Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: CRaccoon auf PC

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Thema geschlossen
Alt 21.06.2021, 22:42   #1
doulougou
 
CRaccoon auf PC - Standard

CRaccoon auf PC



Hallo,
wie andere User bin ich auf meinem PC über "CRaccoon" gestolpert, habe mich hier eingelesen und bemerkt, das das Entfernen ein gewisses Fachwissen erfordert. Ich würde mich daher über Unterstützung sehr freuen - vielen Dank vorab!

Ich habe bereits selbst gemacht:
- In der Systemsteuerung die löschbare "App" deinstalliert (craccoon.ch verblieb).
- Mit geekuninstaller versucht, das Ding loszuwerden.
- AdwCleaner drübergeschickt (s. log)
- MBAM drübergeschickt (s. log, ich hoffe die "falsche" Reihenfolge machts nicht zunichte.)

Anbei außerdem FRST logs:

FRST:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2021
durchgeführt von Max (Administrator) auf DESKTOP-4Q6LNSQ (LENOVO 20A8S04800) (21-06-2021 23:19:07)
Gestartet von C:\Users\Max\Downloads
Geladene Profile: Max
Platform: Windows 10 Pro Version 2004 19041.1052 (X64) Sprache: Englisch (Großbritannien) -> Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\124.4.4912\QtWebEngineProcess.exe <2>
(geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel(R) MBIM Toolkit -> ) C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareApp.exe
(Intel(R) MBIM Toolkit -> ) C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareUpdaterService.exe
(Intel(R) Modem Authenticator -> Intel Mobile Communications) C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\IntelModemAuthenticator.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\dfrctl.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\shtctky.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\tpnumlkd.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\tposd.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Max\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2105.4017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Sierra Wireless, Inc -> Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Utils\SwiService.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Endpoint Defense\SEDService.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Endpoint Defense\SSPService.exe
(Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [153816 2013-11-30] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [564416 2021-02-19] (geek software GmbH -> geek software GmbH)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8172320 2021-06-10] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1669368 2020-12-10] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1525528 2021-02-16] (Sophos Ltd -> Sophos Limited)
HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\Max\AppData\Local\WebEx\ciscowebexstart.exe [2689752 2021-03-19] (Cisco WebEx LLC -> Cisco Webex LLC)
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\LIDIL hpzllw71: C:\WINDOWS\system32\hpzllw71.dll [53248 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.106\Installer\chrmstp.exe [2021-06-21] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2020-04-20]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunOnce.bat [2019-11-24] () [Datei ist nicht signiert]
GroupPolicy\User: Beschränkung ? <==== ACHTUNG

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {158E5068-FD3E-4B85-BF55-9B655EB66162} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147272 2021-06-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {1636C9E4-BEBD-411F-8831-9EBB2AB0F2DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-09] (Google LLC -> Google LLC)
Task: {3B543D2D-97A7-4F1A-B0F7-47F2A992CFF0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5310392 2021-06-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {3E38B143-380D-40D5-8D3E-D98233654FAF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-17] (Dropbox, Inc -> Dropbox, Inc.)
Task: {4027AD33-4357-48C2-8CE6-6246B49E081B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5310392 2021-06-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {45CD0526-278C-4839-9F54-FD4055F505BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {484700F7-99C2-4F82-AB3B-EB0970DAA114} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617584 2020-04-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {48AA6DE0-8896-4B6D-9072-7DA5AA28C544} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-09] (Google LLC -> Google LLC)
Task: {48CA9F88-C232-47CE-B088-22E4690211E0} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758224 2021-04-25] (Lenovo -> )
Task: {6FDBC431-B5D2-43B7-A810-ADC1EA3346B0} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758224 2021-04-25] (Lenovo -> )
Task: {758B6A23-DD18-46D9-9F5A-12CE3CFEBED9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-17] (Dropbox, Inc -> Dropbox, Inc.)
Task: {8181BD6F-4B27-49E6-A0B1-4A52B195F589} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617584 2020-04-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {8D4B51B6-D864-489D-A25C-56B2A71F697C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23180136 2021-06-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {8D8A3305-5F3B-4361-A9EA-7EC08F4E647E} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {9595EBFA-B2C1-4E02-AEA3-77B5B16FF5A9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {BB39C7A1-A183-46E3-A29E-F8AB9C6F93CC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23180136 2021-06-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {C4547A1A-3D6B-40FB-BD65-DB3778961267} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147272 2021-06-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {C7E4F796-9491-438E-A2FF-599B34405507} - System32\Tasks\Lenovo Power Management Driver PnP Task => C:\Windows\System32\ibmpmsvc.exe [949632 2019-12-11] (Lenovo -> Lenovo.)
Task: {C9EC1E2B-6271-40B8-A3CA-C1D458B21D37} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [62136 2021-04-20] (Lenovo -> )
Task: {D5E4417F-703D-4A3E-AFBC-6E1D8AF243AB} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4082248 2021-06-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {EBEF7E82-BFD9-49A7-BCD1-6ED87EC567AB} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [112824 2021-04-20] (Lenovo -> Lenovo)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0e07739f-1361-4067-aba2-e089c867fe67}: [DhcpNameServer] 192.168.0.1

Edge: 
=======
DownloadDir: C:\Users\Max\Downloads
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Max\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-21]
Edge DownloadDir: Default -> C:\Users\Max\Downloads
Edge Extension: (Citavi Picker) - C:\Users\Max\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mielbhbkcliienpdicphhecpodcaeefg [2021-06-07]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Edge HKLM-x32\...\Edge\Extension: [mielbhbkcliienpdicphhecpodcaeefg]

