {DB8AA674-A0AD-451E-94C0-A18A841A397B} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {DCEB16B9-FC07-4BFE-B66F-158EA7708F1C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E4899B01-B0F4-4695-BCEA-F9B8C655C5BE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {E5D8AD48-FFE4-4970-B39A-02CF85D1281B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E89DC814-B895-4D44-9915-14567BF9DC21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-18] (Google Inc -> Google Inc.)
Task: {EB1F8FC0-D572-40DD-BF85-47EA8D1B9C40} - System32\Tasks\{A1ECF503-D185-4A59-BC6C-B2C1AD3F6C18} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {ECD8C33D-8C4C-4A76-AB31-809F1AFC5995} - System32\Tasks\{8D406AE9-20B6-410C-826C-6FFA1E851313} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {ED19018D-65D5-49A5-86DD-F27C47FF5B97} - System32\Tasks\{202118AC-06CA-4AA7-8A0C-2DEF6AB0437E} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {EE7762D2-A6F1-4B6E-BF19-71419769D68C} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
Task: {F00B6CD5-62A6-4012-A3A5-E1264B85C382} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F044645E-4034-41C9-A2CB-389B653EEEA2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {F1A53E80-3616-4324-BFDE-199889475F5E} - System32\Tasks\{94182C64-7217-48F2-9968-DCC433EC4249} => C:\Windows\system32\pcalua.exe -a "D:\Documents\!Gym\!01 zu sortieren\!NEU - CD Kopien vom IGV\Klett\Mediothek\Menschenkunde III\SETUP.EXE" -d "D:\Documents\!Gym\!01 zu sortieren\!NEU - CD Kopien vom IGV\Klett\Mediothek\Menschenkunde III"
Task: {F7BB771D-81D7-4997-8FAD-B6643946B176} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\Odfried\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ACHTUNG
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001Core1d5d6e686de6c49.job => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001UA1d5d6e686e592d1.job => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6680B1A0-F27B-4FB0-B8A7-2007C656A238}: [DhcpNameServer] 10.16.1.1 10.16.1.1
Tcpip\..\Interfaces\{94625661-2794-475A-BC2F-F61267FD981A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{992E0AA0-DDED-47C6-A988-6D4E10461D3A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A3B9A9AD-A5F1-4192-88EA-91FE1B634007}: [DhcpNameServer] 192.168.2.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Odfried\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-18]
Edge Notifications: Default -> hxxps://teams.microsoft.com
Edge Extension: (Cisco Webex Extension) - C:\Users\Odfried\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cmihkeafcknlomclapaddfljaeegfbdl [2020-12-21]
Edge Extension: (Tab Group) - C:\Users\Odfried\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gjgjkhbmehogehkdnoooeihkipifimme [2020-08-29]
Edge HKLM-x32\...\Edge\Extension: [cmihkeafcknlomclapaddfljaeegfbdl]
FireFox:
========
FF DefaultProfile: j4ybr3md.default-1367272240666-1613676244687
FF ProfilePath: C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\j4ybr3md.default-1367272240666-1613676244687 [2021-02-18]
FF Extension: (Cisco Webex Extension) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\j4ybr3md.default-1367272240666-1613676244687\Extensions\ciscowebexstart1@cisco.com.xpi [2021-02-18]
FF Extension: (Reset Search Defaults) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\j4ybr3md.default-1367272240666-1613676244687\features\{e38ca9f2-84e6-4d43-ad62-e4c1b7512267}\reset-search-defaults@mozilla.com.xpi [2021-02-18]
FF ProfilePath: C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906 [2021-02-14]
FF user.js: detected! => C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\user.js [2013-11-20]
FF Homepage: Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906 -> hxxps://www.google.com/calendar/render?tab=wc
FF NewTab: Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906 -> hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=GB&userid=b747fc85-80a9-4ede-8369-c52165bfcf75&searchtype=nt&fr=linkury-tb&installDate={installDate}&type=hp1000
FF Session Restore: Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906 -> ist aktiviert.
FF Extension: (FabTabs) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\Extensions\fabtab@captaincaveman.nl.xpi [2013-03-14] [] [ist nicht signiert]
FF Extension: (Search and New Tab by Yahoo) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2017-05-16] []
FF Extension: (Download Statusbar) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2013-05-07] [] [ist nicht signiert]
FF Extension: (Tab Mix Plus) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-04-20] [] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\nn0tegko.default-1367272240666\extensions\sweetsearch@gmail.com => nicht gefunden
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) [Datei ist nicht signiert]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-02-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-02-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @webex.com/npatgpc -> C:\Program Files (x86)\Webex\npatgpc.dll [2020-12-11] (Cisco WebEx LLC -> Cisco WebEx LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-15] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default [2021-02-18]
CHR Session Restore: Default -> ist aktiviert.
CHR Extension: (Google Drive) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (YouTube) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Google Mail) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-27]
CHR Extension: (Chrome Media Router) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-05]
CHR HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [jlhmfgmfgeifomenelglieieghnjghma]
Opera:
=======
OPR Profile: C:\Users\Odfried\AppData\Roaming\Opera Software\Opera Stable [2021-02-14]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.de/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] (ASUSTeK Computer Inc. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-09-14] (Creative Labs) [Datei ist nicht signiert]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [Datei ist nicht signiert]
S4 hasplms; C:\Windows\system32\hasplms.exe [3500552 2018-07-18] (SafeNet Canada, Inc. -> SafeNet, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [Datei ist nicht signiert]
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] () [Datei ist nicht signiert]
S4 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73856 2017-09-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S4 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73856 2017-09-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S4 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek) [Datei ist nicht signiert]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6264144 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Sony Mobile Communications AB -> Avanquest Software) [Datei ist nicht signiert]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WebexService; C:\Program Files (x86)\Webex\Webex\Applications\WebExService.exe [146240 2020-12-11] (Cisco WebEx LLC -> Cisco WebEx LLC)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] (ASUSTeK Computer Inc. -> )
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [1971208 2018-07-18] (SafeNet Canada, Inc. -> SafeNet, Inc.)
R3 P17; C:\WINDOWS\system32\drivers\P17.sys [1309696 2009-10-16] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R3 seehcri; C:\WINDOWS\System32\drivers\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications AB -> Sony Ericsson Mobile Communications)
S3 SNPSTD3; C:\WINDOWS\system32\DRIVERS\snpstd3.sys [10693120 2007-10-16] (SONIX TECHNOLOGY CO. , LTD -> Sonix Co. Ltd.)
S3 SNPSTD3; C:\Windows\SysWOW64\DRIVERS\snpstd3.sys [10376576 2007-10-16] (SONIX TECHNOLOGY CO. , LTD -> Sonix Co. Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R1 Uim_DEVIM; C:\WINDOWS\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] (Paragon Software GmbH -> )
R1 Uim_IM; C:\WINDOWS\System32\DRIVERS\uim_im.sys [700296 2014-05-19] (Paragon Software GmbH -> )
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50176 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49552 2021-02-12] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [419040 2021-02-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-12] (Microsoft Windows -> Microsoft Corporation)
R3 zebrceb; C:\WINDOWS\System32\drivers\zebrceb.sys [81280 2008-01-15] (MCCI Corporation -> MCCI)
S3 ALSysIO; \??\C:\Users\Odfried\AppData\Local\Temp\ALSysIO64.sys [X] <==== ACHTUNG
U3 idsvc; kein ImagePath
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-18 21:20 - 2021-02-18 21:20 - 000040065 _____ C:\Users\Odfried\Downloads\FRST.txt
2021-02-18 21:19 - 2021-02-18 21:20 - 000000000 ____D C:\FRST
2021-02-18 21:18 - 2021-02-18 21:19 - 002298368 _____ (Farbar) C:\Users\Odfried\Downloads\FRST64.exe
2021-02-18 20:35 - 2021-02-18 20:35 - 000001225 _____ C:\ProgramData\Desktop\Firefox.lnk
2021-02-18 20:35 - 2021-02-18 20:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-02-18 20:34 - 2021-02-18 20:34 - 000333112 _____ (Mozilla) C:\Users\Odfried\Downloads\Firefox Installer.exe
2021-02-18 20:24 - 2021-02-18 20:24 - 000000000 ____D C:\Users\Odfried\Desktop\Alte Firefox-Daten
2021-02-18 19:13 - 2021-02-18 19:13 - 000002271 _____ C:\Users\Odfried\Desktop\nacl_synthese_anim - Verknüpfung.lnk
2021-02-18 19:13 - 2021-02-18 19:13 - 000002143 _____ C:\Users\Odfried\Desktop\VIDEO - NaCl Synthese - Verknüpfung.lnk
2021-02-18 19:12 - 2021-02-18 19:12 - 000000000 ____D C:\Users\Odfried\Desktop\Mo 22.02
2021-02-18 15:24 - 2021-02-18 15:24 - 000059910 _____ C:\Users\Odfried\Downloads\klassenliste.pdf
2021-02-17 15:33 - 2021-02-17 15:33 - 000129490 _____ C:\Users\Odfried\Downloads\Ausschreibung_Mitarbeiter_im_Direktorat_-_Gymnasien_Alle_staatlichen_Gymnasien_und_staatlichen_Fach-_und_Berufsoberschulen_(per_OWA).pdf
2021-02-17 15:32 - 2021-02-17 15:32 - 000133157 _____ C:\Users\Odfried\Downloads\Ausschreibung_Ständige_Stellvertretung_im_Bereich_der_Gymnasien_Alle_staatlichen_Gymnasien_und_staatlichen_Fach-_und_Berufsoberschulen_(per_OWA).pdf
2021-02-14 17:42 - 2021-02-14 17:42 - 001369279 _____ C:\Users\Odfried\Downloads\stromleitung.zip
2021-02-14 17:42 - 2021-02-14 17:42 - 000000000 ____D C:\Users\Odfried\Downloads\stromleitung
2021-02-14 17:31 - 2021-02-14 17:42 - 000000000 ____D C:\Users\Odfried\Downloads\redox
2021-02-14 17:31 - 2021-02-14 17:31 - 001275659 _____ C:\Users\Odfried\Downloads\redox.zip
2021-02-14 17:28 - 2021-02-14 17:30 - 000000000 ____D C:\Users\Odfried\Downloads\oberflaeche
2021-02-14 17:28 - 2021-02-14 17:28 - 002671735 _____ C:\Users\Odfried\Downloads\oberflaeche.zip
2021-02-14 16:11 - 2021-02-14 16:11 - 000294912 _____ C:\Users\Odfried\Downloads\WVZ 2021.xls
2021-02-14 12:17 - 2021-02-14 12:17 - 030584912 _____ (Piriform Software Ltd) C:\Users\Odfried\Downloads\ccsetup576.exe
2021-02-14 11:02 - 2021-02-18 20:55 - 131858432 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-02-12 10:05 - 2021-02-12 10:05 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-12 10:05 - 2021-02-12 10:05 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-12 10:05 - 2021-02-12 10:05 - 000232752 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-02-12 08:17 - 2021-02-12 08:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-02-10 21:34 - 2021-02-14 11:02 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-02-10 09:18 - 2021-02-10 09:18 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\Odfried\AppData\Roaming\Odfried.exe
2021-02-10 09:15 - 2021-02-10 09:15 - 000001885 _____ C:\Users\Odfried\Downloads\hp_scan_software_download_kostenlos.zip
2021-02-05 10:24 - 2021-02-05 10:24 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-01-31 19:04 - 2021-01-31 19:04 - 000114117 _____ C:\Users\Odfried\Downloads\Pinguin_Vorlage.pdf
2021-01-31 19:01 - 2021-01-31 19:01 - 000455871 _____ C:\Users\Odfried\Downloads\ios_U8aM06FJfh8H3K3O.pdf
2021-01-31 19:01 - 2021-01-31 19:01 - 000189665 _____ C:\Users\Odfried\Downloads\fetch (3).pdf
2021-01-31 19:00 - 2021-01-31 19:00 - 000136722 _____ C:\Users\Odfried\Downloads\kindergedichte_morgenstern_diedreispatzen.pdf
2021-01-31 18:58 - 2021-01-31 18:58 - 000212367 _____ C:\Users\Odfried\Downloads\fetch (2).pdf
2021-01-31 18:58 - 2021-01-31 18:58 - 000059212 _____ C:\Users\Odfried\Downloads\ios_ZCH7mlpZ2PQdRYgB.pdf
2021-01-31 18:55 - 2021-01-31 18:55 - 000258529 _____ C:\Users\Odfried\Downloads\fetch (1).pdf
2021-01-31 18:54 - 2021-01-31 18:54 - 000273197 _____ C:\Users\Odfried\Downloads\Unbestimmter_Artikel.pdf
2021-01-31 18:52 - 2021-01-31 18:52 - 000097018 _____ C:\Users\Odfried\Downloads\fetch.pdf
2021-01-31 18:51 - 2021-01-31 18:51 - 000396875 _____ C:\Users\Odfried\Downloads\BESTIMMTER_ARTIKEL.pdf
2021-01-31 18:48 - 2021-01-31 18:48 - 003193217 _____ C:\Users\Odfried\Downloads\Fitnessplan1.pdf
2021-01-31 14:55 - 2021-01-31 14:55 - 000001114 _____ C:\Users\Odfried\Desktop\Paint.lnk
2021-01-31 14:52 - 2021-01-31 14:53 - 000000000 ____D C:\Users\Odfried\AppData\Local\paint.net
2021-01-31 14:52 - 2021-01-31 14:52 - 012712515 _____ C:\Users\Odfried\Downloads\paint.net.4.2.15.install.zip
2021-01-31 14:52 - 2021-01-31 14:52 - 000001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2021-01-31 14:52 - 2021-01-31 14:52 - 000001157 _____ C:\ProgramData\Desktop\paint.net.lnk
2021-01-31 14:52 - 2021-01-31 14:52 - 000000000 ____D C:\Program Files\paint.net
2021-01-27 19:52 - 2021-01-27 19:52 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Odfried\Downloads\Zoom_cm_fo42anktZ9vvrZo4_msdjsfll6lM3t7XjJbsV8mPRVMf9T7JxZJZ3J@lF8vKQNYov0iPiAK_kb61b781a5a9e0565_.exe
2021-01-24 19:33 - 2021-01-24 19:34 - 000012534 _____ C:\Users\Odfried\Downloads\Padlet - 2c Padlet 2501.xlsx
2021-01-23 12:26 - 2021-01-23 12:26 - 000218106 _____ C:\Users\Odfried\Downloads\LW2.pdf
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-18 21:20 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-18 21:01 - 2019-12-30 15:08 - 001932080 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-18 21:01 - 2019-03-19 13:16 - 000821584 _____ C:\WINDOWS\system32\perfh007.dat
2021-02-18 21:01 - 2019-03-19 13:16 - 000183320 _____ C:\WINDOWS\system32\perfc007.dat
2021-02-18 21:01 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-18 20:57 - 2013-04-29 21:57 - 000000000 ____D C:\Program Files\CCleaner
2021-02-18 20:56 - 2016-11-19 13:52 - 000000000 ____D C:\Users\Odfried\AppData\LocalLow\Mozilla
2021-02-18 20:56 - 2012-04-25 12:30 - 000000000 ____D C:\ProgramData\Mozilla
2021-02-18 20:55 - 2019-12-30 15:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-18 20:55 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-18 20:55 - 2013-04-29 22:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-18 20:48 - 2017-12-09 22:57 - 000002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-18 20:35 - 2020-04-16 07:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-02-18 20:35 - 2013-04-29 22:32 - 000001237 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-18 20:29 - 2020-05-18 09:46 - 000000000 ____D C:\Users\Odfried\AppData\Local\CrashDumps
2021-02-18 19:59 - 2019-12-30 15:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-18 19:26 - 2011-10-10 21:25 - 000000000 ____D C:\ProgramData\HP
2021-02-18 18:11 - 2021-01-14 11:09 - 000002412 _____ C:\Users\Odfried\Desktop\Microsoft Teams.lnk
2021-02-18 17:42 - 2019-12-30 15:11 - 000000000 ____D C:\Users\Odfried\AppData\Local\Packages
2021-02-18 17:27 - 2011-04-16 11:25 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\vlc
2021-02-18 15:06 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-02-17 23:24 - 2015-07-21 15:46 - 000002145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-15 12:23 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-14 16:02 - 2019-12-30 15:05 - 000575536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-14 12:27 - 2020-01-10 22:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-02-14 12:23 - 2012-07-28 13:48 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\Amazon
2021-02-14 12:23 - 2012-07-28 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2021-02-14 12:23 - 2012-07-28 13:47 - 000000000 ____D C:\Program Files (x86)\Amazon
2021-02-14 12:18 - 2020-01-19 20:20 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-02-14 12:18 - 2013-04-29 21:57 - 000000872 _____ C:\ProgramData\Desktop\CCleaner.lnk
2021-02-13 17:53 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-13 07:34 - 2020-04-19 11:00 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-12 14:26 - 2019-12-30 15:11 - 000000000 ___RD C:\Users\Odfried\3D Objects
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-12 10:07 - 2019-03-19 13:19 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-02-12 10:07 - 2019-03-19 13:19 - 000019469 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-02-12 10:07 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-12 08:17 - 2021-01-14 10:40 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-02-12 08:16 - 2011-09-13 11:06 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-12 02:59 - 2019-12-30 15:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-02-11 20:40 - 2021-01-14 11:09 - 000002420 _____ C:\Users\Odfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-02-11 13:03 - 2019-12-30 15:10 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-11 05:28 - 2020-04-19 11:00 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-11 05:28 - 2020-04-19 11:00 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-10 22:58 - 2011-03-22 07:27 - 000000000 ____D C:\Users\Odfried\AppData\Local\ElevatedDiagnostics
2021-02-10 21:53 - 2011-03-22 08:08 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-10 21:18 - 2020-12-21 11:35 - 000000000 ____D C:\Users\Odfried\AppData\Local\WebEx
