| |
| |||||||
Log-Analyse und Auswertung: Fake Trading Software, evtl. heimlicher Remote Zugriff?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
30.12.2021, 22:39
| #1 |
 |  Fake Trading Software, evtl. heimlicher Remote Zugriff? Hallo, bitte analysieren Sie meinen Laptop: Ich habe mir ggf. eine Fake Trading Software eingefangen vor einiger Zeit. Evtl. mit Remotefunktion. Zusätzlich ist mein Edge Browser beim Erstellen dieses Posts super langsam geworden ... Ich musste zum aktuellen Firefox wechseln um diesen Post abschicken zu können... Meine CPU ist auf ca. 95 % Auslastung temporär, wenn ich dann dem Task Manager öffne und nachschauen will, reduziert sich die CPU Auslastung auf normales Niveau. Als ob da gerade jemand zuschaut ... Beste Grüße Chris FRST_30-12-2021 22.23.45.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-12-2021
durchgeführt von dracu (Administrator) auf LU (CLEVO P170EM) (30-12-2021 22:20:04)
Gestartet von C:\Users\dracu\Downloads
Geladene Profile: dracu
Plattform: Microsoft Windows 10 Home Version 20H2 19042.1415 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
() [Datei ist nicht signiert] E:\Program Files (x86)\No-IP\ducservice.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrotray.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Ghisler Software GmbH -> Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP) [Datei ist nicht signiert] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\dracu\AppData\Local\Microsoft\Teams\current\Teams.exe <9>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Mozilla Corporation -> Mozilla Corporation) E:\Program Files (x86)\Mozilla Firefox\firefox.exe <10>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Sony Mobile Communications AB -> Sony) [Datei ist nicht signiert] C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Unified Intents AB -> Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
(Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corp. -> Valve Corporation) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve Corp. -> Valve Corporation) E:\Program Files (x86)\Steam\steam.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2014-04-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16686600 2016-08-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [6016224 2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330176 2014-08-19] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [Steam] => e:\Program Files (x86)\Steam\steam.exe [4267432 2021-12-16] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [NoIPDUCv4] => E:\Program Files (x86)\No-IP\DUC40.exe [347648 2015-07-21] () [Datei ist nicht signiert]
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [2097024 2017-03-21] (Sony Mobile Communications AB -> Sony) [Datei ist nicht signiert]
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [3186264 2019-08-04] (Unified Intents AB -> Unified Intents AB)
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\dracu\AppData\Local\Microsoft\Teams\Update.exe [2459304 2021-12-10] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [MicrosoftEdgeAutoLaunch_35696FC4330380B214BA8923BC0AEC68] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [6849760 2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Windows x64\Print Processors\hpcpp117: C:\Windows\System32\spool\prtprocs\x64\hpcpp117.DLL [467456 2013-03-21] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: c:\windows\system32\AdobePDF.dll [65160 2021-10-05] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\HP Fax Port: c:\windows\system32\hppfaxprintermon5.dll [27704 2014-04-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: c:\windows\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [Datei ist nicht signiert]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.110\Installer\chrmstp.exe [2021-12-15] (Google LLC -> Google LLC)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\96.1.33.106\Installer\chrmstp.exe [2021-12-15] (Brave Software, Inc. -> Brave Software, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {04C718B1-145F-4F2B-B13D-8984D11D023D} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {247F7CDC-43CD-4B23-82A1-41F7DAE2FB4F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {24F1DB4C-5150-4DB1-986D-A53CF831F31C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2EC18639-7125-4A11-842C-C32CDC8A7086} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMSync => C:\Program Files\ruxim\ruximics.exe [477512 2021-06-30] (Microsoft Windows -> Microsoft Corporation)
Task: {517B5E93-9EC1-4DBF-B3BB-56FED181D6CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {69C7E81B-610F-4EC5-BF76-8950B951DE12} - System32\Tasks\Mozilla\Firefox Default Browser Agent A170175AFC21990C => E:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "A170175AFC21990C"
Task: {71E80772-B077-4C1B-AD9F-C38C767517E7} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync => {2AE64751-B728-4D6B-97A0-B2DA2E7D2A3B}
Task: {71E9DEE1-28F4-47FA-9F9E-7392CDBB9CDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-13] (Google LLC -> Google LLC)
Task: {8059102D-3DBF-44CD-B608-D04F57867271} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {89BD13E7-D90B-41E7-91AB-CF803A0752AE} - System32\Tasks\Microsoft\Windows\Offline Files\Logon Synchronization => {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}
Task: {8A222287-748B-4EB4-8488-AF4E24BF51EC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-07-13] (Google LLC -> Google LLC)
Task: {8B1ADEC7-8D07-493A-B927-7DAFB3099325} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {8B27DBF0-9068-4D8D-9E1D-EA2DD18FF7FE} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {9F9CAC69-DDF0-4E68-A6EE-EB86130B2D3E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108872 2021-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {A03FC1C5-AEC3-4EB7-9C29-062ABCFD18B0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay => C:\Program Files\ruxim\ruximics.exe [477512 2021-06-30] (Microsoft Windows -> Microsoft Corporation)
Task: {AF2C369F-EDAB-4225-B1B4-1ECAB210D742} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6332312 2021-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {C12A1962-9635-4527-A4DF-DA0B7206EBF3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108872 2021-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {C22C7785-E77A-49D7-819B-A6B00CD05D87} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5AAF881-4C44-4EEE-867D-C091769F3CA7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6332312 2021-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {EBD25561-3D4B-421B-99D8-50B1CAB321B7} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {EF8503AA-701E-4220-98D2-D19E2C751F40} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MpCmdRun.exe [901048 2021-12-30] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F1C5573A-A641-4228-88C2-64F8E5DD7461} - System32\Tasks\Microsoft\Windows\Offline Files\Background Synchronization => {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}
Task: {F94C0C57-054C-4AC2-9057-246937934FC5} - System32\Tasks\{BB560199-F897-4C64-9FBB-D53275DBE13E} => "e:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.18.0.111/de/abandoninstall?source=lightinstaller&page=tsPlugin hxxp://ui.skype.com/ui/0/7.18.0.111/de/abandoninstall?source=lightinstaller&page=tsPlugin (Keine Datei)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.69.96.12 81.210.129.4
Tcpip\..\Interfaces\{464fe82d-2993-469f-a10a-e3b78d1801a9}: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{5042b15d-9884-4e3c-a73b-7921f052c2a9}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{638592f2-2a53-4d42-88c3-df0f6df7ac00}: [DhcpNameServer] 192.168.0.142
Tcpip\..\Interfaces\{8b1126e0-1dca-4181-ba41-62ffa6a856c1}: [DhcpNameServer] 80.69.96.12 81.210.129.4
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <==== ACHTUNG
Edge:
=======
DownloadDir: C:\Users\dracu\Downloads
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge Profile: C:\Users\dracu\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-30]
FireFox:
========
FF DefaultProfile: hzn6vdjy.default
FF ProfilePath: C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default [2021-12-30]
FF NetworkProxy: Mozilla\Firefox\Profiles\hzn6vdjy.default -> socks", "178.197.248.213"
FF Extension: (Avira Browserschutz) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\abs@avira.com.xpi [2019-01-07] [UpdateUrl:hxxps://download.avira.com/package/absnooffers/firefox/update_webext_no_offers.rdf]
FF Extension: (Best Proxy Switcher) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\bestproxyswitcher@bestproxyswitcher.com.xpi [2019-12-10]
FF Extension: (CanvasBlocker) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\CanvasBlocker@kkapsner.de.xpi [2021-11-08]
FF Extension: (Easy Screenshot) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\easyscreenshot@mozillaonline.com.xpi [2021-09-19]
FF Extension: (FoxyProxy Standard) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\foxyproxy@eric.h.jung.xpi [2020-07-30]
FF Extension: (HTTPS Everywhere) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\https-everywhere-eff@eff.org.xpi [2021-04-19] [UpdateUrl:hxxps://www.eff.org/files/https-everywhere-updates.json]
FF Extension: (tb-clear-cache.tooltip) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\tb-clear-cache-single@codefisher.org.xpi [2018-08-25]
FF Extension: (uBlock Origin) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\uBlock0@raymondhill.net.xpi [2021-12-28]
FF Extension: (User-Agent Switcher) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\user-agent-switcher@ninetailed.ninja.xpi [2020-12-10]
FF Extension: (Nehmen Sie vollständige Webseiten auf - FireShot) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2021-09-19]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{479f0278-2c34-4365-b9f0-1d328d0f0a40}.xpi [2020-12-10]
FF Extension: (NoScript) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2021-12-30]
FF Extension: (Toggle Referrer) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2021-10-25]
FF Extension: (Rakuten Shopping-Assistent) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{939923c3-1d97-423b-9e0a-17d1a9a23aa0}.xpi [2021-10-11]
FF Extension: (Video DownloadHelper) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-09-19]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-08] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
StartMenuInternet: FIREFOX.EXE - e:\Program Files (x86)\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR Profile: C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default [2021-12-30]
CHR Extension: (Präsentationen) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-13]
CHR Extension: (Docs) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-13]
CHR Extension: (Google Drive) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-10]
CHR Extension: (YouTube) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-13]
CHR Extension: (Avira Password Manager) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-12-28]
CHR Extension: (Tabellen) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-13]
CHR Extension: (Avira Browserschutz) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2021-12-28]
CHR Extension: (Google Docs Offline) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-09]
CHR Extension: (IGRAAL : Cashback & Gutscheine) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2021-12-26]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-25]
CHR Extension: (Google Mail) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-10]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
Opera:
=======
OPR Profile: C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable [2020-12-26]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Avira Safe Shopping) - C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo [2020-12-26]
OPR Extension: (Rich Hints Agent) - C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-12-26]
OPR Extension: (Avira Password Manager) - C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngohaaocccbohaffogpbgfpmpgbcgccg [2020-12-26]
OPR Extension: (Free Avira Phantom VPN – Entsperrt Webseiten) - C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\pcgkmkjdikhiodinhloioejnpjgmfigd [2020-12-26]
Brave:
=======
BRA Profile: C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-11-16]
BRA StartupUrls: Default -> "hxxps://www.google.com/"
BRA DefaultSearchKeyword: Default -> :g
BRA Extension: (MyJDownloader Browser Extension) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2021-09-19]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-11-16]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-11-16]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-08-20]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-11-16]
BRA Extension: (Brave NTP sponsored images) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\obbokncgfcbepeipkhpdepjjoncelefj [2021-11-16]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-11-16]
StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-02] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-02] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12129128 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [Datei ist nicht signiert]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-12-30] (Malwarebytes Inc -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NoIPDUCService4; e:\Program Files (x86)\No-IP\ducservice.exe [12288 2015-07-20] () [Datei ist nicht signiert]
S3 PAExec; C:\Windows\PAExec.exe [189112 2015-11-07] (Power Admin LLC -> Power Admin LLC)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [Datei ist nicht signiert]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-12-11] (Even Balance, Inc. -> )
S3 TunngleService; e:\Program Files (x86)\Tunngle\TnglCtrl.exe [814064 2015-12-22] (Tunngle.net GmbH -> Tunngle.net GmbH) [Datei ist nicht signiert]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2205568 2017-03-21] (Sony Mobile Communications AB -> Sony) [Datei ist nicht signiert]
S3 FoxitReaderService; "C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-12-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-12-30] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-12-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-12-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-12-30] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-12-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2015-11-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [28128 2019-08-04] (Unified Intents AB -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-12-30] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435432 2021-12-30] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-30] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-12-30 21:23 - 2021-12-30 22:12 - 000079326 _____ C:\Users\dracu\Downloads\Shortcut.txt
2021-12-30 21:16 - 2021-12-30 22:12 - 000061628 _____ C:\Users\dracu\Downloads\Addition.txt
2021-12-30 21:14 - 2021-12-30 22:20 - 000032128 _____ C:\Users\dracu\Downloads\FRST.txt
2021-12-30 21:14 - 2021-12-30 22:20 - 000000000 ____D C:\FRST
2021-12-30 21:14 - 2021-12-30 21:14 - 002311168 _____ (Farbar) C:\Users\dracu\Downloads\FRST64.exe
2021-12-30 21:01 - 2021-12-30 21:01 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-12-30 21:01 - 2021-12-30 21:01 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-12-30 21:01 - 2021-12-30 21:01 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-12-30 21:01 - 2021-12-30 21:01 - 000000000 ____D C:\Users\dracu\AppData\Local\mbam
2021-12-30 20:59 - 2021-12-30 20:59 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-12-30 20:59 - 2021-12-30 20:59 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-12-30 20:59 - 2021-12-30 20:59 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-12-30 20:59 - 2021-12-30 20:59 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-12-30 20:59 - 2021-12-30 20:59 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-12-30 20:59 - 2021-12-30 20:59 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-12-30 20:58 - 2021-12-30 20:58 - 002910904 _____ (Malwarebytes) C:\Users\dracu\Downloads\MBSetup.exe
2021-12-30 20:58 - 2021-12-30 20:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-12-30 20:58 - 2021-12-30 20:58 - 000000000 ____D C:\Program Files\Malwarebytes
2021-12-30 20:57 - 2021-12-30 20:57 - 000000000 ____D C:\WINDOWS\Panther
2021-12-30 20:51 - 2021-12-30 20:51 - 079075480 _____ (F-Secure Corporation) C:\Users\dracu\Downloads\Freedome_pid-6661000+aid-1m96vgw16o0iu9_.exe
2021-12-30 20:51 - 2021-12-30 20:51 - 001682072 _____ (F-Secure Corporation) C:\Users\dracu\Downloads\FSecureIDPWin_pid-6661000+aid-1q0l0m61hbe0y2_.exe
2021-12-30 20:49 - 2021-12-30 20:49 - 001690776 _____ (F-Secure Corporation) C:\Users\dracu\Downloads\F-Secure-Safe-Network-Installer_16ddvt1f3a11r_.exe
2021-12-30 20:26 - 2021-12-30 20:26 - 000011361 _____ C:\Users\dracu\Downloads\Fax_61cdd3fedf8b1442273.pdf
2021-12-30 13:42 - 2021-12-30 13:42 - 000020998 _____ C:\Users\dracu\Downloads\Fax_61cd9ff697b98442273.pdf
2021-12-28 22:48 - 2021-12-28 22:48 - 000002695 _____ C:\Users\dracu\Desktop\Google Photos.lnk
2021-12-28 22:48 - 2021-12-28 22:48 - 000000000 ____D C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps
2021-12-28 19:35 - 2021-12-28 19:35 - 000119124 _____ C:\Users\dracu\Downloads\Medikamentenplan_Ausdruckbar_Ausfuellbar.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000116886 _____ C:\Users\dracu\Downloads\2020-12-29_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000116682 _____ C:\Users\dracu\Downloads\2020-11-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000116670 _____ C:\Users\dracu\Downloads\2021-08-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000116643 _____ C:\Users\dracu\Downloads\2021-01-25_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000116442 _____ C:\Users\dracu\Downloads\2021-06-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000095638 _____ C:\Users\dracu\Downloads\2021-03-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000095584 _____ C:\Users\dracu\Downloads\2021-09-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000095520 _____ C:\Users\dracu\Downloads\2021-11-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000095450 _____ C:\Users\dracu\Downloads\2021-10-25_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000095434 _____ C:\Users\dracu\Downloads\2021-02-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000095348 _____ C:\Users\dracu\Downloads\2021-04-26_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000095316 _____ C:\Users\dracu\Downloads\2021-05-26_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000095217 _____ C:\Users\dracu\Downloads\2021-07-26_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:01 - 2021-12-26 16:01 - 000115966 _____ C:\Users\dracu\Downloads\2020-09-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:01 - 2021-12-26 16:01 - 000115883 _____ C:\Users\dracu\Downloads\2020-07-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:01 - 2021-12-26 16:01 - 000115599 _____ C:\Users\dracu\Downloads\2020-10-26_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:01 - 2021-12-26 16:01 - 000094870 _____ C:\Users\dracu\Downloads\2020-06-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:01 - 2021-12-26 16:01 - 000094827 _____ C:\Users\dracu\Downloads\2020-08-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:01 - 2021-12-26 16:01 - 000094595 _____ C:\Users\dracu\Downloads\2020-04-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:01 - 2021-12-26 16:01 - 000094406 _____ C:\Users\dracu\Downloads\2020-05-25_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 15:58 - 2021-12-26 15:58 - 001093737 _____ C:\Users\dracu\Downloads\santander-agb-112021.pdf
2021-12-23 08:15 - 2021-12-23 08:15 - 000000000 ___RD C:\Users\dracu\Documents\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe!App
2021-12-23 07:47 - 2021-12-23 07:47 - 000111305 _____ C:\Users\dracu\Downloads\33146f1042709678361b563d.pdf
2021-12-19 20:27 - 2021-12-19 20:27 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-12-19 17:33 - 2021-12-19 17:33 - 000000000 ____D C:\WINDOWS\SystemTemp
2021-12-19 17:25 - 2021-12-19 17:25 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-19 17:25 - 2021-12-19 17:25 - 000011979 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-19 17:24 - 2021-12-19 17:24 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-19 17:24 - 2021-12-19 17:24 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-12-19 17:11 - 2021-12-19 17:11 - 000000000 ___HD C:\$WinREAgent
2021-12-17 11:39 - 2021-12-17 11:39 - 003158414 _____ C:\Users\dracu\Desktop\kaufvertrag.pdf
2021-12-17 11:36 - 2021-12-17 11:36 - 000002014 _____ C:\Users\Public\Desktop\PDFsam Basic.lnk
2021-12-17 11:36 - 2021-12-17 11:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFsam Basic
2021-12-17 11:36 - 2021-12-17 11:36 - 000000000 ____D C:\Program Files\PDFsam Basic
2021-12-12 20:49 - 2021-12-12 20:49 - 000108258 _____ C:\Users\dracu\Desktop\strom2.pdf
2021-12-12 20:41 - 2021-12-12 20:41 - 000364047 _____ C:\Users\dracu\Desktop\Rechnung_794307.pdf
2021-12-03 19:36 - 2021-12-03 19:28 - 001548618 _____ C:\Users\dracu\Desktop\Antrag_Mehrstaatigkeit.pdf
2021-12-03 19:16 - 2021-12-03 19:22 - 001550272 _____ C:\Users\dracu\Desktop\Scan0039_geschwärzt.pdf
2021-12-03 19:12 - 2021-12-19 17:56 - 000003522 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-12-03 19:07 - 2021-12-30 20:55 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-12-03 19:07 - 2021-12-03 19:08 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2021-12-03 19:02 - 2021-12-03 19:02 - 002531832 _____ (Adobe Inc.) C:\Users\dracu\Downloads\Acrobat_DC_Set-Up.exe
2021-12-03 16:49 - 2021-12-03 16:49 - 000782117 _____ C:\Users\dracu\Desktop\Versicherungsbedingungen_1404-2745-1070-81.pdf
2021-12-03 16:49 - 2021-12-03 16:49 - 000148058 _____ C:\Users\dracu\Desktop\Beratungsprotokoll_1404-2745-1070-81.pdf
2021-12-03 16:49 - 2021-12-03 16:49 - 000086303 _____ C:\Users\dracu\Desktop\Muster_Kuendigung_1404-2745-1070-81.pdf
2021-12-03 16:49 - 2021-12-03 16:49 - 000039500 _____ C:\Users\dracu\Desktop\Informationsblatt_zu_Versicherungsprodukten_1404-2745-1070-81.pdf
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-12-30 22:17 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-30 22:02 - 2020-07-13 10:00 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-30 21:43 - 2016-11-18 23:35 - 000000000 ____D C:\Users\dracu\AppData\LocalLow\Mozilla
2021-12-30 21:42 - 2018-12-01 13:39 - 000000000 ____D C:\Users\dracu\AppData\Roaming\Thunderbird
2021-12-30 21:37 - 2018-05-19 20:32 - 000000000 ____D C:\Users\dracu\AppData\Local\D3DSCache
2021-12-30 21:31 - 2018-03-19 23:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-12-30 21:27 - 2016-02-02 20:00 - 000000000 ____D C:\SteamLibrary
2021-12-30 21:21 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-12-30 21:17 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-30 21:09 - 2020-06-10 17:18 - 000000000 ____D C:\ProgramData\Mozilla
2021-12-30 21:04 - 2021-10-11 22:26 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-30 21:04 - 2019-12-07 15:50 - 000744794 _____ C:\WINDOWS\system32\perfh007.dat
2021-12-30 21:04 - 2019-12-07 15:50 - 000150180 _____ C:\WINDOWS\system32\perfc007.dat
2021-12-30 20:59 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-12-30 20:57 - 2021-10-11 22:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-30 20:57 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-30 20:57 - 2019-08-25 13:00 - 000000000 ____D C:\ProgramData\Unified Remote
2021-12-30 20:57 - 2019-03-11 21:41 - 000000000 ____D C:\Program Files (x86)\Avira
2021-12-30 20:57 - 2016-08-05 22:02 - 000000000 ____D C:\ProgramData\NVIDIA
2021-12-30 20:57 - 2015-11-07 00:33 - 000000000 __SHD C:\Users\dracu\IntelGraphicsProfiles
2021-12-30 20:56 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-12-30 20:54 - 2015-11-07 21:03 - 000000000 ____D C:\ProgramData\Avira
2021-12-30 20:53 - 2021-04-17 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2021-12-30 20:25 - 2021-10-11 22:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-30 12:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-28 22:03 - 2018-04-06 21:20 - 000000000 ____D C:\Download_JD_C
2021-12-28 19:37 - 2017-12-08 15:12 - 000000000 ____D C:\Users\dracu\AppData\Local\Packages
2021-12-28 19:10 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-19 17:43 - 2015-11-07 01:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-12-19 17:35 - 2021-10-11 22:21 - 000453120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-19 17:09 - 2015-11-07 14:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-12-19 17:02 - 2021-02-08 23:19 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-19 17:02 - 2021-02-08 23:19 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-19 17:02 - 2015-11-07 14:14 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-12-15 19:05 - 2019-12-02 21:32 - 000002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-12-15 19:05 - 2019-12-02 21:32 - 000002369 _____ C:\Users\Public\Desktop\Brave.lnk
2021-12-15 19:04 - 2020-07-13 10:01 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-12-15 19:04 - 2020-07-13 10:01 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-12-10 19:31 - 2021-10-14 21:53 - 000002364 _____ C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-12-10 19:31 - 2021-10-14 21:53 - 000002356 _____ C:\Users\dracu\Desktop\Microsoft Teams.lnk
2021-12-10 19:25 - 2015-11-07 00:27 - 000000000 ____D C:\Users\dracu\AppData\Roaming\Adobe
2021-12-09 19:38 - 2021-11-17 22:48 - 000003606 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7bee68690ef32
2021-12-09 19:38 - 2021-10-11 22:33 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-03 19:28 - 2021-10-11 19:31 - 000035709 _____ C:\Users\dracu\.sambox.cache
2021-12-03 19:24 - 2018-07-03 21:43 - 000000000 ____D C:\ProgramData\Packages
2021-12-03 19:08 - 2021-10-14 15:47 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-12-03 19:08 - 2021-10-14 15:47 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-12-03 19:08 - 2021-10-14 15:47 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat DC.lnk
2021-12-03 19:07 - 2021-10-14 15:46 - 000000000 ____D C:\ProgramData\Adobe
2021-12-03 19:07 - 2021-10-14 15:46 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-12-03 19:03 - 2015-11-14 01:04 - 000000000 ____D C:\Users\dracu\AppData\Local\Adobe
2021-12-03 18:56 - 2015-11-07 15:52 - 000000000 ____D C:\ProgramData\Package Cache
2021-12-03 18:55 - 2021-11-10 20:59 - 000000000 ____D C:\Users\dracu\AppData\Roaming\Foxit Software
2021-12-03 15:59 - 2021-10-11 22:33 - 000003654 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-12-03 15:59 - 2021-10-11 22:33 - 000003530 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-12-03 15:59 - 2019-12-02 21:32 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2016-03-15 16:10 - 2016-03-15 16:10 - 000000267 _____ () C:\ProgramData\fontcacheev1.dat
2015-11-07 00:48 - 2018-05-20 14:23 - 000000000 _____ () C:\Users\dracu\AppData\Local\BluetoothPresent.flag
2015-11-07 00:48 - 2018-05-20 14:23 - 000000000 _____ () C:\Users\dracu\AppData\Local\Driver_Jupiter_01Present.flag
2021-12-03 19:24 - 2021-12-03 19:24 - 000000000 _____ () C:\Users\dracu\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-12-2021
durchgeführt von dracu (30-12-2021 22:21:58)
Gestartet von C:\Users\dracu\Downloads
Microsoft Windows 10 Home Version 20H2 19042.1415 (X64) (2021-10-11 21:34:02)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-465889627-1915634839-1743452103-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-465889627-1915634839-1743452103-503 - Limited - Disabled)
dracu (S-1-5-21-465889627-1915634839-1743452103-1001 - Administrator - Enabled) => C:\Users\dracu
dracula (S-1-5-21-465889627-1915634839-1743452103-1004 - Limited - Enabled) => C:\Users\dracula
Gast (S-1-5-21-465889627-1915634839-1743452103-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-465889627-1915634839-1743452103-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
64 Bit HP CIO Components Installer (HKLM\...\{BC741628-0AFC-405C-8946-DD46D1005A0A}) (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 21.007.20099 - Adobe)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.)