FireFox:
========
FF DefaultProfile: 9jbhxvt6.default
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\9jbhxvt6.default [2020-01-17]
FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release [2021-06-21]
FF DownloadDir: C:\Users\Max\Downloads
FF Session Restore: Mozilla\Firefox\Profiles\8nufa7ue.default-release -> ist aktiviert.
FF Extension: (AdBlocker Ultimate) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2020-12-07]
FF Extension: (German Dictionary, extended for Austria) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\de-AT@dictionaries.addons.mozilla.org.xpi [2020-04-20]
FF Extension: (German Dictionary (Switzerland)) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\de-CH@dictionaries.addons.mozilla.org.xpi [2020-04-20]
FF Extension: (German Dictionary) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\de-DE@dictionaries.addons.mozilla.org.xpi [2020-04-20]
FF Extension: (Ghostery – Datenschutzorientierter Werbeblocker) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\firefox@ghostery.com.xpi [2021-03-03]
FF Extension: (Webmail Ad Blocker) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\gmailnoads@mywebber.com.xpi [2020-09-16]
FF Extension: (Dizionario italiano) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\it-IT@dictionaries.addons.mozilla.org.xpi [2021-01-03]
FF Extension: (AdBlocker for YouTube™) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2021-05-18]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\langpack-de@firefox.mozilla.org.xpi [2021-06-07]
FF Extension: (English (GB) Language Pack) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2021-06-07]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\langpack-it@firefox.mozilla.org.xpi [2021-06-07]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\marcoagpinto@mail.telepac.pt.xpi [2021-05-31]
FF Extension: (Citavi Picker) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2021-04-27]
FF Extension: (Feedbro) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\{a9c2ad37-e940-4892-8dce-cd73c6cbbc0c}.xpi [2021-04-27]
FF Extension: (Citavi Picker) - C:\Program Files\Mozilla Firefox\distribution\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2018-09-11]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei]
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-05] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [Keine Datei]
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [Keine Datei]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2427878849-3710110941-1615752764-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2427878849-3710110941-1615752764-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-2427878849-3710110941-1615752764-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei]