2021-02-10 09:17 - 2020-12-21 11:35 - 000000000 ____D C:\Users\Odfried\AppData\LocalLow\WebEx
2021-02-09 21:03 - 2013-08-18 02:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-09 10:46 - 2020-09-30 09:14 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\BiBox 2.0
2021-02-08 09:05 - 2020-01-02 10:50 - 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2726028846-1901948702-833121358-1001
2021-02-08 09:05 - 2020-01-02 10:50 - 000000000 ___RD C:\Users\Odfried\OneDrive
2021-02-08 09:05 - 2019-12-30 15:08 - 000002431 _____ C:\Users\Odfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-06 09:54 - 2019-12-30 15:10 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-06 09:54 - 2019-12-30 15:10 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-05 10:24 - 2011-09-15 16:38 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\Dropbox
2021-02-04 08:52 - 2011-12-22 18:23 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\MediaMonkey
2021-02-04 07:52 - 2017-04-02 12:43 - 000000000 ____D C:\Users\Odfried\AppData\Local\Spotify
2021-02-04 07:00 - 2017-04-02 12:43 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\Spotify
2021-02-01 12:43 - 2012-12-04 20:20 - 000000646 _____ C:\Users\Odfried\Desktop\Total Commander 64 bit.lnk
2021-01-27 11:47 - 2017-07-26 11:40 - 000001424 _____ C:\Users\Odfried\Desktop\ting - Verknüpfung.lnk
2021-01-24 20:21 - 2020-01-29 21:56 - 000001250 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001UA1d5d6e686e592d1.job
2021-01-24 20:21 - 2020-01-29 21:56 - 000001198 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001Core1d5d6e686de6c49.job
2021-01-22 10:07 - 2011-03-22 07:36 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-22 08:59 - 2020-01-29 21:56 - 000004402 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001UA1d5d6e686e592d1
2021-01-22 08:59 - 2020-01-29 21:56 - 000004026 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001Core1d5d6e686de6c49
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2021-02-10 09:18 - 2021-02-10 09:18 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\Odfried\AppData\Roaming\Odfried.exe
2014-01-16 19:07 - 2014-02-24 00:12 - 000000184 _____ () C:\Users\Odfried\AppData\Roaming\WB.CFG
2014-01-16 19:07 - 2014-01-29 20:07 - 000000005 _____ () C:\Users\Odfried\AppData\Roaming\WBPU-TTL.DAT
2011-12-10 14:40 - 2018-07-16 20:07 - 000005632 _____ () C:\Users\Odfried\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-19 23:32 - 2011-11-19 23:32 - 000000600 _____ () C:\Users\Odfried\AppData\Local\PUTTY.RND
2013-05-01 18:26 - 2019-05-14 16:25 - 000007657 _____ () C:\Users\Odfried\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
|
|
18.02.2021, 21:51
| #2 |
| | Windows 10: Trojaner Tnega!MSR kommt immer wieder - Teil II Hallo,
__________________hier die weiteren Logfiles: Addition: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 17-02-2021 01
durchgeführt von Odfried (18-02-2021 21:23:09)
Gestartet von C:\Users\Odfried\Downloads
Windows 10 Pro Version 1909 18363.1379 (X64) (2019-12-30 14:11:14)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2726028846-1901948702-833121358-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2726028846-1901948702-833121358-503 - Limited - Disabled)
Gast (S-1-5-21-2726028846-1901948702-833121358-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2726028846-1901948702-833121358-1007 - Limited - Enabled)
Odfried (S-1-5-21-2726028846-1901948702-833121358-1001 - Administrator - Enabled) => C:\Users\Odfried
WDAGUtilityAccount (S-1-5-21-2726028846-1901948702-833121358-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7200 (HKLM-x32\...\{7AD9D9B5-12F3-417B-886A-A211E79B3823}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
7200_Help (HKLM-x32\...\{3A7C1F27-206B-46EE-A43B-7245A5B6E828}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
7200Trb (HKLM-x32\...\{AD66335B-EF80-4A09-A479-AD24E5655A49}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.001.20138 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AIO_CDB_ProductContext (HKLM-x32\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM-x32\...\{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
BiBox 2.0 2.0.14 (HKLM\...\2e1ea4ea-03c5-5b40-afa3-380fbece6940) (Version: 2.0.14 - Westermann GmbH & Co KG)
BiBox 2.0 2.0.3 (HKLM\...\{2e1ea4ea-03c5-5b40-afa3-380fbece6940}) (Version: 2.0.3 - )
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
Chemie_Aber_Sicher Version 1.0 (HKLM-x32\...\{0A64BFD0-0511-4C67-A3BF-D4C0C1055255}_is1) (Version: 1.0 - Marco Korn)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco Webex Meetings (HKLM-x32\...\{64F4EA78-1A8B-244D-9572-B76CE2B4ACEC}) (Version: 40.12.5.14 - Cisco Webex LLC)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
CrystalDiskInfo 6.6.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.6.1 - Crystal Dew World)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Discord (HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Discord) (Version: 0.0.306 - Discord Inc.)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 7.0.3 - CEWE Stiftung u Co. KGaA)
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Dropbox) (Version: 115.4.601 - Dropbox, Inc.)
ElsterFormular 2007 - 2008 NE (HKLM-x32\...\ElsterFormular 2007 - 2008 NE 2007-2008) (Version: 2007-2008 - Landesfinanzdirektion Thüringen)
ElsterFormular 2008 - 2009 (HKLM-x32\...\ElsterFormular 2008 - 2009 2008-2009) (Version: 2008-2009 - Landesfinanzdirektion Thüringen)
Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.182 - Google LLC)
Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hama Webcam AC-150 (HKLM-x32\...\{ECD03DA7-5952-406A-8156-5F0C93618D1F}) (Version: Hama Webcam AC-150 - Sonix)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Hewlett-Packard ACLM.NET v1.1.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Illusionen (HKLM-x32\...\Illusionen) (Version: - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{4a87bd28-a855-4a8d-b133-60ca8ccffd30}) (Version: 10.0.17 - Intel(R) Corporation) Hidden
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
KeePass Password Safe 1.27 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.27 - Dominik Reichl)
KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
kleiner-brauhelfer Version 1.4.3.2 (HKLM-x32\...\{A68EC315-481F-42C8-8A61-25ACEF84C52A}_is1) (Version: 1.4.3.2 - Gremmelsoft)
Kosmos Himmelsjahr 2020 (HKLM-x32\...\{DE84E32F-326E-4274-A0FB-AF3EE4E5A2F8}) (Version: 1.0 - )
Linder Meiose (HKLM-x32\...\Linder Meiose) (Version: 1.0 - Schroedel)
Linder Neurophysiologie (HKLM-x32\...\Linder Neurophysiologie) (Version: 1.0 - Schroedel)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.13628.20380 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.68 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Teams) (Version: 1.4.00.2879 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{0BCA8FBE-0C1C-4C65-98A3-5D34AAF41737}) (Version: 2.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 85.0.2 (x64 de) (HKLM\...\Mozilla Firefox 85.0.2 (x64 de)) (Version: 85.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 85.0.2 - Mozilla)
Mozilla Thunderbird (3.1.20) (HKLM-x32\...\Mozilla Thunderbird (3.1.20)) (Version: 3.1.20 (de) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.7 - F.J. Wechselberger)
NATURA multimedial 3 (HKLM-x32\...\{91232730-D49F-4277-8CA1-B4E307B4F92C}) (Version: 1.00.000 - )
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Neurobiologie (HKLM-x32\...\{3F3E992E-980E-4898-B8B2-5202921A317E}) (Version: 1.00.0000 - Ernst Klett Verlag)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20380 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
OpenOffice 4.1.3 (HKLM-x32\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation)
OpenVPN 2.4.4-I601 (HKLM\...\OpenVPN) (Version: 2.4.4-I601 - OpenVPN Technologies, Inc.)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 73.0.3856.344 (HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Opera 73.0.3856.344) (Version: 73.0.3856.344 - Opera Software)
ownCloud (HKLM-x32\...\ownCloud) (Version: 1.0.5 - owncloud.com)
paint.net (HKLM\...\{6FED3D93-C0FA-4BD7-A36F-7FC53698244F}) (Version: 4.2.15 - dotPDN LLC)
PC Suite for Sony Ericsson (HKLM-x32\...\{0C3AE9EB-2F0A-451E-A5E4-2BF6AFF21FB9}) (Version: 1.6.0 - Sony Ericsson) Hidden
PC Suite for Sony Ericsson (HKLM-x32\...\{E1252473-6306-4d5d-904D-B06AA7F38161}) (Version: 1.6.0 - )
PC Suite for Sony Ericsson x64 (HKLM\...\{D611B241-28A0-4937-AF86-17565CAF9807}) (Version: 1.6.0 - Sony Ericsson) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.87.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0150 - REALTEK Semiconductor Corp.)
Rund um ... Biologie heute entdecken 2 (Teil 1) (HKLM-x32\...\{431CD81E-D6D1-42D0-BE0F-B9AB87298644}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Sentinel Runtime (HKLM-x32\...\{37D5D6E8-2728-4020-B931-566E648EB770}) (Version: 7.81.20638.60000 - Gemalto)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Ericsson Symbian 9 Drivers (HKLM\...\Sony Ericsson) (Version: - )
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spotify (HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Spotify) (Version: 1.1.51.382.g8e3b11ed - Spotify AB)
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.28779 - Microsoft Corporation)
tiptoi® Manager 4.1.4 (HKLM\...\{833392BB-E8C0-4066-9408-3A30FA43972F}_is1) (Version: 4.1.4 - Ravensburger AG)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows 10-Update-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{6D822E4E-9F73-469B-8CD1-EE45FA2C6787}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2017 (HKLM-x32\...\{8D62EDE4-0BFC-474D-8629-A15CEB386DED}) (Version: 24.00.1375 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2018 (HKLM-x32\...\{0971F906-B807-4425-AE07-E98D4AEFDF15}) (Version: 25.00.1359 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2019 (HKLM-x32\...\{8BB245A8-45BA-4403-BA30-306ED5C9211C}) (Version: 26.09.1982 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2020 (HKLM-x32\...\{0205897D-66A6-4300-A651-CC6A58C522BB}) (Version: 27.09.2092 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{0B4B4F5D-B749-41F3-A196-688E2CB8D5F0}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{4D00D0C7-B55A-4EB4-9DF1-3773C55886EA}) (Version: 22.00.8811 - Buhl Data Service GmbH)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
Zoom (HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.)
Packages:
=========
HP Scan and Capture -> C:\Program Files\WindowsApps\AD2F1837.HPScanandCapture_40.0.245.0_x64__v10z8vjag6ke6 [2021-01-14] (Hewlett-Packard Company)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-30] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10111.5575.0_x64__8wekyb3d8bbwe [2021-02-13] (Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Odfried\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Odfried\Dropbox [2011-09-15 16:46]
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [dropbox-NamespaceExtensionRole.Business] => 0
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [Datei ist nicht signiert]
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => -> Keine Datei
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-08-16] () [Datei ist nicht signiert]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-08-16] () [Datei ist nicht signiert]
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers4: [ICQLiteMenu] -> {73B24247-042E-4EF5-ADC2-42F62E6FD654} => -> Keine Datei
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-08-16] () [Datei ist nicht signiert]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-08-16] () [Datei ist nicht signiert]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> Keine Datei
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-08-16] () [Datei ist nicht signiert]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-08-16] () [Datei ist nicht signiert]
ContextMenuHandlers1_S-1-5-21-2726028846-1901948702-833121358-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2726028846-1901948702-833121358-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2726028846-1901948702-833121358-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2009-09-20 11:36 - 2009-09-20 11:36 - 000249344 _____ (Hewlett-Packard Co.) [Datei ist nicht signiert] c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000213504 _____ (Hewlett-Packard Co.) [Datei ist nicht signiert] c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000133120 _____ (Hewlett-Packard Co.) [Datei ist nicht signiert] c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll
2010-10-22 13:08 - 2010-10-22 13:08 - 001039360 _____ (Hewlett-Packard Co.) [Datei ist nicht signiert] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Odfried\Desktop\kurzer.mp3:com.dropbox.attributes [256]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1437739369&z=8f16f13de45a09b2c28d44dg6z7cfm4m2c8t6cec0z&from=cornl&uid=SamsungXSSDX850XPROX256GB_S1SUNSAG312165Z&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437739421&z=636b3a9ae537ff043adef2fg1zfcdmdm6cbtfcfb0w&from=cornl&uid=SamsungXSSDX850XPROX256GB_S1SUNSAG312165Z
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1437739369&z=8f16f13de45a09b2c28d44dg6z7cfm4m2c8t6cec0z&from=cornl&uid=SamsungXSSDX850XPROX256GB_S1SUNSAG312165Z&q={searchTerms}
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1432651815&z=5f327a05add547c8d7d1c87gczccaodq8w8g8bag4c&from=cor&uid=SamsungXSSDX850XPROX256GB_S1SUNSAG312165Z&q={searchTerms}
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1437739421&z=636b3a9ae537ff043adef2fg1zfcdmdm6cbtfcfb0w&from=cornl&uid=SamsungXSSDX850XPROX256GB_S1SUNSAG312165Z
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1432651815&z=5f327a05add547c8d7d1c87gczccaodq8w8g8bag4c&from=cor&uid=SamsungXSSDX850XPROX256GB_S1SUNSAG312165Z&q={searchTerms}
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=b747fc85-80a9-4ede-8369-c52165bfcf75&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=10/04/2013&type=hp1000
SearchScopes: HKU\S-1-5-21-2726028846-1901948702-833121358-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D072415-A6B219395BABB4E59ADF&form=CONBDF&conlogo=CT3332005&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2726028846-1901948702-833121358-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D072415-A6B219395BABB4E59ADF&form=CONBDF&conlogo=CT3332005&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2726028846-1901948702-833121358-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=SamsungXSSDX850XPROX256GB_S1SUNSAG312165Z&ts=1437739428&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2726028846-1901948702-833121358-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2726028846-1901948702-833121358-1001 -> {774BC0A6-6ED4-4280-9FF3-34663F36A612} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
SearchScopes: HKU\S-1-5-21-2726028846-1901948702-833121358-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=SamsungXSSDX850XPROX256GB_S1SUNSAG312165Z&ts=1437739428&type=default&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-02-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-02-09] (Oracle America, Inc. -> Oracle Corporation)
Toolbar: HKLM - Kein Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - Keine Datei
Toolbar: HKLM-x32 - Kein Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - Keine Datei
Toolbar: HKU\S-1-5-21-2726028846-1901948702-833121358-1001 -> Kein Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - Keine Datei
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Software Sarl -> Skype Technologies)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\sharepoint.com -> hxxps://gymnasiummallersdorfde-files.sharepoint.com
IE trusted site: HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Teleca Shared;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Skype\Phone\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\Control Panel\Desktop\\Wallpaper -> F:\Pictures\earth_at_night.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Keine Datei)
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: CTAudSvcService => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hasplms => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: OpenVPNServiceInteractive => 2
MSCONFIG\Services: OpenVPNServiceLegacy => 3
MSCONFIG\Services: PDF Architect 7 => 3
MSCONFIG\Services: PDF Architect 7 Creator => 3
MSCONFIG\Services: PDF Architect 7 Update Service => 2
MSCONFIG\Services: Realtek11nSU => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CloneCDTray => "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: Opera Browser Assistant => C:\Users\Odfried\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Ybxiu => C:\Users\Odfried\AppData\Roaming\Qaenar\dawei.exe
HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "snpstd3"
HKLM\...\StartupApproved\Run32: => "PC Suite for Smartphones"
HKLM\...\StartupApproved\Run32: => "FixCamera"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "USB3MON"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "tsnpstd3"
HKLM\...\StartupApproved\Run32: => "P17RunE"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\StartupApproved\Run: => "OpenVPN-GUI"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\StartupApproved\Run: => "CiscoMeetingDaemon"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{34FE353E-CFBF-48BF-85D6-2AE1483C7F54}C:\users\odfried\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\odfried\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{A563A3FF-F0F1-41CA-AB02-52BD09706A9A}C:\users\odfried\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\odfried\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F1324236-CE04-4A54-9671-09C7A53B44FF}] => (Allow) C:\Windows\system32\hasplms.exe (SafeNet Canada, Inc. -> SafeNet, Inc.)