AIMP (HKLM-x32\...\AIMP) (Version: v4.70.2239, 22.12.2020 - AIMP DevTeam)
Apple Application Support (32-Bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
AuthenTec TrueAPI (HKLM\...\{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}) (Version: 1.3.0.151 - AuthenTec, Inc.) Hidden
Bierbuden Autoupdate (remove only) (HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Bierbuden Autoupdate) (Version: - )
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 96.1.33.106 - Die Brave-Autoren)
concept/design onlineTV 14 (HKLM-x32\...\{65EB1D38-9DB9-4EFF-B2DE-9218BF31D8F3}_is1) (Version: 14.19.4.3 - concept/design GmbH)
concept/design onlineTV 15 (HKLM-x32\...\{C9F7D843-78C5-4A81-A350-D39F00E80178}_is1) (Version: 15.19.9.21 - concept/design GmbH)
DoNotSpy10 (HKLM-x32\...\{32D066BD-F94C-4948-8FA8-84653EE9617E}_is1) (Version: 5.1.0.0 - pXc-coding.com)
GamersFirst LIVE! (HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\GamersFirst LIVE!) (Version: - GamersFirst)
GMX ProfiFax (HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\GMXProfiFax) (Version: 1.5.0 - 1un1 Mail and Media GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.110 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 15.0.15188.2008 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)
hppM276LaserJetService (HKLM-x32\...\{D6610387-8E8B-48ED-AB1C-0D38DFE31C55}) (Version: 001.019.00639 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{E35D0ED5-716B-4E1F-8477-54DD746DF527}) (Version: 140.040.00231 - Hewlett Packard) Hidden
hpStatusAlertsM276 (HKLM-x32\...\{FFD4184D-7EC6-476E-9A72-E83412AB9D3B}) (Version: 050.034.00131 - Hewlett-Packard) Hidden
IrfanView 4.50 (64-bit) (HKLM\...\IrfanView64) (Version: 4.50 - Irfan Skiljan)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Killer Performance Suite (HKLM-x32\...\{4C941774-4366-4C56-93CC-19C5E364E5B0}) (Version: 1.1.69.1774 - Rivet Networks)
Killer Wireless-N Drivers (HKLM\...\{9620A3CC-587B-4E1B-90A6-8AD04D222954}) (Version: 1.1.69.1774 - Rivet Networks) Hidden
Malwarebytes version 4.5.0.152 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.0.152 - Malwarebytes)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.14701.20262 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.62 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.62 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - de-de (HKLM\...\ProPlus2019Retail - de-de) (Version: 16.0.14701.20262 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Teams) (Version: 1.4.00.32771 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MKVToolNix 8.6.1 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.6.1 - Moritz Bunkus)
Mozilla Firefox (x64 de) (HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Mozilla Firefox 95.0.2 (x64 de)) (Version: 95.0.2 - Mozilla)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0 - Mozilla)
Mumble 1.2.17 (HKLM-x32\...\{8A01C920-26AD-4574-8C2B-95D9245B1EBE}) (Version: 1.2.17 - Thorvald Natvig)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.1 - Vitalwerks Internet Solutions LLC)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14701.20262 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20248 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20262 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.14701.20248 - Microsoft Corporation) Hidden
onlineTV 16 (HKLM-x32\...\{DBBB91FF-2F98-4B36-9AF3-FD0589CD791C}_is1) (Version: 16.20.9.9 - concept/design GmbH)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenAudible 1.6.7 (HKLM\...\7008-5171-7013-3819) (Version: 1.6.7 - openaudible.org)
PDFsam Basic (HKLM\...\{06C071AD-846F-4E21-A938-63DA54A45EB3}) (Version: 4.2.9.0 - Sober Lemur S.a.s. di Vacondio Andrea)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Python 2.7.9 (64-bit) (HKLM\...\{79F081BF-7454-43DB-BD8F-9EE596813233}) (Version: 2.7.9150 - Python Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7898 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SRWare Iron (64-Bit) Version 86.0.4400.0 (HKLM\...\{BA85A29D-B48E-4826-BAEE-817024E52E29}_is1) (Version: 86.0.4400.0 - SRWare)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 9.21a - Ghisler Software GmbH)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.7.0 - Unified Intents AB)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B652B695-C849-4EF2-B09A-72771C7AD2BA}) (Version: 2.71.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 22.2 - Ubisoft)
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10-Update-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23367 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM\...\{68C9C2A4-C212-4310-AB68-12F97050A416}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 6.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH)
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{0459DDD1-F6B6-4BEA-901F-C8907C8F01F5}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2017 (HKLM-x32\...\{5D96B9D7-8324-4674-94A8-9C09EFCB620A}) (Version: 24.05.1582 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2018 (HKLM-x32\...\{973E6FE8-0E6B-40DA-BD23-2445E4DA8C01}) (Version: 25.01.1436 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2019 (HKLM-x32\...\{8853EAA4-BE38-4ED1-BDB8-7043980B38C0}) (Version: 26.04.1771 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2020 (HKLM-x32\...\{050250C5-C97E-4D4B-8E02-FBE34B2A0FEB}) (Version: 27.03.1674 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2021 (HKLM-x32\...\{E0F9E4AD-386E-4063-AAEA-BE15FB137AE1}) (Version: 28.02.1946 - Buhl Data Service GmbH)
Xperia Companion (HKLM-x32\...\{44263da6-788d-4cd9-be25-ba05829e3fb4}) (Version: 1.5.12.0 - Sony)
Xperia Companion (HKLM-x32\...\{DE803B8F-8EFE-4018-AFD1-D0F708A75D50}) (Version: 1.5.12.0 - Sony) Hidden
Xperia Companion Service (HKLM\...\{62A561E8-3F7C-4363-AAC0-6390476CE334}) (Version: 1.5.12.0 - Sony) Hidden
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2021-12-03] (Adobe Systems Incorporated)
Audible - Hörbuch und Hörspiel App -> C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2 [2021-09-23] (Audible Inc)
Drawboard PDF -> C:\Program Files\WindowsApps\DRAWBOARD.DRAWBOARDPDF_6.7.16.0_x64__gqbn7fs4pywxm [2021-12-23] (Drawboard)
Horizon Go DE -> C:\Program Files\WindowsApps\LibertyGlobal.HorizonGODE_2.15.5.0_x64__gmwgfebrpy77e [2020-10-10] (Liberty Global)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_133.1.340.0_x64__v10z8vjag6ke6 [2021-12-19] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-12-10] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-10-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-10-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe [2021-12-19] (Microsoft Studios) [MS Ad]
Mind Maps Pro -> C:\Program Files\WindowsApps\BallardAppCraftery.MindMapsPro2Beta_1.1.27.0_x64__epyrqhfctk40t [2020-07-06] (User Camp)
Penbook -> C:\Program Files\WindowsApps\36376UserCamp.Penbook_2.1.30.0_x64__t7afzrbtd67z0 [2020-06-30] (User Camp)
The Solar Eclipse -> C:\Program Files\WindowsApps\Microsoft.TheSolarEclipse_1.0.0.0_neutral__8wekyb3d8bbwe [2019-06-21] (Microsoft Corporation)
Up in the Sky -> C:\Program Files\WindowsApps\Microsoft.UpintheSky_2.0.0.0_neutral__8wekyb3d8bbwe [2019-06-21] (Microsoft Corporation)
WiFi Tool -> C:\Program Files\WindowsApps\53028HelgeMagnusKeck.WiFiTool_1.6.31.0_x64__kmtq5bk764tmy [2021-10-15] (WiFi Tools)
WolframAlpha -> C:\Program Files\WindowsApps\WolframAlphaLLC.49286375E2778_1.0.5.682_neutral__71vdkmpgakaxt [2020-08-20] (Wolfram Group LLC)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-465889627-1915634839-1743452103-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\dracu\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21264.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-465889627-1915634839-1743452103-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2020-12-26] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => e:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll [2020-12-26] (IP Izmaylov Artem Andreevich -> AIMP DevTeam)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => e:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\dracu\Desktop\Google Photos.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ncmjhecbjeaamljdfahankockkkdmedg
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Google Photos.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ncmjhecbjeaamljdfahankockkkdmedg
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2015-07-20 16:34 - 2015-07-20 16:34 - 000073728 _____ () [Datei ist nicht signiert] [Datei wird verwendet] e:\Program Files (x86)\No-IP\ducapi.dll
2021-02-01 21:49 - 2021-02-01 21:49 - 000010240 _____ () [Datei ist nicht signiert] C:\Program Files\Adobe\Acrobat DC\Acrobat\locale\de_de\acrotray.deu
2018-08-31 18:54 - 2021-10-06 02:30 - 126961152 _____ () [Datei ist nicht signiert] E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2018-08-31 18:54 - 2021-10-06 02:30 - 000384000 _____ () [Datei ist nicht signiert] E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2018-08-31 18:54 - 2021-10-06 02:30 - 008006656 _____ () [Datei ist nicht signiert] E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2009-09-16 18:44 - 2009-09-16 18:44 - 000153088 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\hptcpmib.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000331264 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 11:44 - 2009-09-16 11:44 - 000132096 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\hpzjrd01.dll
2014-06-24 23:31 - 2014-06-24 23:31 - 000041472 _____ (Hewlett-Packard Company) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\HP\HPLaserJetService\HPHTTPProxy.dll
2014-06-24 23:31 - 2014-06-24 23:31 - 000073728 _____ (Hewlett-Packard Company) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\HP\HPLaserJetService\HPTools.dll
2014-06-24 23:31 - 2014-06-24 23:31 - 001222656 _____ (Hewlett-Packard Company) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\HP\HPLaserJetService\LEDMXMLObjects.dll
2011-04-13 16:08 - 2011-04-13 16:08 - 000050688 _____ (Hewlett-Packard) [Datei ist nicht signiert] c:\windows\system32\hpzinw12.dll
2011-04-13 16:08 - 2011-04-13 16:08 - 000066048 _____ (Hewlett-Packard) [Datei ist nicht signiert] c:\windows\system32\hpzipm12.dll
2014-06-24 23:31 - 2014-06-24 23:31 - 000034816 _____ (HP) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\HP\HPLaserJetService\HPServiceCommunicator.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000317440 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\WINDOWS\System32\HPTcpMUI.dll
2016-03-04 22:14 - 2016-06-14 21:01 - 001298640 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2019-08-25 13:00 - 2016-10-10 05:27 - 000556544 _____ (Soft Service Company) [Datei ist nicht signiert] C:\Program Files (x86)\Unified Remote 3\wcl.dll
2018-08-31 18:54 - 2021-10-06 02:30 - 000983552 _____ (The Chromium Authors) [Datei ist nicht signiert] E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll
2019-08-25 13:00 - 2016-09-23 14:08 - 001283584 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Unified Remote 3\LIBEAY32MD.dll
2019-08-25 13:00 - 2016-09-23 14:08 - 000255488 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Unified Remote 3\SSLEAY32MD.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-08] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\123simsen.com -> www.123simsen.com
Da befinden sich 7937 mehr Seiten.
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\123simsen.com -> www.123simsen.com
Da befinden sich 7933 mehr Seiten.
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2017-04-08 16:50 - 2017-04-08 16:56 - 000454662 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 rad.msn.com
127.0.0.1 live.rads.msn.com
127.0.0.1 ads1.msn.com
127.0.0.1 static.2mdn.net
127.0.0.1 g.msn.com
127.0.0.1 a.ads2.msads.net
127.0.0.1 b.ads2.msads.net
127.0.0.1 ac3.msn.com
127.0.0.1 apps.skype.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
Da befinden sich 15603 zusätzliche Einträge.
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\ProgramData\Oracle\Java\javapath;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
HKU\S-1-5-21-465889627-1915634839-1743452103-1004\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 80.69.96.12 - 81.210.129.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\StartupApproved\Run: => "NoIPDUCv4"
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\StartupApproved\Run: => "XperiaCompanionAgent"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{C5ED3A27-C85A-4E98-9CA8-518A8501E388}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{48124AD1-88EE-4681-B829-C2E60F1CE4DC}C:\program files (x86)\zoiper\zoiper.exe] => (Allow) C:\program files (x86)\zoiper\zoiper.exe => Keine Datei
FirewallRules: [TCP Query User{6D0E7FBA-AB08-4CA9-8FF5-6762194DB19B}C:\program files (x86)\zoiper\zoiper.exe] => (Allow) C:\program files (x86)\zoiper\zoiper.exe => Keine Datei
FirewallRules: [{8932E0D1-EDD2-4C5E-A628-914B595FD7D7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BBE36D70-7191-4927-BFA0-481084430F91}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6FB053C9-4999-4580-B396-4002AB6C8D3A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5D8305FF-DF14-46DB-A381-E7BA9825F474}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{93763B12-FBF6-46B0-82B1-1CED815C1892}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BF73EEF8-7C7A-47FC-ADC9-073010E4877A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{52F44AF8-6353-41C6-B033-686C9963CF1E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FB8C6963-9D8B-4EF1-B960-16BA7A1A58E3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7AD07112-94CD-4BAC-8B2C-CC399B1A428D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{11F96596-0C3C-49E7-B1C5-D658ACEA1E5E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{364B324F-BBEF-4303-8C5C-D8AE43C97E66}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{06202C48-65DD-43B8-8C2C-B71C4BABF9D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AD95D494-27C4-4667-8E68-3694E7B8AC21}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [UDP Query User{685856FF-14FA-4B15-9D12-B07C1BCE6F39}E:\program files (x86)\mozilla firefox\firefox.exe] => (Block) E:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{9A075BA7-3898-4EDD-915A-F659C4B2D858}E:\program files (x86)\mozilla firefox\firefox.exe] => (Block) E:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6F64AAF7-DB17-4915-A0D1-D235D46EA617}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{627553DF-0D64-4A80-BFD7-73502B89569D}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F5ABB1A3-6830-4173-B424-4D2BD60E4FBC}] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe => Keine Datei
FirewallRules: [{4343FD89-F2C9-4ED5-85E5-E626CE619A2B}] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe => Keine Datei
FirewallRules: [UDP Query User{9E46ACE0-F3F7-4089-9B40-077E4046C6EC}E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe => Keine Datei
FirewallRules: [TCP Query User{29ABDBD5-F9AE-4D13-8C6C-E2AB0AEDA4D4}E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe => Keine Datei
FirewallRules: [{2B14893D-9D28-4AE0-BE85-ACBD380D5430}] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe => Keine Datei
FirewallRules: [{6EB0145C-8CE5-4D36-B22E-26D860A0278B}] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe => Keine Datei
FirewallRules: [UDP Query User{1839E9FE-EDEB-48A8-B1AE-B201F82171D8}E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe => Keine Datei
FirewallRules: [TCP Query User{B631EDF4-EFD7-4723-AFDF-4C29768D5FB8}E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe => Keine Datei
FirewallRules: [{A1705055-4EB5-497E-931C-2DC9B2CA22DA}] => (Allow) E:\program files (x86)\mumble\murmur.exe (mkrautz.dk -> Thorvald Natvig)
FirewallRules: [{860FD979-8379-425B-A5AA-5A972B79C110}] => (Allow) E:\program files (x86)\mumble\murmur.exe (mkrautz.dk -> Thorvald Natvig)
FirewallRules: [UDP Query User{E4A7A97B-55EA-49D8-8235-AC9B479EDAC2}E:\program files (x86)\mumble\murmur.exe] => (Allow) E:\program files (x86)\mumble\murmur.exe (mkrautz.dk -> Thorvald Natvig)
FirewallRules: [TCP Query User{CE8D067D-18DC-44DD-81D3-25222D9BF0FB}E:\program files (x86)\mumble\murmur.exe] => (Allow) E:\program files (x86)\mumble\murmur.exe (mkrautz.dk -> Thorvald Natvig)
FirewallRules: [{B631AEB5-7AB5-4597-AB8D-FF746D946EFA}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe => Keine Datei
FirewallRules: [{B8A3E48A-9F01-48AC-B6A2-A041AF0CE7F0}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe => Keine Datei
FirewallRules: [{2F0CA165-8717-4AE8-AFBE-4B223BFB579E}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{8198180B-8028-4CC0-A091-6F33C92E0899}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{433D5D5C-2C59-48B2-B51C-BD2BD8D25782}] => (Allow) e:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E2F328C0-5DDA-408B-9AB3-7C5E049FCEF9}] => (Allow) e:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A17BE05E-BE4A-4031-B9AE-E1BFF1427BE4}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe => Keine Datei
FirewallRules: [{B289F11B-8763-48F8-A8A2-B621B8C7F2A5}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe => Keine Datei
FirewallRules: [{F33A39EE-85B7-46F2-B251-A0F875D2A989}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe => Keine Datei
FirewallRules: [{96D6C3AD-AB1C-446C-97EE-B9AA10E28302}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe => Keine Datei
FirewallRules: [TCP Query User{E315B37A-A296-4C9F-8BBE-143EFD730F55}E:\programme\python27\pythonw.exe] => (Allow) E:\programme\python27\pythonw.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{4C37739F-EB98-42A1-9144-412711216599}E:\programme\python27\pythonw.exe] => (Allow) E:\programme\python27\pythonw.exe () [Datei ist nicht signiert]
FirewallRules: [{E1E55271-C2F9-413F-B803-96C91948C7FD}] => (Allow) C:\HP_LaserJet_200_color_MFP_M276\Installer\hpbcsiInstaller.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{EDBA7A01-1DAC-4827-956E-AB94AA059302}] => (Allow) C:\HP_LaserJet_200_color_MFP_M276\Installer\hpbcsiInstaller.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{44E05BE1-D01E-446C-8F18-245710072655}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{667C4014-B2FA-4DEE-B862-B72EB6148B2E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{8FF62F3A-0A11-4C05-924C-D138DD838184}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{953D3F0F-1A43-4761-ABC8-9951DE7AE1C5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{4385F523-DECB-4810-AB3D-9FB2542EE674}] => (Allow) E:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe => Keine Datei
FirewallRules: [{66B9E3C7-8FEF-4536-A071-27385A2FE85F}] => (Allow) E:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe => Keine Datei
FirewallRules: [{2DF908F4-86E0-4E70-9094-7A40B9661F5B}] => (Allow) E:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe => Keine Datei
FirewallRules: [{315435B3-606D-4C35-AD57-25FB14FD19FC}] => (Allow) E:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe => Keine Datei
FirewallRules: [TCP Query User{19F7E8DD-F139-4977-AF7E-C44D80797743}E:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) E:\program files (x86)\myphoneexplorer\myphoneexplorer.exe => Keine Datei
FirewallRules: [UDP Query User{E1BD961F-C095-420B-82FB-429879F456EA}E:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) E:\program files (x86)\myphoneexplorer\myphoneexplorer.exe => Keine Datei
FirewallRules: [{D894783A-340A-4336-AC05-B412CE564DC4}] => (Allow) E:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [Datei ist nicht signiert]
FirewallRules: [{C47542C6-3DBA-45EA-AEB3-D62A9135D027}] => (Allow) E:\Program Files (x86)\Tunngle\TnglCtrl.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [Datei ist nicht signiert]
FirewallRules: [{D96FE917-EF8F-4CC0-9D4C-60C60A846704}] => (Allow) E:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [Datei ist nicht signiert]
FirewallRules: [{45901C50-D4BA-4D0E-9D67-403A8CA00BF9}] => (Allow) E:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH -> Tunngle.net GmbH) [Datei ist nicht signiert]
FirewallRules: [{B6964316-AC57-488E-AC6D-3CEE741FD491}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Street Racing Syndicate\Bin\SRS.EXE => Keine Datei
FirewallRules: [{2F9E8FF8-9DF8-48B9-9E7D-F310613F0F6C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Street Racing Syndicate\Bin\SRS.EXE => Keine Datei
FirewallRules: [{0EB00190-D849-4EA2-8143-A9C5C8FE9EDD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4FEAB817-6195-4D43-A11A-F7AADAB61103}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{24D1DFED-A6EF-4CD0-902A-E0275B154D7F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => Keine Datei
FirewallRules: [{B96BA975-05EA-4F9F-92B0-4C3FBF633374}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => Keine Datei
FirewallRules: [{A7D99F6F-5030-48A8-8E4E-BF4C48485155}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F9503DD1-BA04-4794-8AEE-47E90F572026}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A62A235C-BFAD-436E-809A-D3C0B5FCA24E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FEBF4BF6-5278-423A-93FB-CCAC2A2C4B41}] => (Allow) C:\Program Files (x86)\WISO\Steuersoftware 2016\wmain16.dll (Buhl Data Service GmbH -> )
FirewallRules: [{211FFED5-DC1B-4E76-8D76-4171EF8917D5}] => (Allow) C:\Program Files (x86)\WISO\Steuersoftware 2016\wmain16.dll (Buhl Data Service GmbH -> )
FirewallRules: [{09C335A5-7E00-4EBF-9EE0-9CA887BD0D78}] => (Allow) C:\Program Files (x86)\WISO\Steuersoftware 2016\wmain16.dll (Buhl Data Service GmbH -> )
FirewallRules: [{704E90E7-9293-4308-913F-EC76BE5406B1}] => (Allow) C:\Program Files (x86)\WISO\Steuersoftware 2016\wmain16.dll (Buhl Data Service GmbH -> )
FirewallRules: [{5A7B4A0C-9C7B-44A6-8993-777BF7263D3B}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe (Sony Mobile Communications AB -> Sony) [Datei ist nicht signiert]
FirewallRules: [{8525ED06-0D66-4654-8AA5-66784A470D2E}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B9450499-AC0C-4F51-9349-BEBD3467F90C}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{40D247A7-87F8-4C25-B691-6705579B5AD8}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB -> Unified Intents AB)
FirewallRules: [{4002AE9A-A2E8-4A45-9689-78F4560E026E}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB -> Unified Intents AB)
FirewallRules: [{9787F2B4-9DBA-4EC3-A1EB-92EA5DD39F04}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => Keine Datei
FirewallRules: [{2064F384-1831-4161-85F7-AD67D672B02A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => Keine Datei
FirewallRules: [{ACC6B3CE-99C3-4745-B61D-0FDED2F9D93B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Torque Drift\TorqueDrift.exe () [Datei ist nicht signiert]
FirewallRules: [{91047375-09B7-478E-92F5-2BDA9641A004}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Torque Drift\TorqueDrift.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{89EC9CC4-3726-49E8-B31C-C34B2369C24A}C:\users\dracu\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\dracu\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{175F61E2-E507-4C09-9816-DA436A6FB7AE}C:\users\dracu\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\dracu\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{52653BD5-C376-498F-B084-871291654A59}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6EB815EF-FC2B-4F9D-9304-B647B9C19DF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{C0599CDF-B97F-4A0D-8878-00A6B35F194E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{A2194B97-9B85-49F4-BCB7-773232B7E3C3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{5D5D039D-9A99-4C47-B0F5-A462DA2A7C3E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{59222E80-A26B-4274-8E9E-B10A1F9B80C6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F537AA1D-B982-4992-A9C3-15822865318C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E85981E4-4176-4389-B2D2-462C2FDA116F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2D72C414-E9D5-4630-8271-463D7FE7AA16}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{42E11F3F-621C-4486-BAFA-F78565B09977}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D5E677D8-7FEB-4960-8FD2-36339716AEB0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B405AD98-26D6-4DF3-B22F-77AB0DD26F05}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E07E21B4-6BF5-4C1A-90FD-F092F1584B74}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{420DE6B6-EEAF-42AE-A4E1-6C15E26DE56A}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{C5E628AF-A41F-43FA-8DD8-0AB227CE61FF}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{8E1827E8-C381-48E4-9909-AA043EC3414A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{E1354BBF-6C40-4FFB-AC0E-AA32C3193882}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{5ED6CBDC-3DE8-45AB-8E3B-1E7C77D3C037}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F353464C-05F8-427E-9B07-057C55704E3C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{91AAFBDA-E799-4DD2-AD7C-AA1B09CF632E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{32EA296E-A6FF-4260-BF3E-C4713AB3B196}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FC44F024-EB61-4123-A605-186EB479CBA7}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert (Total:105.91 GB) (Free:3.99 GB) (4%)
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (12/30/2021 09:57:27 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (12/30/2021 08:55:58 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (12/30/2021 08:55:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Error: (12/30/2021 08:55:58 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (12/23/2021 07:31:15 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).
Error: (12/19/2021 05:37:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm identity_helper.exe Version 96.0.1054.62 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2ec4
Startzeit: 01d7f4f6a53ba4ea
Beendigungszeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.62\identity_helper.exe
Bericht-ID: 5c3df2c7-c9c8-45aa-95c2-05ab8681b84c
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge.Stable_96.0.1054.57_neutral__8wekyb3d8bbwe
Relative Anwendungs-ID des fehlerhaften Pakets: App
Absturztyp: Quiesce
Error: (12/19/2021 05:35:42 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).
Error: (12/12/2021 08:18:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm identity_helper.exe Version 96.0.1054.53 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2b0c
Startzeit: 01d7ef8cee151434
Beendigungszeit: 4294967295
Anwendungspfad: C:\Program Files (x86)\Microsoft\Edge\Application\96.0.1054.53\identity_helper.exe
Bericht-ID: ad1f4604-6338-4e30-9b69-2ea17da2adbf
Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge.Stable_96.0.1054.43_neutral__8wekyb3d8bbwe
Relative Anwendungs-ID des fehlerhaften Pakets: App
Absturztyp: Quiesce
Systemfehler:
=============
Error: (12/30/2021 08:55:53 PM) (Source: DCOM) (EventID: 10010) (User: LU)
Description: Der Server "{5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/23/2021 07:25:26 AM) (Source: Schannel) (EventID: 4103) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Erstellen der Client-Anmeldeinformationen für TLS. Der interne Fehlerstatus ist 10013.
Error: (12/20/2021 10:26:47 AM) (Source: Schannel) (EventID: 4103) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Erstellen der Client-Anmeldeinformationen für TLS. Der interne Fehlerstatus ist 10013.
Error: (12/19/2021 05:37:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (12/19/2021 05:37:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (12/19/2021 05:34:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ClickToRunSvc erreicht.
Error: (12/19/2021 05:00:18 PM) (Source: Schannel) (EventID: 4103) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Erstellen der Client-Anmeldeinformationen für TLS. Der interne Fehlerstatus ist 10013.
Error: (12/15/2021 07:00:47 PM) (Source: Schannel) (EventID: 4103) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Erstellen der Client-Anmeldeinformationen für TLS. Der interne Fehlerstatus ist 10013.