Chrome: 
=======
CHR Profile: C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default [2020-12-09]
CHR Extension: (Präsentationen) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-09]
CHR Extension: (Docs) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-09]
CHR Extension: (Google Drive) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-09]
CHR Extension: (YouTube) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-09]
CHR Extension: (Tabellen) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-09]
CHR Extension: (Google Docs Offline) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-12-09]
CHR Extension: (Google Mail) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-09]
CHR Extension: (Chrome Media Router) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9056672 2021-06-09] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-17] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-17] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-06-10] (Dropbox, Inc -> Dropbox, Inc.)
R2 FirmwareUpdaterService; C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareUpdaterService.exe [108800 2017-05-03] (Intel(R) MBIM Toolkit -> )
R2 IntelModemAuthenticator; C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\IntelModemAuthenticator.exe [57096 2017-05-03] (Intel(R) Modem Authenticator -> Intel Mobile Communications)
S2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-06-21] (Malwarebytes Inc -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-11-05] (Microsoft Windows -> Microsoft Corporation)
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [564416 2021-02-19] (geek software GmbH -> geek software GmbH)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert]
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [308056 2021-04-27] (Sophos Ltd -> Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [216672 2021-04-27] (Sophos Ltd -> Sophos Limited)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-21] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe [4927592 2020-09-06] (Sophos Ltd -> Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [767288 2021-02-16] (Sophos Ltd -> Sophos Limited)
R2 Sophos Endpoint Defense Service; C:\Program Files\Sophos\Endpoint Defense\SEDService.exe [3560208 2021-02-16] (Sophos Ltd -> Sophos Limited)
R2 Sophos System Protection Service; C:\Program Files\Sophos\Endpoint Defense\SSPService.exe [11330656 2021-02-16] (Sophos Ltd -> Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [351336 2020-10-22] (Sophos Ltd -> Sophos Limited)
R2 SwiService; C:\Program Files\Sierra Wireless Inc\Utils\SwiService.exe [1551864 2017-05-03] (Sierra Wireless, Inc -> Sierra Wireless, Inc.)
R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [483680 2021-04-27] (Sophos Ltd -> Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3608056 2021-04-27] (Sophos Ltd -> Sophos Limited)
R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\TPHKLOAD.exe [465200 2020-12-28] (Lenovo -> Lenovo Group Limited)
R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-17] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-01-17] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R3 BcmNfcIc; C:\WINDOWS\system32\DRIVERS\BcmNfcIc.sys [140112 2016-03-18] (Broadcom Corporation -> Broadcom Corporation.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R3 CM3218x; C:\WINDOWS\System32\drivers\WUDFRd.sys [315392 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-06-21] (Malwarebytes Inc -> Malwarebytes)
S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [31744 2017-04-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Mobile Communications)
S3 ldiagio; C:\Program Files\Lenovo\Lenovo Diagnostics Tool\ldiagio.sys [39048 2019-08-10] (Lenovo -> Lenovo Group Limited (R))
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-06-21] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-06-21] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-06-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69016 2021-06-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-06-21] (Malwarebytes Inc -> Malwarebytes)
R0 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
R1 SAVOnAccess; C:\WINDOWS\System32\DRIVERS\savonaccess.sys [216280 2020-09-06] (Sophos Ltd -> Sophos Limited)
S3 sdcfilter; C:\WINDOWS\system32\DRIVERS\sdcfilter.sys [38144 2020-01-17] (Sophos Limited -> Sophos Limited)
R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated)
R1 sntp; C:\WINDOWS\system32\DRIVERS\sntp.sys [227152 2020-09-06] (Sophos Ltd -> Sophos Limited)
S0 Sophos ELAM; C:\WINDOWS\System32\DRIVERS\SophosEL.sys [22152 2020-09-06] (Microsoft Windows Early Launch Anti-Malware Publisher -> Sophos Limited)
R0 Sophos Endpoint Defense; C:\WINDOWS\System32\DRIVERS\SophosED.sys [1246792 2021-02-16] (Sophos Ltd -> Sophos Limited)
S4 SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [45840 2020-01-17] (Sophos Limited -> Sophos Limited)
R1 swi_callout; C:\WINDOWS\system32\DRIVERS\swi_callout.sys [47760 2020-01-17] (Sophos Limited -> Sophos Limited)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74048 2020-12-10] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-01-17] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-01-17] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-17] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-06-21 23:15 - 2021-06-21 23:15 - 000001634 _____ C:\Users\Max\Desktop\MBAM.txt
2021-06-21 23:02 - 2021-06-21 23:02 - 000069016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-06-21 23:01 - 2021-06-21 23:01 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-06-21 23:01 - 2021-06-21 23:01 - 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-06-21 22:55 - 2021-06-21 22:55 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-06-21 22:53 - 2021-06-21 22:53 - 000039648 _____ C:\Users\Max\Downloads\Shortcut.txt
2021-06-21 22:52 - 2021-06-21 22:53 - 000032053 _____ C:\Users\Max\Downloads\Addition.txt
2021-06-21 22:50 - 2021-06-21 23:19 - 000031475 _____ C:\Users\Max\Downloads\FRST.txt
2021-06-21 22:49 - 2021-06-21 23:19 - 000000000 ____D C:\FRST
2021-06-21 22:48 - 2021-06-21 22:48 - 002300416 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe
2021-06-21 22:41 - 2021-06-21 22:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-06-21 22:37 - 2021-06-21 22:37 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-06-21 22:37 - 2021-06-21 22:37 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-06-21 22:37 - 2021-06-21 22:37 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-06-21 22:37 - 2021-06-21 22:37 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-06-21 22:37 - 2021-06-21 22:37 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-06-21 22:37 - 2021-06-21 22:37 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-06-21 22:37 - 2021-06-21 22:37 - 000000000 ____D C:\Users\Max\AppData\Local\mbam
2021-06-21 22:37 - 2021-06-21 22:37 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-06-21 22:36 - 2021-06-21 22:36 - 002094168 _____ (Malwarebytes) C:\Users\Max\Downloads\MBSetup.exe
2021-06-21 22:36 - 2021-06-21 22:36 - 000000000 ____D C:\Program Files\Malwarebytes
2021-06-21 22:34 - 2021-06-21 22:39 - 000000000 ____D C:\AdwCleaner
2021-06-21 22:33 - 2021-06-21 22:33 - 008534696 _____ (Malwarebytes) C:\Users\Max\Downloads\adwcleaner_8.2(1).exe
2021-06-21 22:23 - 2021-06-21 22:23 - 008534696 _____ (Malwarebytes) C:\Users\Max\Downloads\adwcleaner_8.2.exe
2021-06-21 22:19 - 2021-06-21 22:29 - 000000000 ____D C:\Users\Max\AppData\Roaming\Geek Uninstaller
2021-06-21 22:18 - 2021-06-21 22:18 - 002665275 _____ C:\Users\Max\Downloads\geek.zip
2021-06-21 22:17 - 2021-06-21 22:30 - 000000000 ____D C:\Users\Public\Documents\Ashampoo
2021-06-21 22:17 - 2021-06-21 22:30 - 000000000 ____D C:\ProgramData\Documents\Ashampoo
2021-06-21 22:17 - 2021-06-21 22:17 - 000000000 ____D C:\Users\Max\AppData\Local\Ashampoo
2021-06-21 22:15 - 2021-06-21 22:15 - 012752496 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Max\Downloads\ashampoo_uninstaller_free_31187.exe
2021-06-21 22:15 - 2021-06-21 22:15 - 000000000 ____D C:\Program Files (x86)\Ashampoo
2021-06-21 21:59 - 2021-06-21 22:54 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-06-21 10:05 - 2021-06-21 10:05 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-06-21 10:05 - 2021-06-21 10:05 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-06-21 10:05 - 2021-06-21 10:05 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-06-21 10:05 - 2021-06-21 10:05 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-06-21 10:05 - 2021-06-21 10:05 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-06-21 10:05 - 2021-06-21 10:05 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-06-21 10:04 - 2021-06-21 10:04 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2021-06-21 10:04 - 2021-06-21 10:04 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2021-06-21 10:04 - 2021-06-21 10:04 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-06-21 10:04 - 2021-06-21 10:04 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-06-21 10:04 - 2021-06-21 10:04 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll
2021-06-21 10:04 - 2021-06-21 10:04 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll
2021-06-21 10:04 - 2021-06-21 10:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-06-21 10:04 - 2021-06-21 10:04 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-06-21 10:04 - 2021-06-21 10:04 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-06-21 10:03 - 2021-06-21 10:03 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-06-21 10:03 - 2021-06-21 10:03 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll
2021-06-21 10:03 - 2021-06-21 10:03 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-06-21 09:53 - 2021-06-21 09:53 - 000002548 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-06-21 09:53 - 2021-06-21 09:53 - 000002544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-06-21 09:53 - 2021-06-21 09:53 - 000002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-06-21 09:53 - 2021-06-21 09:53 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-06-21 09:53 - 2021-06-21 09:53 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-06-21 09:53 - 2021-06-21 09:53 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-06-21 09:53 - 2021-06-21 09:53 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-06-21 09:53 - 2021-06-21 09:53 - 000002434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-06-21 09:53 - 2021-06-21 09:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-06-21 09:45 - 2021-06-21 09:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-06-20 11:29 - 2021-06-20 11:29 - 000546389 _____ C:\Users\Max\Downloads\2UniWiND-Spezial_final_online.pdf
2021-06-10 00:37 - 2021-06-10 00:37 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2021-06-10 00:37 - 2021-06-10 00:37 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2021-06-10 00:37 - 2021-06-10 00:37 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2021-06-10 00:37 - 2021-06-10 00:37 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2021-06-08 18:31 - 2021-06-08 18:31 - 000985582 _____ C:\Users\Max\Downloads\Max launches CharITy 2021 campaign - ECB intranet.pdf
2021-06-08 12:57 - 2021-06-08 12:57 - 000428830 _____ C:\Users\Max\Desktop\Tipps und Tricks_Berufseinstieg Wirtschaft.pdf
2021-06-08 12:57 - 2021-06-08 12:57 - 000367311 _____ C:\Users\Max\Desktop\Reflexionsfragen Kompetenzen.pdf
2021-06-08 09:19 - 2021-06-08 09:19 - 000391953 _____ C:\Users\Max\Downloads\Arbeitsblatt Überfachliche Kompetenzen.pdf
2021-06-06 13:54 - 2021-06-06 13:54 - 000059076 _____ C:\Users\Max\Downloads\Finanzreport_Nr._05_per_01.06.20215E744D.pdf
2021-06-03 18:06 - 2021-06-03 18:06 - 000000000 ____D C:\Program Files (x86)\Lenovo
2021-05-25 12:52 - 2021-05-25 12:52 - 005780545 _____ C:\Users\Max\Downloads\bgbl157s0088_29387(1).pdf