FirewallRules: [{7B4254EF-9D4D-4973-8873-CB5AAB38F4FF}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{385C1A14-7BF7-412C-B2DE-886C2EC897F3}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{45108751-5536-4BA3-8874-3D0845969ADF}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{25F4D700-8E0F-4624-A088-46FC3F6E36AB}] => (Block) C:\program files\openvpn\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [{F2C982E7-B4FE-4D58-95BB-06AA3CFD3D8C}] => (Block) C:\program files\openvpn\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [UDP Query User{E5CD19E9-0657-4D10-8B8D-385F143C5920}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [TCP Query User{D8E7F188-1BC9-4859-9D4A-D5003957A0F5}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [UDP Query User{4D7A0E60-F497-4B36-BB55-34301CFB63E5}C:\users\odfried\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\odfried\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{B90F0B16-A7FD-4039-9E4A-9C3D80599C36}C:\users\odfried\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\odfried\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7C8698B5-BBAC-4298-AAE4-296A4ABA1B7F}] => (Allow) LPort=53
FirewallRules: [{25EE581D-BE31-44AC-95BE-4B45A3B3282B}] => (Allow) LPort=1542
FirewallRules: [{CA3B74C7-F766-4B26-9111-BC00BEBBD2D8}] => (Allow) LPort=1542
FirewallRules: [{2EB90AD2-B128-4CC5-A214-704033624890}] => (Allow) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [Datei ist nicht signiert]
FirewallRules: [{2F354491-9F4A-4BFE-87CD-4CDA09F7780A}] => (Allow) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{2B7B1A80-7204-4581-90A3-3C3C88A0CB11}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{A808A815-6429-481A-B5C5-2FE1BAB3F0E6}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{BA6022E4-B916-43D2-9C9F-02053F1CD3AF}] => (Allow) C:\Program Files (x86)\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{199DDBB9-3840-4C80-BCA5-300EAF437EB1}] => (Allow) C:\Program Files (x86)\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{BF289F8D-DE27-437D-9C21-D2157A3C490E}] => (Allow) LPort=53
FirewallRules: [{6E4D5BCB-571E-4730-A87A-37C57992C593}] => (Allow) LPort=1542
FirewallRules: [{495D962B-9D91-4B85-9D11-0DD712615982}] => (Allow) LPort=1542
FirewallRules: [{334A96B5-56BB-43FB-A0ED-9606E2C22C98}] => (Allow) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [Datei ist nicht signiert]
FirewallRules: [{9E2C557A-6769-41B4-9C52-74749698B0F9}] => (Allow) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [Datei ist nicht signiert]
FirewallRules: [{F4C064E7-6C9D-42A7-8128-6E092F255C90}] => (Allow) LPort=1900
FirewallRules: [{092F087E-9644-4465-A40C-9739A5A42DE9}] => (Allow) LPort=2869
FirewallRules: [{7AC0E92E-19E1-470D-A656-5ECC2A1CB005}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4BB4B882-BF72-44C8-83AC-39BD5C48DF88}] => (Allow) C:\Program Files (x86)\ElsterFormular\2007-2008 NE\elfoStarter2007.exe () [Datei ist nicht signiert]
FirewallRules: [{2062F96B-C2CC-40EA-97C1-F63287B1D2B2}] => (Allow) C:\Program Files (x86)\ElsterFormular\2007-2008 NE\elfoStarter2007.exe () [Datei ist nicht signiert]
FirewallRules: [{19450AE1-5C8D-4015-A1F0-9995D604BF43}] => (Allow) C:\Program Files (x86)\ElsterFormular\2007-2008 NE\elfoStarter2007.exe () [Datei ist nicht signiert]
FirewallRules: [{4E867E39-7966-4A1C-B2B3-E3A73BB6DF0F}] => (Allow) C:\Program Files (x86)\ElsterFormular\2007-2008 NE\elfoStarter2007.exe () [Datei ist nicht signiert]
FirewallRules: [{9D86B17F-251F-48E1-8036-463BD7E6DB34}] => (Allow) C:\Program Files (x86)\ElsterFormular\2008-2009\elfoStarter2008.exe () [Datei ist nicht signiert]
FirewallRules: [{C2945FFA-75F8-424D-9715-CA1D819B6210}] => (Allow) C:\Program Files (x86)\ElsterFormular\2008-2009\elfoStarter2008.exe () [Datei ist nicht signiert]
FirewallRules: [{AAB78F22-BDE9-4000-AE4D-E9FBF0292663}] => (Allow) C:\Program Files (x86)\ElsterFormular\2008-2009\elfoStarter2008.exe () [Datei ist nicht signiert]
FirewallRules: [{D92F3F20-8A55-4E79-A067-C89C5D8D7109}] => (Allow) C:\Program Files (x86)\ElsterFormular\2008-2009\elfoStarter2008.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{1D350CF2-EACF-4203-867F-0C09A39FEA38}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe] => (Allow) C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe (Intuwave Ltd.) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{3CA3FAA4-239A-427E-B38F-9CF37DA227CC}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe] => (Allow) C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe (Intuwave Ltd.) [Datei ist nicht signiert]
FirewallRules: [{4DF47BD5-F69A-4DA3-906B-B389F345C858}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{926AB5F0-70B7-426A-809A-BD74C2AF8BDA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{53A54560-BBC6-408E-9B38-24A122807053}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{570A71F2-E847-4ABB-A2B2-28E4DA6A48AA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) [Datei ist nicht signiert]
FirewallRules: [{FBEFF99B-DFD1-412E-BA71-94C56ECA829A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{AE0F4326-94DC-46CD-9F5C-501A9EFB807C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{7455AF2C-66ED-4AFC-B3B5-3E63C7C508FE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{BAEFF5E4-388E-41D0-B9C6-1933E6D8FE72}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard) [Datei ist nicht signiert]
FirewallRules: [{841A3630-225C-4458-940A-09BC86B276B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{70344CA4-570B-4009-A400-457AF2CF7042}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{9FFDCEFA-C622-487E-B23E-47A7F891228C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{702162D4-5246-4285-B1CE-169855C65E15}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe () [Datei ist nicht signiert]
FirewallRules: [{98E39DDD-C9D9-45E7-8E37-25372CAD4FD0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{125EE71A-097B-44FF-966F-1BCD1FC3CB33}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard) [Datei ist nicht signiert]
FirewallRules: [{EB2FBB4B-1BB6-434D-9FB8-82AE5D3CF7F8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{CAE0C1D9-8A0A-482B-B93A-F537AF186306}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{0791322A-F1AD-4B71-A1F9-1266498B78D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{104E4E04-F45E-462D-94D7-70E084E223E0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{DF7C1CE3-8121-45AF-A422-9C1EDC06A554}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{9124922F-D4F6-46CF-82BE-886E2DA1B236}C:\users\odfried\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\odfried\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{A42F2A63-84B4-493B-9D09-32D774C7BD82}C:\users\odfried\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\odfried\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{B10778AA-827C-4D95-83DF-E9C022C803A7}] => (Allow) C:\Users\Odfried\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{9FC0E033-CCBB-48F2-A71F-50971D18CCCE}] => (Allow) C:\Users\Odfried\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{9BC0D206-9A91-456B-8A64-B7804FC89BCC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{02D15916-F3F7-4D85-972B-6ED93B45AFCD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4762980F-9D9D-445F-A6AD-E84FB7411D23}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{5FCFB56F-B384-419B-9C53-FB480C9263B9}C:\users\odfried\downloads\anydesk.exe] => (Allow) C:\users\odfried\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [UDP Query User{2EE32E98-AD8C-4B40-895E-3AA4A4698544}C:\users\odfried\downloads\anydesk.exe] => (Allow) C:\users\odfried\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{A18C5810-9D9E-4E86-ACCF-03A999807BAD}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{4F672DE3-12E2-4721-B4F5-AD6F0C1FB4A0}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{7C10674A-2156-4FF8-9A28-96A499C9E4B5}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [TCP Query User{FE4EC28F-4FE3-4CEF-B6A6-42F7C568DE82}C:\users\odfried\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\odfried\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{3D2C9290-5DD0-480A-BD0D-6E70F77FE450}C:\users\odfried\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\odfried\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{175F6B39-6E98-46D8-BB13-36415C611B7C}] => (Allow) C:\Users\Odfried\AppData\Local\Programs\Opera\73.0.3856.329\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{2A107D05-0C77-4E31-B146-1D265C1F76B0}] => (Allow) C:\Users\Odfried\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{3891DDC0-D5D0-4EF5-81F7-90319DA579CD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E1ED0E93-1983-477C-B5E8-F6FFC17EF367}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{46A35463-FB71-4A7E-9FD5-771963170160}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{56B988BE-486F-4357-97CF-F556C768CEE8}] => (Allow) C:\Users\Odfried\AppData\Local\Programs\Opera\73.0.3856.344\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{30ED989C-73A6-40B0-9D9C-D1783CA29F40}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5885FE43-13AF-4F7F-8E6B-0D4818B3FA00}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AF2784F7-3CB2-4C98-B6A7-165ECBA75C13}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8D1FB8F5-6B41-46D1-9C6B-B1A21530492E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{22BCEBFA-008B-4109-93DB-20600F692A95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E7A45B9F-A1DC-451C-9405-60DB25D0371C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{09B9BFE1-039E-4204-A18E-AEF87712076E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E2077DEB-D1F3-4F9A-A1D6-3FA8B5B983AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C9CBB5AA-9DE0-49C0-9ECB-9EBCFD7892DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{37140472-AC1A-426F-8DFE-6CF509DEF5B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D45BD1A8-CD80-414B-9545-097D5D2B3180}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B19BC038-0BF8-405D-B5B7-B590B56B5B51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4AB1231B-95D0-4537-AC50-2F26ADF70CE3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Wiederherstellungspunkte =========================
14-02-2021 12:23:49 Removed Apple Application Support
16-02-2021 09:28:28 Windows-Sicherung
18-02-2021 17:55:17 Windows-Sicherung
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (02/18/2021 09:15:40 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3212,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/18/2021 09:10:33 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9124,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/18/2021 09:04:40 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3632,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/18/2021 08:48:45 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7264,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/18/2021 08:43:29 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (14020,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/18/2021 08:29:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 85.0.2.7709, Zeitstempel: 0x60215287
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.18362.1350, Zeitstempel: 0x37b70d07
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000009d294
ID des fehlerhaften Prozesses: 0x3b10
Startzeit der fehlerhaften Anwendung: 0x01d7062c5683737a
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 134bb455-a473-4f3f-9002-730658f16f0c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/18/2021 08:23:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 85.0.2.7709, Zeitstempel: 0x60215287
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005649e
ID des fehlerhaften Prozesses: 0xb40
Startzeit der fehlerhaften Anwendung: 0x01d7062b80001601
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Pfad des fehlerhaften Moduls: unknown
Berichtskennung: dc5cf833-fe3e-436f-ad2a-ed8d769ed0be
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/18/2021 08:20:04 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (12972,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Systemfehler:
=============
Error: (02/18/2021 08:55:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMChameleon" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (02/18/2021 08:10:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMChameleon" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (02/17/2021 11:47:49 PM) (Source: DCOM) (EventID: 10010) (User: Garfield)
Description: Der Server "{4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/17/2021 10:14:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMChameleon" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (02/16/2021 09:29:04 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT-AUTORITÄT)
Description: Der Filter-Manager konnte keine Verbindung mit dem Volume "\Device\HarddiskVolume19" herstellen. Dieses Volume ist erst nach einem Neustart für die Filterung verfügbar. Der letzte Status war "0xc03a001c".
Error: (02/16/2021 09:29:04 AM) (Source: Microsoft-Windows-FilterManager) (EventID: 3) (User: NT-AUTORITÄT)
Description: Der Filter-Manager konnte keine Verbindung mit dem Volume "\Device\HarddiskVolume19" herstellen. Dieses Volume ist erst nach einem Neustart für die Filterung verfügbar. Der letzte Status war "0xc03a001c".
Error: (02/16/2021 09:25:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMChameleon" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (02/14/2021 04:02:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMChameleon" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Windows Defender:
===============
Date: 2021-02-18 20:56:03.170
Description:
Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Schwerwiegend
Kategorie: Trojaner - Dropper
Pfad: file:_C:\Users\Odfried\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: Garfield\Odfried
Prozessname: C:\Users\Odfried\AppData\Roaming\Odfried.exe
Sicherheitsversion: AV: 1.331.1281.0, AS: 1.331.1281.0, NIS: 1.331.1281.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-02-18 10:45:42.537
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {0C0FADF7-6F1D-4DB2-933A-AA8874BECB6D}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-02-18 08:10:34.012
Description:
Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Schwerwiegend
Kategorie: Trojaner - Dropper
Pfad: file:_C:\Users\Odfried\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: Garfield\Odfried
Prozessname: C:\Users\Odfried\AppData\Roaming\Odfried.exe
Sicherheitsversion: AV: 1.331.1207.0, AS: 1.331.1207.0, NIS: 1.331.1207.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-02-17 10:14:40.368
Description:
Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Schwerwiegend
Kategorie: Trojaner - Dropper
Pfad: file:_C:\Users\Odfried\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: Garfield\Odfried
Prozessname: C:\Users\Odfried\AppData\Roaming\Odfried.exe
Sicherheitsversion: AV: 1.331.1145.0, AS: 1.331.1145.0, NIS: 1.331.1145.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-02-16 09:25:50.433
Description:
Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Schwerwiegend
Kategorie: Trojaner - Dropper
Pfad: file:_C:\Users\Odfried\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: Garfield\Odfried
Prozessname: C:\Users\Odfried\AppData\Roaming\Odfried.exe
Sicherheitsversion: AV: 1.331.1048.0, AS: 1.331.1048.0, NIS: 1.331.1048.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
Event[0]:
Date: 2021-02-12 09:25:30.899
Description:
Fehler von Windows Defender Antivirus beim Herunterladen und Konfigurieren von Windows Defender Offline.
Fehlercode: 0x8000000a
Fehlerbeschreibung: Die für diesen Vorgang erforderlichen Daten sind noch nicht verfügbar.
Date: 2021-02-10 22:39:39.693
Description:
Fehler von Windows Defender Antivirus beim Herunterladen und Konfigurieren von Windows Defender Offline.
Fehlercode: 0x8000000a
Fehlerbeschreibung: Die für diesen Vorgang erforderlichen Daten sind noch nicht verfügbar.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. 2306 10/09/2014
Hauptplatine: ASUSTeK COMPUTER INC. H97-PLUS
Prozessor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Prozentuale Nutzung des RAM: 25%
Installierter physikalischer RAM: 16069.23 MB
Verfügbarer physikalischer RAM: 12004.14 MB
Summe virtueller Speicher: 23069.23 MB
Verfügbarer virtueller Speicher: 19032.41 MB
==================== Laufwerke ================================
Drive c: (SSD Sonne) (Fixed) (Total:237.79 GB) (Free:82.93 GB) NTFS
Drive e: (alte 0,5 TB SystemPlatte WD) (Fixed) (Total:465.76 GB) (Free:465.65 GB) NTFS
Drive f: (MEGA-Platte 4TB intern) (Fixed) (Total:3725.9 GB) (Free:1739.81 GB) NTFS
Drive g: (Doppelstern 4 TB intern) (Fixed) (Total:3725.9 GB) (Free:1569.64 GB) NTFS
Drive m: (Seagate 1TB) (Fixed) (Total:931.51 GB) (Free:739.21 GB) NTFS
\\?\Volume{0b9953dd-53f7-11e0-88eb-806e6f6e6963}\ (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{f2407920-0000-0000-0000-10793b000000}\ () (Fixed) (Total:0.58 GB) (Free:0.08 GB) NTFS
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: F2407920)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=594 MB) - (Type=27)
==========================================================
Disk: 1 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 9C214DDA)
Partition: GPT.