Windows Defender:
================
Date: 2021-12-30 22:17:44
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {C22694B0-3DE2-441F-926C-AC23DCD0B0D7}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
CodeIntegrity:
===============
Date: 2021-12-30 21:01:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Date: 2021-12-30 20:50:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. 4.6.5 10/19/2012
Hauptplatine: CLEVO P170EM
Prozessor: Intel(R) Core(TM) i7-3740QM CPU @ 2.70GHz
Prozentuale Nutzung des RAM: 40%
Installierter physikalischer RAM: 16273.89 MB
Verfügbarer physikalischer RAM: 9601.66 MB
Summe virtueller Speicher: 17325.22 MB
Verfügbarer virtueller Speicher: 10090.23 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:105.91 GB) (Free:3.98 GB) NTFS
Drive e: (daten) (Fixed) (Total:132.03 GB) (Free:1.6 GB) NTFS
\\?\Volume{75cdaf95-0000-0000-0000-100000000000}\ (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{75cdaf95-0000-0000-0000-70801a000000}\ () (Fixed) (Total:0.44 GB) (Free:0.08 GB) NTFS
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 75CDAF95)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=105.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=132 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt =======================
Zwei weitere Logs im folgenden Post. |
|
30.12.2021, 22:40
| #2 |
| | Fake Trading Software, evtl. heimlicher Remote Zugriff? Shortcut_30-12-2021 22.23.45.txt
__________________Code:
ATTFilter Untersuchungsergebnis der Verknüpfungen des Benutzers (x64) Version: 27-12-2021
durchgeführt von dracu (30-12-2021 22:23:45)
Gestartet von C:\Users\dracu\Downloads
Start-Modus: Normal
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk -> C:\Program Files\Adobe\Acrobat DC\Acrobat\acrodist.exe (Adobe Systems Incorporated.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> E:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk -> C:\Program Files\PCHealthCheck\PCHealthCheck.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10-Update-Assistent.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2021\WISO Steuer-Sparbuch 2021.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2021\WISO2021.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2020\WISO steuer Sparbuch 2020.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2020\WISO2020.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2019\WISO steuer Sparbuch 2019.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2019\WISO2019.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2018\WISO steuer Sparbuch 2018.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2018\WISO2018.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2017\WISO steuer Sparbuch 2017.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2017\WISO2017.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2016\WISO steuer Sparbuch 2016.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2016\WISO2016.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files (x86)\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3\Unified Remote.lnk -> C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3\Uninstall Unified Remote.lnk -> C:\Program Files (x86)\Unified Remote 3\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle\Tunngle entfernen.lnk -> E:\Program Files (x86)\Tunngle\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle\Tunngle.lnk -> E:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> E:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron (64-Bit)\Iron Config and Backup.lnk -> C:\Program Files\SRWare Iron (64-Bit)\Iron_Backup_Config.exe (SRWare)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron (64-Bit)\SRWare Iron (64-Bit) entfernen.lnk -> C:\Program Files\SRWare Iron (64-Bit)\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron (64-Bit)\SRWare Iron (64-Bit).lnk -> C:\Program Files\SRWare Iron (64-Bit)\chrome.exe (SRWare)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Xperia Companion\Xperia Companion.lnk -> C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe (Sony)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7\Python (command line).lnk -> C:\Windows\Installer\{79F081BF-7454-43DB-BD8F-9EE596813233}\python_icon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7\Python Manuals.lnk -> E:\Programme\Python27\Doc\python279.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFsam Basic\PDFsam Basic.lnk -> C:\Program Files\PDFsam Basic\pdfsam.exe (Sober Lemur S.a.s di Vacondio Andrea)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAudible\OpenAudible Uninstaller.lnk -> E:\Program Files\OpenAudible\uninstall.exe (openaudible.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAudible\OpenAudible.lnk -> E:\Program Files\OpenAudible\OpenAudible.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Burning ROM.lnk -> C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero CoverDesigner.lnk -> C:\Program Files (x86)\Nero\Nero CoverDesigner\CoverDes.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero WaveEditor.lnk -> C:\Program Files (x86)\Nero\Nero WaveEditor\waveedit.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Toolkit\Nero BurnRights.lnk -> C:\Program Files (x86)\Nero\Nero Toolkit\Nero BurnRights\NeroBurnRights.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Toolkit\Nero CD-DVD Speed.lnk -> C:\Program Files (x86)\Nero\Nero Toolkit\Nero CD-DVD Speed\CDSpeed.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Toolkit\Nero DriveSpeed.lnk -> C:\Program Files (x86)\Nero\Nero Toolkit\Nero DriveSpeed\DriveSpeed.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Toolkit\Nero InfoTool.lnk -> C:\Program Files (x86)\Nero\Nero Toolkit\Nero InfoTool\InfoTool.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble\Mumble.lnk -> E:\Program Files (x86)\Mumble\mumble.exe (Thorvald Natvig)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble\Murmur.lnk -> C:\Windows\Installer\{8A01C920-26AD-4574-8C2B-95D9245B1EBE}\murmur.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Aufzeichnungs-Manager von Skype for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office-Spracheinstellungen.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetriedashboard für Office.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msotd.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetrieprotokoll für Office.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Java konfigurieren.lnk -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\About IrfanView.lnk -> E:\Program Files\IrfanView\i_about.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Available Languages.lnk -> E:\Program Files\IrfanView\i_languages.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Available PlugIns.lnk -> E:\Program Files\IrfanView\i_plugins.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\Command line Options.lnk -> E:\Program Files\IrfanView\i_options.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView 64 4.41.lnk -> E:\Program Files\IrfanView\i_view64.exe (Irfan Skiljan)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView Help.lnk -> E:\Program Files\IrfanView\i_view32.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\What's New.lnk -> E:\Program Files\IrfanView\i_changes.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe (Hewlett-Packard)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet 200 color MFP M276\HP Druckerstatus und Warnmeldungen.lnk -> C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet 200 color MFP M276\HP Hilfe- und Lern-Center.lnk -> C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\Help_Learn\Help.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet 200 color MFP M276\HP Scan.lnk -> C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\HPScan.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet 200 color MFP M276\HP Send Fax.lnk -> C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\hppeFax_M276.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter\freac - free audio converter.lnk -> C:\Program Files (x86)\freac\freac.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter\freac Benutzerhandbuch.lnk -> C:\Program Files (x86)\freac\manual\index.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter\freac Deinstallieren.lnk -> C:\Program Files (x86)\freac\uninstall.exe (chapter.0)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Uninstall Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DoNotSpy10\DoNotSpy10.lnk -> C:\Program Files (x86)\DoNotSpy10\DoNotSpy10.exe (pXc-coding)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 16\onlineTV 16.lnk -> C:\Program Files (x86)\concept design\onlineTV 16\onlineTV.exe (concept/design GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 16\onlineTV @ Android.lnk -> C:\Program Files (x86)\concept design\onlineTV 16\onlineTVAndroid.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 16\Ressource\Weitere Sender.lnk -> C:\Program Files (x86)\concept design\onlineTV 16\onlineTVRes.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 14\onlineTV 14.lnk -> C:\Program Files (x86)\concept design\onlineTV 14\onlineTV.exe (concept/design GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 14\onlineTV @ Android.lnk -> C:\Program Files (x86)\concept design\onlineTV 14\onlineTVAndroid.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 14\Ressource\Weitere Sender.lnk -> C:\Program Files (x86)\concept design\onlineTV 14\onlineTVRes.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP\AIMP Advanced Tag Editor.lnk -> C:\Program Files (x86)\AIMP\AIMPate.exe (AIMP DevTeam)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP\AIMP Audio Converter.lnk -> C:\Program Files (x86)\AIMP\AIMPac.exe (AIMP DevTeam)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP\AIMP.lnk -> C:\Program Files (x86)\AIMP\AIMP.exe (AIMP DevTeam)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP\AudioConverter.lnk -> C:\Program Files (x86)\AIMP\AIMPac.exe (AIMP DevTeam)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP\TagEditor.lnk -> C:\Program Files (x86)\AIMP\AIMPate.exe (AIMP DevTeam)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP\Uninstall.lnk -> C:\Program Files (x86)\AIMP\Uninstall.exe (AIMP DevTeam)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\dracu\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\Links\Desktop.lnk -> C:\Users\dracu\Desktop ()
Shortcut: C:\Users\dracu\Links\Downloads.lnk -> C:\Users\dracu\Downloads ()
Shortcut: C:\Users\dracu\Desktop\GMX ProfiFax.lnk -> C:\Users\dracu\AppData\Local\GMXProfiFax\GMX ProfiFax.exe (1und1 Mail and Media GmbH)
Shortcut: C:\Users\dracu\Desktop\mp3DirectCut.lnk -> E:\Program Files (x86)\mp3DirectCut\mp3DirectCut.exe (Martin Pesch)
Shortcut: C:\Users\dracu\Desktop\mumble.exe - Verknüpfung.lnk -> E:\Program Files (x86)\Mumble\mumble.exe (Thorvald Natvig)
Shortcut: C:\Users\dracu\Desktop\onlineTV 15.lnk -> C:\Program Files (x86)\concept design\onlineTV 15\onlineTV.exe (concept/design GmbH)
Shortcut: C:\Users\dracu\Desktop\Total Commander.lnk -> C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
Shortcut: C:\Users\dracu\Desktop\Windows 10-Update-Assistent.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\Desktop\20201226\Nero CoverDesigner.lnk -> C:\Program Files (x86)\Nero\Nero CoverDesigner\CoverDes.exe (Nero AG)
Shortcut: C:\Users\dracu\Desktop\20201226\Uplay.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe (Ubisoft)
Shortcut: C:\Users\dracu\Desktop\20201226\Windows 10-Update-Assistent.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\dracu\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files (x86)\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\README.lnk -> E:\Program Files\Unlocker\README.TXT ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Start Unlocker.lnk -> E:\Program Files\Unlocker\Unlocker.exe ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnk -> E:\Program Files\Unlocker\uninst.exe ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Website.lnk -> E:\Program Files\Unlocker\Unlocker.url ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe (Ubisoft)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uplay.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe (Ubisoft)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander\Total Commander Entfernen oder Reparieren.lnk -> C:\totalcmd\TCUNINST.EXE ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander\Total Commander Hilfe.lnk -> C:\totalcmd\TOTALCMD.CHM ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander\Total Commander.lnk -> C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> E:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\DUC.lnk -> E:\Program Files (x86)\No-IP\DUC40.exe ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\License.lnk -> E:\Program Files (x86)\No-IP\License.txt ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\Uninstall.lnk -> E:\Program Files (x86)\No-IP\Uninstall.exe ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain\MP3Gain Help.lnk -> E:\Program Files (x86)\MP3Gain\MP3Gain.chm ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain\MP3Gain.lnk -> E:\Program Files (x86)\MP3Gain\MP3GainGUI.exe (Snelg Enterprises)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain\Uninstall MP3Gain.lnk -> E:\Program Files (x86)\MP3Gain\uninst-mp3gain.exe ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView 64 4.50.lnk -> E:\Program Files\IrfanView\i_view64.exe (Irfan Skiljan)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView Hilfe.lnk -> E:\Program Files\IrfanView\Help\i_view32_deutsch.chm ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\Kommandozeilen-Optionen.lnk -> E:\Program Files\IrfanView\i_options.txt ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\Verfügbare PlugIns.lnk -> E:\Program Files\IrfanView\i_plugins.txt ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\Verfügbare Sprachen.lnk -> E:\Program Files\IrfanView\i_languages.txt ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\Was ist neu.lnk -> E:\Program Files\IrfanView\i_changes.txt ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\Über IrfanView.lnk -> E:\Program Files\IrfanView\i_about.txt ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst\LIVE!\GamersFirst LIVE!.lnk -> C:\Users\dracu\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst\LIVE!\Uninstall.lnk -> C:\Users\dracu\AppData\Local\GamersFirst\LIVE!\uninstall.exe (GamersFirst)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 15\onlineTV 15.lnk -> C:\Program Files (x86)\concept design\onlineTV 15\onlineTV.exe (concept/design GmbH)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 15\onlineTV @ Android.lnk -> C:\Program Files (x86)\concept design\onlineTV 15\onlineTVAndroid.url ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 15\Ressource\Weitere Sender.lnk -> C:\Program Files (x86)\concept design\onlineTV 15\onlineTVRes.url ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bierbuden\Weissbierbude.lnk -> E:\Programme\Bierbuden\weissbierbude_de.pyw ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1und1 Mail and Media GmbH\GMX ProfiFax.lnk -> C:\Users\dracu\AppData\Local\GMXProfiFax\GMX ProfiFax.exe (1und1 Mail and Media GmbH)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\SendTo\PDFsam Basic.lnk -> C:\Program Files\PDFsam Basic\pdfsam.exe (Sober Lemur S.a.s di Vacondio Andrea)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DoNotSpy10.lnk -> C:\Program Files (x86)\DoNotSpy10\DoNotSpy10.exe (pXc-coding)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SRWare Iron (64-Bit).lnk -> C:\Program Files\SRWare Iron (64-Bit)\chrome.exe (SRWare)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Tunngle.lnk -> E:\Program Files (x86)\Tunngle\Tunngle.exe (Tunngle.net GmbH)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\AIMP Audio Converter.lnk -> C:\Program Files (x86)\AIMP\AIMPac.exe (AIMP DevTeam)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\IrfanView 64 4.41.lnk -> E:\Program Files\IrfanView\i_view64.exe (Irfan Skiljan)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> E:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\mumble.exe - Verknüpfung.lnk -> E:\Program Files (x86)\Mumble\mumble.exe (Thorvald Natvig)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ThunderbirdPortabl.lnk -> E:\Program Files (x86)\ThunderbirdPortable\ThunderbirdPortable.exe (PortableApps.com)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Total Commander.lnk -> C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.PurchaseDialog_cw5n1h2txyewy\Microsoft.Windows.PurchaseDialog.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.ContactSupport_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Microsoft.XboxIdentityProvider.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Microsoft.XboxGameCallableUI.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxApp_8wekyb3d8bbwe\Microsoft.XboxApp.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsStore_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsPhone_8wekyb3d8bbwe\CompanionApp.App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsMaps_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsFeedback_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.calendar.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.mail.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCamera_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCalculator_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsAlarms_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Photos_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaUI.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.SkypeApp_kzf8qxf38zg5c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.People_8wekyb3d8bbwe\x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Office.OneNote_8wekyb3d8bbwe\microsoft.onenoteim.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.LockApp_cw5n1h2txyewy\WindowsDefaultLockScreen.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Getstarted_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BioEnrollment_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingSports_8wekyb3d8bbwe\AppexSports.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingNews_8wekyb3d8bbwe\AppexNews.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\AppexFinance.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Appconnector_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AccountsControl_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.3DBuilder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracula\Links\Desktop.lnk -> C:\Users\dracula\Desktop ()
Shortcut: C:\Users\dracula\Links\Downloads.lnk -> C:\Users\dracula\Downloads ()
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\dracula\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Adobe Acrobat DC.lnk -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.)
Shortcut: C:\Users\Public\Desktop\DoNotSpy10.lnk -> C:\Program Files (x86)\DoNotSpy10\DoNotSpy10.exe (pXc-coding)
Shortcut: C:\Users\Public\Desktop\freac - free audio converter.lnk -> C:\Program Files (x86)\freac\freac.exe ()
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Public\Desktop\HP LJ200 M276 Scan.lnk -> C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\HPScan.exe (Hewlett-Packard Co.)
Shortcut: C:\Users\Public\Desktop\Iron Config and Backup.lnk -> C:\Program Files\SRWare Iron (64-Bit)\Iron_Backup_Config.exe (SRWare)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\onlineTV 14.lnk -> C:\Program Files (x86)\concept design\onlineTV 14\onlineTV.exe (concept/design GmbH)
Shortcut: C:\Users\Public\Desktop\onlineTV 16.lnk -> C:\Program Files (x86)\concept design\onlineTV 16\onlineTV.exe (concept/design GmbH)
Shortcut: C:\Users\Public\Desktop\OpenAudible.lnk -> E:\Program Files\OpenAudible\OpenAudible.exe ()
Shortcut: C:\Users\Public\Desktop\PDFsam Basic.lnk -> C:\Program Files\PDFsam Basic\pdfsam.exe (Sober Lemur S.a.s di Vacondio Andrea)
Shortcut: C:\Users\Public\Desktop\SRWare Iron (64-Bit).lnk -> C:\Program Files\SRWare Iron (64-Bit)\chrome.exe (SRWare)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\Public\Desktop\WISO steuer Sparbuch 2019.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2019\WISO2019.EXE ()
Shortcut: C:\Users\Public\Desktop\WISO steuer Sparbuch 2020.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2020\WISO2020.EXE ()
Shortcut: C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2021.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2021\WISO2021.EXE ()
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7\IDLE (Python GUI).lnk -> C:\Windows\Installer\{79F081BF-7454-43DB-BD8F-9EE596813233}\python_icon.exe () -> "e:\Programme\Python27\Lib\idlelib\idle.pyw"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7\Module Docs.lnk -> C:\Windows\Installer\{79F081BF-7454-43DB-BD8F-9EE596813233}\python_icon.exe () -> "e:\Programme\Python27\Tools\scripts\pydocgui.pyw"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7\Uninstall Python.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x{79F081BF-7454-43DB-BD8F-9EE596813233}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFsam Basic\Uninstall.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {06C071AD-846F-4E21-A938-63DA54A45EB3}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Express.lnk -> C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe (Nero AG) -> /w
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Setup\Nero ProductSetup.lnk -> C:\Program Files (x86)\Common Files\Ahead\Nero Web\SetupX.exe (Nero AG) -> MODE="update"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools\Database Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools\Office Upload Center.lnk -> C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools\Spreadsheet Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Auf Updates prüfen.lnk -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Info zu Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView - Thumbnails.lnk -> E:\Program Files\IrfanView\i_view64.exe (Irfan Skiljan) -> /thumbs
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\dracu\Desktop\Google Photos.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ncmjhecbjeaamljdfahankockkkdmedg
ShortcutWithArgument: C:\Users\dracu\Desktop\Microsoft Teams.lnk -> C:\Users\dracu\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\dracu\Desktop\20201226\HP\HP LaserJet 200 color MFP M276\HP Gerät neu konfigurieren.lnk -> C:\Program Files (x86)\HP\csiInstaller\CC38C23C-7824-4DBB-AC73-997CD0BBFEC7\Setup.exe (Hewlett-Packard) -> /ReconfigWireless
ShortcutWithArgument: C:\Users\dracu\Desktop\20201226\HP\HP LaserJet 200 color MFP M276\Produktsoftware deinstallieren.lnk -> C:\Program Files (x86)\HP\csiInstaller\CC38C23C-7824-4DBB-AC73-997CD0BBFEC7\Setup.exe (Hewlett-Packard) -> /Uninstall
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Word\Schreiben%20Botschaft306559941425693389\Schreiben%20Botschaft.docx.lnk -> E:\Downloads_JX\USB Stick\heirat eingereicht komplett\bruder\Schreiben Botschaft.docx () -> 0
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk -> C:\Users\dracu\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView - Thumbnails.lnk -> E:\Program Files\IrfanView\i_view64.exe (Irfan Skiljan) -> /thumbs
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Google Photos.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=ncmjhecbjeaamljdfahankockkkdmedg
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Express.lnk -> C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe (Nero AG) -> /w
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Teams.lnk -> C:\Users\dracu\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe" --process-start-args "--profile=AAD"
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2021\Hilfen\WISO Steuer-Sparbuch 2021 Online-Hilfe.url -> URL: hxxp://www.buhl.de/go/13468
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2020\Hilfen\WISO steuer Sparbuch 2020 Online-Hilfe.url -> URL: hxxp://www.buhl.de/go/11892
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2019\Hilfen\WISO steuer Sparbuch 2019 Online-Hilfe.url -> URL: hxxp://www.buhl.de/go/8143
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2018\Hilfen\WISO steuer Sparbuch 2018 Online-Hilfe.url -> URL: hxxp://www.buhl.de/go/4451
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2017\Hilfen\WISO steuer Sparbuch 2017 Online-Hilfe.url -> URL: hxxp://www.buhl.de/go/2241
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2016\Hilfen\WISO steuer Sparbuch 2016 Online-Hilfe.url -> URL: hxxp://www.buhl.de/go/325
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3\Unified Remote Client.url -> URL: hxxp://localhost:9510/client
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3\Unified Remote Manager.url -> URL: hxxp://localhost:9510/web
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3\Unified Remote on the Web.url -> URL: hxxps://www.unifiedremote.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle\Tunngle im Internet.url -> URL: hxxp://www.Tunngle.net/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron (64-Bit)\SRWare Iron (64-Bit) im Internet.url -> URL: hxxp://www.srware.net/iron
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFsam Basic\PDFsam on the Web.url -> URL: hxxps://pdfsam.org/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Besuchen Sie Java.com.url -> URL: hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Hilfe aufrufen.url -> URL: hxxp://java.com/help
InternetURL: C:\Users\dracu\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\dracu\Favorites\Bundestagsabgeordnete in Hessen.url -> URL: hxxp://www.hu-hessen.de/mdbs/info.php
InternetURL: C:\Users\dracu\Favorites\Deinstallieren von Flash Player Windows.url -> BASEURL: hxxp://helpx.adobe.com/de/flash-player/kb/uninstall-flash-player-windows.html URL: hxxp://helpx.adobe.com/de/flash-player/kb/uninstall-flash-player-windows.html
InternetURL: C:\Users\dracu\Favorites\Direkter Download _ tagesschau.de.url -> URL: hxxp://www.tagesschau.de/download/podcast/
InternetURL: C:\Users\dracu\Favorites\Firesheep_ Account-Diebstahl für Jedermann _ Digital _ ZEIT ONLINE.url -> URL: hxxp://www.zeit.de/digital/datenschutz/2010-10/firesheep-firefox-hack
InternetURL: C:\Users\dracu\Favorites\Informationen rund um Ernährung und Gesundheit (Universität Hohenheim).url -> URL: hxxps://www.uni-hohenheim.de/wwwin140/info/info.htm
InternetURL: C:\Users\dracu\Favorites\MP4 TV - Podcast und MP4 Videos (Vodcast) für Streaming und Download.url -> URL: hxxp://www.mp4-tv.de/
InternetURL: C:\Users\dracu\Favorites\SHOUTcast Administrator.url -> URL: hxxp://192.168.1.2:61275/
InternetURL: C:\Users\dracu\Favorites\Startseite Bremen Eins - Bremen Eins - Radio Bremen.url -> URL: hxxp://www.radiobremen.de/bremeneins/#
InternetURL: C:\Users\dracu\Favorites\Windows Live\Windows Live Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\dracu\Favorites\Windows Live\Windows Live Ideas.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\dracu\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\dracu\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\dracu\Favorites\MSN-Websites\MSN Auto.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\dracu\Favorites\MSN-Websites\MSN Fernsehen.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\dracu\Favorites\MSN-Websites\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\dracu\Favorites\MSN-Websites\MSN Nachrichten.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\dracu\Favorites\MSN-Websites\MSN Sport.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\dracu\Favorites\MSN-Websites\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\dracu\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\dracu\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\dracu\Favorites\Microsoft-Websites\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\dracu\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\dracu\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\dracu\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\dracu\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\dracu\Favorites\Links\Vorgeschlagene Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\dracu\Favorites\Links\Web Slice-Katalog.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\dracu\Downloads\Alle 300 Fragen und Antworten zum Einbürgerungstest der Bundesrepublik Deutschland, Seite 1 – Einbürgerungstest online – all.URL -> URL: hxxps://www.einbuergerungstest-online.eu/fragen/
InternetURL: C:\Users\dracu\Desktop\CHAT VON GESTERN NACHT.URL -> URL: hxxp://www.chatvongesternnacht.de/ort/Regensburg?page=5
InternetURL: C:\Users\dracu\Desktop\Deutsche Rentenversicherung - Vor der Rente - Kontenklärung.URL -> URL: hxxps://www.deutsche-rentenversicherung.de/Allgemein/de/Inhalt/5_Services/04_formulare_und_antraege/01_versicherte/01_vor_der_rente/_DRV_Paket_Versicherung_Kontenklaerung.html
InternetURL: C:\Users\dracu\Desktop\Erlösung (2016) - IMDb.URL -> URL: hxxp://www.imdb.com/title/tt4088268/
InternetURL: C:\Users\dracu\Desktop\FIXIE Inc. Betty Leeds in Black Glossy (2017) - mydealz.de.URL -> URL: hxxps://www.mydealz.de/deals/fixie-inc-betty-leeds-in-black-glossy-2017-1059218