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-06-21 23:00 - 2020-11-05 23:47 - 000749430 _____ C:\WINDOWS\system32\perfh007.dat
2021-06-21 23:00 - 2020-11-05 23:47 - 000154624 _____ C:\WINDOWS\system32\perfc007.dat
2021-06-21 23:00 - 2020-11-05 23:16 - 001722792 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-06-21 23:00 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-06-21 22:57 - 2020-01-17 18:29 - 000000000 ____D C:\ProgramData\Mozilla
2021-06-21 22:56 - 2020-01-17 18:29 - 000000000 ____D C:\Users\Max\AppData\LocalLow\Mozilla
2021-06-21 22:55 - 2020-01-21 12:07 - 000000000 ___RD C:\Users\Max\Dropbox
2021-06-21 22:55 - 2020-01-17 20:02 - 000000000 ___RD C:\Users\Max\OneDrive - Bucerius Law School gGmbH
2021-06-21 22:55 - 2020-01-17 16:34 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-06-21 22:55 - 2020-01-17 16:34 - 000000000 __SHD C:\Users\Max\IntelGraphicsProfiles
2021-06-21 22:55 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-06-21 22:54 - 2020-11-05 23:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-06-21 22:54 - 2020-11-05 23:06 - 000008192 ___SH C:\DumpStack.log.tmp
2021-06-21 22:54 - 2020-01-17 18:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-06-21 22:54 - 2020-01-17 16:27 - 000000000 ____D C:\ProgramData\Synaptics
2021-06-21 22:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-06-21 22:54 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-06-21 22:41 - 2020-01-17 18:29 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-06-21 22:40 - 2020-01-17 19:36 - 000000000 ____D C:\Users\Max\Documents\Citavi 6
2021-06-21 22:39 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Registration
2021-06-21 22:37 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-06-21 22:08 - 2019-03-19 06:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-06-21 19:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-06-21 19:47 - 2019-12-03 20:30 - 000000000 ____D C:\Users\Max\AppData\Local\Packages
2021-06-21 17:47 - 2020-11-05 23:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-06-21 10:38 - 2020-01-17 16:23 - 000000000 ____D C:\Users\Max\AppData\Local\PlaceholderTileLogoFolder
2021-06-21 10:20 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-06-21 10:18 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-06-21 10:16 - 2020-11-05 23:06 - 000439016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-06-21 10:14 - 2019-12-07 16:49 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-06-21 10:14 - 2019-12-07 16:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2021-06-21 10:14 - 2019-12-07 16:45 - 000000000 ____D C:\WINDOWS\en-GB
2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-06-21 10:11 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-06-21 10:04 - 2019-12-03 21:26 - 000414020 __RSH C:\bootmgr
2021-06-21 09:52 - 2020-01-17 20:40 - 000000000 ____D C:\Program Files\Microsoft Office
2021-06-21 09:51 - 2020-12-09 14:02 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-06-21 09:50 - 2020-02-01 17:34 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-06-21 09:48 - 2020-06-21 00:47 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-06-21 09:45 - 2020-01-17 19:55 - 000000000 ____D C:\Program Files (x86)\Dropbox
2021-06-20 11:30 - 2020-11-05 23:15 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2427878849-3710110941-1615752764-1001
2021-06-20 11:30 - 2020-11-05 23:08 - 000002412 _____ C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-06-09 16:34 - 2020-02-29 14:36 - 000000000 ____D C:\WINDOWS\TempInst
2021-06-09 14:09 - 2020-01-17 18:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-06-09 14:05 - 2020-01-17 18:00 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-06-08 12:57 - 2020-09-14 09:33 - 000000000 ____D C:\Users\Max\Documents\Zoom
2021-06-06 15:08 - 2021-02-05 17:13 - 000000000 ____D C:\Users\Max\AppData\Roaming\Signal
2021-06-04 11:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-06-03 20:02 - 2019-11-27 23:32 - 000000000 ____D C:\ProgramData\Lenovo
2021-06-03 18:06 - 2020-11-05 23:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT
2021-06-03 18:06 - 2020-01-25 14:24 - 000002640 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog
2021-06-03 18:06 - 2019-11-27 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================
         