==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D8000000)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==========================================================
Disk: 4 (Size: 931.5 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt =======================
Code:
ATTFilter Ebene Datum und Uhrzeit Quelle Ereignis-ID Aufgabenkategorie
Warnung 18.02.2021 20:56:03 Microsoft-Windows-Windows Defender 1116 Keine "Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Schwerwiegend
Kategorie: Trojaner - Dropper
Pfad: file:_C:\Users\Odfried\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: Garfield\Odfried
Prozessname: C:\Users\Odfried\AppData\Roaming\Odfried.exe
Sicherheitsversion: AV: 1.331.1281.0, AS: 1.331.1281.0, NIS: 1.331.1281.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5"
|
|
19.02.2021, 15:44
| #3 |
| /// TB-Ausbilder   | Windows 10: Trojaner Tnega!MSR kommt immer wieder - Teil I Mein Name ist Matthias und ich werde dir bei der Analyse und der eventuell notwendigen Bereinigung deines Computers helfen. Deine beiden Themen wurden zusammengefügt. Es genügt ein Thema. Ich analysiere gerade dein System und melde mich in Kürze mit weiteren Anweisungen. |
|
19.02.2021, 15:46
| #4 |
| /// TB-Ausbilder | Windows 10: Trojaner Tnega!MSR kommt immer wieder - Teil I Schritt 1 Führe Malwarebytes' AntiMalware (MBAM) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Schritt 2 Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Schritt 3
Bitte poste mit deiner nächsten Antwort:
|
|
21.02.2021, 15:32
| #5 |
| | 3 Scans durchgeführt Hallo Matthias, vielen Dank für Deine Antwort. Ich habe alles wie von Dir beschrieben durchgeführt. Beste Grüße, Andreas Logdatei von MBAM: Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 21.02.21
Scan-Zeit: 15:02
Protokolldatei: 71fbbb6e-744d-11eb-8f42-f07959620f10.json
-Softwaredaten-
Version: 4.3.0.98
Komponentenversion: 1.0.1173
Version des Aktualisierungspakets: 1.0.37341
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 18363.1379)
CPU: x64
Dateisystem: NTFS
Benutzer: Garfield\Odfried
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 406901
Erkannte Bedrohungen: 106
In die Quarantäne verschobene Bedrohungen: 106
Abgelaufene Zeit: 8 Min., 37 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 37
PUP.Optional.DigitalSites, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Digital Sites, In Quarantäne, 1989, 237778, , , , , ,
PUP.Optional.DigitalSites, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{844AD169-9956-4A09-B7AF-B23BF411E026}, In Quarantäne, 1989, 237778, , , , , ,
PUP.Optional.DigitalSites, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{844AD169-9956-4A09-B7AF-B23BF411E026}, In Quarantäne, 1989, 237778, , , , , ,
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, In Quarantäne, 7965, 327193, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, In Quarantäne, 7965, 327193, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, In Quarantäne, 7965, 327193, 1.0.37341, , ame, , ,
RiskWare.Script, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\Odfried, In Quarantäne, 8534, 901769, 1.0.37341, , ame, , ,
RiskWare.Script.MZreg, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\Odfried1, In Quarantäne, 16671, 884748, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\Reimage, In Quarantäne, 7965, 357494, 1.0.37341, , ame, , ,
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, , , , , ,
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, , , , , ,
PUP.Optional.Conduit, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, 1.0.37341, , ame, , ,
PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, In Quarantäne, 4261, 233272, 1.0.37341, , ame, , ,
PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, In Quarantäne, 4261, 233272, 1.0.37341, , ame, , ,
PUP.Optional.SweetSearch, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, 5016, 243782, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Fixer - Windows Problem Relief., In Quarantäne, 7965, 709541, 1.0.37341, , ame, , ,
PUP.Optional.IHProtect, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, 6244, 239373, 1.0.37341, , ame, , ,
PUP.Optional.MyStartSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, In Quarantäne, 4306, 188665, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, In Quarantäne, 7965, 336077, 1.0.37341, , ame, , ,
PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\SECURITYUTILITY, In Quarantäne, 16593, 879457, 1.0.37341, , ame, , ,
PUP.Optional.InstallCore, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\PRODUCTSETUP, In Quarantäne, 112, 481004, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\REIMAGE\PC REPAIR, In Quarantäne, 7965, 327204, 1.0.37341, , ame, , ,
PUP.Optional.SmartBar, HKLM\SOFTWARE\CLASSES\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}, In Quarantäne, 137, 189776, , , , , ,
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}, In Quarantäne, 137, 189776, , , , , ,
PUP.Optional.SmartBar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}, In Quarantäne, 137, 189776, , , , , ,
PUP.Optional.HelperBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, 4661, 245666, 1.0.37341, , ame, , ,
PUP.Optional.OpenCandy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OpenCandyHelperRunOnce, In Quarantäne, 108, 241417, 1.0.37341, , ame, , ,
PUP.Optional.OpenCandy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OpenCandyHelperRunOnceBB6ACDC106D143A09D6D579818962CD9, In Quarantäne, 108, 241417, 1.0.37341, , ame, , ,
PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\SECURITYUTILITY, In Quarantäne, 16593, 879457, 1.0.37341, , ame, , ,
PUP.Optional.MiuiTab, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, 4781, 240843, 1.0.37341, , ame, , ,
PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, 440, 243702, 1.0.37341, , ame, , ,
PUP.Optional.ChipDe, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\chip 1-click download service, In Quarantäne, 9554, 463412, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, In Quarantäne, 7965, 332494, , , , , ,
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, In Quarantäne, 7965, 332494, , , , , ,
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, In Quarantäne, 7965, 332494, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, In Quarantäne, 7965, 327205, 1.0.37341, , ame, , ,
PUP.Optional.TaskRNDM, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}, In Quarantäne, 2398, 169164, 1.0.37341, , ame, , ,
Registrierungswert: 22
PUP.Optional.DigitalSites, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{844AD169-9956-4A09-B7AF-B23BF411E026}|PATH, In Quarantäne, 1989, 258411, 1.0.37341, , ame, , ,
RiskWare.Script, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\Odfried|653, In Quarantäne, 8534, 901769, 1.0.37341, , ame, , ,
RiskWare.Script.MZreg, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\Odfried1|0, In Quarantäne, 16671, 884748, 1.0.37341, , ame, , ,
RiskWare.Script.Powershell, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\ENVIRONMENT|ODFRIED, In Quarantäne, 16611, 911451, 1.0.37341, , ame, , ,
PUP.Optional.Conduit, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, In Quarantäne, 139, 236865, 1.0.37341, , ame, , ,
PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, In Quarantäne, 4261, 233272, 1.0.37341, , ame, , ,
PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FAVICONURL, In Quarantäne, 4261, 233272, 1.0.37341, , ame, , ,
PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, In Quarantäne, 4261, 233272, 1.0.37341, , ame, , ,
RiskWare.Script.Powershell, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|ODFRIED, In Quarantäne, 16611, 903622, 1.0.37341, , ame, , ,
PUP.Optional.SweetSearch, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MOZILLA\EXTENDS|APPID, In Quarantäne, 5016, 243782, 1.0.37341, , ame, , ,
PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\SECURITYUTILITY|INSTALL_DIR, In Quarantäne, 16593, 879457, 1.0.37341, , ame, , ,
PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, In Quarantäne, 16593, -1, 0.0.0, , action, , ,
PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, In Quarantäne, 16593, -1, 0.0.0, , action, , ,
PUP.Optional.InstallCore, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\PRODUCTSETUP|TB, In Quarantäne, 112, 481004, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, In Quarantäne, 7965, 327204, 1.0.37341, , ame, , ,
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{AE07101B-46D4-4A98-AF68-0333EA26E113}, In Quarantäne, 137, 189776, , , , , ,
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{AE07101B-46D4-4A98-AF68-0333EA26E113}, In Quarantäne, 137, 189776, 1.0.37341, , ame, , ,
PUP.Optional.HelperBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}|URL, In Quarantäne, 4661, 245666, 1.0.37341, , ame, , ,
PUP.Optional.SweetSearch, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|SWEETSEARCH@GMAIL.COM, In Quarantäne, 5016, 243783, 1.0.37341, , ame, , ,
PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\SECURITYUTILITY|INSTALL_DIR, In Quarantäne, 16593, 879457, 1.0.37341, , ame, , ,
PUP.Optional.MiuiTab, HKLM\SOFTWARE\WOW6432NODE\SUPDP|DIR, In Quarantäne, 4781, 240843, 1.0.37341, , ame, , ,
PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|PTID, In Quarantäne, 440, 243702, 1.0.37341, , ame, , ,
Registrierungsdaten: 6
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|DEFAULT_SEARCH_URL, Ersetzt, 4261, 291148, 1.0.37341, , ame, , ,
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|DEFAULT_PAGE_URL, Ersetzt, 4261, 291148, 1.0.37341, , ame, , ,
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, Ersetzt, 4261, 291148, 1.0.37341, , ame, , ,
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, Ersetzt, 4306, 291143, 1.0.37341, , ame, , ,
PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|DEFAULT_PAGE_URL, Ersetzt, 4261, 291146, 1.0.37341, , ame, , ,
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|DEFAULT_SEARCH_URL, Ersetzt, 4306, 291143, 1.0.37341, , ame, , ,
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 1
PUP.Optional.DigitalSites, C:\USERS\ODFRIED\APPDATA\ROAMING\DIGITALSITES, In Quarantäne, 1989, 319816, 1.0.37341, , ame, , ,
Datei: 40
PUP.Optional.DigitalSites, C:\WINDOWS\TASKS\Digital Sites.job, In Quarantäne, 1989, 237778, , , , , 06AEF3333D831B8D8651AA1198037D6E, 2A0B8E5126C5C5B3D91EC22C2C8EDA32F4677B42F088506C3B7BE322613C6737
PUP.Optional.DigitalSites, C:\WINDOWS\SYSTEM32\TASKS\DIGITAL SITES, In Quarantäne, 1989, 237778, 1.0.37341, , ame, , BFDE46BC9A31CE8A3219C0CDE70A2F84, 9A71DFCB0CA96B73A52CAC0327FA46B7F1EAC298B5AB35AEEE2A70085CCC645F
PUP.Optional.FabTabs, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5VXS6ZL8.DEFAULT-1367272190906\EXTENSIONS\FABTAB@CAPTAINCAVEMAN.NL.XPI, In Quarantäne, 6689, 246306, 1.0.37341, , ame, , 72D19F1AD099BF9CF13124A7D844FDA0, 7315DF943DAB658C8385F639840A3ED3075101C850841709389E764124BAADFB
PUP.Optional.SysTweak, C:\WINDOWS\SYSTEM32\ROBOOT64.EXE, In Quarantäne, 2881, 395666, 1.0.37341, , ame, , E78A37BFEF666B8BAA8C1071F4DF9794, 3D0696FD256B67253E951FF2596632CD944CD1422849C680285FB276D2AE8C1E
PUP.Optional.FabTabs, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPCS8WM8.DEFAULT\EXTENSIONS\FABTAB@CAPTAINCAVEMAN.NL.XPI, In Quarantäne, 6689, 246306, 1.0.37341, , ame, , 72D19F1AD099BF9CF13124A7D844FDA0, 7315DF943DAB658C8385F639840A3ED3075101C850841709389E764124BAADFB
PUP.Optional.Babylon, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5VXS6ZL8.DEFAULT-1367272190906\PREFS.JS, Ersetzt, 52, 301501, 1.0.37341, , ame, , 69D9C982ABBE933211D161B35919119F, C65C89FB2BF6C96A1179B099B6EA6FA189106FD4C4141EA70C0F2ECC8328C967
PUP.Optional.Babylon, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5VXS6ZL8.DEFAULT-1367272190906\PREFS.JS, Ersetzt, 52, 301501, 1.0.37341, , ame, , 69D9C982ABBE933211D161B35919119F, C65C89FB2BF6C96A1179B099B6EA6FA189106FD4C4141EA70C0F2ECC8328C967
PUP.Optional.HelperBar, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5VXS6ZL8.DEFAULT-1367272190906\PREFS.JS, Ersetzt, 4661, 301575, 1.0.37341, , ame, , 69D9C982ABBE933211D161B35919119F, C65C89FB2BF6C96A1179B099B6EA6FA189106FD4C4141EA70C0F2ECC8328C967
PUP.Optional.HelperBar, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5VXS6ZL8.DEFAULT-1367272190906\PREFS.JS, Ersetzt, 4661, 301576, 1.0.37341, , ame, , 69D9C982ABBE933211D161B35919119F, C65C89FB2BF6C96A1179B099B6EA6FA189106FD4C4141EA70C0F2ECC8328C967
PUP.Optional.Babylon, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPCS8WM8.DEFAULT\PREFS.JS, Ersetzt, 52, 301501, 1.0.37341, , ame, , 051E2E8139BC335AF6E38BEC614CC646, 1AF9DF78A56137BEA9DB70A11E1CF903086B9DFB74F86943E9332ADF9FDA46F2
PUP.Optional.Babylon, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPCS8WM8.DEFAULT\PREFS.JS, Ersetzt, 52, 301501, 1.0.37341, , ame, , 051E2E8139BC335AF6E38BEC614CC646, 1AF9DF78A56137BEA9DB70A11E1CF903086B9DFB74F86943E9332ADF9FDA46F2
PUP.Optional.HelperBar, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPCS8WM8.DEFAULT\PREFS.JS, Ersetzt, 4661, 301575, 1.0.37341, , ame, , 051E2E8139BC335AF6E38BEC614CC646, 1AF9DF78A56137BEA9DB70A11E1CF903086B9DFB74F86943E9332ADF9FDA46F2
PUP.Optional.HelperBar, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPCS8WM8.DEFAULT\PREFS.JS, Ersetzt, 4661, 301576, 1.0.37341, , ame, , 051E2E8139BC335AF6E38BEC614CC646, 1AF9DF78A56137BEA9DB70A11E1CF903086B9DFB74F86943E9332ADF9FDA46F2
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\CORE TEMP - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 562568, 1.0.37341, 151DA1CAA9592B50FA7DBC16, dds, 01126287, 75F687652BE916CB10D748D43389309A, 34381473714F8882692DB5F839E826AA9544020E9F78E78827E4689A369D1A31
PUP.Optional.InstallCore, C:\USERS\ODFRIED\DOWNLOADS\MIRANDA-IM-V0.10.32-UNICODE.EXE, In Quarantäne, 112, 301105, 1.0.37341, 3951C6B6CAE2CAE9D0615733, dds, 01126287, 27912C7321D56837ED255DF88321978F, FEF7A3AD53B7824DFE88D7728CEF34DF0062C3DA590C2A29D15BEC25687E189C
PUP.Optional.TweakBit, C:\USERS\ODFRIED\DOWNLOADS\DRIVER-UPDATER-SETUP.EXE, In Quarantäne, 5379, 803569, 1.0.37341, , ame, , 7AC81C1E57E614426C896AC1E3391A0F, 68C5E770BE23B0047071E446D2C2F5B862645BAB217928756F5014E6B55C0C35
PUP.Optional.Reimage, C:\USERS\ODFRIED\DOWNLOADS\REIMAGEREPAIR.EXE, In Quarantäne, 7965, 331559, 1.0.37341, , ame, , 2CB8703D2ABE5F4F5A5480D450E29204, D817015E2F1A6BE55B297A34FB8ECD44630B2FBFB4EA7EE941D23908A88106E5
PUP.Optional.InstallCore, C:\USERS\ODFRIED\DOWNLOADS\MIRANDA-IM-V0.EXE, In Quarantäne, 112, 301065, 1.0.37341, , ame, , B3952DAC4359C8C16D3BE081F6D1A0C3, 97C01869ECD2F20E060CA9AD453AE316E89ED01B0E85C27E874E2B968DB27CB1
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\MACRIUM REFLECT FREE - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 562568, 1.0.37341, 26BDBE6ADEFC8A3260C80E1C, dds, 01126287, 539B2E5E2BC5DA16A59A80DBAFEE8E86, 58EA990D8620EE20A1BB623DA39500CC7C925F1F2BBCDC51CBDCC7720186BF78
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\A702_1.2 - CHIP-INSTALLER (1).EXE, In Quarantäne, 9554, 562568, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, B60335106D4A48851C62C2E4CF3082F8, 26D3F6763DF7C02F723819A88621229FBB4D8315958AACB27BA05D4DAA77958C
PUP.Optional.ChipDe, C:\USERS\ODFRIED\APPDATA\LOCAL\DOWNLOADED INSTALLATIONS\{DAD82379-C684-4D04-83D5-2B9934A9C362}\CHIP INSTALLER.MSI, In Quarantäne, 9554, 594115, 1.0.37341, , ame, , B611022B10D24A0DEFC90AAFA7DDA4DA, 04D0380AE3F5F63DC514B46A65FE26114E69B2610F644F8BD9114D8460CBFEB8
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\A702_1.2 - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 562568, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, 73245D51D0463C2754AF1F186D1B69C2, 185AE354E1C71BA043460426D576D317BE4DB09D81F2B3070E1D064287FEED10
Adware.Downloader, C:\USERS\ODFRIED\DOWNLOADS\WACUP_PREVIEW_V1_0_11_5456_CB-DL-MANAGER.EXE, In Quarantäne, 2800, 494758, 1.0.37341, 2749740277275D74BAFC8B59, dds, 01126287, A311D69937636FF3E3A155398F2804DE, 72EAC78E434A0A85CD71C3B1B62906BC700108718E004679D61BE4824D82DD5A
PUP.Optional.InstallCore, C:\USERS\ODFRIED\DOWNLOADS\MIRANDA-IM-V0.10.25-UNICODE.EXE, In Quarantäne, 112, 301105, 1.0.37341, 5443D6156A67AA62F2443101, dds, 01126287, 91AEF510C9D8D2A66A05B758FD29B099, 964A36635C2CFE74ABC297B4546207A267E6CFB1D288777C5CD616254B24B0F6
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\SONY PC COMPANION - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 562568, 1.0.37341, 26BDBE6ADEFC8A3260C80E1C, dds, 01126287, A3304EFCBC54BCEB17D8744AA47E013A, 60289D6DB38A7C44AF69EEE642325D0BBBD6023E4B57F4455D2A13024534A75E
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\TAB MIX PLUS - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 562568, 1.0.37341, 151DA1CAA9592B50FA7DBC16, dds, 01126287, BF1C54A609A29513A5A1C163B3CEFF0F, A0A1E4D963D737B21E408218DE707554F4688B356FE76DA122AE6024B3F82C03
PUP.Optional.InstallCore, C:\USERS\ODFRIED\DOWNLOADS\MIRANDA-IM-V0.10.31-UNICODE.EXE, In Quarantäne, 112, 301105, 1.0.37341, 3951C6B6CAE2CAE9D0615733, dds, 01126287, 1B1A16DEB255F6A42E770AA7E136B6AC, 6EA38703269F98CB83A86233A078152C7ECF146BF1B06434951916B8C463AFCD
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\7 ZIP 64 BIT - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 621518, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, E87246562DB743000EFA82A480EE626D, A9CF4CE3BC227F6E9F012CE21611B977AFE7B84B3C5423D886BF5DB6A52FBC35
PUP.Optional.InstallCore, C:\USERS\ODFRIED\DOWNLOADS\MIRANDA-IM-V0.10.44-UNICODE.EXE, In Quarantäne, 112, 301065, 1.0.37341, , ame, , B52E5E98F40F2D7014B8F415B39988D4, 963512552DA27D2ACCB3C590574115FA33D3B5B40E996CE035ED33201FA4DAE2
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\WINDOWS REPAIR TOOLBOX - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 562568, 1.0.37341, 151DA1CAA9592B50FA7DBC16, dds, 01126287, 90968770D98F86E5826389C3C116F3C6, 477CC37846784CFEF3701BF52CC08F4F015B3F239B3E13EC1E0FEB8BE25A9ED3
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\MEDIATHEKVIEW - CHIP-INSTALLER (1).EXE, In Quarantäne, 9554, 562568, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, 29B85EBD8E0536B54ADB19A289AC3E3D, 975F602BA241C7B6CE8B38BE6D845867BE1D9E57118ACEC9F65ACBC6C5674D26
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\A702_1.2 - CHIP-INSTALLER (2).EXE, In Quarantäne, 9554, 562568, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, 28FF38BCC9CA2757846BBE2831F48AB4, 1D6CBCCE4709ED081DB06F44FA1F84F119EACA6A6D13546EBE45F512AF4D5842
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\JAVA RUNTIME ENVIRONMENT 32 BIT - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 621518, 1.0.37341, 4A9E4C7E6FE2D3289E734298, dds, 01126287, 0FFE8C8D2745DBD6AB5B7AED33D06D72, BA99937E10F40252E4A86B0AFCA71C1C7661B0350FABEE57E105614D843C5D5A
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\MEDIATHEKVIEW - CHIP-INSTALLER (3).EXE, In Quarantäne, 9554, 562568, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, 805DB5444564923F4F3748D061824AFD, A898D5D24D34DE10654A649CDD227CF429CD7179A53A68DEABE349DF86001C19
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\WINDOWS 10 UPDATE ASSISTENT - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 562568, 1.0.37341, 26BDBE6ADEFC8A3260C80E1C, dds, 01126287, 242DEB2E4DD82613E6B3991873317D7D, E156683C6A8C4660B51FE54BF1C2AFB2C9053502ABFD1C3D00CD1F3FCA0F763C
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\MEDIATHEKVIEW - CHIP-INSTALLER (4).EXE, In Quarantäne, 9554, 562568, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, 8328EA92E5E4457F693476B436CDD7A5, D5619B9F6C06AB8C33CDBA7E4AD3307475A6D4A9C74019445CFC2F9D32ECFEC7