InternetURL: C:\Users\dracu\Desktop\mpv.io.URL -> URL: hxxps://mpv.io/
InternetURL: C:\Users\dracu\Desktop\Musicstream.cc stream your music.URL -> URL: hxxp://musicstream.cc/
InternetURL: C:\Users\dracu\Desktop\Neue Internetverknüpfung.url -> URL: hxxp://arteconcert.gl-systemhaus.de/am/concert/061000/061700/061702-000-A_SQ_0_VO_02022391_MP4-2200_AMM-ALW.mp4
InternetURL: C:\Users\dracu\Desktop\So sichern Sie sich die volle Rente 13.04.2016.URL -> URL: hxxp://www.verivox.de/nachrichten/so-sichern-sie-sich-die-volle-rente-109335.aspx?utm_medium=emailmarketing&utm_source=newsletter&utm_campaign=newsletter_20160424_a&utm_content=http%3a%2f%2fwww.verivox.de%2fnachrichten%2fso-sichern-sie-sich-die-volle-rente-109335.aspx
InternetURL: C:\Users\dracu\Desktop\The Lobster - Entertainment - xREL.v3 - Release & NFO Source #1.URL -> URL: hxxp://www.xrel.to/movie/127662/The-Lobster.html
InternetURL: C:\Users\dracu\Desktop\Torque Drift.url -> URL: steam://rungameid/1029550
InternetURL: C:\Users\dracu\Desktop\Yemi Alade - Want You (Video) - YouTube.URL -> URL: hxxps://www.youtube.com/watch?v=QmsC_jx9jN0&index=44&list=RDEMSc9IxKcC1dby-t8viHNFkw
InternetURL: C:\Users\dracu\Desktop\[APP][5.0+] DNS66 - Open Source HostAd-Bloc… - Pg. 62 Android Development and Hacking.URL -> URL: hxxps://forum.xda-developers.com/android/apps-games/app-dns66-source-host-ad-blocker-root-t3487497/page62
InternetURL: C:\Users\dracu\Desktop\20201226\13.08.16 2153 Uhr GRIP Bass & Furious 3 Electronic 256 kbits 0 0 3.718 Hits VIDP2PDDL 0 Kommentare.URL -> URL: hxxp://goldesel.to/audio/sampler/304929-va_-_grip_bass_and_furious_3-88985_32103_2-2cd-2016-zzzz
InternetURL: C:\Users\dracu\Desktop\20201226\Apartment with 3Rooms in Frankfurt - Apartments zur Miete in Frankfurt am Main.URL -> URL: hxxps://www.airbnb.de/rooms/5406919?checkin=07.04.2016&checkout=08.04.2016&guests=3&s=hxQmL6-R
InternetURL: C:\Users\dracu\Desktop\20201226\Fluggastrechte - Ansprüche bei Verspätung, verlorenem Gepäck & Co. - Finanztip.URL -> URL: hxxp://www.finanztip.de/fluggastrecht/
InternetURL: C:\Users\dracu\Desktop\20201226\Gepäckprobleme - Wie gehe ich vor TAP Air Portugal.URL -> URL: hxxps://www.flytap.com/de-de/gepaeck/gepaeckprobleme
InternetURL: C:\Users\dracu\Desktop\20201226\Germany's Next Topmodel-Best Catwalk Hits 2017 - Various Amazon.de Musik.URL -> URL: hxxps://www.amazon.de/Germanys-Next-Topmodel-Best-Catwalk-Hits/dp/B06W2FNQW4/ref=sr_1_1?s=music&ie=UTF8&qid=1489100262&sr=1-1&keywords=germanys+next+topmodel+2017
InternetURL: C:\Users\dracu\Desktop\20201226\Junghans Herren-Armbanduhr XL MILANO SOLAR Analog Leder 0144060 Amazon.de Uhren.URL -> URL: hxxps://www.amazon.de/Junghans-Herren-Armbanduhr-MILANO-SOLAR-Analog/dp/B0056ZRAO8/ref=cts_wa_2_vtp?pf_rd_m=A3JWKAKR8XB7XF&pf_rd_p=1212178327&pf_rd_r=JTTA286RKMNP82STCVS6&pd_rd_wg=zEjmQ&pf_rd_s=desktop-detail-softlines&pf_rd_t=40701&pd_rd_i=B0056ZRAO8&pd_rd_w=VotO4&pf_rd_i=desktop-detail-softlines&pd_rd_r=JTTA286RKMNP82STCVS6&_encoding=UTF8
InternetURL: C:\Users\dracu\Desktop\20201226\playlist Mutter, der Mann mit dem Koks ist da [Technobase] - YouTube.URL -> URL: hxxps://www.youtube.com/watch?v=rUdru202TBM&list=RDrUdru202TBM&index=1
InternetURL: C:\Users\dracu\Desktop\20201226\Project CARS Formula 1 @ The Nurburgring ... - YouTube.URL -> URL: hxxps://www.youtube.com/watch?v=gBEGbDe7LW0
InternetURL: C:\Users\dracu\Desktop\20201226\Rennrad Triban 540 Alu 105 11-fach schwarzgrau - Decathlon Deutschland.URL -> URL: hxxps://www.decathlon.de/rennrad-triban-540-alu-105-11-fach-schwarz-grau-id_8377756.html
InternetURL: C:\Users\dracu\Desktop\20201226\Streaming directory -- streams & radios.URL -> URL: hxxp://dir.xiph.org/search?search=eurodance
InternetURL: C:\Users\dracu\Desktop\20201226\Suchergebnisse » velvet » Movie-blog.org – Filme & Serien zum gratis Download & Stream.URL -> URL: hxxp://www.movie-blog.org/index.php?s=velvet&cat=0
InternetURL: C:\Users\dracu\Desktop\20201226\Windows*10 herunterladen.URL -> URL: hxxps://www.microsoft.com/de-de/software-download/windows10
InternetURL: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Torque Drift.url -> URL: steam://rungameid/1029550
InternetURL: C:\Users\dracula\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
==================== Ende vom Shortcut.txt =============================
Malwarebytes._30-12-2021 22.21.18.txt Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 30.12.21
Scan-Zeit: 22:20
Protokolldatei: 4942fcb4-69b6-11ec-a4cd-0090f5e0779e.json
-Softwaredaten-
Version: 4.5.0.152
Komponentenversion: 1.0.1538
Version des Aktualisierungspakets: 1.0.49198
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 19042.1415)
CPU: x64
Dateisystem: NTFS
Benutzer: LU\dracu
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 343038
Erkannte Bedrohungen: 2
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 1 Min., 6 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 2
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Keine Aktion durch Benutzer, 6708, 676881, 1.0.49198, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Keine Aktion durch Benutzer, 6708, 676881, 1.0.49198, , ame, , ,
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
|
|
30.12.2021, 23:00
| #3 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Fake Trading Software, evtl. heimlicher Remote Zugriff?Zitat:
__________________ |
|
30.12.2021, 23:15
| #4 |
| | Fake Trading Software, evtl. heimlicher Remote Zugriff? Vor ein paar Jahren bin ich auf etwas hereingefallen: Es sollte ein Trading Bot sein, der halt über Nacht etwas aus eingezahltem Geld macht. Als dann meine Kredikarte gesperrt wurde und ich diverse Anrufe aus verschiedenen Ländern kamen, z. T. die selbe Person am anderen Ende des Telefons, war mir relativ klar, auf eine Masche hereingefallen zu sein. Das eingezahlte Geld habe ich damals nicht wiederbekommen, hatte damals dann auch Parallelfälle dazu gefunden. Ich bin mir halt nicht mehr sicher, ob ich damals alles restlos wieder entfernt habe. Ich habe letztens einen Artikel gelesen, was so alles möglich ist, und habe daher Angst bekommen, dass von damals evtl. noch etwas übrig geblieben ist. Es handelte sich um FX Breeze: https://scamrecovery.net/trading/fx-breeze/ LG Chris |
|
30.12.2021, 23:33
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fake Trading Software, evtl. heimlicher Remote Zugriff? Was ist denn das für ne komische Story?  Da ist dir vor x Jahren was Dummes passiert und JETZT auf einmal fällt dir ein, dass da ein Bot aktiv ist?! Naja was auch immer du da meinst, der Rechner ist zugemüllt, da muss erstmal aufgeräumt werden: Störende, veraltete oder unnötige Programme deinstallieren Bitte über Programme und Features (appwiz.cpl) deinstallieren:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.12.2021, 00:52
| #6 |
| | Fake Trading Software, evtl. heimlicher Remote Zugriff? Danke Dir. Anbei die neuen Logs nach dem deinstallieren veralteter Programme: FRST_31-12-2021 00.47.40.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-12-2021
durchgeführt von dracu (Administrator) auf LU (CLEVO P170EM) (31-12-2021 00:43:57)
Gestartet von C:\Users\dracu\Downloads
Geladene Profile: dracu
Plattform: Microsoft Windows 10 Home Version 20H2 19042.1415 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Ghisler Software GmbH -> Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(HP) [Datei ist nicht signiert] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\dracu\AppData\Local\Microsoft\Teams\current\Teams.exe <8>
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1371_none_7e1bd7147c8285b0\TiWorker.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Unified Intents AB -> Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
(Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corp. -> Valve Corporation) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve Corp. -> Valve Corporation) E:\Program Files (x86)\Steam\steam.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2014-04-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16686600 2016-08-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330176 2014-08-19] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [Steam] => e:\Program Files (x86)\Steam\steam.exe [4267432 2021-12-16] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [NoIPDUCv4] => E:\Program Files (x86)\No-IP\DUC40.exe [347648 2015-07-21] () [Datei ist nicht signiert]
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [3186264 2019-08-04] (Unified Intents AB -> Unified Intents AB)
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\dracu\AppData\Local\Microsoft\Teams\Update.exe [2459304 2021-12-10] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" (Keine Datei)
HKLM\...\Windows x64\Print Processors\hpcpp117: C:\Windows\System32\spool\prtprocs\x64\hpcpp117.DLL [467456 2013-03-21] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\HP Fax Port: c:\windows\system32\hppfaxprintermon5.dll [27704 2014-04-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: c:\windows\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [Datei ist nicht signiert]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\96.1.33.106\Installer\chrmstp.exe [2021-12-15] (Brave Software, Inc. -> Brave Software, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {2EC18639-7125-4A11-842C-C32CDC8A7086} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMSync => C:\Program Files\ruxim\ruximics.exe [477512 2021-06-30] (Microsoft Windows -> Microsoft Corporation)
Task: {71E80772-B077-4C1B-AD9F-C38C767517E7} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync => {2AE64751-B728-4D6B-97A0-B2DA2E7D2A3B}
Task: {89BD13E7-D90B-41E7-91AB-CF803A0752AE} - System32\Tasks\Microsoft\Windows\Offline Files\Logon Synchronization => {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}
Task: {8B1ADEC7-8D07-493A-B927-7DAFB3099325} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {8B27DBF0-9068-4D8D-9E1D-EA2DD18FF7FE} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {9A9F9193-9F51-4D20-A5A7-B400728324B7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {9F9CAC69-DDF0-4E68-A6EE-EB86130B2D3E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108872 2021-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {A03FC1C5-AEC3-4EB7-9C29-062ABCFD18B0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay => C:\Program Files\ruxim\ruximics.exe [477512 2021-06-30] (Microsoft Windows -> Microsoft Corporation)
Task: {AF2C369F-EDAB-4225-B1B4-1ECAB210D742} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6332312 2021-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {C12A1962-9635-4527-A4DF-DA0B7206EBF3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108872 2021-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {C22C7785-E77A-49D7-819B-A6B00CD05D87} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5AAF881-4C44-4EEE-867D-C091769F3CA7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6332312 2021-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {EBD25561-3D4B-421B-99D8-50B1CAB321B7} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {F1C5573A-A641-4228-88C2-64F8E5DD7461} - System32\Tasks\Microsoft\Windows\Offline Files\Background Synchronization => {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}
Task: {F94C0C57-054C-4AC2-9057-246937934FC5} - System32\Tasks\{BB560199-F897-4C64-9FBB-D53275DBE13E} => "e:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.18.0.111/de/abandoninstall?source=lightinstaller&page=tsPlugin hxxp://ui.skype.com/ui/0/7.18.0.111/de/abandoninstall?source=lightinstaller&page=tsPlugin (Keine Datei)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.69.96.12 81.210.129.4
Tcpip\..\Interfaces\{464fe82d-2993-469f-a10a-e3b78d1801a9}: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{5042b15d-9884-4e3c-a73b-7921f052c2a9}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{638592f2-2a53-4d42-88c3-df0f6df7ac00}: [DhcpNameServer] 192.168.0.142
Tcpip\..\Interfaces\{8b1126e0-1dca-4181-ba41-62ffa6a856c1}: [DhcpNameServer] 80.69.96.12 81.210.129.4
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <==== ACHTUNG
Edge:
=======
DownloadDir: C:\Users\dracu\Downloads
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\dracu\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-31]
FireFox:
========
FF DefaultProfile: hzn6vdjy.default
FF ProfilePath: C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\qfvz9mj9.default-release [2021-12-31]
FF ProfilePath: C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default [2021-12-30]
FF NetworkProxy: Mozilla\Firefox\Profiles\hzn6vdjy.default -> socks", "178.197.248.213"
FF Extension: (Avira Browserschutz) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\abs@avira.com.xpi [2019-01-07] [UpdateUrl:hxxps://download.avira.com/package/absnooffers/firefox/update_webext_no_offers.rdf]
FF Extension: (Best Proxy Switcher) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\bestproxyswitcher@bestproxyswitcher.com.xpi [2019-12-10]
FF Extension: (CanvasBlocker) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\CanvasBlocker@kkapsner.de.xpi [2021-11-08]
FF Extension: (Easy Screenshot) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\easyscreenshot@mozillaonline.com.xpi [2021-09-19]
FF Extension: (FoxyProxy Standard) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\foxyproxy@eric.h.jung.xpi [2020-07-30]
FF Extension: (HTTPS Everywhere) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\https-everywhere-eff@eff.org.xpi [2021-04-19] [UpdateUrl:hxxps://www.eff.org/files/https-everywhere-updates.json]
FF Extension: (tb-clear-cache.tooltip) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\tb-clear-cache-single@codefisher.org.xpi [2018-08-25]
FF Extension: (uBlock Origin) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\uBlock0@raymondhill.net.xpi [2021-12-28]
FF Extension: (User-Agent Switcher) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\user-agent-switcher@ninetailed.ninja.xpi [2020-12-10]
FF Extension: (Nehmen Sie vollständige Webseiten auf - FireShot) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2021-09-19]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{479f0278-2c34-4365-b9f0-1d328d0f0a40}.xpi [2020-12-10]
FF Extension: (NoScript) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2021-12-30]
FF Extension: (Toggle Referrer) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2021-10-25]
FF Extension: (Rakuten Shopping-Assistent) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{939923c3-1d97-423b-9e0a-17d1a9a23aa0}.xpi [2021-10-11]
FF Extension: (Video DownloadHelper) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-09-19]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default [2021-12-30]
CHR Extension: (Präsentationen) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-13]
CHR Extension: (Docs) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-13]
CHR Extension: (Google Drive) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-10]
CHR Extension: (YouTube) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-13]
CHR Extension: (Avira Password Manager) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-12-28]
CHR Extension: (Tabellen) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-13]
CHR Extension: (Avira Browserschutz) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2021-12-28]
CHR Extension: (Google Docs Offline) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-09]
CHR Extension: (IGRAAL : Cashback & Gutscheine) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2021-12-26]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-25]
CHR Extension: (Google Mail) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-10]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
Opera:
=======
OPR Profile: C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable [2020-12-26]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Avira Safe Shopping) - C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo [2020-12-26]
OPR Extension: (Rich Hints Agent) - C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-12-26]
OPR Extension: (Avira Password Manager) - C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngohaaocccbohaffogpbgfpmpgbcgccg [2020-12-26]
OPR Extension: (Free Avira Phantom VPN – Entsperrt Webseiten) - C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\pcgkmkjdikhiodinhloioejnpjgmfigd [2020-12-26]
Brave:
=======
BRA Profile: C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-11-16]
BRA StartupUrls: Default -> "hxxps://www.google.com/"
BRA DefaultSearchKeyword: Default -> :g
BRA Extension: (MyJDownloader Browser Extension) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2021-09-19]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-11-16]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-11-16]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-08-20]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-11-16]
BRA Extension: (Brave NTP sponsored images) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\obbokncgfcbepeipkhpdepjjoncelefj [2021-11-16]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-11-16]
StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-02] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-02] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12129128 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [Datei ist nicht signiert]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-12-30] (Malwarebytes Inc -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [Datei ist nicht signiert]
R2 NoIPDUCService4; e:\Program Files (x86)\No-IP\ducservice.exe [12288 2015-07-20] () [Datei ist nicht signiert]
S3 PAExec; C:\Windows\PAExec.exe [189112 2015-11-07] (Power Admin LLC -> Power Admin LLC)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [Datei ist nicht signiert]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-12-11] (Even Balance, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 FoxitReaderService; "C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-12-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-12-30] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2021-12-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2021-12-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-12-30] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2021-12-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2015-11-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [28128 2019-08-04] (Unified Intents AB -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-12-30] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435432 2021-12-30] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-30] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-12-31 00:42 - 2021-12-31 00:42 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-12-31 00:42 - 2021-12-31 00:42 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-12-31 00:42 - 2021-12-31 00:42 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-12-31 00:00 - 2021-12-31 00:02 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2021-12-30 23:56 - 2021-12-30 23:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-12-30 23:56 - 2021-12-30 23:56 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-12-30 23:56 - 2021-12-30 23:56 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2021-12-30 23:56 - 2021-12-30 23:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-12-30 23:56 - 2021-12-30 23:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-12-30 23:52 - 2021-12-30 23:52 - 000333960 _____ (Mozilla) C:\Users\dracu\Downloads\Firefox Installer.exe
2021-12-30 23:45 - 2021-12-30 23:45 - 004029464 _____ (Irfan Skiljan) C:\Users\dracu\Downloads\iview459g_x64_setup.exe
2021-12-30 23:43 - 2021-12-30 23:43 - 000000000 ____D C:\Users\Public\Documents\AdobeGCInfo
2021-12-30 22:53 - 2021-12-30 22:53 - 000347875 _____ C:\Users\dracu\Documents\MS Office verlaengert - Screenshots.pdf
2021-12-30 21:23 - 2021-12-31 00:40 - 000070097 _____ C:\Users\dracu\Downloads\Shortcut.txt
2021-12-30 21:16 - 2021-12-31 00:40 - 000054358 _____ C:\Users\dracu\Downloads\Addition.txt
2021-12-30 21:14 - 2021-12-31 00:45 - 000026195 _____ C:\Users\dracu\Downloads\FRST.txt
2021-12-30 21:14 - 2021-12-31 00:44 - 000000000 ____D C:\FRST
2021-12-30 21:14 - 2021-12-30 21:14 - 002311168 _____ (Farbar) C:\Users\dracu\Downloads\FRST64.exe
2021-12-30 21:01 - 2021-12-30 21:01 - 000000000 ____D C:\Users\dracu\AppData\Local\mbam
2021-12-30 20:59 - 2021-12-30 20:59 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-12-30 20:59 - 2021-12-30 20:59 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-12-30 20:59 - 2021-12-30 20:59 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-12-30 20:59 - 2021-12-30 20:59 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-12-30 20:59 - 2021-12-30 20:59 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-12-30 20:59 - 2021-12-30 20:59 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-12-30 20:58 - 2021-12-30 20:58 - 002910904 _____ (Malwarebytes) C:\Users\dracu\Downloads\MBSetup.exe
2021-12-30 20:58 - 2021-12-30 20:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-12-30 20:58 - 2021-12-30 20:58 - 000000000 ____D C:\Program Files\Malwarebytes
2021-12-30 20:57 - 2021-12-30 20:57 - 000000000 ____D C:\WINDOWS\Panther
2021-12-30 20:51 - 2021-12-30 20:51 - 079075480 _____ (F-Secure Corporation) C:\Users\dracu\Downloads\Freedome_pid-6661000+aid-1m96vgw16o0iu9_.exe
2021-12-30 20:51 - 2021-12-30 20:51 - 001682072 _____ (F-Secure Corporation) C:\Users\dracu\Downloads\FSecureIDPWin_pid-6661000+aid-1q0l0m61hbe0y2_.exe
2021-12-30 20:49 - 2021-12-30 20:49 - 001690776 _____ (F-Secure Corporation) C:\Users\dracu\Downloads\F-Secure-Safe-Network-Installer_16ddvt1f3a11r_.exe
2021-12-30 20:26 - 2021-12-30 20:26 - 000011361 _____ C:\Users\dracu\Downloads\Fax_61cdd3fedf8b1442273.pdf
2021-12-30 13:42 - 2021-12-30 13:42 - 000020998 _____ C:\Users\dracu\Downloads\Fax_61cd9ff697b98442273.pdf
2021-12-28 19:35 - 2021-12-28 19:35 - 000119124 _____ C:\Users\dracu\Downloads\Medikamentenplan_Ausdruckbar_Ausfuellbar.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000116886 _____ C:\Users\dracu\Downloads\2020-12-29_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000116682 _____ C:\Users\dracu\Downloads\2020-11-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000116670 _____ C:\Users\dracu\Downloads\2021-08-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000116643 _____ C:\Users\dracu\Downloads\2021-01-25_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000116442 _____ C:\Users\dracu\Downloads\2021-06-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000095638 _____ C:\Users\dracu\Downloads\2021-03-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000095584 _____ C:\Users\dracu\Downloads\2021-09-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000095520 _____ C:\Users\dracu\Downloads\2021-11-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000095450 _____ C:\Users\dracu\Downloads\2021-10-25_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000095434 _____ C:\Users\dracu\Downloads\2021-02-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000095348 _____ C:\Users\dracu\Downloads\2021-04-26_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000095316 _____ C:\Users\dracu\Downloads\2021-05-26_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:02 - 2021-12-26 16:02 - 000095217 _____ C:\Users\dracu\Downloads\2021-07-26_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:01 - 2021-12-26 16:01 - 000115966 _____ C:\Users\dracu\Downloads\2020-09-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:01 - 2021-12-26 16:01 - 000115883 _____ C:\Users\dracu\Downloads\2020-07-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:01 - 2021-12-26 16:01 - 000115599 _____ C:\Users\dracu\Downloads\2020-10-26_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:01 - 2021-12-26 16:01 - 000094870 _____ C:\Users\dracu\Downloads\2020-06-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:01 - 2021-12-26 16:01 - 000094827 _____ C:\Users\dracu\Downloads\2020-08-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:01 - 2021-12-26 16:01 - 000094595 _____ C:\Users\dracu\Downloads\2020-04-24_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 16:01 - 2021-12-26 16:01 - 000094406 _____ C:\Users\dracu\Downloads\2020-05-25_CARD_STATEMENT_1PLUS CARD.pdf
2021-12-26 15:58 - 2021-12-26 15:58 - 001093737 _____ C:\Users\dracu\Downloads\santander-agb-112021.pdf
2021-12-23 08:15 - 2021-12-23 08:15 - 000000000 ___RD C:\Users\dracu\Documents\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe!App
2021-12-23 07:47 - 2021-12-23 07:47 - 000111305 _____ C:\Users\dracu\Downloads\33146f1042709678361b563d.pdf
2021-12-19 17:33 - 2021-12-19 17:33 - 000000000 ____D C:\WINDOWS\SystemTemp
2021-12-19 17:25 - 2021-12-19 17:25 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-19 17:25 - 2021-12-19 17:25 - 000011979 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-19 17:24 - 2021-12-19 17:24 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-19 17:24 - 2021-12-19 17:24 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-12-19 17:11 - 2021-12-19 17:11 - 000000000 ___HD C:\$WinREAgent
2021-12-17 11:39 - 2021-12-17 11:39 - 003158414 _____ C:\Users\dracu\Desktop\kaufvertrag.pdf
2021-12-17 11:36 - 2021-12-17 11:36 - 000002014 _____ C:\Users\Public\Desktop\PDFsam Basic.lnk
2021-12-17 11:36 - 2021-12-17 11:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFsam Basic
2021-12-17 11:36 - 2021-12-17 11:36 - 000000000 ____D C:\Program Files\PDFsam Basic
2021-12-12 20:49 - 2021-12-12 20:49 - 000108258 _____ C:\Users\dracu\Desktop\strom2.pdf
2021-12-12 20:41 - 2021-12-12 20:41 - 000364047 _____ C:\Users\dracu\Desktop\Rechnung_794307.pdf
2021-12-03 19:36 - 2021-12-03 19:28 - 001548618 _____ C:\Users\dracu\Desktop\Antrag_Mehrstaatigkeit.pdf
2021-12-03 19:16 - 2021-12-03 19:22 - 001550272 _____ C:\Users\dracu\Desktop\Scan0039_geschwärzt.pdf
2021-12-03 19:02 - 2021-12-03 19:02 - 002531832 _____ (Adobe Inc.) C:\Users\dracu\Downloads\Acrobat_DC_Set-Up.exe
2021-12-03 16:49 - 2021-12-03 16:49 - 000782117 _____ C:\Users\dracu\Desktop\Versicherungsbedingungen_1404-2745-1070-81.pdf
2021-12-03 16:49 - 2021-12-03 16:49 - 000148058 _____ C:\Users\dracu\Desktop\Beratungsprotokoll_1404-2745-1070-81.pdf
2021-12-03 16:49 - 2021-12-03 16:49 - 000086303 _____ C:\Users\dracu\Desktop\Muster_Kuendigung_1404-2745-1070-81.pdf
2021-12-03 16:49 - 2021-12-03 16:49 - 000039500 _____ C:\Users\dracu\Desktop\Informationsblatt_zu_Versicherungsprodukten_1404-2745-1070-81.pdf
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-12-31 00:44 - 2016-02-02 20:00 - 000000000 ____D C:\SteamLibrary
2021-12-31 00:43 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-31 00:42 - 2021-10-11 22:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-31 00:42 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-12-31 00:42 - 2016-08-05 22:02 - 000000000 ____D C:\ProgramData\NVIDIA
2021-12-31 00:42 - 2015-11-07 00:33 - 000000000 __SHD C:\Users\dracu\IntelGraphicsProfiles
2021-12-31 00:41 - 2016-11-18 23:35 - 000000000 ____D C:\Users\dracu\AppData\LocalLow\Mozilla
2021-12-31 00:36 - 2015-11-07 15:52 - 000000000 ____D C:\ProgramData\Package Cache
2021-12-31 00:31 - 2021-10-11 22:26 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-31 00:31 - 2019-12-07 15:50 - 000744794 _____ C:\WINDOWS\system32\perfh007.dat
2021-12-31 00:31 - 2019-12-07 15:50 - 000150180 _____ C:\WINDOWS\system32\perfc007.dat
2021-12-31 00:31 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-31 00:29 - 2020-06-10 17:18 - 000000000 ____D C:\ProgramData\Mozilla
2021-12-31 00:23 - 2021-10-11 22:21 - 000452144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-31 00:12 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-31 00:12 - 2017-12-08 15:12 - 000000000 ____D C:\Users\dracu\AppData\Local\Packages
2021-12-31 00:11 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-31 00:11 - 2015-11-17 12:42 - 000000000 ____D C:\Users\dracu\AppData\Roaming\AIMP
2021-12-31 00:11 - 2015-11-17 12:42 - 000000000 ____D C:\Program Files (x86)\AIMP
2021-12-31 00:07 - 2016-10-15 21:18 - 000000000 ____D C:\Users\dracu\AppData\Roaming\Mumble
2021-12-31 00:04 - 2015-12-04 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2021-12-31 00:02 - 2018-05-13 23:21 - 000000000 ____D C:\Users\dracu\AppData\Roaming\IrfanView
2021-12-30 23:47 - 2020-07-13 10:00 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-30 23:44 - 2021-10-14 15:46 - 000000000 ____D C:\ProgramData\Adobe
2021-12-30 23:44 - 2021-10-14 15:46 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-12-30 23:41 - 2021-10-11 22:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-30 22:54 - 2018-12-01 13:39 - 000000000 ____D C:\Users\dracu\AppData\Roaming\Thunderbird
2021-12-30 22:45 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-12-30 22:17 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-30 21:37 - 2018-05-19 20:32 - 000000000 ____D C:\Users\dracu\AppData\Local\D3DSCache