Addition:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-06-2021
durchgeführt von Max (21-06-2021 23:21:03)
Gestartet von C:\Users\Max\Downloads
Windows 10 Pro Version 2004 19041.1052 (X64) (2020-11-05 21:15:36)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2427878849-3710110941-1615752764-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2427878849-3710110941-1615752764-503 - Limited - Disabled)
Max (S-1-5-21-2427878849-3710110941-1615752764-1001 - Administrator - Enabled) => C:\Users\Max
Guest (S-1-5-21-2427878849-3710110941-1615752764-501 - Limited - Disabled)
SophosSAUDESKTOP-4Q0 (S-1-5-21-2427878849-3710110941-1615752764-1005 - Limited - Enabled)
SophosSAUDESKTOP-4Q1 (S-1-5-21-2427878849-3710110941-1615752764-1010 - Limited - Enabled)
WDAGUtilityAccount (S-1-5-21-2427878849-3710110941-1615752764-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Sophos Anti-Virus (Enabled - Up to date) {8E0623B8-CF1C-DFFE-CEA3-AA41BDA4B8EE}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated)
Beamdog Client (HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\...\beamdogClient) (Version: 2.1.11 - Beamdog)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.9.05042 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{EA407530-0BF1-47CA-B953-1C395BBDBB63}) (Version: 4.9.05042 - Cisco Systems, Inc.) Hidden
Cisco Webex Meetings (HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\...\ActiveTouchMeetingClient) (Version: 41.1.3 - Cisco Webex LLC)
Citavi 6 (HKLM-x32\...\{6A331045-8FF4-4BC9-9C56-E593ACAE28C2}) (Version: 6.8.0.0 - Swiss Academic Software)
Deutsch - Custom (HKLM\...\{594EB8AC-D64C-46A6-BCAA-463695961609}) (Version: 1.0.3.40 - Max)
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Dropbox (HKLM-x32\...\Dropbox) (Version: 124.4.4912 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.459.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.106 - Google LLC)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{a2caa706-dce2-4c91-8d46-b52a3c260b20}) (Version: 21.10.1 - Intel Corporation)
Lenovo Diagnostics Tool  (HKLM\...\{01ADF966-E3BA-40DC-9037-E90BBA9ED50E}) (Version: 4.31.1 - Lenovo)
Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0124 - Lenovo)
Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.14131.20162 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.54 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.54 - Microsoft Corporation)
Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.)
Microsoft OneDrive (HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\...\OneDriveSetup.exe) (Version: 21.114.0606.0001 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Mozilla Firefox 89.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 89.0.1 (x64 en-GB)) (Version: 89.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.1 - Mozilla)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.4 - OBS Project)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20162 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20162 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.14131.20012 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenAL 1.1 Core PC SDK (ver 3.05) (HKLM-x32\...\InstallShield_{1C10D0D6-AF1A-48B8-9BF7-52A2BB014E0C}) (Version: 3.05 - Creative Labs)
PDF24 Creator 10.0.11 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 10.0.11 - PDF24.org)
Photosmart and Deskjet Drivers 14.0 Rel. A (HKLM\...\{F58E1340-3FD5-40B8-A07C-4893CFC29749}) (Version: 14.0 - HP)
Realtek PC Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10252 - Realtek Semiconductor Corp.)
RoomSketcher (HKLM-x32\...\RoomSketcher 1.0) (Version: 1.0 - RoomSketcher)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Sierra Wireless EM7345 4G LTE Software (HKLM-x32\...\SWIIntelDrvInstaller) (Version: 2.36.10970.4674 - Sierra Wireless)
Signal 5.3.0 (HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 5.3.0 - Open Whisper Systems)
Sophos Anti-Virus (HKLM-x32\...\{84748F71-7BF1-4F73-9340-D0785F4B0197}) (Version: 10.8.11.22 - Sophos Limited)
Sophos AutoUpdate (HKLM-x32\...\{644ADF05-0B2E-452C-B720-3CF1580A9368}) (Version: 5.17.243.0 - Sophos Limited)
Sophos Endpoint Defense (HKLM\...\Sophos Endpoint Defense) (Version: 2.2.6.8672 - Sophos Limited)
Sophos Network Threat Protection (HKLM\...\{4B1F9009-CD85-43C0-BCBD-D491908D5A52}) (Version: 1.9.2235.0 - Sophos Limited)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.142 - Synaptics Incorporated)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.34161 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Zoom (HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\...\ZoomUMX) (Version: 5.6.1 (617) - Zoom Video Communications, Inc.)

Packages:
=========
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-17] (Microsoft Corporation) [MS Ad]

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-2427878849-3710110941-1615752764-1001_Classes\CLSID\{04271989-C4D2-E6BA-4D30-28289A6D0EA8} -> [OneDrive - Bucerius Law School gGmbH] => C:\Users\Max\OneDrive - Bucerius Law School gGmbH [2020-01-17 20:02]
CustomCLSID: HKU\S-1-5-21-2427878849-3710110941-1615752764-1001_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\Max\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID: HKU\S-1-5-21-2427878849-3710110941-1615752764-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Max\Dropbox [2020-01-21 12:07]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2021-04-27] (Sophos Ltd -> Sophos Limited)
ContextMenuHandlers2: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2021-04-27] (Sophos Ltd -> Sophos Limited)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers4: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2021-04-27] (Sophos Ltd -> Sophos Limited)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-21] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2021-04-27] (Sophos Ltd -> Sophos Limited)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2020-02-09 14:44 - 2020-02-09 14:44 - 000007680 _____ (Max) [Datei ist nicht signiert] C:\WINDOWS\system32\Layout01.dll
2012-09-15 06:08 - 2012-09-15 06:08 - 000015360 _____ (Hewlett-Packard Co.) [Datei ist nicht signiert] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
2011-04-29 19:08 - 2011-04-29 19:08 - 000048128 _____ (Hewlett-Packard Co.) [Datei ist nicht signiert] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2010-08-06 11:15 - 2010-08-06 11:15 - 000071680 _____ (Hewlett-Packard) [Datei ist nicht signiert] c:\windows\system32\hpzinw12.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 000089600 _____ (Hewlett-Packard) [Datei ist nicht signiert] c:\windows\system32\hpzipm12.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-05-05] (Microsoft Corporation -> Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\x64\SwissAcademic.Citavi.IEPicker.DLL [2021-01-11] (Swiss Academic Software -> Swiss Academic Software)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\SwissAcademic.Citavi.IEPicker.DLL [2021-01-11] (Swiss Academic Software -> Swiss Academic Software)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-06-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-06-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-06-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-06-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-06-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-06-09] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-06-09] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-06-09] (Microsoft Corporation -> Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\...\sharepoint.com -> hxxps://lawschoolde-files.sharepoint.com