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\XNVIEW KOMPLETT - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 621518, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, 501D4D140A97D6D6E9F5BA1481DDDB0D, 0800B7A9A6AA0BB11DE0D34F5621B921BBD7B0D73B9D992906A00D6123E43863
PUP.Optional.Softonic, C:\USERS\ODFRIED\DOWNLOADS\SOFTONICDOWNLOADER32736.EXE, In Quarantäne, 7784, 598989, 1.0.37341, 60F97D341DAA794AF143C504, dds, 01126287, B84BE460943566BAB30F835409809006, 8D23597BC88A5C927F81FAB39365B814002980C70BD30F8FE2A69DFD1E48016C
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\MEDIATHEKVIEW - CHIP-INSTALLER (2).EXE, In Quarantäne, 9554, 562568, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, 5556AC47AEE8FCC5D5FEE76B599836DF, 853CDF93537E44FEAA6D33385685789B6DFC3BE130C2FF7134C9036418197518
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\MEDIATHEKVIEW - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 562568, 1.0.37341, 151DA1CAA9592B50FA7DBC16, dds, 01126287, 9F5D1AB17ED7B4DB1B3D029A90050722, 450B41976956681D7761C5399F1593819A062DD1BB76A5581A15BBE9E8FB39FA
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-21-2021
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 44
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\FoxTab
Deleted C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
Deleted C:\ProgramData\IHProtectUpDate
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\Odfried\AppData\LocalLow\HPAppData
Deleted C:\Users\Odfried\AppData\Local\Downloaded Installations\{DAD82379-C684-4D04-83D5-2B9934A9C362}
Deleted C:\Users\Odfried\AppData\Local\YSearchUtil
Deleted C:\Users\Odfried\Documents\Mobogenie
***** [ Files ] *****
Deleted C:\Users\Odfried\daemonprocess.txt
Deleted C:\Windows\Reimage.ini
Deleted C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
Deleted C:\Windows\SysWOW64\lavasofttcpservice.dll
Deleted C:\Windows\System32\LavasoftTcpService64.dll
Deleted C:\Windows\System32\LavasoftTcpServiceOff.ini
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\IGearSettings
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchUrl|Default
Deleted HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
Deleted HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Deleted HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Deleted HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
Deleted HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Deleted HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Deleted HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Deleted HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Deleted HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Deleted HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Opera Browser Assistant
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Deleted HKLM\Software\Reimage
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [6440 octets] - [21/02/2021 15:20:22]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-02-2021 01
durchgeführt von Odfried (Administrator) auf GARFIELD (ASUS All Series) (21-02-2021 15:24:28)
Gestartet von F:\Documents\!Dokumente\I-Netz, Computergelöt etc\Trojaner
Geladene Profile: Odfried
Platform: Windows 10 Pro Version 1909 18363.1379 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <13>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [snpstd3] => C:\WINDOWS\vsnpstd3.exe [835584 2007-05-10] (SONIX TECHNOLOGY CO. , LTD -> )
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-02] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [tsnpstd3] => C:\Windows\tsnpstd3.exe [270336 2007-04-21] () [Datei ist nicht signiert]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [PC Suite for Smartphones] => C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe [548864 2007-12-25] () [Datei ist nicht signiert]
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl) [Datei ist nicht signiert]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [P17RunE] => C:\Windows\SysWOW64\P17RunE.dll [14848 2008-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [OpenVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [643200 2017-09-26] (OpenVPN Technologies, Inc. -> )
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [Dropbox Update] => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [Opera Browser Assistant] => C:\Users\Odfried\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\Odfried\AppData\Local\WebEx\ciscowebexstart.exe [2499272 2021-02-05] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\MountPoints2: {05c6e8b7-6ae7-11e7-8ff3-f07959620f10} - "H:\ting.exe"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\MountPoints2: {3d6c9de4-5921-11e3-88e0-00219b0a9324} - "D:\ting.exe"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [38400 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MG6100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAG.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [100352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6100 series: C:\Windows\system32\CNMLMAG.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\Windows\system32\hpz3llhn.dll [36352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\Windows\system32\hpz3lw71.dll [46080 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\Installer\chrmstp.exe [2021-02-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2015-08-10]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe (Buhl Data Service GmbH -> )
Startup: C:\Users\Odfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2021-02-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02F16EF5-DA89-4C74-9F91-B445DA3E783A} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {05FCEBC4-A202-409F-9F5C-66793028EB4F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0636C657-0D20-460F-B3C0-1CE741FD5192} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142152 2021-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {0FA8CCB1-19BA-49E6-9775-501FA81B9ECE} - System32\Tasks\Opera scheduled Autoupdate 1554660614 => C:\Users\Odfried\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software)
Task: {11AF8D37-58C4-4EA5-8443-7FE8BC43950E} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe
Task: {12D27C9A-BE70-4026-A661-DE7D774D1FDA} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {163C6066-DD30-42A0-B22D-714CDDEDEC57} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {16DF50F4-806C-4034-BF5B-C8D083C373A4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {18789C37-5759-4B90-8E98-84C109E73459} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {22DD9189-E11D-4663-B309-C3245CCD7825} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {237AC49C-DA6C-4E70-ACC5-7B68320C8B28} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {243A36D8-C397-4D18-A651-33C5D4D58FA0} - System32\Tasks\Opera scheduled assistant Autoupdate 1556059648 => C:\Users\Odfried\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Odfried\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {24635473-8EB8-411A-9325-9E7FE2779A9C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {27AA67FB-FE5D-4637-9E55-257F55BA18E0} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {2F6D73C1-E4F7-4341-A6AE-7F85E3CEAA8E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {2FC0FC55-5838-40C8-9AC8-BF840F9C3F93} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142152 2021-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {324F6ACA-7C64-444A-BB9B-993E1D74E659} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {36D1B2E5-EA06-40E8-A631-D8EE48A1CF7A} - System32\Tasks\{E40A1890-E2CC-4608-9D46-3AC5F98A605B} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {3D56BF8A-244B-4C77-93C9-B7B17DDF893F} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {45EB8795-8535-422F-82AB-C36BCBFDFE1D} - \Microsoft\Windows\Setup\EOSNotify -> Keine Datei <==== ACHTUNG
Task: {465EB530-CC48-4D84-8129-4B220AEE6711} - System32\Tasks\{A60F6C2A-9D6F-46CF-97DC-5C4FE0E4B1A2} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {46E22D31-6554-488D-852F-CB1A361C50D8} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {47595455-0496-41A1-9B92-84F6EC0F9F2B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4B3C1AC7-62C5-46D0-8C1D-1EA96F241576} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {4DAEA773-B9BE-428A-BE0F-05EA40B43037} - System32\Tasks\{1E1E9B51-1923-4F42-A29D-1A4772FE7542} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {511BDB6F-D447-4C31-B23A-372D09CC879A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5189F503-B5C4-4310-9357-E43F857F6A34} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {565B10CF-9FF9-43BD-8A7A-EC8E09511D72} - System32\Tasks\{EBF172FD-0BAA-42AF-88F2-9166E166AEB1} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {57944CC0-3838-4611-AFD9-2E40A2EEEBA9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5D22340B-4E4A-49E8-BB83-77823B58C717} - System32\Tasks\{76BEFD47-23C8-47B7-A1D9-0FD4EFE7201F} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {633B1526-1E3E-4431-9616-706DE6876574} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {657EC7F2-E145-402E-8DB4-8A64795B840B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-18] (Google Inc -> Google Inc.)
Task: {770D324A-DA2F-4F90-A3CB-9251B223B511} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {78D52AA8-0E3A-4B19-A6C2-CDC8C73AB176} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {83B1D6D6-CE7B-4C8D-B420-C3DA25B9B446} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001UA1d5d6e686e592d1 => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {85D6AEEC-BD54-40B7-86EF-5F8E0C3830D5} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {88584F67-F850-4681-96FF-4B3DF5E1D43E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8AA5ADBC-1412-423F-91E3-3077D3DC2E34} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1134752 2014-03-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [Datei ist nicht signiert]
Task: {918D1FBD-F26A-42F8-866F-21154646E19C} - System32\Tasks\{F4AC3217-7AA7-4DF2-866F-F6AA758A2B1B} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.59.124/de/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {97B4B1AA-14F5-4F6F-AE2C-221D976C6FEC} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [677344 2021-02-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {98997B55-CBCC-4230-ABF1-70A0B7F84F55} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A3FE64E2-40E8-4A99-B576-DC5C0632588E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A7F7D24E-64CB-485F-A927-936D664F4CBA} - System32\Tasks\{6AB72824-5BE2-4ED1-9D81-4BC62E506490} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {A9D85489-5A0A-4A6D-8B96-4A55E1635F82} - System32\Tasks\{662BE1F1-2EB0-49D4-B3DC-E8B861B34561} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {AEDBFB8E-8D04-4C15-9218-BBF3A4D61D7F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B1E811CC-575A-4452-9C20-F8BB40FF56EC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B2B53B78-00E4-468D-B90A-6D184568B2B0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B2BC6668-1903-48DC-A818-E6D2D1CDC918} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B3B7B085-3ABB-4131-9CA8-DDF7B9602E79} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B52E1054-CBAA-4186-8030-7241D19D8246} - \Microsoft\Windows\Setup\EOSNotify2 -> Keine Datei <==== ACHTUNG
Task: {B60D549B-FD6B-454A-BEFE-6929A10CBD90} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BA566C26-280D-4AE6-BA13-4DDB8CB0EEFB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD701784-6CBB-4B62-9C91-140066EEB9F7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BFDDF7E0-7363-4D50-8806-4E633D8E5BA3} - System32\Tasks\{B1B76516-D9B3-468D-A754-2E1B55C3989E} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {CA09EA7E-DCA4-4766-8C24-A33A9304AC3F} - System32\Tasks\{755E9608-94CD-4E91-B7DE-29DCEC3FA01D} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {D04CFDF6-EFA9-4A44-992E-E1BB36E508E1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D48B5812-B46E-4069-B2B7-2EBF5B632B26} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {DA7FD33A-A65A-4D7F-B775-F66E56B8BABD} - System32\Tasks\{9AE08988-8A99-4777-80FD-FB009CD6424A} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {DAA9A05C-5C19-402D-962B-A93139CCD392} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001Core1d5d6e686de6c49 => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {DB8AA674-A0AD-451E-94C0-A18A841A397B} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {DCEB16B9-FC07-4BFE-B66F-158EA7708F1C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E4899B01-B0F4-4695-BCEA-F9B8C655C5BE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {E5D8AD48-FFE4-4970-B39A-02CF85D1281B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E89DC814-B895-4D44-9915-14567BF9DC21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-18] (Google Inc -> Google Inc.)
Task: {EB1F8FC0-D572-40DD-BF85-47EA8D1B9C40} - System32\Tasks\{A1ECF503-D185-4A59-BC6C-B2C1AD3F6C18} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {ECD8C33D-8C4C-4A76-AB31-809F1AFC5995} - System32\Tasks\{8D406AE9-20B6-410C-826C-6FFA1E851313} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {ED19018D-65D5-49A5-86DD-F27C47FF5B97} - System32\Tasks\{202118AC-06CA-4AA7-8A0C-2DEF6AB0437E} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {ED933949-B405-495A-A6F0-4DF50AC59406} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE7762D2-A6F1-4B6E-BF19-71419769D68C} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
Task: {F00B6CD5-62A6-4012-A3A5-E1264B85C382} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F1A53E80-3616-4324-BFDE-199889475F5E} - System32\Tasks\{94182C64-7217-48F2-9968-DCC433EC4249} => C:\Windows\system32\pcalua.exe -a "D:\Documents\!Gym\!01 zu sortieren\!NEU - CD Kopien vom IGV\Klett\Mediothek\Menschenkunde III\SETUP.EXE" -d "D:\Documents\!Gym\!01 zu sortieren\!NEU - CD Kopien vom IGV\Klett\Mediothek\Menschenkunde III"
Task: {F7BB771D-81D7-4997-8FAD-B6643946B176} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001Core1d5d6e686de6c49.job => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001UA1d5d6e686e592d1.job => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6680B1A0-F27B-4FB0-B8A7-2007C656A238}: [DhcpNameServer] 10.16.1.1 10.16.1.1
Tcpip\..\Interfaces\{94625661-2794-475A-BC2F-F61267FD981A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{992E0AA0-DDED-47C6-A988-6D4E10461D3A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A3B9A9AD-A5F1-4192-88EA-91FE1B634007}: [DhcpNameServer] 192.168.2.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Odfried\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-21]
Edge Notifications: Default -> hxxps://teams.microsoft.com
Edge Extension: (Cisco Webex Extension) - C:\Users\Odfried\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cmihkeafcknlomclapaddfljaeegfbdl [2020-12-21]
Edge Extension: (Tab Group) - C:\Users\Odfried\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gjgjkhbmehogehkdnoooeihkipifimme [2020-08-29]
Edge HKLM-x32\...\Edge\Extension: [cmihkeafcknlomclapaddfljaeegfbdl]
FireFox:
========
FF DefaultProfile: j4ybr3md.default-1367272240666-1613676244687
FF ProfilePath: C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\j4ybr3md.default-1367272240666-1613676244687 [2021-02-21]
FF Extension: (Cisco Webex Extension) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\j4ybr3md.default-1367272240666-1613676244687\Extensions\ciscowebexstart1@cisco.com.xpi [2021-02-18]
FF ProfilePath: C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906 [2021-02-14]
FF user.js: detected! => C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\user.js [2013-11-20]
FF Homepage: Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906 -> hxxps://www.google.com/calendar/render?tab=wc
FF Session Restore: Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906 -> ist aktiviert.
FF Extension: (Search and New Tab by Yahoo) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2017-05-16] []
FF Extension: (Download Statusbar) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2013-05-07] [] [ist nicht signiert]
FF Extension: (Tab Mix Plus) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-04-20] [] [ist nicht signiert]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) [Datei ist nicht signiert]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-02-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-02-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @webex.com/npatgpc -> C:\Program Files (x86)\Webex\npatgpc.dll [2020-12-11] (Cisco WebEx LLC -> Cisco WebEx LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-15] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default [2021-02-19]
CHR Session Restore: Default -> ist aktiviert.
CHR Extension: (Google Drive) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (YouTube) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Google Mail) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-27]
CHR Extension: (Chrome Media Router) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-05]
CHR HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [jlhmfgmfgeifomenelglieieghnjghma]
Opera:
=======
OPR Profile: C:\Users\Odfried\AppData\Roaming\Opera Software\Opera Stable [2021-02-14]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.de/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] (ASUSTeK Computer Inc. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-13] (Microsoft Corporation -> Microsoft Corporation)
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-09-14] (Creative Labs) [Datei ist nicht signiert]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [Datei ist nicht signiert]
S4 hasplms; C:\Windows\system32\hasplms.exe [3500552 2018-07-18] (SafeNet Canada, Inc. -> SafeNet, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-21] (Malwarebytes Inc -> Malwarebytes)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] () [Datei ist nicht signiert]
S4 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73856 2017-09-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S4 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73856 2017-09-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S4 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek) [Datei ist nicht signiert]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6264144 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Sony Mobile Communications AB -> Avanquest Software) [Datei ist nicht signiert]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WebexService; C:\Program Files (x86)\Webex\Webex\Applications\WebExService.exe [146240 2020-12-11] (Cisco WebEx LLC -> Cisco WebEx LLC)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] (ASUSTeK Computer Inc. -> )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-02-21] (Malwarebytes Corporation -> Malwarebytes)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [1971208 2018-07-18] (SafeNet Canada, Inc. -> SafeNet, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-02-21] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-21] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-02-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-02-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142416 2021-02-21] (Malwarebytes Inc -> Malwarebytes)
R3 P17; C:\WINDOWS\system32\drivers\P17.sys [1309696 2009-10-16] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R3 seehcri; C:\WINDOWS\System32\drivers\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications AB -> Sony Ericsson Mobile Communications)
S3 SNPSTD3; C:\WINDOWS\system32\DRIVERS\snpstd3.sys [10693120 2007-10-16] (SONIX TECHNOLOGY CO. , LTD -> Sonix Co. Ltd.)