2021-12-30 21:31 - 2018-03-19 23:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-12-30 20:59 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-12-30 20:57 - 2019-08-25 13:00 - 000000000 ____D C:\ProgramData\Unified Remote
2021-12-30 20:57 - 2019-03-11 21:41 - 000000000 ____D C:\Program Files (x86)\Avira
2021-12-30 20:54 - 2015-11-07 21:03 - 000000000 ____D C:\ProgramData\Avira
2021-12-30 20:53 - 2021-04-17 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2021-12-28 22:03 - 2018-04-06 21:20 - 000000000 ____D C:\Download_JD_C
2021-12-19 17:43 - 2015-11-07 01:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-19 17:09 - 2015-11-07 14:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-12-19 17:02 - 2021-02-08 23:19 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-19 17:02 - 2021-02-08 23:19 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-19 17:02 - 2015-11-07 14:14 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-12-15 19:05 - 2019-12-02 21:32 - 000002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-12-15 19:05 - 2019-12-02 21:32 - 000002369 _____ C:\Users\Public\Desktop\Brave.lnk
2021-12-10 19:31 - 2021-10-14 21:53 - 000002364 _____ C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-12-10 19:31 - 2021-10-14 21:53 - 000002356 _____ C:\Users\dracu\Desktop\Microsoft Teams.lnk
2021-12-10 19:25 - 2015-11-07 00:27 - 000000000 ____D C:\Users\dracu\AppData\Roaming\Adobe
2021-12-09 19:38 - 2021-11-17 22:48 - 000003606 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7bee68690ef32
2021-12-09 19:38 - 2021-10-11 22:33 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-03 19:28 - 2021-10-11 19:31 - 000035709 _____ C:\Users\dracu\.sambox.cache
2021-12-03 19:24 - 2018-07-03 21:43 - 000000000 ____D C:\ProgramData\Packages
2021-12-03 19:03 - 2015-11-14 01:04 - 000000000 ____D C:\Users\dracu\AppData\Local\Adobe
2021-12-03 18:55 - 2021-11-10 20:59 - 000000000 ____D C:\Users\dracu\AppData\Roaming\Foxit Software
2021-12-03 15:59 - 2021-10-11 22:33 - 000003654 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-12-03 15:59 - 2021-10-11 22:33 - 000003530 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-12-03 15:59 - 2019-12-02 21:32 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2016-03-15 16:10 - 2016-03-15 16:10 - 000000267 _____ () C:\ProgramData\fontcacheev1.dat
2015-11-07 00:48 - 2018-05-20 14:23 - 000000000 _____ () C:\Users\dracu\AppData\Local\BluetoothPresent.flag
2015-11-07 00:48 - 2018-05-20 14:23 - 000000000 _____ () C:\Users\dracu\AppData\Local\Driver_Jupiter_01Present.flag
2021-12-03 19:24 - 2021-12-30 23:43 - 000000205 _____ () C:\Users\dracu\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Addition_31-12-2021 00.47.40.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-12-2021
durchgeführt von dracu (31-12-2021 00:45:57)
Gestartet von C:\Users\dracu\Downloads
Microsoft Windows 10 Home Version 20H2 19042.1415 (X64) (2021-10-11 21:34:02)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-465889627-1915634839-1743452103-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-465889627-1915634839-1743452103-503 - Limited - Disabled)
dracu (S-1-5-21-465889627-1915634839-1743452103-1001 - Administrator - Enabled) => C:\Users\dracu
dracula (S-1-5-21-465889627-1915634839-1743452103-1004 - Limited - Enabled) => C:\Users\dracula
Gast (S-1-5-21-465889627-1915634839-1743452103-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-465889627-1915634839-1743452103-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
64 Bit HP CIO Components Installer (HKLM\...\{BC741628-0AFC-405C-8946-DD46D1005A0A}) (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Apple Application Support (32-Bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
AuthenTec TrueAPI (HKLM\...\{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}) (Version: 1.3.0.151 - AuthenTec, Inc.) Hidden
Bierbuden Autoupdate (remove only) (HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Bierbuden Autoupdate) (Version: - )
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 96.1.33.106 - Die Brave-Autoren)
concept/design onlineTV 14 (HKLM-x32\...\{65EB1D38-9DB9-4EFF-B2DE-9218BF31D8F3}_is1) (Version: 14.19.4.3 - concept/design GmbH)
concept/design onlineTV 15 (HKLM-x32\...\{C9F7D843-78C5-4A81-A350-D39F00E80178}_is1) (Version: 15.19.9.21 - concept/design GmbH)
GamersFirst LIVE! (HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\GamersFirst LIVE!) (Version: - GamersFirst)
GMX ProfiFax (HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\GMXProfiFax) (Version: 1.5.0 - 1un1 Mail and Media GmbH)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 15.0.15188.2008 - Hewlett-Packard)
hppM276LaserJetService (HKLM-x32\...\{D6610387-8E8B-48ED-AB1C-0D38DFE31C55}) (Version: 001.019.00639 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{E35D0ED5-716B-4E1F-8477-54DD746DF527}) (Version: 140.040.00231 - Hewlett Packard) Hidden
hpStatusAlertsM276 (HKLM-x32\...\{FFD4184D-7EC6-476E-9A72-E83412AB9D3B}) (Version: 050.034.00131 - Hewlett-Packard) Hidden
Killer Performance Suite (HKLM-x32\...\{4C941774-4366-4C56-93CC-19C5E364E5B0}) (Version: 1.1.69.1774 - Rivet Networks)
Killer Wireless-N Drivers (HKLM\...\{9620A3CC-587B-4E1B-90A6-8AD04D222954}) (Version: 1.1.69.1774 - Rivet Networks) Hidden
Malwarebytes version 4.5.0.152 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.0.152 - Malwarebytes)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.14701.20262 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.62 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.62 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - de-de (HKLM\...\ProPlus2019Retail - de-de) (Version: 16.0.14701.20262 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Teams) (Version: 1.4.00.32771 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MKVToolNix 8.6.1 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.6.1 - Moritz Bunkus)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 95.0.2 (x64 de)) (Version: 95.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 95.0.2 - Mozilla)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.1 - Vitalwerks Internet Solutions LLC)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14701.20262 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20248 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20262 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.14701.20248 - Microsoft Corporation) Hidden
onlineTV 16 (HKLM-x32\...\{DBBB91FF-2F98-4B36-9AF3-FD0589CD791C}_is1) (Version: 16.20.9.9 - concept/design GmbH)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenAudible 1.6.7 (HKLM\...\7008-5171-7013-3819) (Version: 1.6.7 - openaudible.org)
PDFsam Basic (HKLM\...\{06C071AD-846F-4E21-A938-63DA54A45EB3}) (Version: 4.2.9.0 - Sober Lemur S.a.s. di Vacondio Andrea)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7898 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 9.21a - Ghisler Software GmbH)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.7.0 - Unified Intents AB)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B652B695-C849-4EF2-B09A-72771C7AD2BA}) (Version: 2.71.0.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 22.2 - Ubisoft)
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10-Update-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23367 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM\...\{68C9C2A4-C212-4310-AB68-12F97050A416}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WinRAR 6.01 (32-Bit) (HKLM-x32\...\WinRAR archiver) (Version: 6.01.0 - win.rar GmbH)
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{0459DDD1-F6B6-4BEA-901F-C8907C8F01F5}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2017 (HKLM-x32\...\{5D96B9D7-8324-4674-94A8-9C09EFCB620A}) (Version: 24.05.1582 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2018 (HKLM-x32\...\{973E6FE8-0E6B-40DA-BD23-2445E4DA8C01}) (Version: 25.01.1436 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2019 (HKLM-x32\...\{8853EAA4-BE38-4ED1-BDB8-7043980B38C0}) (Version: 26.04.1771 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2020 (HKLM-x32\...\{050250C5-C97E-4D4B-8E02-FBE34B2A0FEB}) (Version: 27.03.1674 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2021 (HKLM-x32\...\{E0F9E4AD-386E-4063-AAEA-BE15FB137AE1}) (Version: 28.02.1946 - Buhl Data Service GmbH)
Packages:
=========
Audible - Hörbuch und Hörspiel App -> C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2 [2021-09-23] (Audible Inc)
Drawboard PDF -> C:\Program Files\WindowsApps\DRAWBOARD.DRAWBOARDPDF_6.7.16.0_x64__gqbn7fs4pywxm [2021-12-23] (Drawboard)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_133.1.340.0_x64__v10z8vjag6ke6 [2021-12-19] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-12-10] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-10-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-10-11] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.11.12030.0_x64__8wekyb3d8bbwe [2021-12-19] (Microsoft Studios) [MS Ad]
Mind Maps Pro -> C:\Program Files\WindowsApps\BallardAppCraftery.MindMapsPro2Beta_1.1.27.0_x64__epyrqhfctk40t [2020-07-06] (User Camp)
Penbook -> C:\Program Files\WindowsApps\36376UserCamp.Penbook_2.1.30.0_x64__t7afzrbtd67z0 [2020-06-30] (User Camp)
WiFi Tool -> C:\Program Files\WindowsApps\53028HelgeMagnusKeck.WiFiTool_1.6.31.0_x64__kmtq5bk764tmy [2021-10-15] (WiFi Tools)
WolframAlpha -> C:\Program Files\WindowsApps\WolframAlphaLLC.49286375E2778_1.0.5.682_neutral__71vdkmpgakaxt [2020-08-20] (Wolfram Group LLC)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-465889627-1915634839-1743452103-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\dracu\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21264.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-465889627-1915634839-1743452103-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll -> Keine Datei
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => e:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll -> Keine Datei
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => e:\Program Files\Unlocker\UnlockerCOM.dll [2010-07-15] (Empty Loop -> )
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2021-04-07] (win.rar GmbH -> Alexander Roshal)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2015-07-20 16:34 - 2015-07-20 16:34 - 000073728 _____ () [Datei ist nicht signiert] [Datei wird verwendet] e:\Program Files (x86)\No-IP\ducapi.dll
2018-08-31 18:54 - 2021-10-06 02:30 - 126961152 _____ () [Datei ist nicht signiert] E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libcef.dll
2018-08-31 18:54 - 2021-10-06 02:30 - 000384000 _____ () [Datei ist nicht signiert] E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libegl.dll
2018-08-31 18:54 - 2021-10-06 02:30 - 008006656 _____ () [Datei ist nicht signiert] E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\libglesv2.dll
2009-09-16 18:44 - 2009-09-16 18:44 - 000153088 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\hptcpmib.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000331264 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 11:44 - 2009-09-16 11:44 - 000132096 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\hpzjrd01.dll
2014-06-24 23:31 - 2014-06-24 23:31 - 000041472 _____ (Hewlett-Packard Company) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\HP\HPLaserJetService\HPHTTPProxy.dll
2014-06-24 23:31 - 2014-06-24 23:31 - 000073728 _____ (Hewlett-Packard Company) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\HP\HPLaserJetService\HPTools.dll
2014-06-24 23:31 - 2014-06-24 23:31 - 001222656 _____ (Hewlett-Packard Company) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\HP\HPLaserJetService\LEDMXMLObjects.dll
2011-04-13 16:08 - 2011-04-13 16:08 - 000050688 _____ (Hewlett-Packard) [Datei ist nicht signiert] c:\windows\system32\hpzinw12.dll
2011-04-13 16:08 - 2011-04-13 16:08 - 000066048 _____ (Hewlett-Packard) [Datei ist nicht signiert] c:\windows\system32\hpzipm12.dll
2014-06-24 23:31 - 2014-06-24 23:31 - 000034816 _____ (HP) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\HP\HPLaserJetService\HPServiceCommunicator.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000317440 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\WINDOWS\System32\HPTcpMUI.dll
2016-03-04 22:14 - 2016-06-14 21:01 - 001298640 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2019-08-25 13:00 - 2016-10-10 05:27 - 000556544 _____ (Soft Service Company) [Datei ist nicht signiert] C:\Program Files (x86)\Unified Remote 3\wcl.dll
2018-08-31 18:54 - 2021-10-06 02:30 - 000983552 _____ (The Chromium Authors) [Datei ist nicht signiert] E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\chrome_elf.dll
2019-08-25 13:00 - 2016-09-23 14:08 - 001283584 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Unified Remote 3\LIBEAY32MD.dll
2019-08-25 13:00 - 2016-09-23 14:08 - 000255488 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Unified Remote 3\SSLEAY32MD.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\123simsen.com -> www.123simsen.com
Da befinden sich 7937 mehr Seiten.
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\123simsen.com -> www.123simsen.com
Da befinden sich 7933 mehr Seiten.
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2017-04-08 16:50 - 2017-04-08 16:56 - 000454662 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 rad.msn.com
127.0.0.1 live.rads.msn.com
127.0.0.1 ads1.msn.com
127.0.0.1 static.2mdn.net
127.0.0.1 g.msn.com
127.0.0.1 a.ads2.msads.net
127.0.0.1 b.ads2.msads.net
127.0.0.1 ac3.msn.com
127.0.0.1 apps.skype.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
Da befinden sich 15603 zusätzliche Einträge.
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
HKU\S-1-5-21-465889627-1915634839-1743452103-1004\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 80.69.96.12 - 81.210.129.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\StartupApproved\Run: => "NoIPDUCv4"
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\StartupApproved\Run: => "XperiaCompanionAgent"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{C5ED3A27-C85A-4E98-9CA8-518A8501E388}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{48124AD1-88EE-4681-B829-C2E60F1CE4DC}C:\program files (x86)\zoiper\zoiper.exe] => (Allow) C:\program files (x86)\zoiper\zoiper.exe => Keine Datei
FirewallRules: [TCP Query User{6D0E7FBA-AB08-4CA9-8FF5-6762194DB19B}C:\program files (x86)\zoiper\zoiper.exe] => (Allow) C:\program files (x86)\zoiper\zoiper.exe => Keine Datei
FirewallRules: [{8932E0D1-EDD2-4C5E-A628-914B595FD7D7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BBE36D70-7191-4927-BFA0-481084430F91}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6FB053C9-4999-4580-B396-4002AB6C8D3A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5D8305FF-DF14-46DB-A381-E7BA9825F474}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{93763B12-FBF6-46B0-82B1-1CED815C1892}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BF73EEF8-7C7A-47FC-ADC9-073010E4877A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{52F44AF8-6353-41C6-B033-686C9963CF1E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FB8C6963-9D8B-4EF1-B960-16BA7A1A58E3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7AD07112-94CD-4BAC-8B2C-CC399B1A428D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{11F96596-0C3C-49E7-B1C5-D658ACEA1E5E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{364B324F-BBEF-4303-8C5C-D8AE43C97E66}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{06202C48-65DD-43B8-8C2C-B71C4BABF9D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AD95D494-27C4-4667-8E68-3694E7B8AC21}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6F64AAF7-DB17-4915-A0D1-D235D46EA617}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{627553DF-0D64-4A80-BFD7-73502B89569D}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F5ABB1A3-6830-4173-B424-4D2BD60E4FBC}] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe => Keine Datei
FirewallRules: [{4343FD89-F2C9-4ED5-85E5-E626CE619A2B}] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe => Keine Datei
FirewallRules: [UDP Query User{9E46ACE0-F3F7-4089-9B40-077E4046C6EC}E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe => Keine Datei
FirewallRules: [TCP Query User{29ABDBD5-F9AE-4D13-8C6C-E2AB0AEDA4D4}E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe => Keine Datei
FirewallRules: [{2B14893D-9D28-4AE0-BE85-ACBD380D5430}] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe => Keine Datei
FirewallRules: [{6EB0145C-8CE5-4D36-B22E-26D860A0278B}] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe => Keine Datei
FirewallRules: [UDP Query User{1839E9FE-EDEB-48A8-B1AE-B201F82171D8}E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe => Keine Datei
FirewallRules: [TCP Query User{B631EDF4-EFD7-4723-AFDF-4C29768D5FB8}E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe => Keine Datei
FirewallRules: [{A1705055-4EB5-497E-931C-2DC9B2CA22DA}] => (Allow) E:\program files (x86)\mumble\murmur.exe => Keine Datei
FirewallRules: [{860FD979-8379-425B-A5AA-5A972B79C110}] => (Allow) E:\program files (x86)\mumble\murmur.exe => Keine Datei
FirewallRules: [UDP Query User{E4A7A97B-55EA-49D8-8235-AC9B479EDAC2}E:\program files (x86)\mumble\murmur.exe] => (Allow) E:\program files (x86)\mumble\murmur.exe => Keine Datei
FirewallRules: [TCP Query User{CE8D067D-18DC-44DD-81D3-25222D9BF0FB}E:\program files (x86)\mumble\murmur.exe] => (Allow) E:\program files (x86)\mumble\murmur.exe => Keine Datei
FirewallRules: [{B631AEB5-7AB5-4597-AB8D-FF746D946EFA}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe => Keine Datei
FirewallRules: [{B8A3E48A-9F01-48AC-B6A2-A041AF0CE7F0}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe => Keine Datei
FirewallRules: [{2F0CA165-8717-4AE8-AFBE-4B223BFB579E}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{8198180B-8028-4CC0-A091-6F33C92E0899}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{433D5D5C-2C59-48B2-B51C-BD2BD8D25782}] => (Allow) e:\Program Files (x86)\Mozilla Firefox\firefox.exe => Keine Datei
FirewallRules: [{E2F328C0-5DDA-408B-9AB3-7C5E049FCEF9}] => (Allow) e:\Program Files (x86)\Mozilla Firefox\firefox.exe => Keine Datei
FirewallRules: [{A17BE05E-BE4A-4031-B9AE-E1BFF1427BE4}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe => Keine Datei
FirewallRules: [{B289F11B-8763-48F8-A8A2-B621B8C7F2A5}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe => Keine Datei
FirewallRules: [{F33A39EE-85B7-46F2-B251-A0F875D2A989}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe => Keine Datei
FirewallRules: [{96D6C3AD-AB1C-446C-97EE-B9AA10E28302}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe => Keine Datei
FirewallRules: [TCP Query User{E315B37A-A296-4C9F-8BBE-143EFD730F55}E:\programme\python27\pythonw.exe] => (Allow) E:\programme\python27\pythonw.exe => Keine Datei
FirewallRules: [UDP Query User{4C37739F-EB98-42A1-9144-412711216599}E:\programme\python27\pythonw.exe] => (Allow) E:\programme\python27\pythonw.exe => Keine Datei
FirewallRules: [{E1E55271-C2F9-413F-B803-96C91948C7FD}] => (Allow) C:\HP_LaserJet_200_color_MFP_M276\Installer\hpbcsiInstaller.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{EDBA7A01-1DAC-4827-956E-AB94AA059302}] => (Allow) C:\HP_LaserJet_200_color_MFP_M276\Installer\hpbcsiInstaller.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{44E05BE1-D01E-446C-8F18-245710072655}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{667C4014-B2FA-4DEE-B862-B72EB6148B2E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{8FF62F3A-0A11-4C05-924C-D138DD838184}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{953D3F0F-1A43-4761-ABC8-9951DE7AE1C5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{4385F523-DECB-4810-AB3D-9FB2542EE674}] => (Allow) E:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe => Keine Datei
FirewallRules: [{66B9E3C7-8FEF-4536-A071-27385A2FE85F}] => (Allow) E:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe => Keine Datei
FirewallRules: [{2DF908F4-86E0-4E70-9094-7A40B9661F5B}] => (Allow) E:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe => Keine Datei
FirewallRules: [{315435B3-606D-4C35-AD57-25FB14FD19FC}] => (Allow) E:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe => Keine Datei
FirewallRules: [TCP Query User{19F7E8DD-F139-4977-AF7E-C44D80797743}E:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) E:\program files (x86)\myphoneexplorer\myphoneexplorer.exe => Keine Datei
FirewallRules: [UDP Query User{E1BD961F-C095-420B-82FB-429879F456EA}E:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) E:\program files (x86)\myphoneexplorer\myphoneexplorer.exe => Keine Datei
FirewallRules: [{D894783A-340A-4336-AC05-B412CE564DC4}] => (Allow) E:\Program Files (x86)\Tunngle\TnglCtrl.exe => Keine Datei
FirewallRules: [{C47542C6-3DBA-45EA-AEB3-D62A9135D027}] => (Allow) E:\Program Files (x86)\Tunngle\TnglCtrl.exe => Keine Datei
FirewallRules: [{D96FE917-EF8F-4CC0-9D4C-60C60A846704}] => (Allow) E:\Program Files (x86)\Tunngle\Tunngle.exe => Keine Datei
FirewallRules: [{45901C50-D4BA-4D0E-9D67-403A8CA00BF9}] => (Allow) E:\Program Files (x86)\Tunngle\Tunngle.exe => Keine Datei
FirewallRules: [{B6964316-AC57-488E-AC6D-3CEE741FD491}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Street Racing Syndicate\Bin\SRS.EXE => Keine Datei
FirewallRules: [{2F9E8FF8-9DF8-48B9-9E7D-F310613F0F6C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Street Racing Syndicate\Bin\SRS.EXE => Keine Datei
FirewallRules: [{0EB00190-D849-4EA2-8143-A9C5C8FE9EDD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4FEAB817-6195-4D43-A11A-F7AADAB61103}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{24D1DFED-A6EF-4CD0-902A-E0275B154D7F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => Keine Datei
FirewallRules: [{B96BA975-05EA-4F9F-92B0-4C3FBF633374}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => Keine Datei
FirewallRules: [{A7D99F6F-5030-48A8-8E4E-BF4C48485155}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F9503DD1-BA04-4794-8AEE-47E90F572026}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A62A235C-BFAD-436E-809A-D3C0B5FCA24E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FEBF4BF6-5278-423A-93FB-CCAC2A2C4B41}] => (Allow) C:\Program Files (x86)\WISO\Steuersoftware 2016\wmain16.dll (Buhl Data Service GmbH -> )
FirewallRules: [{211FFED5-DC1B-4E76-8D76-4171EF8917D5}] => (Allow) C:\Program Files (x86)\WISO\Steuersoftware 2016\wmain16.dll (Buhl Data Service GmbH -> )
FirewallRules: [{09C335A5-7E00-4EBF-9EE0-9CA887BD0D78}] => (Allow) C:\Program Files (x86)\WISO\Steuersoftware 2016\wmain16.dll (Buhl Data Service GmbH -> )
FirewallRules: [{704E90E7-9293-4308-913F-EC76BE5406B1}] => (Allow) C:\Program Files (x86)\WISO\Steuersoftware 2016\wmain16.dll (Buhl Data Service GmbH -> )
FirewallRules: [{8525ED06-0D66-4654-8AA5-66784A470D2E}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B9450499-AC0C-4F51-9349-BEBD3467F90C}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{40D247A7-87F8-4C25-B691-6705579B5AD8}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB -> Unified Intents AB)
FirewallRules: [{4002AE9A-A2E8-4A45-9689-78F4560E026E}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB -> Unified Intents AB)
FirewallRules: [{9787F2B4-9DBA-4EC3-A1EB-92EA5DD39F04}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => Keine Datei
FirewallRules: [{2064F384-1831-4161-85F7-AD67D672B02A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => Keine Datei
FirewallRules: [{ACC6B3CE-99C3-4745-B61D-0FDED2F9D93B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Torque Drift\TorqueDrift.exe () [Datei ist nicht signiert]
FirewallRules: [{91047375-09B7-478E-92F5-2BDA9641A004}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Torque Drift\TorqueDrift.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{89EC9CC4-3726-49E8-B31C-C34B2369C24A}C:\users\dracu\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\dracu\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{175F61E2-E507-4C09-9816-DA436A6FB7AE}C:\users\dracu\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\dracu\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{52653BD5-C376-498F-B084-871291654A59}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6EB815EF-FC2B-4F9D-9304-B647B9C19DF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{C0599CDF-B97F-4A0D-8878-00A6B35F194E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{A2194B97-9B85-49F4-BCB7-773232B7E3C3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{5D5D039D-9A99-4C47-B0F5-A462DA2A7C3E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{59222E80-A26B-4274-8E9E-B10A1F9B80C6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F537AA1D-B982-4992-A9C3-15822865318C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E85981E4-4176-4389-B2D2-462C2FDA116F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2D72C414-E9D5-4630-8271-463D7FE7AA16}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{42E11F3F-621C-4486-BAFA-F78565B09977}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D5E677D8-7FEB-4960-8FD2-36339716AEB0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B405AD98-26D6-4DF3-B22F-77AB0DD26F05}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E07E21B4-6BF5-4C1A-90FD-F092F1584B74}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{420DE6B6-EEAF-42AE-A4E1-6C15E26DE56A}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{C5E628AF-A41F-43FA-8DD8-0AB227CE61FF}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{E1354BBF-6C40-4FFB-AC0E-AA32C3193882}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{5ED6CBDC-3DE8-45AB-8E3B-1E7C77D3C037}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F353464C-05F8-427E-9B07-057C55704E3C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{91AAFBDA-E799-4DD2-AD7C-AA1B09CF632E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{32EA296E-A6FF-4260-BF3E-C4713AB3B196}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FC44F024-EB61-4123-A605-186EB479CBA7}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BB83870D-58E7-4366-A714-BAB96BFBEF94}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D0FB2318-B49D-40D6-9C6D-7D1025694E30}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert (Total:105.91 GB) (Free:7.45 GB) (7%)
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (12/31/2021 12:09:24 AM) (Source: MsiInstaller) (EventID: 11310) (User: LU)
Description: Produkt: Mumble 1.3.4 -- Fehler 1310. Fehler beim Schreiben in Datei: E:\Program Files (x86)\Mumble\4775ee.rbf. Systemfehler 1307. Überprüfen Sie, ob Sie auf das Verzeichnis zugreifen können.
Error: (12/31/2021 12:08:07 AM) (Source: MsiInstaller) (EventID: 11310) (User: LU)
Description: Produkt: Mumble 1.3.4 -- Fehler 1310. Fehler beim Schreiben in Datei: E:\Program Files (x86)\Mumble\4775ee.rbf. Systemfehler 1307. Überprüfen Sie, ob Sie auf das Verzeichnis zugreifen können.
Error: (12/31/2021 12:08:06 AM) (Source: MsiInstaller) (EventID: 11310) (User: LU)
Description: Produkt: Mumble 1.3.4 -- Fehler 1310. Fehler beim Schreiben in Datei: E:\Program Files (x86)\Mumble\4775ee.rbf. Systemfehler 1307. Überprüfen Sie, ob Sie auf das Verzeichnis zugreifen können.
Error: (12/31/2021 12:08:05 AM) (Source: MsiInstaller) (EventID: 11310) (User: LU)
Description: Produkt: Mumble 1.3.4 -- Fehler 1310. Fehler beim Schreiben in Datei: E:\Program Files (x86)\Mumble\4775ee.rbf. Systemfehler 1307. Überprüfen Sie, ob Sie auf das Verzeichnis zugreifen können.
Error: (12/31/2021 12:08:05 AM) (Source: MsiInstaller) (EventID: 11310) (User: LU)
Description: Produkt: Mumble 1.3.4 -- Fehler 1310. Fehler beim Schreiben in Datei: E:\Program Files (x86)\Mumble\4775ee.rbf. Systemfehler 1307. Überprüfen Sie, ob Sie auf das Verzeichnis zugreifen können.
Error: (12/30/2021 09:57:27 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (12/30/2021 08:55:58 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (12/30/2021 08:55:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Systemfehler:
=============
Error: (12/30/2021 08:55:53 PM) (Source: DCOM) (EventID: 10010) (User: LU)
Description: Der Server "{5F7F3F7B-1177-4D4B-B1DB-BC6F671B8F25}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/23/2021 07:25:26 AM) (Source: Schannel) (EventID: 4103) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Erstellen der Client-Anmeldeinformationen für TLS. Der interne Fehlerstatus ist 10013.
Error: (12/20/2021 10:26:47 AM) (Source: Schannel) (EventID: 4103) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Erstellen der Client-Anmeldeinformationen für TLS. Der interne Fehlerstatus ist 10013.
Error: (12/19/2021 05:37:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (12/19/2021 05:37:00 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (12/19/2021 05:34:36 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ClickToRunSvc erreicht.
Error: (12/19/2021 05:00:18 PM) (Source: Schannel) (EventID: 4103) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Erstellen der Client-Anmeldeinformationen für TLS. Der interne Fehlerstatus ist 10013.
Error: (12/15/2021 07:00:47 PM) (Source: Schannel) (EventID: 4103) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Erstellen der Client-Anmeldeinformationen für TLS. Der interne Fehlerstatus ist 10013.