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\Control Panel\Desktop\\Wallpaper -> c:\users\Max\appdata\roaming\mozilla\firefox\desktop-hintergrund.bmp
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
 ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\...\StartupApproved\Run: => "CiscoMeetingDaemon"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{74714A56-EFCC-4336-B4A2-4AC212CD1B70}] => (Allow) C:\Users\Max\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D08A6276-C0E8-41A5-B981-25745326B852}] => (Allow) C:\Users\Max\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{D8D91721-9FE5-4919-8517-57FCB870A388}] => (Allow) C:\Users\Max\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{32A6B63C-6088-400A-8C0A-1E26EFC99627}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> )
FirewallRules: [UDP Query User{EA7E2975-0250-41DB-A127-4D7A4FF6F0DF}C:\users\Max\appdata\local\beamdogclient\app-2.1.11\beamdog client.exe] => (Block) C:\users\Max\appdata\local\beamdogclient\app-2.1.11\beamdog client.exe (Beamdog -> Beamdog)
FirewallRules: [TCP Query User{A29C9CD2-8A05-4BA2-9B29-ED4EB53122CA}C:\users\Max\appdata\local\beamdogclient\app-2.1.11\beamdog client.exe] => (Block) C:\users\Max\appdata\local\beamdogclient\app-2.1.11\beamdog client.exe (Beamdog -> Beamdog)
FirewallRules: [{37E5A92B-25CE-4EB9-BA9C-D488A3412469}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{FD31248D-DBB0-4B11-A497-926FD7EE061B}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{7CE423D4-FB42-4A7C-989A-C302ADE11696}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{72749B85-B7BD-4F4F-99F6-ADB4239A11E4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AC432C7D-55BA-4925-AFFE-3F7A02BCEAC2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{40FA0B9E-F71F-4694-8C96-767B87A5FC7C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{60464225-1D31-4C1E-8A02-08930F855A08}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{04CE9B25-FF85-40BD-8B09-9AE2BBE865C6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9CB86E01-AD09-413D-8881-F1CDEC1B4BFB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{CD17641E-DA5F-408A-824E-9300B8A76A28}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7177A62E-5F16-45F2-8DFE-B91486123EC0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3848EA9F-0655-48EE-B717-E0874AFAB06C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{1735B123-8DC1-44D0-BF35-3AA271BEC522}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> )
FirewallRules: [{4C1A6493-4409-4667-86D4-B54EFC675F56}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E7A2B54F-FA14-4DAE-B891-F5007741F0F2}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{CF89C3BC-DEC3-4433-8381-F2E5485D8B25}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{084708B0-D040-4301-9CF7-10DECBDE29B8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{1706BBB9-6B71-4BA1-A6FA-E83EE428041E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0D91B542-9F1B-41A2-A35B-FB00EB5DD853}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{112EFF68-1792-4743-A319-96C90226D0EB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8DE9C5D9-F1A5-45EC-83D0-B6826191ACF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)

==================== Wiederherstellungspunkte =========================

04-06-2021 08:18:35 Geplanter Prüfpunkt
09-06-2021 14:20:51 Windows Modules Installer
20-06-2021 11:28:26 Windows Modules Installer

==================== Fehlerhafte Geräte im Gerätemanager ============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (06/21/2021 11:10:27 PM) (Source: NfcwEventProvider) (EventID: 259) (User: )
Description: Event-ID 259

Error: (06/21/2021 09:45:01 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden.

Error: (06/21/2021 09:45:01 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden.

Error: (06/21/2021 09:43:31 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden.

Error: (06/21/2021 09:43:31 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden.

Error: (06/21/2021 09:41:03 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden.

Error: (06/21/2021 09:41:03 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden.

Error: (06/21/2021 09:39:06 AM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden.


Systemfehler:
=============
Error: (06/21/2021 10:54:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll

Error: (06/21/2021 10:54:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll

Error: (06/21/2021 10:54:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll

Error: (06/21/2021 10:39:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/21/2021 10:39:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sophos Anti-Virus Statusreporter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden durchgeführt: Neustart des Diensts.

Error: (06/21/2021 10:39:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "BiometricSensorDataSynchronization" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/21/2021 10:39:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) PROSet/Wireless Event Log" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (06/21/2021 10:39:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Sophos Network Threat Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===============
Date: 2021-06-21 22:57:05
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-06-21 22:54:56
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\Layout01.dll that did not meet the Windows signing level requirements.


==================== Speicherinformationen =========================== 

BIOS: LENOVO GRET63WW (1.40 ) 03/27/2020
Hauptplatine: LENOVO 20A8S04800
Prozessor: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz
Prozentuale Nutzung des RAM: 66%
Installierter physikalischer RAM: 7879.66 MB
Verfügbarer physikalischer RAM: 2640.8 MB
Summe virtueller Speicher: 11207.66 MB
Verfügbarer virtueller Speicher: 4989.86 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:475.75 GB) (Free:389.8 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (System) (Fixed) (Total:0.54 GB) (Free:0.52 GB) NTFS

\\?\Volume{3a864045-0000-0000-0000-501277000000}\ () (Fixed) (Total:0.65 GB) (Free:0.08 GB) NTFS

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: 3A864045)
Partition 1: (Not Active) - (Size=550 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=475.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=667 MB) - (Type=27)

==================== Ende von Addition.txt =======================
         
Shortcut:
Code:
ATTFilter
Untersuchungsergebnis der Verknüpfungen des Benutzers (x64) Version: 20-06-2021
durchgeführt von Max (21-06-2021 23:22:19)
Gestartet von C:\Users\Max\Downloads
Start-Modus: Normal