S3 SNPSTD3; C:\Windows\SysWOW64\DRIVERS\snpstd3.sys [10376576 2007-10-16] (SONIX TECHNOLOGY CO. , LTD -> Sonix Co. Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R1 Uim_DEVIM; C:\WINDOWS\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] (Paragon Software GmbH -> )
R1 Uim_IM; C:\WINDOWS\System32\DRIVERS\uim_im.sys [700296 2014-05-19] (Paragon Software GmbH -> )
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50176 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49552 2021-02-12] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [419040 2021-02-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-12] (Microsoft Windows -> Microsoft Corporation)
R3 zebrceb; C:\WINDOWS\System32\drivers\zebrceb.sys [81280 2008-01-15] (MCCI Corporation -> MCCI)
S3 ALSysIO; \??\C:\Users\Odfried\AppData\Local\Temp\ALSysIO64.sys [X] <==== ACHTUNG
U3 idsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-21 15:21 - 2021-02-21 15:21 - 000005106 _____ C:\Users\Odfried\Desktop\AdwCleaner[C00].txt
2021-02-21 15:19 - 2021-02-21 15:20 - 000000000 ____D C:\AdwCleaner
2021-02-21 15:19 - 2021-02-21 15:19 - 008463216 _____ (Malwarebytes) C:\Users\Odfried\Downloads\adwcleaner_8.1.exe
2021-02-21 15:18 - 2021-02-21 15:18 - 000022324 _____ C:\Users\Odfried\Desktop\MBAM.txt
2021-02-21 15:12 - 2021-02-21 15:12 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-02-21 15:12 - 2021-02-21 15:12 - 000142416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-02-21 15:12 - 2021-02-21 15:12 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-02-21 14:59 - 2021-02-21 14:59 - 000012924 _____ C:\Users\Odfried\Downloads\8a Niederschrift Klassenkonferenz Halbjahr.pdf
2021-02-21 14:58 - 2021-02-21 14:58 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-02-21 14:58 - 2021-02-21 14:58 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-02-21 14:58 - 2021-02-21 14:58 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-21 14:58 - 2021-02-21 14:58 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-21 14:58 - 2021-02-21 14:58 - 000006590 _____ C:\Users\Odfried\Downloads\Zeugnisbemerkungen_9c.pdf
2021-02-21 14:58 - 2021-02-21 14:58 - 000002042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-21 14:58 - 2021-02-21 14:58 - 000002030 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-21 14:58 - 2021-02-21 14:58 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-21 14:57 - 2021-02-21 14:57 - 002084016 _____ (Malwarebytes) C:\Users\Odfried\Downloads\MBSetup.exe
2021-02-21 14:57 - 2021-02-21 14:57 - 002084016 _____ (Malwarebytes) C:\Users\Odfried\Downloads\MBSetup (1).exe
2021-02-19 10:05 - 2021-02-19 10:05 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-02-18 21:19 - 2021-02-21 15:24 - 000000000 ____D C:\FRST
2021-02-18 20:35 - 2021-02-18 20:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-02-18 20:34 - 2021-02-18 20:34 - 000333112 _____ (Mozilla) C:\Users\Odfried\Downloads\Firefox Installer.exe
2021-02-18 20:24 - 2021-02-18 20:24 - 000000000 ____D C:\Users\Odfried\Desktop\Alte Firefox-Daten
2021-02-18 19:13 - 2021-02-18 19:13 - 000002271 _____ C:\Users\Odfried\Desktop\nacl_synthese_anim - Verknüpfung.lnk
2021-02-18 19:13 - 2021-02-18 19:13 - 000002143 _____ C:\Users\Odfried\Desktop\VIDEO - NaCl Synthese - Verknüpfung.lnk
2021-02-18 19:12 - 2021-02-18 19:12 - 000000000 ____D C:\Users\Odfried\Desktop\Mo 22.02
2021-02-18 15:24 - 2021-02-18 15:24 - 000059910 _____ C:\Users\Odfried\Downloads\klassenliste.pdf
2021-02-17 15:33 - 2021-02-17 15:33 - 000129490 _____ C:\Users\Odfried\Downloads\Ausschreibung_Mitarbeiter_im_Direktorat_-_Gymnasien_Alle_staatlichen_Gymnasien_und_staatlichen_Fach-_und_Berufsoberschulen_(per_OWA).pdf
2021-02-17 15:32 - 2021-02-17 15:32 - 000133157 _____ C:\Users\Odfried\Downloads\Ausschreibung_Ständige_Stellvertretung_im_Bereich_der_Gymnasien_Alle_staatlichen_Gymnasien_und_staatlichen_Fach-_und_Berufsoberschulen_(per_OWA).pdf
2021-02-14 17:42 - 2021-02-14 17:42 - 001369279 _____ C:\Users\Odfried\Downloads\stromleitung.zip
2021-02-14 17:42 - 2021-02-14 17:42 - 000000000 ____D C:\Users\Odfried\Downloads\stromleitung
2021-02-14 17:31 - 2021-02-14 17:42 - 000000000 ____D C:\Users\Odfried\Downloads\redox
2021-02-14 17:31 - 2021-02-14 17:31 - 001275659 _____ C:\Users\Odfried\Downloads\redox.zip
2021-02-14 17:28 - 2021-02-14 17:30 - 000000000 ____D C:\Users\Odfried\Downloads\oberflaeche
2021-02-14 17:28 - 2021-02-14 17:28 - 002671735 _____ C:\Users\Odfried\Downloads\oberflaeche.zip
2021-02-14 16:11 - 2021-02-14 16:11 - 000294912 _____ C:\Users\Odfried\Downloads\WVZ 2021.xls
2021-02-14 12:17 - 2021-02-14 12:17 - 030584912 _____ (Piriform Software Ltd) C:\Users\Odfried\Downloads\ccsetup576.exe
2021-02-14 11:02 - 2021-02-21 14:47 - 140247040 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-02-12 10:05 - 2021-02-12 10:05 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-12 10:05 - 2021-02-12 10:05 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-12 10:05 - 2021-02-12 10:05 - 000232752 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-02-12 08:17 - 2021-02-12 08:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-02-10 21:34 - 2021-02-14 11:02 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-02-10 09:18 - 2021-02-10 09:18 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\Odfried\AppData\Roaming\Odfried.exe
2021-02-10 09:15 - 2021-02-10 09:15 - 000001885 _____ C:\Users\Odfried\Downloads\hp_scan_software_download_kostenlos.zip
2021-01-31 19:04 - 2021-01-31 19:04 - 000114117 _____ C:\Users\Odfried\Downloads\Pinguin_Vorlage.pdf
2021-01-31 19:01 - 2021-01-31 19:01 - 000455871 _____ C:\Users\Odfried\Downloads\ios_U8aM06FJfh8H3K3O.pdf
2021-01-31 19:01 - 2021-01-31 19:01 - 000189665 _____ C:\Users\Odfried\Downloads\fetch (3).pdf
2021-01-31 19:00 - 2021-01-31 19:00 - 000136722 _____ C:\Users\Odfried\Downloads\kindergedichte_morgenstern_diedreispatzen.pdf
2021-01-31 18:58 - 2021-01-31 18:58 - 000212367 _____ C:\Users\Odfried\Downloads\fetch (2).pdf
2021-01-31 18:58 - 2021-01-31 18:58 - 000059212 _____ C:\Users\Odfried\Downloads\ios_ZCH7mlpZ2PQdRYgB.pdf
2021-01-31 18:55 - 2021-01-31 18:55 - 000258529 _____ C:\Users\Odfried\Downloads\fetch (1).pdf
2021-01-31 18:54 - 2021-01-31 18:54 - 000273197 _____ C:\Users\Odfried\Downloads\Unbestimmter_Artikel.pdf
2021-01-31 18:52 - 2021-01-31 18:52 - 000097018 _____ C:\Users\Odfried\Downloads\fetch.pdf
2021-01-31 18:51 - 2021-01-31 18:51 - 000396875 _____ C:\Users\Odfried\Downloads\BESTIMMTER_ARTIKEL.pdf
2021-01-31 18:48 - 2021-01-31 18:48 - 003193217 _____ C:\Users\Odfried\Downloads\Fitnessplan1.pdf
2021-01-31 14:55 - 2021-01-31 14:55 - 000001114 _____ C:\Users\Odfried\Desktop\Paint.lnk
2021-01-31 14:52 - 2021-01-31 14:53 - 000000000 ____D C:\Users\Odfried\AppData\Local\paint.net
2021-01-31 14:52 - 2021-01-31 14:52 - 012712515 _____ C:\Users\Odfried\Downloads\paint.net.4.2.15.install.zip
2021-01-31 14:52 - 2021-01-31 14:52 - 000001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2021-01-31 14:52 - 2021-01-31 14:52 - 000001157 _____ C:\ProgramData\Desktop\paint.net.lnk
2021-01-31 14:52 - 2021-01-31 14:52 - 000000000 ____D C:\Program Files\paint.net
2021-01-27 19:52 - 2021-01-27 19:52 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Odfried\Downloads\Zoom_cm_fo42anktZ9vvrZo4_msdjsfll6lM3t7XjJbsV8mPRVMf9T7JxZJZ3J@lF8vKQNYov0iPiAK_kb61b781a5a9e0565_.exe
2021-01-24 19:33 - 2021-01-24 19:34 - 000012534 _____ C:\Users\Odfried\Downloads\Padlet - 2c Padlet 2501.xlsx
2021-01-23 12:26 - 2021-01-23 12:26 - 000218106 _____ C:\Users\Odfried\Downloads\LW2.pdf
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-21 15:20 - 2019-12-30 15:08 - 000000000 ____D C:\Users\Odfried
2021-02-21 15:20 - 2015-07-24 22:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-02-21 15:20 - 2012-11-28 17:14 - 000000000 ____D C:\Users\Odfried\AppData\Local\Downloaded Installations
2021-02-21 15:18 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-21 15:16 - 2019-12-30 15:08 - 001932080 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-21 15:16 - 2019-03-19 13:16 - 000821584 _____ C:\WINDOWS\system32\perfh007.dat
2021-02-21 15:16 - 2019-03-19 13:16 - 000183320 _____ C:\WINDOWS\system32\perfc007.dat
2021-02-21 15:16 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-21 15:14 - 2013-04-29 21:57 - 000000000 ____D C:\Program Files\CCleaner
2021-02-21 15:12 - 2019-12-30 15:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-21 15:12 - 2019-12-30 15:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-21 15:01 - 2019-12-30 15:11 - 000000000 ____D C:\Users\Odfried\AppData\Local\Packages
2021-02-21 14:58 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-21 14:54 - 2011-09-13 11:06 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-21 14:52 - 2020-09-30 08:32 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-21 14:51 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-21 14:51 - 2016-11-19 13:52 - 000000000 ____D C:\Users\Odfried\AppData\LocalLow\Mozilla
2021-02-21 14:51 - 2012-04-25 12:30 - 000000000 ____D C:\ProgramData\Mozilla
2021-02-21 14:49 - 2019-07-24 19:49 - 000000958 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager.lnk
2021-02-21 14:49 - 2019-07-24 19:49 - 000000946 _____ C:\ProgramData\Desktop\tiptoi® Manager.lnk
2021-02-21 14:49 - 2019-07-24 19:49 - 000000000 ____D C:\Program Files\tiptoi® Manager
2021-02-19 12:35 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-19 10:05 - 2011-09-15 16:38 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\Dropbox
2021-02-19 09:26 - 2020-04-19 11:00 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-18 21:58 - 2020-05-18 09:46 - 000000000 ____D C:\Users\Odfried\AppData\Local\CrashDumps
2021-02-18 20:55 - 2013-04-29 22:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-18 20:48 - 2017-12-09 22:57 - 000002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-18 20:35 - 2020-04-16 07:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-02-18 20:35 - 2013-04-29 22:32 - 000001237 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-18 19:26 - 2011-10-10 21:25 - 000000000 ____D C:\ProgramData\HP
2021-02-18 18:11 - 2021-01-14 11:09 - 000002412 _____ C:\Users\Odfried\Desktop\Microsoft Teams.lnk
2021-02-18 17:27 - 2011-04-16 11:25 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\vlc
2021-02-18 15:06 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-02-17 23:24 - 2015-07-21 15:46 - 000002145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-14 16:02 - 2019-12-30 15:05 - 000575536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-14 12:27 - 2020-01-10 22:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-02-14 12:23 - 2012-07-28 13:48 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\Amazon
2021-02-14 12:23 - 2012-07-28 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2021-02-14 12:23 - 2012-07-28 13:47 - 000000000 ____D C:\Program Files (x86)\Amazon
2021-02-14 12:18 - 2020-01-19 20:20 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-02-14 12:18 - 2013-04-29 21:57 - 000000872 _____ C:\ProgramData\Desktop\CCleaner.lnk
2021-02-13 17:53 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-12 14:26 - 2019-12-30 15:11 - 000000000 ___RD C:\Users\Odfried\3D Objects
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-12 10:07 - 2019-03-19 13:19 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-02-12 10:07 - 2019-03-19 13:19 - 000019469 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-02-12 10:07 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-12 08:17 - 2021-01-14 10:40 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-02-12 02:59 - 2019-12-30 15:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-02-11 20:40 - 2021-01-14 11:09 - 000002420 _____ C:\Users\Odfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-02-11 13:03 - 2019-12-30 15:10 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-11 05:28 - 2020-04-19 11:00 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-11 05:28 - 2020-04-19 11:00 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-10 22:58 - 2011-03-22 07:27 - 000000000 ____D C:\Users\Odfried\AppData\Local\ElevatedDiagnostics
2021-02-10 21:53 - 2011-03-22 08:08 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-10 21:18 - 2020-12-21 11:35 - 000000000 ____D C:\Users\Odfried\AppData\Local\WebEx
2021-02-10 09:17 - 2020-12-21 11:35 - 000000000 ____D C:\Users\Odfried\AppData\LocalLow\WebEx
2021-02-09 21:03 - 2013-08-18 02:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-09 10:46 - 2020-09-30 09:14 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\BiBox 2.0
2021-02-08 09:05 - 2020-01-02 10:50 - 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2726028846-1901948702-833121358-1001
2021-02-08 09:05 - 2020-01-02 10:50 - 000000000 ___RD C:\Users\Odfried\OneDrive
2021-02-08 09:05 - 2019-12-30 15:08 - 000002431 _____ C:\Users\Odfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-06 09:54 - 2019-12-30 15:10 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-06 09:54 - 2019-12-30 15:10 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-05 20:30 - 2020-09-30 08:32 - 000916288 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-02-05 20:30 - 2020-09-30 08:32 - 000437056 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2021-02-04 08:52 - 2011-12-22 18:23 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\MediaMonkey
2021-02-04 07:52 - 2017-04-02 12:43 - 000000000 ____D C:\Users\Odfried\AppData\Local\Spotify
2021-02-04 07:00 - 2017-04-02 12:43 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\Spotify
2021-02-01 12:43 - 2012-12-04 20:20 - 000000646 _____ C:\Users\Odfried\Desktop\Total Commander 64 bit.lnk
2021-01-27 11:47 - 2017-07-26 11:40 - 000001424 _____ C:\Users\Odfried\Desktop\ting - Verknüpfung.lnk
2021-01-24 20:21 - 2020-01-29 21:56 - 000001250 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001UA1d5d6e686e592d1.job
2021-01-24 20:21 - 2020-01-29 21:56 - 000001198 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001Core1d5d6e686de6c49.job
2021-01-22 10:07 - 2011-03-22 07:36 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-22 08:59 - 2020-01-29 21:56 - 000004402 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001UA1d5d6e686e592d1
2021-01-22 08:59 - 2020-01-29 21:56 - 000004026 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001Core1d5d6e686de6c49
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2021-02-10 09:18 - 2021-02-10 09:18 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\Odfried\AppData\Roaming\Odfried.exe
2014-01-16 19:07 - 2014-02-24 00:12 - 000000184 _____ () C:\Users\Odfried\AppData\Roaming\WB.CFG
2014-01-16 19:07 - 2014-01-29 20:07 - 000000005 _____ () C:\Users\Odfried\AppData\Roaming\WBPU-TTL.DAT
2011-12-10 14:40 - 2018-07-16 20:07 - 000005632 _____ () C:\Users\Odfried\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-19 23:32 - 2011-11-19 23:32 - 000000600 _____ () C:\Users\Odfried\AppData\Local\PUTTY.RND
2013-05-01 18:26 - 2019-05-14 16:25 - 000007657 _____ () C:\Users\Odfried\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
|
|
21.02.2021, 15:33
| #6 |
| | Windows 10: Trojaner Tnega!MSR kommt immer wieder - Teil I Addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-02-2021 01
durchgeführt von Odfried (21-02-2021 15:25:35)
Gestartet von F:\Documents\!Dokumente\I-Netz, Computergelöt etc\Trojaner
Windows 10 Pro Version 1909 18363.1379 (X64) (2019-12-30 14:11:14)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-2726028846-1901948702-833121358-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2726028846-1901948702-833121358-503 - Limited - Disabled)
Gast (S-1-5-21-2726028846-1901948702-833121358-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2726028846-1901948702-833121358-1007 - Limited - Enabled)
Odfried (S-1-5-21-2726028846-1901948702-833121358-1001 - Administrator - Enabled) => C:\Users\Odfried
WDAGUtilityAccount (S-1-5-21-2726028846-1901948702-833121358-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
7200 (HKLM-x32\...\{7AD9D9B5-12F3-417B-886A-A211E79B3823}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
7200_Help (HKLM-x32\...\{3A7C1F27-206B-46EE-A43B-7245A5B6E828}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
7200Trb (HKLM-x32\...\{AD66335B-EF80-4A09-A479-AD24E5655A49}) (Version: 82.0.242.000 - Hewlett-Packard) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.001.20138 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AIO_CDB_ProductContext (HKLM-x32\...\{E7112940-5F8E-4918-B9FE-251F2F8DC81F}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (HKLM-x32\...\{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}) (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (HKLM-x32\...\{104066F4-5897-4067-85D3-4C88B67CCF75}) (Version: 130.0.421.000 - Hewlett-Packard) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.026 - ASUSTek Computer Inc.)