Windows Defender:
================
Date: 2021-12-30 22:17:44
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {C22694B0-3DE2-441F-926C-AC23DCD0B0D7}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
CodeIntegrity:
===============
Date: 2021-12-30 21:01:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Date: 2021-12-30 20:50:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. 4.6.5 10/19/2012
Hauptplatine: CLEVO P170EM
Prozessor: Intel(R) Core(TM) i7-3740QM CPU @ 2.70GHz
Prozentuale Nutzung des RAM: 25%
Installierter physikalischer RAM: 16273.89 MB
Verfügbarer physikalischer RAM: 12091.72 MB
Summe virtueller Speicher: 17866.32 MB
Verfügbarer virtueller Speicher: 13678.43 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:105.91 GB) (Free:7.45 GB) NTFS
Drive e: (daten) (Fixed) (Total:132.03 GB) (Free:1.59 GB) NTFS
\\?\Volume{75cdaf95-0000-0000-0000-100000000000}\ (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{75cdaf95-0000-0000-0000-70801a000000}\ () (Fixed) (Total:0.44 GB) (Free:0.08 GB) NTFS
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 75CDAF95)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=105.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=132 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt =======================
|
|
31.12.2021, 00:53
| #7 |
| | Fake Trading Software, evtl. heimlicher Remote Zugriff? Shortcut_31-12-2021 00.47.40.txt Code:
ATTFilter Untersuchungsergebnis der Verknüpfungen des Benutzers (x64) Version: 27-12-2021
durchgeführt von dracu (31-12-2021 00:47:40)
Gestartet von C:\Users\dracu\Downloads
Start-Modus: Normal
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk -> C:\Program Files\PCHealthCheck\PCHealthCheck.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10-Update-Assistent.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2021\WISO Steuer-Sparbuch 2021.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2021\WISO2021.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2020\WISO steuer Sparbuch 2020.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2020\WISO2020.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2019\WISO steuer Sparbuch 2019.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2019\WISO2019.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2018\WISO steuer Sparbuch 2018.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2018\WISO2018.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2017\WISO steuer Sparbuch 2017.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2017\WISO2017.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2016\WISO steuer Sparbuch 2016.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2016\WISO2016.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files (x86)\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3\Unified Remote.lnk -> C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3\Uninstall Unified Remote.lnk -> C:\Program Files (x86)\Unified Remote 3\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> E:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFsam Basic\PDFsam Basic.lnk -> C:\Program Files\PDFsam Basic\pdfsam.exe (Sober Lemur S.a.s di Vacondio Andrea)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAudible\OpenAudible Uninstaller.lnk -> E:\Program Files\OpenAudible\uninstall.exe (openaudible.org)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAudible\OpenAudible.lnk -> E:\Program Files\OpenAudible\OpenAudible.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk -> C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Burning ROM.lnk -> C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero CoverDesigner.lnk -> C:\Program Files (x86)\Nero\Nero CoverDesigner\CoverDes.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero WaveEditor.lnk -> C:\Program Files (x86)\Nero\Nero WaveEditor\waveedit.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Toolkit\Nero BurnRights.lnk -> C:\Program Files (x86)\Nero\Nero Toolkit\Nero BurnRights\NeroBurnRights.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Toolkit\Nero CD-DVD Speed.lnk -> C:\Program Files (x86)\Nero\Nero Toolkit\Nero CD-DVD Speed\CDSpeed.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Toolkit\Nero DriveSpeed.lnk -> C:\Program Files (x86)\Nero\Nero Toolkit\Nero DriveSpeed\DriveSpeed.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Toolkit\Nero InfoTool.lnk -> C:\Program Files (x86)\Nero\Nero Toolkit\Nero InfoTool\InfoTool.exe (Nero AG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Aufzeichnungs-Manager von Skype for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office-Spracheinstellungen.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetriedashboard für Office.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msotd.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetrieprotokoll für Office.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet 200 color MFP M276\HP Druckerstatus und Warnmeldungen.lnk -> C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet 200 color MFP M276\HP Scan.lnk -> C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\HPScan.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet 200 color MFP M276\HP Send Fax.lnk -> C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\hppeFax_M276.exe (Hewlett-Packard Co.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter\freac - free audio converter.lnk -> C:\Program Files (x86)\freac\freac.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter\freac Benutzerhandbuch.lnk -> C:\Program Files (x86)\freac\manual\index.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\freac - free audio converter\freac Deinstallieren.lnk -> C:\Program Files (x86)\freac\uninstall.exe (chapter.0)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader\Uninstall Foxit Reader.lnk -> C:\Program Files (x86)\Foxit Software\Foxit Reader\unins000.exe (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 16\onlineTV 16.lnk -> C:\Program Files (x86)\concept design\onlineTV 16\onlineTV.exe (concept/design GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 16\onlineTV @ Android.lnk -> C:\Program Files (x86)\concept design\onlineTV 16\onlineTVAndroid.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 16\Ressource\Weitere Sender.lnk -> C:\Program Files (x86)\concept design\onlineTV 16\onlineTVRes.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 14\onlineTV 14.lnk -> C:\Program Files (x86)\concept design\onlineTV 14\onlineTV.exe (concept/design GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 14\onlineTV @ Android.lnk -> C:\Program Files (x86)\concept design\onlineTV 14\onlineTVAndroid.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 14\Ressource\Weitere Sender.lnk -> C:\Program Files (x86)\concept design\onlineTV 14\onlineTVRes.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\dracu\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\Links\Desktop.lnk -> C:\Users\dracu\Desktop ()
Shortcut: C:\Users\dracu\Links\Downloads.lnk -> C:\Users\dracu\Downloads ()
Shortcut: C:\Users\dracu\Desktop\GMX ProfiFax.lnk -> C:\Users\dracu\AppData\Local\GMXProfiFax\GMX ProfiFax.exe (1und1 Mail and Media GmbH)
Shortcut: C:\Users\dracu\Desktop\mp3DirectCut.lnk -> E:\Program Files (x86)\mp3DirectCut\mp3DirectCut.exe (Martin Pesch)
Shortcut: C:\Users\dracu\Desktop\mumble.exe - Verknüpfung.lnk -> E:\Program Files (x86)\Mumble\mumble.exe (Keine Datei)
Shortcut: C:\Users\dracu\Desktop\onlineTV 15.lnk -> C:\Program Files (x86)\concept design\onlineTV 15\onlineTV.exe (concept/design GmbH)
Shortcut: C:\Users\dracu\Desktop\Total Commander.lnk -> C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
Shortcut: C:\Users\dracu\Desktop\Windows 10-Update-Assistent.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\Desktop\20201226\Nero CoverDesigner.lnk -> C:\Program Files (x86)\Nero\Nero CoverDesigner\CoverDes.exe (Nero AG)
Shortcut: C:\Users\dracu\Desktop\20201226\Uplay.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe (Ubisoft)
Shortcut: C:\Users\dracu\Desktop\20201226\Windows 10-Update-Assistent.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\dracu\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Benutzerhandbuch für die Konsolenversion von RAR.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Hilfe zu WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Was ist neu in dieser Version.lnk -> C:\Program Files (x86)\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\README.lnk -> E:\Program Files\Unlocker\README.TXT ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Start Unlocker.lnk -> E:\Program Files\Unlocker\Unlocker.exe ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Uninstall.lnk -> E:\Program Files\Unlocker\uninst.exe ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker\Website.lnk -> E:\Program Files\Unlocker\Unlocker.url ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uninstall.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe (Ubisoft)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft\Uplay\Uplay.lnk -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe (Ubisoft)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander\Total Commander Entfernen oder Reparieren.lnk -> C:\totalcmd\TCUNINST.EXE ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander\Total Commander Hilfe.lnk -> C:\totalcmd\TOTALCMD.CHM ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander\Total Commander.lnk -> C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> E:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\DUC.lnk -> E:\Program Files (x86)\No-IP\DUC40.exe ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\License.lnk -> E:\Program Files (x86)\No-IP\License.txt ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC\Uninstall.lnk -> E:\Program Files (x86)\No-IP\Uninstall.exe ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain\MP3Gain Help.lnk -> E:\Program Files (x86)\MP3Gain\MP3Gain.chm ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain\MP3Gain.lnk -> E:\Program Files (x86)\MP3Gain\MP3GainGUI.exe (Snelg Enterprises)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3Gain\Uninstall MP3Gain.lnk -> E:\Program Files (x86)\MP3Gain\uninst-mp3gain.exe ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst\LIVE!\GamersFirst LIVE!.lnk -> C:\Users\dracu\AppData\Local\GamersFirst\LIVE!\Live.exe (GamersFirst)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst\LIVE!\Uninstall.lnk -> C:\Users\dracu\AppData\Local\GamersFirst\LIVE!\uninstall.exe (GamersFirst)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 15\onlineTV 15.lnk -> C:\Program Files (x86)\concept design\onlineTV 15\onlineTV.exe (concept/design GmbH)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 15\onlineTV @ Android.lnk -> C:\Program Files (x86)\concept design\onlineTV 15\onlineTVAndroid.url ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\concept design\onlineTV 15\Ressource\Weitere Sender.lnk -> C:\Program Files (x86)\concept design\onlineTV 15\onlineTVRes.url ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bierbuden\Weissbierbude.lnk -> E:\Programme\Bierbuden\weissbierbude_de.pyw ()
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1und1 Mail and Media GmbH\GMX ProfiFax.lnk -> C:\Users\dracu\AppData\Local\GMXProfiFax\GMX ProfiFax.exe (1und1 Mail and Media GmbH)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\SendTo\PDFsam Basic.lnk -> C:\Program Files\PDFsam Basic\pdfsam.exe (Sober Lemur S.a.s di Vacondio Andrea)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\DoNotSpy10.lnk -> C:\Program Files (x86)\DoNotSpy10\DoNotSpy10.exe (Keine Datei)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ThunderbirdPortabl.lnk -> E:\Program Files (x86)\ThunderbirdPortable\ThunderbirdPortable.exe (PortableApps.com)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Total Commander.lnk -> C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Tombstones\Mozilla Firefox.lnk -> E:\Program Files (x86)\Mozilla Firefox\firefox.exe (Keine Datei)
Shortcut: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Tombstones\mumble.exe - Verknüpfung.lnk -> E:\Program Files (x86)\Mumble\mumble.exe (Keine Datei)
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.PurchaseDialog_cw5n1h2txyewy\Microsoft.Windows.PurchaseDialog.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.ContactSupport_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Microsoft.XboxIdentityProvider.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Microsoft.XboxGameCallableUI.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxApp_8wekyb3d8bbwe\Microsoft.XboxApp.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsStore_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsPhone_8wekyb3d8bbwe\CompanionApp.App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsMaps_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsFeedback_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.calendar.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.mail.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCamera_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCalculator_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsAlarms_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Photos_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaUI.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.SkypeApp_kzf8qxf38zg5c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.People_8wekyb3d8bbwe\x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Office.OneNote_8wekyb3d8bbwe\microsoft.onenoteim.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.LockApp_cw5n1h2txyewy\WindowsDefaultLockScreen.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Getstarted_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BioEnrollment_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingSports_8wekyb3d8bbwe\AppexSports.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingNews_8wekyb3d8bbwe\AppexNews.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\AppexFinance.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Appconnector_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AccountsControl_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracu\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.3DBuilder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\dracula\Links\Desktop.lnk -> C:\Users\dracula\Desktop ()
Shortcut: C:\Users\dracula\Links\Downloads.lnk -> C:\Users\dracula\Downloads ()
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\dracula\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Brave.lnk -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc.)
Shortcut: C:\Users\Public\Desktop\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\freac - free audio converter.lnk -> C:\Program Files (x86)\freac\freac.exe ()
Shortcut: C:\Users\Public\Desktop\HP LJ200 M276 Scan.lnk -> C:\Program Files (x86)\HP\HP LaserJet 200 color MFP M276\bin\HPScan.exe (Hewlett-Packard Co.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\onlineTV 14.lnk -> C:\Program Files (x86)\concept design\onlineTV 14\onlineTV.exe (concept/design GmbH)
Shortcut: C:\Users\Public\Desktop\onlineTV 16.lnk -> C:\Program Files (x86)\concept design\onlineTV 16\onlineTV.exe (concept/design GmbH)
Shortcut: C:\Users\Public\Desktop\OpenAudible.lnk -> E:\Program Files\OpenAudible\OpenAudible.exe ()
Shortcut: C:\Users\Public\Desktop\PDFsam Basic.lnk -> C:\Program Files\PDFsam Basic\pdfsam.exe (Sober Lemur S.a.s di Vacondio Andrea)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)
Shortcut: C:\Users\Public\Desktop\WISO steuer Sparbuch 2019.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2019\WISO2019.EXE ()
Shortcut: C:\Users\Public\Desktop\WISO steuer Sparbuch 2020.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2020\WISO2020.EXE ()
Shortcut: C:\Users\Public\Desktop\WISO Steuer-Sparbuch 2021.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2021\WISO2021.EXE ()
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFsam Basic\Uninstall.lnk -> C:\Windows\System32\msiexec.exe (Microsoft Corporation) -> /x {06C071AD-846F-4E21-A938-63DA54A45EB3}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Express.lnk -> C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe (Nero AG) -> /w
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Setup\Nero ProductSetup.lnk -> C:\Program Files (x86)\Common Files\Ahead\Nero Web\SetupX.exe (Nero AG) -> MODE="update"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools\Database Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools\Office Upload Center.lnk -> C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools\Spreadsheet Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\dracu\Desktop\Microsoft Teams.lnk -> C:\Users\dracu\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\dracu\Desktop\20201226\HP\HP LaserJet 200 color MFP M276\HP Gerät neu konfigurieren.lnk -> C:\Program Files (x86)\HP\csiInstaller\CC38C23C-7824-4DBB-AC73-997CD0BBFEC7\Setup.exe (Hewlett-Packard) -> /ReconfigWireless
ShortcutWithArgument: C:\Users\dracu\Desktop\20201226\HP\HP LaserJet 200 color MFP M276\Produktsoftware deinstallieren.lnk -> C:\Program Files (x86)\HP\csiInstaller\CC38C23C-7824-4DBB-AC73-997CD0BBFEC7\Setup.exe (Hewlett-Packard) -> /Uninstall
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Word\Schreiben%20Botschaft306559941425693389\Schreiben%20Botschaft.docx.lnk -> E:\Downloads_JX\USB Stick\heirat eingereicht komplett\bruder\Schreiben Botschaft.docx () -> 0
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk -> C:\Users\dracu\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero Express.lnk -> C:\Program Files (x86)\Nero\Nero Burning ROM\nero.exe (Nero AG) -> /w
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\dracu\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Teams.lnk -> C:\Users\dracu\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe" --process-start-args "--profile=AAD"
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\dracu\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\dracula\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\dracula\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2021\Hilfen\WISO Steuer-Sparbuch 2021 Online-Hilfe.url -> URL: hxxp://www.buhl.de/go/13468
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2020\Hilfen\WISO steuer Sparbuch 2020 Online-Hilfe.url -> URL: hxxp://www.buhl.de/go/11892
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2019\Hilfen\WISO steuer Sparbuch 2019 Online-Hilfe.url -> URL: hxxp://www.buhl.de/go/8143
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2018\Hilfen\WISO steuer Sparbuch 2018 Online-Hilfe.url -> URL: hxxp://www.buhl.de/go/4451
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2017\Hilfen\WISO steuer Sparbuch 2017 Online-Hilfe.url -> URL: hxxp://www.buhl.de/go/2241
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO steuer Sparbuch 2016\Hilfen\WISO steuer Sparbuch 2016 Online-Hilfe.url -> URL: hxxp://www.buhl.de/go/325
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3\Unified Remote Client.url -> URL: hxxp://localhost:9510/client
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3\Unified Remote Manager.url -> URL: hxxp://localhost:9510/web
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unified Remote 3\Unified Remote on the Web.url -> URL: hxxps://www.unifiedremote.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFsam Basic\PDFsam on the Web.url -> URL: hxxps://pdfsam.org/
InternetURL: C:\Users\dracu\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\dracu\Favorites\Bundestagsabgeordnete in Hessen.url -> URL: hxxp://www.hu-hessen.de/mdbs/info.php
InternetURL: C:\Users\dracu\Favorites\Deinstallieren von Flash Player Windows.url -> BASEURL: hxxp://helpx.adobe.com/de/flash-player/kb/uninstall-flash-player-windows.html URL: hxxp://helpx.adobe.com/de/flash-player/kb/uninstall-flash-player-windows.html
InternetURL: C:\Users\dracu\Favorites\Direkter Download _ tagesschau.de.url -> URL: hxxp://www.tagesschau.de/download/podcast/
InternetURL: C:\Users\dracu\Favorites\Firesheep_ Account-Diebstahl für Jedermann _ Digital _ ZEIT ONLINE.url -> URL: hxxp://www.zeit.de/digital/datenschutz/2010-10/firesheep-firefox-hack
InternetURL: C:\Users\dracu\Favorites\Informationen rund um Ernährung und Gesundheit (Universität Hohenheim).url -> URL: hxxps://www.uni-hohenheim.de/wwwin140/info/info.htm
InternetURL: C:\Users\dracu\Favorites\MP4 TV - Podcast und MP4 Videos (Vodcast) für Streaming und Download.url -> URL: hxxp://www.mp4-tv.de/
InternetURL: C:\Users\dracu\Favorites\SHOUTcast Administrator.url -> URL: hxxp://192.168.1.2:61275/
InternetURL: C:\Users\dracu\Favorites\Startseite Bremen Eins - Bremen Eins - Radio Bremen.url -> URL: hxxp://www.radiobremen.de/bremeneins/#
InternetURL: C:\Users\dracu\Favorites\Windows Live\Windows Live Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\dracu\Favorites\Windows Live\Windows Live Ideas.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\dracu\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\dracu\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\dracu\Favorites\MSN-Websites\MSN Auto.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\dracu\Favorites\MSN-Websites\MSN Fernsehen.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\dracu\Favorites\MSN-Websites\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\dracu\Favorites\MSN-Websites\MSN Nachrichten.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\dracu\Favorites\MSN-Websites\MSN Sport.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\dracu\Favorites\MSN-Websites\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\dracu\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\dracu\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\dracu\Favorites\Microsoft-Websites\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\dracu\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\dracu\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\dracu\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\dracu\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\dracu\Favorites\Links\Vorgeschlagene Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\dracu\Favorites\Links\Web Slice-Katalog.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\dracu\Downloads\Alle 300 Fragen und Antworten zum Einbürgerungstest der Bundesrepublik Deutschland, Seite 1 – Einbürgerungstest online – all.URL -> URL: hxxps://www.einbuergerungstest-online.eu/fragen/
InternetURL: C:\Users\dracu\Desktop\CHAT VON GESTERN NACHT.URL -> URL: hxxp://www.chatvongesternnacht.de/ort/Regensburg?page=5
InternetURL: C:\Users\dracu\Desktop\Deutsche Rentenversicherung - Vor der Rente - Kontenklärung.URL -> URL: hxxps://www.deutsche-rentenversicherung.de/Allgemein/de/Inhalt/5_Services/04_formulare_und_antraege/01_versicherte/01_vor_der_rente/_DRV_Paket_Versicherung_Kontenklaerung.html
InternetURL: C:\Users\dracu\Desktop\Erlösung (2016) - IMDb.URL -> URL: hxxp://www.imdb.com/title/tt4088268/
InternetURL: C:\Users\dracu\Desktop\FIXIE Inc. Betty Leeds in Black Glossy (2017) - mydealz.de.URL -> URL: hxxps://www.mydealz.de/deals/fixie-inc-betty-leeds-in-black-glossy-2017-1059218
InternetURL: C:\Users\dracu\Desktop\mpv.io.URL -> URL: hxxps://mpv.io/
InternetURL: C:\Users\dracu\Desktop\Musicstream.cc stream your music.URL -> URL: hxxp://musicstream.cc/
InternetURL: C:\Users\dracu\Desktop\Neue Internetverknüpfung.url -> URL: hxxp://arteconcert.gl-systemhaus.de/am/concert/061000/061700/061702-000-A_SQ_0_VO_02022391_MP4-2200_AMM-ALW.mp4
InternetURL: C:\Users\dracu\Desktop\So sichern Sie sich die volle Rente 13.04.2016.URL -> URL: hxxp://www.verivox.de/nachrichten/so-sichern-sie-sich-die-volle-rente-109335.aspx?utm_medium=emailmarketing&utm_source=newsletter&utm_campaign=newsletter_20160424_a&utm_content=http%3a%2f%2fwww.verivox.de%2fnachrichten%2fso-sichern-sie-sich-die-volle-rente-109335.aspx
InternetURL: C:\Users\dracu\Desktop\The Lobster - Entertainment - xREL.v3 - Release & NFO Source #1.URL -> URL: hxxp://www.xrel.to/movie/127662/The-Lobster.html
InternetURL: C:\Users\dracu\Desktop\Torque Drift.url -> URL: steam://rungameid/1029550
InternetURL: C:\Users\dracu\Desktop\Yemi Alade - Want You (Video) - YouTube.URL -> URL: hxxps://www.youtube.com/watch?v=QmsC_jx9jN0&index=44&list=RDEMSc9IxKcC1dby-t8viHNFkw
InternetURL: C:\Users\dracu\Desktop\[APP][5.0+] DNS66 - Open Source HostAd-Bloc… - Pg. 62 Android Development and Hacking.URL -> URL: hxxps://forum.xda-developers.com/android/apps-games/app-dns66-source-host-ad-blocker-root-t3487497/page62
InternetURL: C:\Users\dracu\Desktop\20201226\13.08.16 2153 Uhr GRIP Bass & Furious 3 Electronic 256 kbits 0 0 3.718 Hits VIDP2PDDL 0 Kommentare.URL -> URL: hxxp://goldesel.to/audio/sampler/304929-va_-_grip_bass_and_furious_3-88985_32103_2-2cd-2016-zzzz
InternetURL: C:\Users\dracu\Desktop\20201226\Apartment with 3Rooms in Frankfurt - Apartments zur Miete in Frankfurt am Main.URL -> URL: hxxps://www.airbnb.de/rooms/5406919?checkin=07.04.2016&checkout=08.04.2016&guests=3&s=hxQmL6-R
InternetURL: C:\Users\dracu\Desktop\20201226\Fluggastrechte - Ansprüche bei Verspätung, verlorenem Gepäck & Co. - Finanztip.URL -> URL: hxxp://www.finanztip.de/fluggastrecht/
InternetURL: C:\Users\dracu\Desktop\20201226\Gepäckprobleme - Wie gehe ich vor TAP Air Portugal.URL -> URL: hxxps://www.flytap.com/de-de/gepaeck/gepaeckprobleme
InternetURL: C:\Users\dracu\Desktop\20201226\Germany's Next Topmodel-Best Catwalk Hits 2017 - Various Amazon.de Musik.URL -> URL: hxxps://www.amazon.de/Germanys-Next-Topmodel-Best-Catwalk-Hits/dp/B06W2FNQW4/ref=sr_1_1?s=music&ie=UTF8&qid=1489100262&sr=1-1&keywords=germanys+next+topmodel+2017
InternetURL: C:\Users\dracu\Desktop\20201226\Junghans Herren-Armbanduhr XL MILANO SOLAR Analog Leder 0144060 Amazon.de Uhren.URL -> URL: hxxps://www.amazon.de/Junghans-Herren-Armbanduhr-MILANO-SOLAR-Analog/dp/B0056ZRAO8/ref=cts_wa_2_vtp?pf_rd_m=A3JWKAKR8XB7XF&pf_rd_p=1212178327&pf_rd_r=JTTA286RKMNP82STCVS6&pd_rd_wg=zEjmQ&pf_rd_s=desktop-detail-softlines&pf_rd_t=40701&pd_rd_i=B0056ZRAO8&pd_rd_w=VotO4&pf_rd_i=desktop-detail-softlines&pd_rd_r=JTTA286RKMNP82STCVS6&_encoding=UTF8
InternetURL: C:\Users\dracu\Desktop\20201226\playlist Mutter, der Mann mit dem Koks ist da [Technobase] - YouTube.URL -> URL: hxxps://www.youtube.com/watch?v=rUdru202TBM&list=RDrUdru202TBM&index=1
InternetURL: C:\Users\dracu\Desktop\20201226\Project CARS Formula 1 @ The Nurburgring ... - YouTube.URL -> URL: hxxps://www.youtube.com/watch?v=gBEGbDe7LW0
InternetURL: C:\Users\dracu\Desktop\20201226\Rennrad Triban 540 Alu 105 11-fach schwarzgrau - Decathlon Deutschland.URL -> URL: hxxps://www.decathlon.de/rennrad-triban-540-alu-105-11-fach-schwarz-grau-id_8377756.html
InternetURL: C:\Users\dracu\Desktop\20201226\Streaming directory -- streams & radios.URL -> URL: hxxp://dir.xiph.org/search?search=eurodance
InternetURL: C:\Users\dracu\Desktop\20201226\Suchergebnisse » velvet » Movie-blog.org – Filme & Serien zum gratis Download & Stream.URL -> URL: hxxp://www.movie-blog.org/index.php?s=velvet&cat=0
InternetURL: C:\Users\dracu\Desktop\20201226\Windows*10 herunterladen.URL -> URL: hxxps://www.microsoft.com/de-de/software-download/windows10
InternetURL: C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Torque Drift.url -> URL: steam://rungameid/1029550
InternetURL: C:\Users\dracula\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
==================== Ende vom Shortcut.txt =============================
Malwarebytes_31-12-2021 00.47.08.txt Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 31.12.21
Scan-Zeit: 00:43
Protokolldatei: 5c1bd6c6-69ca-11ec-852a-0090f5e0779e.json
-Softwaredaten-
Version: 4.5.0.152
Komponentenversion: 1.0.1538
Version des Aktualisierungspakets: 1.0.49202
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 19042.1415)
CPU: x64
Dateisystem: NTFS
Benutzer: LU\dracu
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 342981
Erkannte Bedrohungen: 2
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 1 Min., 11 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 2
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Keine Aktion durch Benutzer, 6708, 676881, 1.0.49202, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Keine Aktion durch Benutzer, 6708, 676881, 1.0.49202, , ame, , ,
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
|
|
31.12.2021, 01:02
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fake Trading Software, evtl. heimlicher Remote Zugriff? adwCleaner Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags. adwcleaner zwecks Kontrolle bitte wiederholen, falls es Funde gab.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.12.2021, 01:17
| #9 |
| | Fake Trading Software, evtl. heimlicher Remote Zugriff? AdwCleaner[C01].txt Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-31-2021
# Duration: 00:00:00
# OS: Windows 10 Home
# Cleaned: 3
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|Speedup_umh
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [1745 octets] - [31/12/2021 01:11:21]
AdwCleaner[S01].txt - [1806 octets] - [31/12/2021 01:13:41]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
Aufgrund von Funden oben wiederholt, jetzt ohne Funde: AdwCleaner[S02].txt Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 12-31-2021
# Duration: 00:00:10
# OS: Windows 10 Home
# Scanned: 32023
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
AdwCleaner[S00].txt - [1745 octets] - [31/12/2021 01:11:21]
AdwCleaner[S01].txt - [1806 octets] - [31/12/2021 01:13:41]
AdwCleaner[C01].txt - [1940 octets] - [31/12/2021 01:13:49]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########
|
|
02.01.2022, 07:49
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fake Trading Software, evtl. heimlicher Remote Zugriff? Dann jetzt ne neue FRST.txt und Addition.txt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.01.2022, 13:37
| #11 |
| | Fake Trading Software, evtl. heimlicher Remote Zugriff? Frohes neues Jahr! FRST_02-01-2022 13.33.32.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 27-12-2021
durchgeführt von dracu (Administrator) auf LU (CLEVO P170EM) (02-01-2022 13:31:06)
Gestartet von C:\Users\dracu\Downloads
Geladene Profile: dracu
Plattform: Microsoft Windows 10 Home Version 20H2 19042.1415 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(Ghisler Software GmbH -> Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe
(HP) [Datei ist nicht signiert] C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Unified Intents AB -> Unified Intents AB) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2014-04-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16686600 2016-08-05] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [StatusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [330176 2014-08-19] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [Steam] => e:\Program Files (x86)\Steam\steam.exe [4267432 2021-12-16] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [NoIPDUCv4] => "E:\Program Files (x86)\No-IP\DUC40.exe" /minimize (Keine Datei)
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [Unified Remote V3] => C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe [3186264 2019-08-04] (Unified Intents AB -> Unified Intents AB)
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\dracu\AppData\Local\Microsoft\Teams\Update.exe [2459304 2021-12-10] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" (Keine Datei)