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard Layout Creator 1.4.lnk -> C:\Program Files (x86)\Microsoft Keyboard Layout Creator 1.4\MSKLC.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoomSketcher.lnk -> C:\Program Files (x86)\Roomsketcher\RoomSketcher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk -> C:\Program Files\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Endpoint Security and Control\Sophos Endpoint Security and Control.lnk -> C:\Windows\Installer\{84748F71-7BF1-4F73-9340-D0785F4B0197}\MainGUIShortcut1.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Endpoint Security and Control\www.sophos.de.lnk -> C:\Windows\Installer\{84748F71-7BF1-4F73-9340-D0785F4B0197}\InternetShortcut.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek\Realtek HD Audio Manager.lnk -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24\PDF24.lnk -> C:\Program Files\PDF24\pdf24-Toolbox.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Tools\Win64\EFX10ShowWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\EFX10ShowWin64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Tools\Win32\EFX10ShowWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\EFX10ShowWin32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\ReadMe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\CaptureWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\CaptureWin64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\EFXEnumerateWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\EFXEnumerateWin64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\EFXFilterWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\EFXFilterWin64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\EFXReverbWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\EFXReverbWin64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\EnumerateWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\EnumerateWin64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\PlayMultiChannelWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\PlayMultiChannelWin64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\PlayStaticWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\PlayStaticWin64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\PlayStreamWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\PlayStreamWin64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\RendererWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\RendererWin64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\XRamDemoWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\XRAMDemoWin64.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\CaptureWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\CaptureWin32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\EFXEnumerateWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\EFXEnumerateWin32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\EFXFilterWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\EFXFilterWin32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\EFXReverbWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\EFXReverbWin32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\EnumerateWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\EnumerateWin32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\PlayMultiChannelWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\PlayMultiChannelWin32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\PlayOggVorbisWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\PlayOggVorbisWin32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\PlayStaticWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\PlayStaticWin32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\PlayStreamWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\PlayStreamWin32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\RendererWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\RendererWin32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\XRamDemoWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\XRAMDemoWin32.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Docs\Effects Extension Guide.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\docs\Effects Extension Guide.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Docs\OpenAL 1.1 Specification.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\docs\OpenAL 1.1 Specification.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Docs\OpenAL Deployment Guide.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\docs\OpenAL Deployment Guide.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Docs\OpenAL Programmer's Guide.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\docs\OpenAL Programmer's Guide.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\OBS Studio (64bit).lnk -> C:\Program Files\obs-studio\bin\64bit\obs64.exe (OBS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\Uninstall.lnk -> C:\Program Files\obs-studio\uninstall.exe (obsproject.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Aufzeichnungs-Manager von Skype for Business.lnk -> C:\Program Files\Microsoft Office\root\Office16\OcPubMgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office-Spracheinstellungen.lnk -> C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetriedashboard für Office.lnk -> C:\Program Files\Microsoft Office\root\Office16\msotd.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetrieprotokoll für Office.lnk -> C:\Program Files\Microsoft Office\root\Office16\msoev.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo\System Update.lnk -> C:\Program Files (x86)\Lenovo\System Update\tvsu.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo\Lenovo Diagnostics Tool\Lenovo Diagnostics Tool .lnk -> C:\Windows\Installer\{01ADF966-E3BA-40DC-9037-E90BBA9ED50E}\Start_E8CE4F44D9194AE9875368E466D56847.exe (Flexera)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Solution Center.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Shop for HP Supplies.lnk -> C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe (Hewlett-Packard Development Company L.P.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\Uninstall HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Deskjet D2300 series\Help.lnk -> C:\Program Files (x86)\HP\Digital Imaging\help\djprinter24.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Deskjet D2300 series\Product Support Website.lnk -> C:\Program Files (x86)\HP\Digital Imaging\HP Deskjet D2300 series\help\HP Product Support Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Deskjet D2300 series\Readme.lnk -> C:\Program Files (x86)\HP\Digital Imaging\help\SF_CDA_readme\readme.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby\Dolby Digital Plus.lnk -> C:\Program Files\Dolby Digital Plus\ddpe.exe (Dolby Laboratories Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 6\Citavi 6.lnk -> C:\Program Files (x86)\Citavi 6\bin\Citavi.exe (Swiss Academic Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco\Cisco AnyConnect Secure Mobility Client\Cisco AnyConnect Secure Mobility Client.lnk -> C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Game Booster.lnk -> C:\Program Files (x86)\Avira\Game Booster\Avira.GameBooster.UI.Application.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\Pictures\USB Drive (E) - Shortcut.lnk -> E:\ (Keine Datei)
Shortcut: C:\Users\Default\Links\Desktop.lnk -> C:\Users\Max\Desktop ()
Shortcut: C:\Users\Default\Links\Downloads.lnk -> C:\Users\Max\Downloads ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Max\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\Pictures\USB Drive (E) - Shortcut.lnk -> E:\ (Keine Datei)
Shortcut: C:\Users\Max\Links\Desktop.lnk -> C:\Users\Max\Desktop ()
Shortcut: C:\Users\Max\Links\Downloads.lnk -> C:\Users\Max\Downloads ()
Shortcut: C:\Users\Max\Desktop\Signal.lnk -> C:\Users\Max\AppData\Local\Programs\signal-desktop\Signal.exe (Open Whisper Systems)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Max\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Signal.lnk -> C:\Users\Max\AppData\Local\Programs\signal-desktop\Signal.exe (Open Whisper Systems)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Zoom.lnk -> C:\Users\Max\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc.)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cisco Webex Meetings Desktop-App\Cisco Webex Meetings.lnk -> C:\Users\Max\AppData\Local\WebEx\WebEx\Applications\ptoneclk.exe (Cisco Webex LLC)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Citavi 6.lnk -> C:\Program Files (x86)\Citavi 6\bin\Citavi.exe (Swiss Academic Software)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (2).lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word.lnk -> C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Citavi 6.lnk -> C:\Program Files (x86)\Citavi 6\bin\Citavi.exe (Swiss Academic Software)
Shortcut: C:\Users\Public\Desktop\Lenovo Diagnostics Tool .lnk -> C:\Windows\Installer\{01ADF966-E3BA-40DC-9037-E90BBA9ED50E}\Desktop_121ABE8FAE2B4955AAE9649259581E8F.exe (Flexera)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\PDF24.lnk -> C:\Program Files\PDF24\pdf24-Toolbox.exe ()


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Properties (Touchpad Clickpad Trackpad TrackPoint Mouse Pointer Pointing Pad).lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> mouse
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk -> C:\Program Files\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk -> C:\Program Files\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Deskjet D2300 series\Add A Device.lnk -> C:\Program Files (x86)\HP\Digital Imaging\{F58E1340-3FD5-40B8-A07C-4893CFC29749}\hpzstub.exe (Hewlett-Packard) -> -addadevice
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Deskjet D2300 series\Product Registration.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe (Hewlett-Packard Company) -> "HP Deskjet D2300 series"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Deskjet D2300 series\Uninstall.lnk -> C:\Program Files (x86)\HP\Digital Imaging\{F58E1340-3FD5-40B8-A07C-4893CFC29749}\setup\hpzscr40.exe (Hewlett-Packard) -> -datfile hppscr20.dat -onestop
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Max\Desktop\Beamdog Client.lnk -> C:\Users\Max\AppData\Local\beamdogClient\Update.exe (GitHub) -> --processStart "Beamdog Client.exe"
ShortcutWithArgument: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk -> C:\Users\Max\AppData\Roaming\Zoom\uninstall\Installer.exe (Zoom Video Communications, Inc.) -> /uninstall
ShortcutWithArgument: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Beamdog\Beamdog Client.lnk -> C:\Users\Max\AppData\Local\beamdogClient\Update.exe (GitHub) -> --processStart "Beamdog Client.exe"
ShortcutWithArgument: C:\Users\Max\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL -> 
InternetURL: C:\Users\Default\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Max\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

==================== Ende vom Shortcut.txt =============================
         
Adwcleaner:
Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-05-17.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-21-2021
# Duration: 00:00:02
# OS:       Windows 10 Pro
# Cleaned:  2
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted       C:\Users\Max\Desktop\..\Downloads\VLC MEDIA PLAYER 64 BIT - CHIP-INSTALLER.EXE

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\craccoon.ch

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [2332 octets] - [21/06/2021 22:34:39]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
         
MBAM passte jetzt nicht mehr, das hänge ich bei Bedarf gerne noch später an.