BiBox 2.0 2.0.14 (HKLM\...\2e1ea4ea-03c5-5b40-afa3-380fbece6940) (Version: 2.0.14 - Westermann GmbH & Co KG)
BiBox 2.0 2.0.3 (HKLM\...\{2e1ea4ea-03c5-5b40-afa3-380fbece6940}) (Version: 2.0.3 - )
BufferChm (HKLM-x32\...\{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}) (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.76 - Piriform)
Chemie_Aber_Sicher Version 1.0 (HKLM-x32\...\{0A64BFD0-0511-4C67-A3BF-D4C0C1055255}_is1) (Version: 1.0 - Marco Korn)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cisco Webex Meetings (HKLM-x32\...\{64F4EA78-1A8B-244D-9572-B76CE2B4ACEC}) (Version: 40.12.5.14 - Cisco Webex LLC)
Copy (HKLM-x32\...\{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}) (Version: 130.0.428.000 - Hewlett-Packard) Hidden
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
CrystalDiskInfo 6.6.1 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 6.6.1 - Crystal Dew World)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Data Lifeguard Diagnostic for Windows 1.24 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{2FF8C687-DB7D-4adc-A5DC-57983EC25046}) (Version: 130.0.465.000 - Hewlett-Packard) Hidden
Discord (HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Discord) (Version: 0.0.306 - Discord Inc.)
dm-Fotowelt (HKLM-x32\...\dm-Fotowelt) (Version: 7.0.3 - CEWE Stiftung u Co. KGaA)
DocProc (HKLM-x32\...\{9B362566-EC1B-4700-BB9C-EC661BDE2175}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Dropbox) (Version: 116.4.368 - Dropbox, Inc.)
ElsterFormular 2007 - 2008 NE (HKLM-x32\...\ElsterFormular 2007 - 2008 NE 2007-2008) (Version: 2007-2008 - Landesfinanzdirektion Thüringen)
ElsterFormular 2008 - 2009 (HKLM-x32\...\ElsterFormular 2008 - 2009 2008-2009) (Version: 2008-2009 - Landesfinanzdirektion Thüringen)
Fax (HKLM-x32\...\{440B915A-0C85-45DB-92AE-75AE14704A64}) (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 88.0.4324.182 - Google LLC)
Google Earth Pro (HKLM\...\{FB8010D4-05F4-420D-8DFC-2F911A6DD100}) (Version: 7.3.3.7786 - Google)
GPBaseService2 (HKLM-x32\...\{63FF21C9-A810-464F-B60A-3111747B1A6D}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hama Webcam AC-150 (HKLM-x32\...\{ECD03DA7-5952-406A-8156-5F0C93618D1F}) (Version: Hama Webcam AC-150 - Sonix)
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version: - EFD Software)
Hewlett-Packard ACLM.NET v1.1.0.0 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (HKLM-x32\...\{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}) (Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{C43326F5-F135-4551-8270-7F7ABA0462E1}) (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Illusionen (HKLM-x32\...\Illusionen) (Version: - )
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4264 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 3.0.1.41 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{4a87bd28-a855-4a8d-b133-60ca8ccffd30}) (Version: 10.0.17 - Intel(R) Corporation) Hidden
Java 8 Update 241 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180241F0}) (Version: 8.0.2410.7 - Oracle Corporation)
KeePass Password Safe 1.27 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.27 - Dominik Reichl)
KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
kleiner-brauhelfer Version 1.4.3.2 (HKLM-x32\...\{A68EC315-481F-42C8-8A61-25ACEF84C52A}_is1) (Version: 1.4.3.2 - Gremmelsoft)
Kosmos Himmelsjahr 2020 (HKLM-x32\...\{DE84E32F-326E-4274-A0FB-AF3EE4E5A2F8}) (Version: 1.0 - )
Linder Meiose (HKLM-x32\...\Linder Meiose) (Version: 1.0 - Schroedel)
Linder Neurophysiologie (HKLM-x32\...\Linder Neurophysiologie) (Version: 1.0 - Schroedel)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
MarketResearch (HKLM-x32\...\{175F0111-2968-4935-8F70-33108C6A4DE3}) (Version: 130.0.374.000 - Hewlett-Packard) Hidden
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.13628.20448 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 88.0.705.74 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.59 - )
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\OneDriveSetup.exe) (Version: 21.002.0104.0005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Teams) (Version: 1.4.00.2879 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{BAB9FCC5-1506-4B4F-BFCA-EDE0BDB86C21}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 85.0.2 (x64 de) (HKLM\...\Mozilla Firefox 85.0.2 (x64 de)) (Version: 85.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 85.0.2 - Mozilla)
Mozilla Thunderbird (3.1.20) (HKLM-x32\...\Mozilla Thunderbird (3.1.20)) (Version: 3.1.20 (de) - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.7 - F.J. Wechselberger)
NATURA multimedial 3 (HKLM-x32\...\{91232730-D49F-4277-8CA1-B4E307B4F92C}) (Version: 1.00.000 - )
Network64 (HKLM\...\{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}) (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (HKLM\...\{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}) (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Neurobiologie (HKLM-x32\...\{3F3E992E-980E-4898-B8B2-5202921A317E}) (Version: 1.00.0000 - Ernst Klett Verlag)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13628.20448 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13628.20274 - Microsoft Corporation) Hidden
OpenOffice 4.1.3 (HKLM-x32\...\{8D5FCC56-BB9F-4122-923C-71753F50F6F5}) (Version: 4.13.9783 - Apache Software Foundation)
OpenVPN 2.4.4-I601 (HKLM\...\OpenVPN) (Version: 2.4.4-I601 - OpenVPN Technologies, Inc.)
Opera 12.17 (HKLM-x32\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Opera Stable 73.0.3856.344 (HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Opera 73.0.3856.344) (Version: 73.0.3856.344 - Opera Software)
ownCloud (HKLM-x32\...\ownCloud) (Version: 1.0.5 - owncloud.com)
paint.net (HKLM\...\{6FED3D93-C0FA-4BD7-A36F-7FC53698244F}) (Version: 4.2.15 - dotPDN LLC)
PC Suite for Sony Ericsson (HKLM-x32\...\{0C3AE9EB-2F0A-451E-A5E4-2BF6AFF21FB9}) (Version: 1.6.0 - Sony Ericsson) Hidden
PC Suite for Sony Ericsson (HKLM-x32\...\{E1252473-6306-4d5d-904D-B06AA7F38161}) (Version: 1.6.0 - )
PC Suite for Sony Ericsson x64 (HKLM\...\{D611B241-28A0-4937-AF86-17565CAF9807}) (Version: 1.6.0 - Sony Ericsson) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.87.529.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7335 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0150 - REALTEK Semiconductor Corp.)
Rund um ... Biologie heute entdecken 2 (Teil 1) (HKLM-x32\...\{431CD81E-D6D1-42D0-BE0F-B9AB87298644}) (Version: 1.00.0000 - Bildungshaus Schulbuchverlage Westermann Schroedel Diesterweg Schöningh Winklers GmbH)
Scan (HKLM-x32\...\{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}) (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Sentinel Runtime (HKLM-x32\...\{37D5D6E8-2728-4020-B931-566E648EB770}) (Version: 7.81.20638.60000 - Gemalto)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Skype™ 7.31 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.31.104 - Skype Technologies S.A.)
SolutionCenter (HKLM-x32\...\{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}) (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sony Ericsson Symbian 9 Drivers (HKLM\...\Sony Ericsson) (Version: - )
Sony PC Companion 2.10.303 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.303 - Sony)
Spotify (HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Spotify) (Version: 1.1.51.382.g8e3b11ed - Spotify AB)
Status (HKLM-x32\...\{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}) (Version: 130.0.469.000 - Hewlett-Packard) Hidden
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.28779 - Microsoft Corporation)
tiptoi® Manager 4.2.1 (HKLM\...\{833392BB-E8C0-4066-9408-3A30FA43972F}_is1) (Version: 4.2.1 - Ravensburger AG)
Toolbox (HKLM-x32\...\{6BBA26E9-AB03-4FE7-831A-3535584CA002}) (Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.01 - Ghisler Software GmbH)
TrayApp (HKLM-x32\...\{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}) (Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (HKLM-x32\...\{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}) (Version: 11.0.0 - Hewlett-Packard) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.12 - VideoLAN)
WebReg (HKLM-x32\...\{43CDF946-F5D9-4292-B006-BA0D92013021}) (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows 10-Update-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22925 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{6D822E4E-9F73-469B-8CD1-EE45FA2C6787}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2017 (HKLM-x32\...\{8D62EDE4-0BFC-474D-8629-A15CEB386DED}) (Version: 24.00.1375 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2018 (HKLM-x32\...\{0971F906-B807-4425-AE07-E98D4AEFDF15}) (Version: 25.00.1359 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2019 (HKLM-x32\...\{8BB245A8-45BA-4403-BA30-306ED5C9211C}) (Version: 26.09.1982 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2020 (HKLM-x32\...\{0205897D-66A6-4300-A651-CC6A58C522BB}) (Version: 27.09.2092 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2013 (HKLM-x32\...\{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}) (Version: 20.00.8137 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2014 (HKLM-x32\...\{0B4B4F5D-B749-41F3-A196-688E2CB8D5F0}) (Version: 21.00.8480 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2015 (HKLM-x32\...\{4D00D0C7-B55A-4EB4-9DF1-3773C55886EA}) (Version: 22.00.8811 - Buhl Data Service GmbH)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
Zoom (HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\ZoomUMX) (Version: 5.4.9 (59931.0110) - Zoom Video Communications, Inc.)
Packages:
=========
HP Scan and Capture -> C:\Program Files\WindowsApps\AD2F1837.HPScanandCapture_40.0.245.0_x64__v10z8vjag6ke6 [2021-01-14] (Hewlett-Packard Company)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-12-30] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-12-30] (Microsoft Corporation) [MS Ad]
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_21.10111.5575.0_x64__8wekyb3d8bbwe [2021-02-13] (Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Odfried\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Odfried\Dropbox [2011-09-15 16:46]
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B} -> [dropbox-NamespaceExtensionRole.Business] => 0
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2726028846-1901948702-833121358-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll (Dropbox, Inc -> Dropbox, Inc.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [Datei ist nicht signiert]
ContextMenuHandlers1: [PDFCreator.ShellContextMenu] -> {d9cea52e-100d-4159-89ea-76e845bc13e1} => -> Keine Datei
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-08-16] () [Datei ist nicht signiert]
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-08-16] () [Datei ist nicht signiert]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers4: [ICQLiteMenu] -> {73B24247-042E-4EF5-ADC2-42F62E6FD654} => -> Keine Datei
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-08-16] () [Datei ist nicht signiert]
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-08-16] () [Datei ist nicht signiert]
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> Keine Datei
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-11-01] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-02-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2009-08-16] () [Datei ist nicht signiert]
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2009-08-16] () [Datei ist nicht signiert]
ContextMenuHandlers1_S-1-5-21-2726028846-1901948702-833121358-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-2726028846-1901948702-833121358-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-2726028846-1901948702-833121358-1001: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\Odfried\AppData\Roaming\Dropbox\bin\DropboxExt64.46.0.dll [2020-10-06] (Dropbox, Inc -> Dropbox, Inc.)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2009-09-20 11:36 - 2009-09-20 11:36 - 000249344 _____ (Hewlett-Packard Co.) [Datei ist nicht signiert] c:\program files (x86)\hp\digital imaging\bin\hpqcxs08.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000213504 _____ (Hewlett-Packard Co.) [Datei ist nicht signiert] c:\program files (x86)\hp\digital imaging\bin\hpqddcmn.dll
2009-09-20 11:24 - 2009-09-20 11:24 - 000133120 _____ (Hewlett-Packard Co.) [Datei ist nicht signiert] c:\program files (x86)\hp\digital imaging\bin\hpqddsvc.dll
2010-10-22 13:08 - 2010-10-22 13:08 - 001039360 _____ (Hewlett-Packard Co.) [Datei ist nicht signiert] c:\program files (x86)\hp\digital imaging\bin\hpslpsvc64.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Users\Odfried\Desktop\kurzer.mp3:com.dropbox.attributes [256]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSSE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2726028846-1901948702-833121358-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2726028846-1901948702-833121358-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
SearchScopes: HKU\S-1-5-21-2726028846-1901948702-833121358-1001 -> {774BC0A6-6ED4-4280-9FF3-34663F36A612} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&intl=de&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll [2020-02-09] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll [2020-02-09] (Oracle America, Inc. -> Oracle Corporation)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Software Sarl -> Skype Technologies)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\sharepoint.com -> hxxps://gymnasiummallersdorfde-files.sharepoint.com
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Teleca Shared;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\Intuwave\Shared\mRouterRuntime;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Skype\Phone\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\Control Panel\Desktop\\Wallpaper -> F:\Pictures\earth_at_night.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Keine Datei)
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: asComSvc => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Creative Audio Engine Licensing Service => 3
MSCONFIG\Services: CTAudSvcService => 2
MSCONFIG\Services: GoogleChromeElevationService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hasplms => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: igfxCUIService2.0.0.0 => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: OpenVPNService => 3
MSCONFIG\Services: OpenVPNServiceInteractive => 2
MSCONFIG\Services: OpenVPNServiceLegacy => 3
MSCONFIG\Services: PDF Architect 7 => 3
MSCONFIG\Services: PDF Architect 7 Creator => 3
MSCONFIG\Services: PDF Architect 7 Update Service => 2
MSCONFIG\Services: Realtek11nSU => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CloneCDTray => "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Ybxiu => C:\Users\Odfried\AppData\Roaming\Qaenar\dawei.exe
HKLM\...\StartupApproved\StartupFolder: => "WISO Mein Steuer-Sparbuch heute.lnk"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "Reflect UI"
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "snpstd3"
HKLM\...\StartupApproved\Run32: => "PC Suite for Smartphones"
HKLM\...\StartupApproved\Run32: => "FixCamera"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "USB3MON"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "KeePass 2 PreLoad"
HKLM\...\StartupApproved\Run32: => "tsnpstd3"
HKLM\...\StartupApproved\Run32: => "P17RunE"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\StartupApproved\Run: => "OpenVPN-GUI"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\StartupApproved\Run: => "CCleaner Smart Cleaning"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\StartupApproved\Run: => "Dropbox Update"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\StartupApproved\Run: => "CiscoMeetingDaemon"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{34FE353E-CFBF-48BF-85D6-2AE1483C7F54}C:\users\odfried\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\odfried\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{A563A3FF-F0F1-41CA-AB02-52BD09706A9A}C:\users\odfried\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\odfried\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{F1324236-CE04-4A54-9671-09C7A53B44FF}] => (Allow) C:\Windows\system32\hasplms.exe (SafeNet Canada, Inc. -> SafeNet, Inc.)