HKLM\...\Windows x64\Print Processors\hpcpp117: C:\Windows\System32\spool\prtprocs\x64\hpcpp117.DLL [467456 2013-03-21] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\HP Fax Port: c:\windows\system32\hppfaxprintermon5.dll [27704 2014-04-28] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: c:\windows\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [Datei ist nicht signiert]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\96.1.33.106\Installer\chrmstp.exe [2021-12-15] (Brave Software, Inc. -> Brave Software, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {2EC18639-7125-4A11-842C-C32CDC8A7086} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMSync => C:\Program Files\ruxim\ruximics.exe [477512 2021-06-30] (Microsoft Windows -> Microsoft Corporation)
Task: {71E80772-B077-4C1B-AD9F-C38C767517E7} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync => {2AE64751-B728-4D6B-97A0-B2DA2E7D2A3B}
Task: {89BD13E7-D90B-41E7-91AB-CF803A0752AE} - System32\Tasks\Microsoft\Windows\Offline Files\Logon Synchronization => {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}
Task: {8B1ADEC7-8D07-493A-B927-7DAFB3099325} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {8B27DBF0-9068-4D8D-9E1D-EA2DD18FF7FE} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {9A9F9193-9F51-4D20-A5A7-B400728324B7} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {9F9CAC69-DDF0-4E68-A6EE-EB86130B2D3E} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108872 2021-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {A03FC1C5-AEC3-4EB7-9C29-062ABCFD18B0} - System32\Tasks\Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay => C:\Program Files\ruxim\ruximics.exe [477512 2021-06-30] (Microsoft Windows -> Microsoft Corporation)
Task: {AF2C369F-EDAB-4225-B1B4-1ECAB210D742} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6332312 2021-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {C12A1962-9635-4527-A4DF-DA0B7206EBF3} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [108872 2021-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {C22C7785-E77A-49D7-819B-A6B00CD05D87} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22797704 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {C5AAF881-4C44-4EEE-867D-C091769F3CA7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [6332312 2021-12-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {EBD25561-3D4B-421B-99D8-50B1CAB321B7} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {F1C5573A-A641-4228-88C2-64F8E5DD7461} - System32\Tasks\Microsoft\Windows\Offline Files\Background Synchronization => {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}
Task: {F94C0C57-054C-4AC2-9057-246937934FC5} - System32\Tasks\{BB560199-F897-4C64-9FBB-D53275DBE13E} => "e:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.18.0.111/de/abandoninstall?source=lightinstaller&page=tsPlugin hxxp://ui.skype.com/ui/0/7.18.0.111/de/abandoninstall?source=lightinstaller&page=tsPlugin (Keine Datei)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{464fe82d-2993-469f-a10a-e3b78d1801a9}: [DhcpNameServer] 192.168.10.254
Tcpip\..\Interfaces\{5042b15d-9884-4e3c-a73b-7921f052c2a9}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{638592f2-2a53-4d42-88c3-df0f6df7ac00}: [DhcpNameServer] 192.168.0.142
Tcpip\..\Interfaces\{8b1126e0-1dca-4181-ba41-62ffa6a856c1}: [DhcpNameServer] 192.168.0.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <==== ACHTUNG
Edge:
=======
DownloadDir: C:\Users\dracu\Downloads
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\dracu\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-31]
FireFox:
========
FF DefaultProfile: hzn6vdjy.default
FF ProfilePath: C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\qfvz9mj9.default-release [2022-01-02]
FF ProfilePath: C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default [2021-12-30]
FF NetworkProxy: Mozilla\Firefox\Profiles\hzn6vdjy.default -> socks", "178.197.248.213"
FF Extension: (Avira Browserschutz) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\abs@avira.com.xpi [2019-01-07] [UpdateUrl:hxxps://download.avira.com/package/absnooffers/firefox/update_webext_no_offers.rdf]
FF Extension: (Best Proxy Switcher) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\bestproxyswitcher@bestproxyswitcher.com.xpi [2019-12-10]
FF Extension: (CanvasBlocker) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\CanvasBlocker@kkapsner.de.xpi [2021-11-08]
FF Extension: (Easy Screenshot) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\easyscreenshot@mozillaonline.com.xpi [2021-09-19]
FF Extension: (FoxyProxy Standard) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\foxyproxy@eric.h.jung.xpi [2020-07-30]
FF Extension: (HTTPS Everywhere) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\https-everywhere-eff@eff.org.xpi [2021-04-19] [UpdateUrl:hxxps://www.eff.org/files/https-everywhere-updates.json]
FF Extension: (tb-clear-cache.tooltip) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\tb-clear-cache-single@codefisher.org.xpi [2018-08-25]
FF Extension: (uBlock Origin) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\uBlock0@raymondhill.net.xpi [2021-12-28]
FF Extension: (User-Agent Switcher) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\user-agent-switcher@ninetailed.ninja.xpi [2020-12-10]
FF Extension: (Nehmen Sie vollständige Webseiten auf - FireShot) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}.xpi [2021-09-19]
FF Extension: (JavaScript Toggle On and Off) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{479f0278-2c34-4365-b9f0-1d328d0f0a40}.xpi [2020-12-10]
FF Extension: (NoScript) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2021-12-30]
FF Extension: (Toggle Referrer) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{8883111b-4bc8-4a99-b37f-5672f6cf9597}.xpi [2021-10-25]
FF Extension: (Rakuten Shopping-Assistent) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{939923c3-1d97-423b-9e0a-17d1a9a23aa0}.xpi [2021-10-11]
FF Extension: (Video DownloadHelper) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2021-09-19]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default [2021-12-30]
CHR Extension: (Präsentationen) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-07-13]
CHR Extension: (Docs) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-07-13]
CHR Extension: (Google Drive) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-10]
CHR Extension: (YouTube) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-07-13]
CHR Extension: (Avira Password Manager) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-12-28]
CHR Extension: (Tabellen) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-07-13]
CHR Extension: (Avira Browserschutz) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2021-12-28]
CHR Extension: (Google Docs Offline) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-12-09]
CHR Extension: (IGRAAL : Cashback & Gutscheine) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2021-12-26]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-09-25]
CHR Extension: (Google Mail) - C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-10]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
Opera:
=======
OPR Profile: C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable [2020-12-26]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Avira Safe Shopping) - C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo [2020-12-26]
OPR Extension: (Rich Hints Agent) - C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2020-12-26]
OPR Extension: (Avira Password Manager) - C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngohaaocccbohaffogpbgfpmpgbcgccg [2020-12-26]
OPR Extension: (Free Avira Phantom VPN – Entsperrt Webseiten) - C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\pcgkmkjdikhiodinhloioejnpjgmfigd [2020-12-26]
Brave:
=======
BRA Profile: C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2021-11-16]
BRA StartupUrls: Default -> "hxxps://www.google.com/"
BRA DefaultSearchKeyword: Default -> :g
BRA Extension: (MyJDownloader Browser Extension) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fbcohnmimjicjdomonkcbcpbpnhggkip [2021-09-19]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2021-11-16]
BRA Extension: (Brave Ad Block Updater (Default)) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\cffkpbalmllkdoenhmdmpbkajipdjfam [2021-11-16]
BRA Extension: (Brave Tor Client Updater (Windows)) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\cpoalefficncklhjfpglfiplenlpccdb [2020-08-20]
BRA Extension: (Brave SpeedReader Updater) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\jicbkmdloagakknpihibphagfckhjdih [2021-11-16]
BRA Extension: (Brave NTP sponsored images) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\obbokncgfcbepeipkhpdepjjoncelefj [2021-11-16]
BRA Extension: (Brave HTTPS Everywhere Updater) - C:\Users\dracu\AppData\Local\BraveSoftware\Brave-Browser\User Data\oofiananboodjbbmdelgdommihjbkfag [2021-11-16]
StartMenuInternet: Brave - C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-02] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [157320 2019-12-02] (Brave Software, Inc. -> BraveSoftware Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12129128 2021-12-10] (Microsoft Corporation -> Microsoft Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [176128 2014-06-24] (HP) [Datei ist nicht signiert]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-12-30] (Malwarebytes Inc -> Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [Datei ist nicht signiert]
S3 PAExec; C:\Windows\PAExec.exe [189112 2015-11-07] (Power Admin LLC -> Power Admin LLC)
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [Datei ist nicht signiert]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2015-12-11] (Even Balance, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\NisSrv.exe [2876152 2021-12-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2111.5-0\MsMpEng.exe [128360 2021-12-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 FoxitReaderService; "C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [160176 2021-12-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-30] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-12-30] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [193448 2022-01-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69040 2022-01-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-12-30] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [149424 2022-01-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2015-11-10] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [40664 2013-08-22] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 uvhid; C:\WINDOWS\System32\drivers\uvhid.sys [28128 2019-08-04] (Unified Intents AB -> Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2021-12-30] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [435432 2021-12-30] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86248 2021-12-30] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-01-02 13:16 - 2022-01-02 13:16 - 000193448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2022-01-02 13:15 - 2022-01-02 13:15 - 000149424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2022-01-02 13:15 - 2022-01-02 13:15 - 000069040 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2022-01-02 13:15 - 2022-01-02 13:15 - 000000000 ____D C:\Users\dracu\AppData\LocalLow\IGDump
2022-01-02 13:12 - 2022-01-02 13:12 - 000000000 ____D C:\ProgramData\Ubisoft
2021-12-31 10:07 - 2021-12-31 10:09 - 000000000 ____D C:\Users\dracu\AppData\Roaming\Breitbandmessung
2021-12-31 10:07 - 2021-12-31 10:07 - 000002354 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Breitbandmessung.lnk
2021-12-31 10:07 - 2021-12-31 10:07 - 000002342 _____ C:\Users\Public\Desktop\Breitbandmessung.lnk
2021-12-31 10:07 - 2021-12-31 10:07 - 000000000 ____D C:\Users\dracu\AppData\Local\breitbandmessung-updater
2021-12-31 10:07 - 2021-12-31 10:07 - 000000000 ____D C:\Program Files\Breitbandmessung
2021-12-31 10:06 - 2021-12-31 10:07 - 139916136 _____ (zafaco GmbH) C:\Users\dracu\Downloads\Breitbandmessung-win.exe
2021-12-31 01:10 - 2021-12-31 01:13 - 000000000 ____D C:\AdwCleaner
2021-12-31 01:10 - 2021-12-31 01:10 - 008540344 _____ (Malwarebytes) C:\Users\dracu\Downloads\adwcleaner_8.3.1.exe
2021-12-31 00:00 - 2021-12-31 00:02 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2021-12-30 23:56 - 2021-12-30 23:57 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-12-30 23:56 - 2021-12-30 23:56 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-12-30 23:56 - 2021-12-30 23:56 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2021-12-30 23:56 - 2021-12-30 23:56 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-12-30 23:56 - 2021-12-30 23:56 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-12-30 23:52 - 2021-12-30 23:52 - 000333960 _____ (Mozilla) C:\Users\dracu\Downloads\Firefox Installer.exe
2021-12-30 23:45 - 2021-12-30 23:45 - 004029464 _____ (Irfan Skiljan) C:\Users\dracu\Downloads\iview459g_x64_setup.exe
2021-12-30 23:43 - 2021-12-30 23:43 - 000000000 ____D C:\Users\Public\Documents\AdobeGCInfo
2021-12-30 22:53 - 2021-12-30 22:53 - 000347875 _____ C:\Users\dracu\Documents\MS Office verlaengert - Screenshots.pdf
2021-12-30 21:23 - 2021-12-31 00:47 - 000069731 _____ C:\Users\dracu\Downloads\Shortcut.txt
2021-12-30 21:16 - 2022-01-02 13:19 - 000051667 _____ C:\Users\dracu\Downloads\Addition.txt
2021-12-30 21:14 - 2022-01-02 13:31 - 000025103 _____ C:\Users\dracu\Downloads\FRST.txt
2021-12-30 21:14 - 2022-01-02 13:31 - 000000000 ____D C:\FRST
2021-12-30 21:14 - 2021-12-30 21:14 - 002311168 _____ (Farbar) C:\Users\dracu\Downloads\FRST64.exe
2021-12-30 21:01 - 2021-12-30 21:01 - 000000000 ____D C:\Users\dracu\AppData\Local\mbam
2021-12-30 20:59 - 2021-12-30 20:59 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-12-30 20:59 - 2021-12-30 20:59 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-12-30 20:59 - 2021-12-30 20:59 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-12-30 20:59 - 2021-12-30 20:59 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-12-30 20:59 - 2021-12-30 20:59 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-12-30 20:59 - 2021-12-30 20:59 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-12-30 20:58 - 2021-12-30 20:58 - 002910904 _____ (Malwarebytes) C:\Users\dracu\Downloads\MBSetup.exe
2021-12-30 20:58 - 2021-12-30 20:58 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-12-30 20:58 - 2021-12-30 20:58 - 000000000 ____D C:\Program Files\Malwarebytes
2021-12-30 20:57 - 2021-12-30 20:57 - 000000000 ____D C:\WINDOWS\Panther
2021-12-30 20:51 - 2021-12-30 20:51 - 079075480 _____ (F-Secure Corporation) C:\Users\dracu\Downloads\Freedome_pid-6661000+aid-1m96vgw16o0iu9_.exe
2021-12-30 20:51 - 2021-12-30 20:51 - 001682072 _____ (F-Secure Corporation) C:\Users\dracu\Downloads\FSecureIDPWin_pid-6661000+aid-1q0l0m61hbe0y2_.exe
2021-12-30 20:49 - 2021-12-30 20:49 - 001690776 _____ (F-Secure Corporation) C:\Users\dracu\Downloads\F-Secure-Safe-Network-Installer_16ddvt1f3a11r_.exe
2021-12-23 08:15 - 2021-12-23 08:15 - 000000000 ___RD C:\Users\dracu\Documents\Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe!App
2021-12-19 17:33 - 2021-12-19 17:33 - 000000000 ____D C:\WINDOWS\SystemTemp
2021-12-19 17:25 - 2021-12-19 17:25 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-12-19 17:25 - 2021-12-19 17:25 - 000011979 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-12-19 17:24 - 2021-12-19 17:24 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-12-19 17:24 - 2021-12-19 17:24 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-12-19 17:11 - 2021-12-19 17:11 - 000000000 ___HD C:\$WinREAgent
2021-12-17 11:36 - 2021-12-17 11:36 - 000002014 _____ C:\Users\Public\Desktop\PDFsam Basic.lnk
2021-12-17 11:36 - 2021-12-17 11:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFsam Basic
2021-12-17 11:36 - 2021-12-17 11:36 - 000000000 ____D C:\Program Files\PDFsam Basic
2021-12-03 19:02 - 2021-12-03 19:02 - 002531832 _____ (Adobe Inc.) C:\Users\dracu\Downloads\Acrobat_DC_Set-Up.exe
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-01-02 13:30 - 2020-06-10 17:18 - 000000000 ____D C:\ProgramData\Mozilla
2022-01-02 13:30 - 2016-11-18 23:35 - 000000000 ____D C:\Users\dracu\AppData\LocalLow\Mozilla
2022-01-02 13:20 - 2021-10-11 22:26 - 001722788 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-01-02 13:20 - 2019-12-07 15:50 - 000744794 _____ C:\WINDOWS\system32\perfh007.dat
2022-01-02 13:20 - 2019-12-07 15:50 - 000150180 _____ C:\WINDOWS\system32\perfc007.dat
2022-01-02 13:20 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2022-01-02 13:16 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-01-02 13:16 - 2016-02-02 20:00 - 000000000 ____D C:\SteamLibrary
2022-01-02 13:15 - 2021-10-11 22:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-01-02 13:15 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-01-02 13:15 - 2019-08-25 13:00 - 000000000 ____D C:\ProgramData\Unified Remote
2022-01-02 13:15 - 2016-08-05 22:02 - 000000000 ____D C:\ProgramData\NVIDIA
2022-01-02 13:15 - 2015-11-07 00:33 - 000000000 __SHD C:\Users\dracu\IntelGraphicsProfiles
2022-01-02 13:12 - 2016-09-16 23:09 - 000000000 ____D C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2022-01-02 13:12 - 2016-09-16 23:09 - 000000000 ____D C:\Users\dracu\AppData\Local\Ubisoft Game Launcher
2022-01-02 13:11 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-01-02 13:11 - 2017-12-08 15:12 - 000000000 ____D C:\Users\dracu\AppData\Local\Packages
2022-01-02 13:08 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-01-02 13:05 - 2015-11-08 14:12 - 000000000 ____D C:\Program Files\VideoLAN
2022-01-02 13:04 - 2015-11-07 00:50 - 000000000 ____D C:\totalcmd
2022-01-02 13:01 - 2017-12-10 19:36 - 000000000 ____D C:\Users\dracu\AppData\Roaming\concept design
2022-01-02 13:01 - 2017-12-10 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\concept design
2022-01-02 13:01 - 2017-12-10 19:36 - 000000000 ____D C:\Program Files (x86)\concept design
2022-01-02 13:00 - 2015-11-07 14:54 - 000000000 ____D C:\Users\dracu\AppData\Local\GHISLER
2022-01-02 12:59 - 2021-10-11 22:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-01-02 12:35 - 2018-12-01 13:39 - 000000000 ____D C:\Users\dracu\AppData\Roaming\Thunderbird
2021-12-31 10:04 - 2017-12-22 13:08 - 000000000 ____D C:\Users\dracu\AppData\Local\PlaceholderTileLogoFolder
2021-12-31 00:36 - 2015-11-07 15:52 - 000000000 ____D C:\ProgramData\Package Cache
2021-12-31 00:23 - 2021-10-11 22:21 - 000452144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-12-31 00:11 - 2015-11-17 12:42 - 000000000 ____D C:\Users\dracu\AppData\Roaming\AIMP
2021-12-31 00:11 - 2015-11-17 12:42 - 000000000 ____D C:\Program Files (x86)\AIMP
2021-12-31 00:07 - 2016-10-15 21:18 - 000000000 ____D C:\Users\dracu\AppData\Roaming\Mumble
2021-12-31 00:04 - 2015-12-04 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2021-12-31 00:02 - 2018-05-13 23:21 - 000000000 ____D C:\Users\dracu\AppData\Roaming\IrfanView
2021-12-30 23:47 - 2020-07-13 10:00 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-30 23:44 - 2021-10-14 15:46 - 000000000 ____D C:\ProgramData\Adobe
2021-12-30 23:44 - 2021-10-14 15:46 - 000000000 ____D C:\Program Files\Common Files\Adobe
2021-12-30 22:45 - 2019-12-07 10:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-12-30 22:17 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-12-30 21:37 - 2018-05-19 20:32 - 000000000 ____D C:\Users\dracu\AppData\Local\D3DSCache
2021-12-30 21:31 - 2018-03-19 23:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-12-30 20:59 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-12-30 20:57 - 2019-03-11 21:41 - 000000000 ____D C:\Program Files (x86)\Avira
2021-12-30 20:54 - 2015-11-07 21:03 - 000000000 ____D C:\ProgramData\Avira
2021-12-30 20:53 - 2021-04-17 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2021-12-28 22:03 - 2018-04-06 21:20 - 000000000 ____D C:\Download_JD_C
2021-12-19 17:43 - 2015-11-07 01:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-12-19 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-12-19 17:09 - 2015-11-07 14:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-12-19 17:02 - 2021-02-08 23:19 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-19 17:02 - 2021-02-08 23:19 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-19 17:02 - 2015-11-07 14:14 - 137938848 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-12-15 19:05 - 2019-12-02 21:32 - 000002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brave.lnk
2021-12-15 19:05 - 2019-12-02 21:32 - 000002369 _____ C:\Users\Public\Desktop\Brave.lnk
2021-12-10 19:31 - 2021-10-14 21:53 - 000002364 _____ C:\Users\dracu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-12-10 19:31 - 2021-10-14 21:53 - 000002356 _____ C:\Users\dracu\Desktop\Microsoft Teams.lnk
2021-12-10 19:25 - 2015-11-07 00:27 - 000000000 ____D C:\Users\dracu\AppData\Roaming\Adobe
2021-12-09 19:38 - 2021-11-17 22:48 - 000003606 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7bee68690ef32
2021-12-09 19:38 - 2021-10-11 22:33 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-12-03 19:28 - 2021-10-11 19:31 - 000035709 _____ C:\Users\dracu\.sambox.cache
2021-12-03 19:24 - 2018-07-03 21:43 - 000000000 ____D C:\ProgramData\Packages
2021-12-03 19:03 - 2015-11-14 01:04 - 000000000 ____D C:\Users\dracu\AppData\Local\Adobe
2021-12-03 18:55 - 2021-11-10 20:59 - 000000000 ____D C:\Users\dracu\AppData\Roaming\Foxit Software
2021-12-03 15:59 - 2021-10-11 22:33 - 000003654 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineUA
2021-12-03 15:59 - 2021-10-11 22:33 - 000003530 _____ C:\WINDOWS\system32\Tasks\BraveSoftwareUpdateTaskMachineCore
2021-12-03 15:59 - 2019-12-02 21:32 - 000000000 ____D C:\Program Files (x86)\BraveSoftware
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2016-03-15 16:10 - 2016-03-15 16:10 - 000000267 _____ () C:\ProgramData\fontcacheev1.dat
2015-11-07 00:48 - 2018-05-20 14:23 - 000000000 _____ () C:\Users\dracu\AppData\Local\BluetoothPresent.flag
2015-11-07 00:48 - 2018-05-20 14:23 - 000000000 _____ () C:\Users\dracu\AppData\Local\Driver_Jupiter_01Present.flag
2021-12-03 19:24 - 2021-12-30 23:43 - 000000205 _____ () C:\Users\dracu\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-12-2021
durchgeführt von dracu (02-01-2022 13:32:12)
Gestartet von C:\Users\dracu\Downloads
Microsoft Windows 10 Home Version 20H2 19042.1415 (X64) (2021-10-11 21:34:02)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-465889627-1915634839-1743452103-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-465889627-1915634839-1743452103-503 - Limited - Disabled)
dracu (S-1-5-21-465889627-1915634839-1743452103-1001 - Administrator - Enabled) => C:\Users\dracu
dracula (S-1-5-21-465889627-1915634839-1743452103-1004 - Limited - Enabled) => C:\Users\dracula
Gast (S-1-5-21-465889627-1915634839-1743452103-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-465889627-1915634839-1743452103-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
64 Bit HP CIO Components Installer (HKLM\...\{BC741628-0AFC-405C-8946-DD46D1005A0A}) (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Apple Application Support (32-Bit) (HKLM-x32\...\{308F2F8C-9D33-4B22-8A6C-D9C13DBEF8C6}) (Version: 7.0.2 - Apple Inc.)
AuthenTec TrueAPI (HKLM\...\{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}) (Version: 1.3.0.151 - AuthenTec, Inc.) Hidden
Bierbuden Autoupdate (remove only) (HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Bierbuden Autoupdate) (Version: - )
Brave (HKLM-x32\...\BraveSoftware Brave-Browser) (Version: 96.1.33.106 - Die Brave-Autoren)
Breitbandmessung 3.1.0 (HKLM\...\14607473-30db-509f-94f0-bb7c085c619e) (Version: 3.1.0 - zafaco GmbH)
GamersFirst LIVE! (HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\GamersFirst LIVE!) (Version: - GamersFirst)
GMX ProfiFax (HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\GMXProfiFax) (Version: 1.5.0 - 1un1 Mail and Media GmbH)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 15.0.15188.2008 - Hewlett-Packard)
hppM276LaserJetService (HKLM-x32\...\{D6610387-8E8B-48ED-AB1C-0D38DFE31C55}) (Version: 001.019.00639 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM-x32\...\{E35D0ED5-716B-4E1F-8477-54DD746DF527}) (Version: 140.040.00231 - Hewlett Packard) Hidden
hpStatusAlertsM276 (HKLM-x32\...\{FFD4184D-7EC6-476E-9A72-E83412AB9D3B}) (Version: 050.034.00131 - Hewlett-Packard) Hidden
Killer Performance Suite (HKLM-x32\...\{4C941774-4366-4C56-93CC-19C5E364E5B0}) (Version: 1.1.69.1774 - Rivet Networks)
Killer Wireless-N Drivers (HKLM\...\{9620A3CC-587B-4E1B-90A6-8AD04D222954}) (Version: 1.1.69.1774 - Rivet Networks) Hidden
Malwarebytes version 4.5.0.152 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.0.152 - Malwarebytes)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.14701.20262 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.62 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.62 - Microsoft Corporation)
Microsoft Office Professional Plus 2019 - de-de (HKLM\...\ProPlus2019Retail - de-de) (Version: 16.0.14701.20262 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\OneDriveSetup.exe) (Version: 19.043.0304.0013 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\OneDriveSetup.exe) (Version: 18.151.0729.0012 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Teams) (Version: 1.4.00.32771 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016 (HKLM-x32\...\{1aaa01ad-3069-4288-9c6f-37a140a8f6c7}) (Version: 14.27.29016.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
MKVToolNix 8.6.1 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.6.1 - Moritz Bunkus)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 95.0.2 (x64 de)) (Version: 95.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 95.0.2 - Mozilla)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14701.20262 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20248 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14701.20262 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.14701.20248 - Microsoft Corporation) Hidden
onlineTV 16 (HKLM-x32\...\{DBBB91FF-2F98-4B36-9AF3-FD0589CD791C}_is1) (Version: 16.20.9.9 - concept/design GmbH)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenAudible 1.6.7 (HKLM\...\7008-5171-7013-3819) (Version: 1.6.7 - openaudible.org)
PDFsam Basic (HKLM\...\{06C071AD-846F-4E21-A938-63DA54A45EB3}) (Version: 4.2.9.0 - Sober Lemur S.a.s. di Vacondio Andrea)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7898 - Realtek Semiconductor Corp.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 9.21a - Ghisler Software GmbH)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 22.2 - Ubisoft)
Unified Remote (HKLM-x32\...\{415B4714-4F8C-49C6-B310-881EAF892CFB}_is1) (Version: 3.7.0 - Unified Intents AB)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{B652B695-C849-4EF2-B09A-72771C7AD2BA}) (Version: 2.71.0.0 - Microsoft Corporation)
VdhCoApp 1.2.4 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10-Update-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.23367 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM\...\{68C9C2A4-C212-4310-AB68-12F97050A416}) (Version: 3.2.2110.14001 - Microsoft Corporation)
WISO steuer:Sparbuch 2016 (HKLM-x32\...\{0459DDD1-F6B6-4BEA-901F-C8907C8F01F5}) (Version: 23.00.1146 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2017 (HKLM-x32\...\{5D96B9D7-8324-4674-94A8-9C09EFCB620A}) (Version: 24.05.1582 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2018 (HKLM-x32\...\{973E6FE8-0E6B-40DA-BD23-2445E4DA8C01}) (Version: 25.01.1436 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2019 (HKLM-x32\...\{8853EAA4-BE38-4ED1-BDB8-7043980B38C0}) (Version: 26.04.1771 - Buhl Data Service GmbH)
WISO steuer:Sparbuch 2020 (HKLM-x32\...\{050250C5-C97E-4D4B-8E02-FBE34B2A0FEB}) (Version: 27.03.1674 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2021 (HKLM-x32\...\{E0F9E4AD-386E-4063-AAEA-BE15FB137AE1}) (Version: 28.02.1946 - Buhl Data Service GmbH)
Packages:
=========
Audible - Hörbuch und Hörspiel App -> C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2 [2021-09-23] (Audible Inc)
Drawboard PDF -> C:\Program Files\WindowsApps\DRAWBOARD.DRAWBOARDPDF_6.7.16.0_x64__gqbn7fs4pywxm [2021-12-23] (Drawboard)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_133.1.340.0_x64__v10z8vjag6ke6 [2021-12-19] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-12-10] (Apple Inc.) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-10-11] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-10-11] (Microsoft Corporation) [MS Ad]
Mind Maps Pro -> C:\Program Files\WindowsApps\BallardAppCraftery.MindMapsPro2Beta_1.1.27.0_x64__epyrqhfctk40t [2020-07-06] (User Camp)
Penbook -> C:\Program Files\WindowsApps\36376UserCamp.Penbook_2.1.30.0_x64__t7afzrbtd67z0 [2020-06-30] (User Camp)
WiFi Tool -> C:\Program Files\WindowsApps\53028HelgeMagnusKeck.WiFiTool_1.6.31.0_x64__kmtq5bk764tmy [2021-10-15] (WiFi Tools)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-465889627-1915634839-1743452103-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\dracu\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21264.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-465889627-1915634839-1743452103-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll -> Keine Datei
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-30] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers4: [AIMP] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP\System\aimp_menu64.dll -> Keine Datei
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-12-30] (Malwarebytes Corporation -> Malwarebytes)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2009-09-16 18:44 - 2009-09-16 18:44 - 000153088 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\hptcpmib.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000331264 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\HpTcpMon.dll
2009-09-16 11:44 - 2009-09-16 11:44 - 000132096 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\WINDOWS\System32\hpzjrd01.dll
2014-06-24 23:31 - 2014-06-24 23:31 - 000041472 _____ (Hewlett-Packard Company) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\HP\HPLaserJetService\HPHTTPProxy.dll
2014-06-24 23:31 - 2014-06-24 23:31 - 000073728 _____ (Hewlett-Packard Company) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\HP\HPLaserJetService\HPTools.dll
2014-06-24 23:31 - 2014-06-24 23:31 - 001222656 _____ (Hewlett-Packard Company) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\HP\HPLaserJetService\LEDMXMLObjects.dll
2011-04-13 16:08 - 2011-04-13 16:08 - 000050688 _____ (Hewlett-Packard) [Datei ist nicht signiert] c:\windows\system32\hpzinw12.dll
2011-04-13 16:08 - 2011-04-13 16:08 - 000066048 _____ (Hewlett-Packard) [Datei ist nicht signiert] c:\windows\system32\hpzipm12.dll
2014-06-24 23:31 - 2014-06-24 23:31 - 000034816 _____ (HP) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\HP\HPLaserJetService\HPServiceCommunicator.dll
2009-09-16 18:45 - 2009-09-16 18:45 - 000317440 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\WINDOWS\System32\HPTcpMUI.dll
2016-03-04 22:14 - 2016-06-14 21:01 - 001298640 _____ (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert] C:\Program Files\NVIDIA Corporation\NvStreamSrv\rxinput.dll
2019-08-25 13:00 - 2016-10-10 05:27 - 000556544 _____ (Soft Service Company) [Datei ist nicht signiert] C:\Program Files (x86)\Unified Remote 3\wcl.dll
2019-08-25 13:00 - 2016-09-23 14:08 - 001283584 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Unified Remote 3\LIBEAY32MD.dll
2019-08-25 13:00 - 2016-09-23 14:08 - 000255488 _____ (The OpenSSL Project, hxxp://www.openssl.org/) [Datei ist nicht signiert] C:\Program Files (x86)\Unified Remote 3\SSLEAY32MD.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-06] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\123simsen.com -> www.123simsen.com
Da befinden sich 7935 mehr Seiten.