Alt 22.06.2021, 00:24   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
CRaccoon auf PC - Standard

CRaccoon auf PC



Hi,

bitte das MBAM-Log posten.
__________________

__________________

Alt 22.06.2021, 07:19   #3
doulougou
 
CRaccoon auf PC - Standard

CRaccoon auf PC



Hier ist es:

MBAM

Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 21.06.21
Scan-Zeit: 23:02
Protokolldatei: 08d4668c-d2d4-11eb-84f2-54ee75148588.json

-Softwaredaten-
Version: 4.4.0.117
Komponentenversion: 1.0.1344
Version des Aktualisierungspakets: 1.0.42053
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10 (Build 19041.1052)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-4Q6LNSQ\Max

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 330070
Erkannte Bedrohungen: 1
In die Quarantäne verschobene Bedrohungen: 1
Abgelaufene Zeit: 6 Min., 59 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 1
PUP.Optional.ChipDe, C:\$RECYCLE.BIN\S-1-5-21-2427878849-3710110941-1615752764-1001\$R8FSEHL.EXE, In Quarantäne, 630, 562568, 1.0.42053, , ame, , 35DD594663195FB1BFAD020E610133EF, A095FFF966DE98691CE679A7D3336E1CEF9A2ED217B4C7C53446A474CEA94602

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)
         
__________________

Alt 22.06.2021, 21:06   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
CRaccoon auf PC - Standard

CRaccoon auf PC



Chip.de - noch nie davon gehört, dass dir ihre Leute verarschen?
Ist/war das der einzige Funde?

Alt 22.06.2021, 21:39   #5
doulougou
 
CRaccoon auf PC - Standard

CRaccoon auf PC



Ja, das war der einzige Fund.

Leider war mir das bis zum Forumsbesuch hier noch so nicht bewusst. Für die Zukunft ist es mir eine Lehre…


Alt 22.06.2021, 22:08   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
CRaccoon auf PC - Standard

CRaccoon auf PC



Störende, veraltete oder unnötige Programme deinstallieren

Bitte über Programme und Features (appwiz.cpl) deinstallieren:


64 Bit HP CIO Components Installer
Adobe Acrobat Reader DC - Deutsch
Deutsch - Custom
Google Chrome
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Solution Center 14.0
HP Update
Shop for HP Supplies
Sophos Anti-Virus
Sophos AutoUpdate
Sophos Endpoint Defense
Sophos Network Threat Protection
VLC media player 3.0.11
__________________
--> CRaccoon auf PC

Alt 23.06.2021, 08:19   #7
doulougou
 
CRaccoon auf PC - Standard

CRaccoon auf PC



Danke, ist runter!

Alt 23.06.2021, 08:23   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
CRaccoon auf PC - Standard

CRaccoon auf PC



Kontrollscans mit MBAM und RK

Wir sind fast fertig. Jetzt ist es an der Zeit für Kontrollscans mit
Poste nach Abschluss der beiden Scans die Logs in CODE-Tags.

Alt 23.06.2021, 09:01   #9
doulougou
 
CRaccoon auf PC - Standard

CRaccoon auf PC



Hier sind sie:

MBAM
Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 23.06.21
Scan-Zeit: 09:23
Protokolldatei: e8d3ffd4-d3f3-11eb-954a-54ee75148588.json

-Softwaredaten-
Version: 4.4.0.117
Komponentenversion: 1.0.1344
Version des Aktualisierungspakets: 1.0.42123
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10 (Build 19043.1052)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-4Q6LNSQ\Max

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 327889
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 6 Min., 29 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 0
(keine bösartigen Elemente erkannt)

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)
         
RogueKiller
Code:
ATTFilter
RogueKiller Anti-Malware V15.0.3.0 (x64) [Jun 15 2021] (Premium) von Adlice Software
Mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Betriebssystem : Windows 10 (10.0.19043) 64 bits
Gestartet in : Normaler Modus
Benutzer : Max [Administrator]
Gestartet von : C:\Program Files\RogueKiller\RogueKiller64.exe
Signaturen : 20210622_084611, Treiber : Geladen
Modus : Standard-Scan, Löschen -- Datum : 2021/06/23 09:58:33 (Dauer : 00:21:17)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Löschen ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\S-1-5-21-2427878849-3710110941-1615752764-1001\Software\OCS --  -> Gelöscht
         
Danke!

Alt 23.06.2021, 09:38   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
CRaccoon auf PC - Standard

CRaccoon auf PC



Zitat:
Windows 10 Pro Version 2004 19041.1052
Eine Baustelle hast du da noch: dein Windows 10 muss auf 21H1 aktualisiert werden.



Dann wären wir durch!

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Abschließend bitte noch einen Cleanup mit unserem TB-Cleanup-Script durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt:


Thema geschlossen

Themen zu CRaccoon auf PC
adobe, avira, cpu, defender, entfernen, failed, firefox, google, home, iexplore.exe, internet, internet explorer, monitor, mozilla, performance, prozesse, realtek, registry, scan, security, software, svchost.exe, udp, updates, windows




Zum Thema CRaccoon auf PC - Hallo, wie andere User bin ich auf meinem PC über "CRaccoon" gestolpert, habe mich hier eingelesen und bemerkt, das das Entfernen ein gewisses Fachwissen erfordert. Ich würde mich daher über - CRaccoon auf PC...
Archiv
Du betrachtest: CRaccoon auf PC auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.