FirewallRules: [{7B4254EF-9D4D-4973-8873-CB5AAB38F4FF}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{385C1A14-7BF7-412C-B2DE-886C2EC897F3}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{45108751-5536-4BA3-8874-3D0845969ADF}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{25F4D700-8E0F-4624-A088-46FC3F6E36AB}] => (Block) C:\program files\openvpn\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [{F2C982E7-B4FE-4D58-95BB-06AA3CFD3D8C}] => (Block) C:\program files\openvpn\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [UDP Query User{E5CD19E9-0657-4D10-8B8D-385F143C5920}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [TCP Query User{D8E7F188-1BC9-4859-9D4A-D5003957A0F5}C:\program files\openvpn\bin\openvpn.exe] => (Allow) C:\program files\openvpn\bin\openvpn.exe (OpenVPN Technologies, Inc. -> The OpenVPN Project)
FirewallRules: [UDP Query User{4D7A0E60-F497-4B36-BB55-34301CFB63E5}C:\users\odfried\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\odfried\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [TCP Query User{B90F0B16-A7FD-4039-9E4A-9C3D80599C36}C:\users\odfried\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\odfried\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{7C8698B5-BBAC-4298-AAE4-296A4ABA1B7F}] => (Allow) LPort=53
FirewallRules: [{25EE581D-BE31-44AC-95BE-4B45A3B3282B}] => (Allow) LPort=1542
FirewallRules: [{CA3B74C7-F766-4B26-9111-BC00BEBBD2D8}] => (Allow) LPort=1542
FirewallRules: [{2EB90AD2-B128-4CC5-A214-704033624890}] => (Allow) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [Datei ist nicht signiert]
FirewallRules: [{2F354491-9F4A-4BFE-87CD-4CDA09F7780A}] => (Allow) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{2B7B1A80-7204-4581-90A3-3C3C88A0CB11}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [TCP Query User{A808A815-6429-481A-B5C5-2FE1BAB3F0E6}C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) C:\program files (x86)\myphoneexplorer\myphoneexplorer.exe (Franz Josef Wechselberger -> F.J. Wechselberger)
FirewallRules: [{BA6022E4-B916-43D2-9C9F-02053F1CD3AF}] => (Allow) C:\Program Files (x86)\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{199DDBB9-3840-4C80-BCA5-300EAF437EB1}] => (Allow) C:\Program Files (x86)\Opera\opera.exe (Opera Software ASA -> Opera Software)
FirewallRules: [{BF289F8D-DE27-437D-9C21-D2157A3C490E}] => (Allow) LPort=53
FirewallRules: [{6E4D5BCB-571E-4730-A87A-37C57992C593}] => (Allow) LPort=1542
FirewallRules: [{495D962B-9D91-4B85-9D11-0DD712615982}] => (Allow) LPort=1542
FirewallRules: [{334A96B5-56BB-43FB-A0ED-9606E2C22C98}] => (Allow) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [Datei ist nicht signiert]
FirewallRules: [{9E2C557A-6769-41B4-9C52-74749698B0F9}] => (Allow) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.) [Datei ist nicht signiert]
FirewallRules: [{F4C064E7-6C9D-42A7-8128-6E092F255C90}] => (Allow) LPort=1900
FirewallRules: [{092F087E-9644-4465-A40C-9739A5A42DE9}] => (Allow) LPort=2869
FirewallRules: [{7AC0E92E-19E1-470D-A656-5ECC2A1CB005}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4BB4B882-BF72-44C8-83AC-39BD5C48DF88}] => (Allow) C:\Program Files (x86)\ElsterFormular\2007-2008 NE\elfoStarter2007.exe () [Datei ist nicht signiert]
FirewallRules: [{2062F96B-C2CC-40EA-97C1-F63287B1D2B2}] => (Allow) C:\Program Files (x86)\ElsterFormular\2007-2008 NE\elfoStarter2007.exe () [Datei ist nicht signiert]
FirewallRules: [{19450AE1-5C8D-4015-A1F0-9995D604BF43}] => (Allow) C:\Program Files (x86)\ElsterFormular\2007-2008 NE\elfoStarter2007.exe () [Datei ist nicht signiert]
FirewallRules: [{4E867E39-7966-4A1C-B2B3-E3A73BB6DF0F}] => (Allow) C:\Program Files (x86)\ElsterFormular\2007-2008 NE\elfoStarter2007.exe () [Datei ist nicht signiert]
FirewallRules: [{9D86B17F-251F-48E1-8036-463BD7E6DB34}] => (Allow) C:\Program Files (x86)\ElsterFormular\2008-2009\elfoStarter2008.exe () [Datei ist nicht signiert]
FirewallRules: [{C2945FFA-75F8-424D-9715-CA1D819B6210}] => (Allow) C:\Program Files (x86)\ElsterFormular\2008-2009\elfoStarter2008.exe () [Datei ist nicht signiert]
FirewallRules: [{AAB78F22-BDE9-4000-AE4D-E9FBF0292663}] => (Allow) C:\Program Files (x86)\ElsterFormular\2008-2009\elfoStarter2008.exe () [Datei ist nicht signiert]
FirewallRules: [{D92F3F20-8A55-4E79-A067-C89C5D8D7109}] => (Allow) C:\Program Files (x86)\ElsterFormular\2008-2009\elfoStarter2008.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{1D350CF2-EACF-4203-867F-0C09A39FEA38}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe] => (Allow) C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe (Intuwave Ltd.) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{3CA3FAA4-239A-427E-B38F-9CF37DA227CC}C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe] => (Allow) C:\program files (x86)\intuwave\shared\mrouterruntime\mrouterruntime.exe (Intuwave Ltd.) [Datei ist nicht signiert]
FirewallRules: [{4DF47BD5-F69A-4DA3-906B-B389F345C858}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{926AB5F0-70B7-426A-809A-BD74C2AF8BDA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{53A54560-BBC6-408E-9B38-24A122807053}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{570A71F2-E847-4ABB-A2B2-28E4DA6A48AA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett-Packard) [Datei ist nicht signiert]
FirewallRules: [{FBEFF99B-DFD1-412E-BA71-94C56ECA829A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{AE0F4326-94DC-46CD-9F5C-501A9EFB807C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{7455AF2C-66ED-4AFC-B3B5-3E63C7C508FE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{BAEFF5E4-388E-41D0-B9C6-1933E6D8FE72}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett-Packard) [Datei ist nicht signiert]
FirewallRules: [{841A3630-225C-4458-940A-09BC86B276B1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{70344CA4-570B-4009-A400-457AF2CF7042}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{9FFDCEFA-C622-487E-B23E-47A7F891228C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{702162D4-5246-4285-B1CE-169855C65E15}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe () [Datei ist nicht signiert]
FirewallRules: [{98E39DDD-C9D9-45E7-8E37-25372CAD4FD0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{125EE71A-097B-44FF-966F-1BCD1FC3CB33}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett-Packard) [Datei ist nicht signiert]
FirewallRules: [{EB2FBB4B-1BB6-434D-9FB8-82AE5D3CF7F8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{CAE0C1D9-8A0A-482B-B93A-F537AF186306}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{0791322A-F1AD-4B71-A1F9-1266498B78D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{104E4E04-F45E-462D-94D7-70E084E223E0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [{DF7C1CE3-8121-45AF-A422-9C1EDC06A554}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{9124922F-D4F6-46CF-82BE-886E2DA1B236}C:\users\odfried\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\odfried\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [TCP Query User{A42F2A63-84B4-493B-9D09-32D774C7BD82}C:\users\odfried\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\odfried\appdata\roaming\dropbox\bin\dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{B10778AA-827C-4D95-83DF-E9C022C803A7}] => (Allow) C:\Users\Odfried\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{9FC0E033-CCBB-48F2-A71F-50971D18CCCE}] => (Allow) C:\Users\Odfried\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{9BC0D206-9A91-456B-8A64-B7804FC89BCC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{02D15916-F3F7-4D85-972B-6ED93B45AFCD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4762980F-9D9D-445F-A6AD-E84FB7411D23}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{5FCFB56F-B384-419B-9C53-FB480C9263B9}C:\users\odfried\downloads\anydesk.exe] => (Allow) C:\users\odfried\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [UDP Query User{2EE32E98-AD8C-4B40-895E-3AA4A4698544}C:\users\odfried\downloads\anydesk.exe] => (Allow) C:\users\odfried\downloads\anydesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{A18C5810-9D9E-4E86-ACCF-03A999807BAD}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{4F672DE3-12E2-4721-B4F5-AD6F0C1FB4A0}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [{7C10674A-2156-4FF8-9A28-96A499C9E4B5}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe (Ventis Media, Inc. -> Ventis Media Inc.)
FirewallRules: [TCP Query User{FE4EC28F-4FE3-4CEF-B6A6-42F7C568DE82}C:\users\odfried\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\odfried\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{3D2C9290-5DD0-480A-BD0D-6E70F77FE450}C:\users\odfried\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\odfried\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{175F6B39-6E98-46D8-BB13-36415C611B7C}] => (Allow) C:\Users\Odfried\AppData\Local\Programs\Opera\73.0.3856.329\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{2A107D05-0C77-4E31-B146-1D265C1F76B0}] => (Allow) C:\Users\Odfried\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{3891DDC0-D5D0-4EF5-81F7-90319DA579CD}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E1ED0E93-1983-477C-B5E8-F6FFC17EF367}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{46A35463-FB71-4A7E-9FD5-771963170160}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{56B988BE-486F-4357-97CF-F556C768CEE8}] => (Allow) C:\Users\Odfried\AppData\Local\Programs\Opera\73.0.3856.344\opera.exe (Opera Software AS -> Opera Software)
FirewallRules: [{30ED989C-73A6-40B0-9D9C-D1783CA29F40}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5885FE43-13AF-4F7F-8E6B-0D4818B3FA00}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{AF2784F7-3CB2-4C98-B6A7-165ECBA75C13}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8D1FB8F5-6B41-46D1-9C6B-B1A21530492E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{22BCEBFA-008B-4109-93DB-20600F692A95}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E7A45B9F-A1DC-451C-9405-60DB25D0371C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{09B9BFE1-039E-4204-A18E-AEF87712076E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E2077DEB-D1F3-4F9A-A1D6-3FA8B5B983AA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C9CBB5AA-9DE0-49C0-9ECB-9EBCFD7892DE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{37140472-AC1A-426F-8DFE-6CF509DEF5B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D45BD1A8-CD80-414B-9545-097D5D2B3180}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{B19BC038-0BF8-405D-B5B7-B590B56B5B51}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4AB1231B-95D0-4537-AC50-2F26ADF70CE3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Wiederherstellungspunkte =========================
14-02-2021 12:23:49 Removed Apple Application Support
16-02-2021 09:28:28 Windows-Sicherung
18-02-2021 17:55:17 Windows-Sicherung
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (02/21/2021 02:59:06 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (3532,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/21/2021 02:54:50 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung Fehler in der Wiederherstellungsphase. beendet.
Kontext: Anwendung, SystemIndex Katalog
Details:
Gatherer wird heruntergefahren. (HRESULT : 0x80040d23) (0x80040d23)
Error: (02/21/2021 02:54:50 PM) (Source: Windows Search Service) (EventID: 3602) (User: )
Description: Fehler-ID 1 in der Wiederherstellungsphase von Windows Search. Bitte starten Sie den Dienst erneut. Wenn dieser Fehler weiterhin besteht, führen Sie eine Neuerstellung des Index aus.
Kontext: Anwendung, SystemIndex Katalog
Details:
Gatherer wird heruntergefahren. (HRESULT : 0x80040d23) (0x80040d23)
Error: (02/19/2021 12:35:34 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Error: (02/19/2021 12:35:34 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (02/19/2021 11:41:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (9112,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/19/2021 11:15:00 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1624,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Error: (02/19/2021 10:19:14 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (8648,R,98) TILEREPOSITORYS-1-5-18: Fehler -1023 (0xfffffc01) beim Öffnen von Protokolldatei C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Database\EDB.log.
Systemfehler:
=============
Error: (02/21/2021 03:20:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/21/2021 03:20:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Message Queuing" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/21/2021 03:20:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/21/2021 03:20:53 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/21/2021 02:47:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMChameleon" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (02/19/2021 09:20:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMChameleon" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (02/18/2021 08:55:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMChameleon" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (02/18/2021 08:10:01 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MBAMChameleon" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Windows Defender:
================
Date: 2020-08-16 03:59:22.502
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-08-16 03:59:22.495
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-08-16 03:59:22.406
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-08-16 03:59:22.399
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\FlightSettings.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-08-16 03:59:22.390
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-08-16 03:59:22.381
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\dsreg.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-08-16 03:59:21.998
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-08-16 03:59:21.978
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\aepic.dll because the set of per-page image hashes could not be found on the system.
Date: 2020-06-14 10:07:37.664
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Date: 2020-06-14 10:07:37.641
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.
Event[10]:
Date: 2020-06-14 10:07:37.621
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.
Event[11]:
Date: 2020-06-14 10:07:37.572
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.
Event[0]:
Date: 2021-02-21 14:48:07.700
Description:
Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Schwerwiegend
Kategorie: Trojaner - Dropper
Pfad: file:_C:\Users\Odfried\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: Garfield\Odfried
Prozessname: C:\Users\Odfried\AppData\Roaming\Odfried.exe
Sicherheitsversion: AV: 1.331.1353.0, AS: 1.331.1353.0, NIS: 1.331.1353.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-02-19 09:20:50.716
Description:
Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Schwerwiegend
Kategorie: Trojaner - Dropper
Pfad: file:_C:\Users\Odfried\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: Garfield\Odfried
Prozessname: C:\Users\Odfried\AppData\Roaming\Odfried.exe
Sicherheitsversion: AV: 1.331.1318.0, AS: 1.331.1318.0, NIS: 1.331.1318.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-02-18 20:56:03.170
Description:
Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Schwerwiegend
Kategorie: Trojaner - Dropper
Pfad: file:_C:\Users\Odfried\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: Garfield\Odfried
Prozessname: C:\Users\Odfried\AppData\Roaming\Odfried.exe
Sicherheitsversion: AV: 1.331.1281.0, AS: 1.331.1281.0, NIS: 1.331.1281.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
Date: 2021-02-18 10:45:42.537
Description:
Die Windows Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {0C0FADF7-6F1D-4DB2-933A-AA8874BECB6D}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2021-02-18 08:10:34.012
Description:
Windows Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=TrojanDropper:Win64/Tnega!MSR&threatid=2147771646&enterprise=0
Name: TrojanDropper:Win64/Tnega!MSR
ID: 2147771646
Schweregrad: Schwerwiegend
Kategorie: Trojaner - Dropper
Pfad: file:_C:\Users\Odfried\AppData\Local\Temp\GetX64BTIT.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: Garfield\Odfried
Prozessname: C:\Users\Odfried\AppData\Roaming\Odfried.exe
Sicherheitsversion: AV: 1.331.1207.0, AS: 1.331.1207.0, NIS: 1.331.1207.0
Modulversion: AM: 1.1.17800.5, NIS: 1.1.17800.5
Event[0]:
Date: 2021-02-12 09:25:30.899
Description:
Fehler von Windows Defender Antivirus beim Herunterladen und Konfigurieren von Windows Defender Offline.
Fehlercode: 0x8000000a
Fehlerbeschreibung: Die für diesen Vorgang erforderlichen Daten sind noch nicht verfügbar.
Date: 2021-02-10 22:39:39.693
Description:
Fehler von Windows Defender Antivirus beim Herunterladen und Konfigurieren von Windows Defender Offline.
Fehlercode: 0x8000000a
Fehlerbeschreibung: Die für diesen Vorgang erforderlichen Daten sind noch nicht verfügbar.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. 2306 10/09/2014
Hauptplatine: ASUSTeK COMPUTER INC. H97-PLUS
Prozessor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Prozentuale Nutzung des RAM: 21%
Installierter physikalischer RAM: 16069.23 MB
Verfügbarer physikalischer RAM: 12633.72 MB
Summe virtueller Speicher: 23069.23 MB
Verfügbarer virtueller Speicher: 19792.84 MB
==================== Laufwerke ================================
Drive c: (SSD Sonne) (Fixed) (Total:237.79 GB) (Free:81.04 GB) NTFS
Drive e: (alte 0,5 TB SystemPlatte WD) (Fixed) (Total:465.76 GB) (Free:465.65 GB) NTFS
Drive f: (MEGA-Platte 4TB intern) (Fixed) (Total:3725.9 GB) (Free:1739.81 GB) NTFS
Drive g: (Doppelstern 4 TB intern) (Fixed) (Total:3725.9 GB) (Free:1569.64 GB) NTFS
Drive m: (Seagate 1TB) (Fixed) (Total:931.51 GB) (Free:739.21 GB) NTFS
\\?\Volume{0b9953dd-53f7-11e0-88eb-806e6f6e6963}\ (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{f2407920-0000-0000-0000-10793b000000}\ () (Fixed) (Total:0.58 GB) (Free:0.08 GB) NTFS
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: F2407920)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=594 MB) - (Type=27)
==========================================================
Disk: 1 (Protective MBR) (Size: 3726 GB) (Disk ID: 00000000)
Partition: GPT.
==========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 9C214DDA)
Partition: GPT.
==========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: D8000000)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==========================================================
Disk: 5 (Size: 931.5 GB) (Disk ID: A4B57300)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt =======================
|
|
21.02.2021, 17:29
| #7 | |
| /// TB-Ausbilder | Windows 10: Trojaner Tnega!MSR kommt immer wieder - Teil IZitat:
Den ersten FRST-Suchlauf hast du ja auch vom Downloadordner ausgeführt...  Bitte einen neuen Suchlauf mit FRST durchführen, dieses Mal vom C:\Users\<dein Benutzername>\Downloads\.  Schlechte Downloadquellen - so kommt Schadsoftware auf deinen PC Lade keine Software von Chip.de, Softonic.de, sourceforge.net, openoffice.de, VLC.de, audacity.de, gimp24.de oder updatestar.com. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software (Potentially Unwanted Programs, kurz PUP) oder Adware installiert. Auf manchen Seiten wird direkt PUP / Adware zum Download angeboten. Für Windows gibt es seit einiger Zeit einen brauchbaren Paketmanager, der mit einfachen Befehlen es erlaubt, automatisiert Software herunterzuladen und zu installieren. Das erspart eine Menge Arbeit, denn ohne einen Paketmanager muss man jedes Programm selbst prüfen und separat manuell updaten, vorher manuell noch runterladen etc. pp. - siehe auch --> chocolatey Paketmanager für Windows Wir empfehlen dringend, alle Programme, sofern verfügbar, über chocolatey zu installieren. Falls du schon mit Linux zu tun hattest, wird dir die Syntax sehr vertraut sein. Die FAQs zu choco findest du da --> Chocolatey: Häufig gestellte Fragen (englisch) Selbstverständlich darfst du auch Fragen zu chocolatey im o.g. Thread zu chocolatey stellen. Für den seltenen Fall, dass du das benötigte Programm nicht im repository von chocolatey findest: Lade diese Software immer direkt beim jeweiligen Hersteller / Entwickler. |
|
24.02.2021, 14:07
| #8 |
| /// TB-Ausbilder | Windows 10: Trojaner Tnega!MSR kommt immer wieder - Teil I Fehlende Rückmeldung Dieses Thema wurde aus unseren Abos gelöscht. Somit bekommen wir keine Benachrichtigung über neue Antworten. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und ein eigenes Thema erstellen! |
|
| Themen zu Windows 10: Trojaner Tnega!MSR kommt immer wieder - Teil I |
| administrator, adobe, antivirus, blockiert, browser, canon, computer, cpu, defender, desktop, entfernen, error, explorer, firefox, firewall, google, help, homepage, internet, internet explorer, mozilla, neustart, opera, prozesse, realtek, registry, scan, security, server, sicherheit, software, sparbuch, svchost, tcp, temp, tnega!msr, total commander, trojaner, udp, usb, windows, wiso, wmi |
Linear-Darstellung