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-465889627-1915634839-1743452103-1004\...\123simsen.com -> www.123simsen.com
Da befinden sich 7933 mehr Seiten.
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2017-04-08 16:50 - 2017-04-08 16:56 - 000454662 _____ C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 rad.msn.com
127.0.0.1 live.rads.msn.com
127.0.0.1 ads1.msn.com
127.0.0.1 static.2mdn.net
127.0.0.1 g.msn.com
127.0.0.1 a.ads2.msads.net
127.0.0.1 b.ads2.msads.net
127.0.0.1 ac3.msn.com
127.0.0.1 apps.skype.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
Da befinden sich 15603 zusätzliche Einträge.
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;c:\windows\system32;c:\windows;c:\windows\system32\wbem;c:\windows\system32\windowspowershell\v1.0\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
HKU\S-1-5-21-465889627-1915634839-1743452103-1004\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\StartupApproved\Run: => "NoIPDUCv4"
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\StartupApproved\Run: => "XperiaCompanionAgent"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{C5ED3A27-C85A-4E98-9CA8-518A8501E388}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{48124AD1-88EE-4681-B829-C2E60F1CE4DC}C:\program files (x86)\zoiper\zoiper.exe] => (Allow) C:\program files (x86)\zoiper\zoiper.exe => Keine Datei
FirewallRules: [TCP Query User{6D0E7FBA-AB08-4CA9-8FF5-6762194DB19B}C:\program files (x86)\zoiper\zoiper.exe] => (Allow) C:\program files (x86)\zoiper\zoiper.exe => Keine Datei
FirewallRules: [{8932E0D1-EDD2-4C5E-A628-914B595FD7D7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BBE36D70-7191-4927-BFA0-481084430F91}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6FB053C9-4999-4580-B396-4002AB6C8D3A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{5D8305FF-DF14-46DB-A381-E7BA9825F474}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{93763B12-FBF6-46B0-82B1-1CED815C1892}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{BF73EEF8-7C7A-47FC-ADC9-073010E4877A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{52F44AF8-6353-41C6-B033-686C9963CF1E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{FB8C6963-9D8B-4EF1-B960-16BA7A1A58E3}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12121.1.54014.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7AD07112-94CD-4BAC-8B2C-CC399B1A428D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{11F96596-0C3C-49E7-B1C5-D658ACEA1E5E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{364B324F-BBEF-4303-8C5C-D8AE43C97E66}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{06202C48-65DD-43B8-8C2C-B71C4BABF9D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AD95D494-27C4-4667-8E68-3694E7B8AC21}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6F64AAF7-DB17-4915-A0D1-D235D46EA617}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{627553DF-0D64-4A80-BFD7-73502B89569D}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{F5ABB1A3-6830-4173-B424-4D2BD60E4FBC}] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe => Keine Datei
FirewallRules: [{4343FD89-F2C9-4ED5-85E5-E626CE619A2B}] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe => Keine Datei
FirewallRules: [UDP Query User{9E46ACE0-F3F7-4089-9B40-077E4046C6EC}E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe => Keine Datei
FirewallRules: [TCP Query User{29ABDBD5-F9AE-4D13-8C6C-E2AB0AEDA4D4}E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\racededicatedserver_steam.exe => Keine Datei
FirewallRules: [{2B14893D-9D28-4AE0-BE85-ACBD380D5430}] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe => Keine Datei
FirewallRules: [{6EB0145C-8CE5-4D36-B22E-26D860A0278B}] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe => Keine Datei
FirewallRules: [UDP Query User{1839E9FE-EDEB-48A8-B1AE-B201F82171D8}E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe => Keine Datei
FirewallRules: [TCP Query User{B631EDF4-EFD7-4723-AFDF-4C29768D5FB8}E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe] => (Allow) E:\program files (x86)\steam\steamapps\common\race 07\race_steam.exe => Keine Datei
FirewallRules: [{A1705055-4EB5-497E-931C-2DC9B2CA22DA}] => (Allow) E:\program files (x86)\mumble\murmur.exe => Keine Datei
FirewallRules: [{860FD979-8379-425B-A5AA-5A972B79C110}] => (Allow) E:\program files (x86)\mumble\murmur.exe => Keine Datei
FirewallRules: [UDP Query User{E4A7A97B-55EA-49D8-8235-AC9B479EDAC2}E:\program files (x86)\mumble\murmur.exe] => (Allow) E:\program files (x86)\mumble\murmur.exe => Keine Datei
FirewallRules: [TCP Query User{CE8D067D-18DC-44DD-81D3-25222D9BF0FB}E:\program files (x86)\mumble\murmur.exe] => (Allow) E:\program files (x86)\mumble\murmur.exe => Keine Datei
FirewallRules: [{B631AEB5-7AB5-4597-AB8D-FF746D946EFA}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe => Keine Datei
FirewallRules: [{B8A3E48A-9F01-48AC-B6A2-A041AF0CE7F0}] => (Allow) E:\Program Files (x86)\Steam\bin\steamwebhelper.exe => Keine Datei
FirewallRules: [{2F0CA165-8717-4AE8-AFBE-4B223BFB579E}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{8198180B-8028-4CC0-A091-6F33C92E0899}] => (Allow) E:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{433D5D5C-2C59-48B2-B51C-BD2BD8D25782}] => (Allow) e:\Program Files (x86)\Mozilla Firefox\firefox.exe => Keine Datei
FirewallRules: [{E2F328C0-5DDA-408B-9AB3-7C5E049FCEF9}] => (Allow) e:\Program Files (x86)\Mozilla Firefox\firefox.exe => Keine Datei
FirewallRules: [{A17BE05E-BE4A-4031-B9AE-E1BFF1427BE4}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe => Keine Datei
FirewallRules: [{B289F11B-8763-48F8-A8A2-B621B8C7F2A5}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe => Keine Datei
FirewallRules: [{F33A39EE-85B7-46F2-B251-A0F875D2A989}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe => Keine Datei
FirewallRules: [{96D6C3AD-AB1C-446C-97EE-B9AA10E28302}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe => Keine Datei
FirewallRules: [TCP Query User{E315B37A-A296-4C9F-8BBE-143EFD730F55}E:\programme\python27\pythonw.exe] => (Allow) E:\programme\python27\pythonw.exe => Keine Datei
FirewallRules: [UDP Query User{4C37739F-EB98-42A1-9144-412711216599}E:\programme\python27\pythonw.exe] => (Allow) E:\programme\python27\pythonw.exe => Keine Datei
FirewallRules: [{E1E55271-C2F9-413F-B803-96C91948C7FD}] => (Allow) C:\HP_LaserJet_200_color_MFP_M276\Installer\hpbcsiInstaller.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{EDBA7A01-1DAC-4827-956E-AB94AA059302}] => (Allow) C:\HP_LaserJet_200_color_MFP_M276\Installer\hpbcsiInstaller.exe (Hewlett-Packard Company -> Hewlett-Packard Company)
FirewallRules: [{44E05BE1-D01E-446C-8F18-245710072655}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{667C4014-B2FA-4DEE-B862-B72EB6148B2E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe (Even Balance, Inc. -> )
FirewallRules: [{8FF62F3A-0A11-4C05-924C-D138DD838184}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{953D3F0F-1A43-4761-ABC8-9951DE7AE1C5}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe (Even Balance, Inc. -> )
FirewallRules: [{4385F523-DECB-4810-AB3D-9FB2542EE674}] => (Allow) E:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe => Keine Datei
FirewallRules: [{66B9E3C7-8FEF-4536-A071-27385A2FE85F}] => (Allow) E:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe => Keine Datei
FirewallRules: [{2DF908F4-86E0-4E70-9094-7A40B9661F5B}] => (Allow) E:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe => Keine Datei
FirewallRules: [{315435B3-606D-4C35-AD57-25FB14FD19FC}] => (Allow) E:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe => Keine Datei
FirewallRules: [TCP Query User{19F7E8DD-F139-4977-AF7E-C44D80797743}E:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) E:\program files (x86)\myphoneexplorer\myphoneexplorer.exe => Keine Datei
FirewallRules: [UDP Query User{E1BD961F-C095-420B-82FB-429879F456EA}E:\program files (x86)\myphoneexplorer\myphoneexplorer.exe] => (Allow) E:\program files (x86)\myphoneexplorer\myphoneexplorer.exe => Keine Datei
FirewallRules: [{D894783A-340A-4336-AC05-B412CE564DC4}] => (Allow) E:\Program Files (x86)\Tunngle\TnglCtrl.exe => Keine Datei
FirewallRules: [{C47542C6-3DBA-45EA-AEB3-D62A9135D027}] => (Allow) E:\Program Files (x86)\Tunngle\TnglCtrl.exe => Keine Datei
FirewallRules: [{D96FE917-EF8F-4CC0-9D4C-60C60A846704}] => (Allow) E:\Program Files (x86)\Tunngle\Tunngle.exe => Keine Datei
FirewallRules: [{45901C50-D4BA-4D0E-9D67-403A8CA00BF9}] => (Allow) E:\Program Files (x86)\Tunngle\Tunngle.exe => Keine Datei
FirewallRules: [{B6964316-AC57-488E-AC6D-3CEE741FD491}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Street Racing Syndicate\Bin\SRS.EXE => Keine Datei
FirewallRules: [{2F9E8FF8-9DF8-48B9-9E7D-F310613F0F6C}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Street Racing Syndicate\Bin\SRS.EXE => Keine Datei
FirewallRules: [{0EB00190-D849-4EA2-8143-A9C5C8FE9EDD}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{4FEAB817-6195-4D43-A11A-F7AADAB61103}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{24D1DFED-A6EF-4CD0-902A-E0275B154D7F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => Keine Datei
FirewallRules: [{B96BA975-05EA-4F9F-92B0-4C3FBF633374}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe => Keine Datei
FirewallRules: [{A7D99F6F-5030-48A8-8E4E-BF4C48485155}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{F9503DD1-BA04-4794-8AEE-47E90F572026}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{A62A235C-BFAD-436E-809A-D3C0B5FCA24E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{FEBF4BF6-5278-423A-93FB-CCAC2A2C4B41}] => (Allow) C:\Program Files (x86)\WISO\Steuersoftware 2016\wmain16.dll (Buhl Data Service GmbH -> )
FirewallRules: [{211FFED5-DC1B-4E76-8D76-4171EF8917D5}] => (Allow) C:\Program Files (x86)\WISO\Steuersoftware 2016\wmain16.dll (Buhl Data Service GmbH -> )
FirewallRules: [{09C335A5-7E00-4EBF-9EE0-9CA887BD0D78}] => (Allow) C:\Program Files (x86)\WISO\Steuersoftware 2016\wmain16.dll (Buhl Data Service GmbH -> )
FirewallRules: [{704E90E7-9293-4308-913F-EC76BE5406B1}] => (Allow) C:\Program Files (x86)\WISO\Steuersoftware 2016\wmain16.dll (Buhl Data Service GmbH -> )
FirewallRules: [{8525ED06-0D66-4654-8AA5-66784A470D2E}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{B9450499-AC0C-4F51-9349-BEBD3467F90C}] => (Allow) E:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{40D247A7-87F8-4C25-B691-6705579B5AD8}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB -> Unified Intents AB)
FirewallRules: [{4002AE9A-A2E8-4A45-9689-78F4560E026E}] => (Allow) C:\Program Files (x86)\Unified Remote 3\RemoteServerWin.exe (Unified Intents AB -> Unified Intents AB)
FirewallRules: [{9787F2B4-9DBA-4EC3-A1EB-92EA5DD39F04}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => Keine Datei
FirewallRules: [{2064F384-1831-4161-85F7-AD67D672B02A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe => Keine Datei
FirewallRules: [{ACC6B3CE-99C3-4745-B61D-0FDED2F9D93B}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Torque Drift\TorqueDrift.exe () [Datei ist nicht signiert]
FirewallRules: [{91047375-09B7-478E-92F5-2BDA9641A004}] => (Allow) E:\Program Files (x86)\Steam\steamapps\common\Torque Drift\TorqueDrift.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{89EC9CC4-3726-49E8-B31C-C34B2369C24A}C:\users\dracu\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\dracu\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{175F61E2-E507-4C09-9816-DA436A6FB7AE}C:\users\dracu\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\dracu\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{52653BD5-C376-498F-B084-871291654A59}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6EB815EF-FC2B-4F9D-9304-B647B9C19DF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{C0599CDF-B97F-4A0D-8878-00A6B35F194E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{A2194B97-9B85-49F4-BCB7-773232B7E3C3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{5D5D039D-9A99-4C47-B0F5-A462DA2A7C3E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{59222E80-A26B-4274-8E9E-B10A1F9B80C6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{F537AA1D-B982-4992-A9C3-15822865318C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E85981E4-4176-4389-B2D2-462C2FDA116F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{2D72C414-E9D5-4630-8271-463D7FE7AA16}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{42E11F3F-621C-4486-BAFA-F78565B09977}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D5E677D8-7FEB-4960-8FD2-36339716AEB0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{B405AD98-26D6-4DF3-B22F-77AB0DD26F05}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E07E21B4-6BF5-4C1A-90FD-F092F1584B74}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{420DE6B6-EEAF-42AE-A4E1-6C15E26DE56A}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{C5E628AF-A41F-43FA-8DD8-0AB227CE61FF}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{E1354BBF-6C40-4FFB-AC0E-AA32C3193882}] => (Allow) C:\Program Files (x86)\BraveSoftware\Brave-Browser\Application\brave.exe (Brave Software, Inc. -> Brave Software, Inc.)
FirewallRules: [{5ED6CBDC-3DE8-45AB-8E3B-1E7C77D3C037}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{F353464C-05F8-427E-9B07-057C55704E3C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{91AAFBDA-E799-4DD2-AD7C-AA1B09CF632E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{32EA296E-A6FF-4260-BF3E-C4713AB3B196}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.79.95.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{FC44F024-EB61-4123-A605-186EB479CBA7}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BB83870D-58E7-4366-A714-BAB96BFBEF94}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D0FB2318-B49D-40D6-9C6D-7D1025694E30}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
==================== Wiederherstellungspunkte =========================
ACHTUNG: Systemwiederherstellung ist deaktiviert (Total:105.91 GB) (Free:7.18 GB) (7%)
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (12/31/2021 12:09:24 AM) (Source: MsiInstaller) (EventID: 11310) (User: LU)
Description: Produkt: Mumble 1.3.4 -- Fehler 1310. Fehler beim Schreiben in Datei: E:\Program Files (x86)\Mumble\4775ee.rbf. Systemfehler 1307. Überprüfen Sie, ob Sie auf das Verzeichnis zugreifen können.
Error: (12/31/2021 12:08:07 AM) (Source: MsiInstaller) (EventID: 11310) (User: LU)
Description: Produkt: Mumble 1.3.4 -- Fehler 1310. Fehler beim Schreiben in Datei: E:\Program Files (x86)\Mumble\4775ee.rbf. Systemfehler 1307. Überprüfen Sie, ob Sie auf das Verzeichnis zugreifen können.
Error: (12/31/2021 12:08:06 AM) (Source: MsiInstaller) (EventID: 11310) (User: LU)
Description: Produkt: Mumble 1.3.4 -- Fehler 1310. Fehler beim Schreiben in Datei: E:\Program Files (x86)\Mumble\4775ee.rbf. Systemfehler 1307. Überprüfen Sie, ob Sie auf das Verzeichnis zugreifen können.
Error: (12/31/2021 12:08:05 AM) (Source: MsiInstaller) (EventID: 11310) (User: LU)
Description: Produkt: Mumble 1.3.4 -- Fehler 1310. Fehler beim Schreiben in Datei: E:\Program Files (x86)\Mumble\4775ee.rbf. Systemfehler 1307. Überprüfen Sie, ob Sie auf das Verzeichnis zugreifen können.
Error: (12/31/2021 12:08:05 AM) (Source: MsiInstaller) (EventID: 11310) (User: LU)
Description: Produkt: Mumble 1.3.4 -- Fehler 1310. Fehler beim Schreiben in Datei: E:\Program Files (x86)\Mumble\4775ee.rbf. Systemfehler 1307. Überprüfen Sie, ob Sie auf das Verzeichnis zugreifen können.
Error: (12/30/2021 09:57:27 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile 1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (12/30/2021 08:55:58 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (12/30/2021 08:55:58 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Systemfehler:
=============
Error: (12/31/2021 01:13:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NO-IP DUC v4.1.1" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/31/2021 01:13:48 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (12/31/2021 01:13:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Steam Client Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/31/2021 01:13:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/31/2021 01:13:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP LaserJet Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/31/2021 01:13:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA GeForce Experience Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/31/2021 01:13:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/31/2021 01:13:48 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Windows Defender:
================
Date: 2021-12-30 22:17:44
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {C22694B0-3DE2-441F-926C-AC23DCD0B0D7}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
CodeIntegrity:
===============
Date: 2021-12-30 21:01:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Date: 2021-12-30 20:50:26
Description:
Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Avira\Antivirus\libcurl.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. 4.6.5 10/19/2012
Hauptplatine: CLEVO P170EM
Prozessor: Intel(R) Core(TM) i7-3740QM CPU @ 2.70GHz
Prozentuale Nutzung des RAM: 19%
Installierter physikalischer RAM: 16273.89 MB
Verfügbarer physikalischer RAM: 13062.91 MB
Summe virtueller Speicher: 17853.69 MB
Verfügbarer virtueller Speicher: 14836.64 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:105.91 GB) (Free:7.18 GB) NTFS
Drive e: (daten) (Fixed) (Total:132.03 GB) (Free:1.55 GB) NTFS
\\?\Volume{75cdaf95-0000-0000-0000-100000000000}\ (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS
\\?\Volume{75cdaf95-0000-0000-0000-70801a000000}\ () (Fixed) (Total:0.44 GB) (Free:0.08 GB) NTFS
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: 75CDAF95)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=105.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=132 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt =======================
|
|
03.01.2022, 09:35
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fake Trading Software, evtl. heimlicher Remote Zugriff? Scripting/Repair mit FRST64 WARNUNG AN ALLE MITLESER !!! Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.01.2022, 17:43
| #13 |
| | Fake Trading Software, evtl. heimlicher Remote Zugriff? Fixlog_04-01-2022 17.35.41.txt Code:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 27-12-2021
durchgeführt von dracu (04-01-2022 17:32:15) Run:1
Gestartet von C:\Users\dracu\Downloads
Geladene Profile: dracu & dracula
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CloseProcesses:
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-465889627-1915634839-1743452103-1001\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" (Keine Datei)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <==== ACHTUNG
FF Extension: (Avira Browserschutz) - C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\abs@avira.com.xpi [2019-01-07] [UpdateUrl:https://download.avira.com/package/absnooffers/firefox/update_webext_no_offers.rdf]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Editor\plugins\npFoxitPDFEditorPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo
C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll
C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngohaaocccbohaffogpbgfpmpgbcgccg
C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\pcgkmkjdikhiodinhloioejnpjgmfigd
C:\Program Files (x86)\Spybot - Search & Destroy
C:\Program Files\Adobe
C:\ProgramData\NTUSER.pol
C:\ProgramData\Avira
C:\Program Files (x86)\Avira
C:\Users\ProgramData\AppData\Local\Avira
C:\Users\Default\AppData\Local\Avira
C:\Users\dracu\AppData\Local\Avira
C:\Users\dracula\AppData\Local\Avira
C:\Users\Public\AppData\Local\Avira
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
C:\WINDOWS\system32\Tasks\Avira
C:\WINDOWS\system32\Tasks\Avira_Security_Update
C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate
hosts:
emptytemp:
*****************
Prozesse erfolgreich geschlossen.
"AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}" => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => erfolgreich entfernt
"HKU\S-1-5-21-465889627-1915634839-1743452103-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Acrobat Synchronizer" => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => erfolgreich entfernt
C:\Users\dracu\AppData\Roaming\Mozilla\Firefox\Profiles\hzn6vdjy.default\Extensions\abs@avira.com.xpi => erfolgreich verschoben
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf => erfolgreich entfernt
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp => erfolgreich entfernt
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf => erfolgreich entfernt
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp => erfolgreich entfernt
HKLM\Software\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf => erfolgreich entfernt
C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo => erfolgreich verschoben
C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll => erfolgreich verschoben
C:\Users\dracu\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk => erfolgreich verschoben
C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngohaaocccbohaffogpbgfpmpgbcgccg => erfolgreich verschoben
C:\Users\dracu\AppData\Roaming\Opera Software\Opera Stable\Extensions\pcgkmkjdikhiodinhloioejnpjgmfigd => erfolgreich verschoben
C:\Program Files (x86)\Spybot - Search & Destroy => erfolgreich verschoben
C:\Program Files\Adobe => erfolgreich verschoben
"C:\ProgramData\NTUSER.pol" => nicht gefunden
C:\ProgramData\Avira => erfolgreich verschoben
C:\Program Files (x86)\Avira => erfolgreich verschoben
"C:\Users\ProgramData\AppData\Local\Avira" => nicht gefunden
"C:\Users\Default\AppData\Local\Avira" => nicht gefunden
C:\Users\dracu\AppData\Local\Avira => erfolgreich verschoben
"C:\Users\dracula\AppData\Local\Avira" => nicht gefunden
"C:\Users\Public\AppData\Local\Avira" => nicht gefunden
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira => erfolgreich verschoben
C:\WINDOWS\system32\Tasks\Avira => erfolgreich verschoben
"C:\WINDOWS\system32\Tasks\Avira_Security_Update" => nicht gefunden
"C:\WINDOWS\system32\Tasks\AviraSystemSpeedupUpdate" => nicht gefunden
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
=========== EmptyTemp: ==========
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 36609744 B
Java, Flash, Steam htmlcache => 386243861 B
Windows/system/drivers => 6423401 B
Edge => 190643 B
Chrome => 421254318 B
Brave => 8084354 B
Firefox => 255863413 B
Opera => 15341399 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 126228 B
NetworkService => 133336 B
dracu => 206496103 B
dracula => 206516107 B
RecycleBin => 5247167 B
EmptyTemp: => 1.4 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 17:35:21 ====
|
|
05.01.2022, 04:21
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Fake Trading Software, evtl. heimlicher Remote Zugriff? Kontrollscans mit MBAM und RK Wir sind fast fertig. Jetzt ist es an der Zeit für Kontrollscans mit Poste nach Abschluss der beiden Scans die Logs in CODE-Tags.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.01.2022, 13:45
| #15 |
| | Fake Trading Software, evtl. heimlicher Remote Zugriff? Danke Dir Malwarebytes_05-01-2022 13.00.00.txt Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 05.01.22
Scan-Zeit: 12:46
Protokolldatei: 19ffdd44-6e1d-11ec-8769-0090f5e0779e.json
-Softwaredaten-
Version: 4.5.0.152
Komponentenversion: 1.0.1538
Version des Aktualisierungspakets: 1.0.49438
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 19042.1415)
CPU: x64
Dateisystem: NTFS
Benutzer: LU\dracu
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 349878
Erkannte Bedrohungen: 2
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 3 Min., 48 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 2
PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Keine Aktion durch Benutzer, 6707, 676881, 1.0.49438, , ame, , ,
PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Keine Aktion durch Benutzer, 6707, 676881, 1.0.49438, , ame, , ,
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
RogueKiller_Anti-Malware_05-01-2022 13.34.19.txt Code:
ATTFilter Program : RogueKiller Anti-Malware
Version : 15.1.5.0
x64 : Yes
Program Date : Dec 15 2021
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : Yes
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19042) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : dracu
User is Admin : Yes
Date : 2022/01/05 12:34:19
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 410
Found items : 0
Total scanned : 71570
Signatures Version : 20220103_133653
Truesight Driver : Yes
Updates Count : 2
************************* Warnings *************************
************************* Updates *************************
7-Zip 19.00 (x64) (64-bit), version 19.00
[+] Available Version : 21.07
[+] Size : 4,96 MB
[+] Wow6432 : No
[+] Portable : No
[+] update_location : C:\Program Files\7-Zip\
Microsoft OneDrive (64-bit), version 19.043.0304.0013
[+] Available Version : 21.230.1107.0004
[+] Size : 119 MB
[+] Wow6432 : No
[+] Portable : No
************************* Processes *************************
************************* Modules *************************
************************* Services *************************
************************* Scheduled Tasks *************************
************************* Registry *************************
************************* WMI *************************
************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts
************************* Filesystem *************************
************************* Web Browsers *************************
************************* Antirootkit *************************
|
|
| Themen zu Fake Trading Software, evtl. heimlicher Remote Zugriff? |
| antivirus, auslastung, avira, browser, computer, cpu, desktop, firefox, google, home, internet, internet explorer, langsam, microsoft defender, mozilla, no-ip, port, prozesse, realtek, registry, scan, software, sparbuch, udp, updates, windows |
Linear-Darstellung
