3 Scans durchgeführt Hallo Matthias,
vielen Dank für Deine Antwort.
Ich habe alles wie von Dir beschrieben durchgeführt.
Beste Grüße, Andreas
Logdatei von MBAM: Code:
Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 21.02.21
Scan-Zeit: 15:02
Protokolldatei: 71fbbb6e-744d-11eb-8f42-f07959620f10.json
-Softwaredaten-
Version: 4.3.0.98
Komponentenversion: 1.0.1173
Version des Aktualisierungspakets: 1.0.37341
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 18363.1379)
CPU: x64
Dateisystem: NTFS
Benutzer: Garfield\Odfried
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 406901
Erkannte Bedrohungen: 106
In die Quarantäne verschobene Bedrohungen: 106
Abgelaufene Zeit: 8 Min., 37 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 37
PUP.Optional.DigitalSites, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Digital Sites, In Quarantäne, 1989, 237778, , , , , ,
PUP.Optional.DigitalSites, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{844AD169-9956-4A09-B7AF-B23BF411E026}, In Quarantäne, 1989, 237778, , , , , ,
PUP.Optional.DigitalSites, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{844AD169-9956-4A09-B7AF-B23BF411E026}, In Quarantäne, 1989, 237778, , , , , ,
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, In Quarantäne, 7965, 327193, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\REI_AxControl.DLL, In Quarantäne, 7965, 327193, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, In Quarantäne, 7965, 327193, 1.0.37341, , ame, , ,
RiskWare.Script, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\Odfried, In Quarantäne, 8534, 901769, 1.0.37341, , ame, , ,
RiskWare.Script.MZreg, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\Odfried1, In Quarantäne, 16671, 884748, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\Reimage, In Quarantäne, 7965, 357494, 1.0.37341, , ame, , ,
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, , , , , ,
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, , , , , ,
PUP.Optional.Conduit, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, In Quarantäne, 139, 236865, 1.0.37341, , ame, , ,
PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}, In Quarantäne, 4261, 233272, 1.0.37341, , ame, , ,
PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}, In Quarantäne, 4261, 233272, 1.0.37341, , ame, , ,
PUP.Optional.SweetSearch, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, 5016, 243782, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Fixer - Windows Problem Relief., In Quarantäne, 7965, 709541, 1.0.37341, , ame, , ,
PUP.Optional.IHProtect, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, 6244, 239373, 1.0.37341, , ame, , ,
PUP.Optional.MyStartSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\mystartsearchSoftware, In Quarantäne, 4306, 188665, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, In Quarantäne, 7965, 336077, 1.0.37341, , ame, , ,
PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\SECURITYUTILITY, In Quarantäne, 16593, 879457, 1.0.37341, , ame, , ,
PUP.Optional.InstallCore, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\PRODUCTSETUP, In Quarantäne, 112, 481004, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\REIMAGE\PC REPAIR, In Quarantäne, 7965, 327204, 1.0.37341, , ame, , ,
PUP.Optional.SmartBar, HKLM\SOFTWARE\CLASSES\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}, In Quarantäne, 137, 189776, , , , , ,
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}, In Quarantäne, 137, 189776, , , , , ,
PUP.Optional.SmartBar, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}, In Quarantäne, 137, 189776, , , , , ,
PUP.Optional.HelperBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, 4661, 245666, 1.0.37341, , ame, , ,
PUP.Optional.OpenCandy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OpenCandyHelperRunOnce, In Quarantäne, 108, 241417, 1.0.37341, , ame, , ,
PUP.Optional.OpenCandy, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\OpenCandyHelperRunOnceBB6ACDC106D143A09D6D579818962CD9, In Quarantäne, 108, 241417, 1.0.37341, , ame, , ,
PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\SECURITYUTILITY, In Quarantäne, 16593, 879457, 1.0.37341, , ame, , ,
PUP.Optional.MiuiTab, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, 4781, 240843, 1.0.37341, , ame, , ,
PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, 440, 243702, 1.0.37341, , ame, , ,
PUP.Optional.ChipDe, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\chip 1-click download service, In Quarantäne, 9554, 463412, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, In Quarantäne, 7965, 332494, , , , , ,
PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, In Quarantäne, 7965, 332494, , , , , ,
PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, In Quarantäne, 7965, 332494, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, In Quarantäne, 7965, 327205, 1.0.37341, , ame, , ,
PUP.Optional.TaskRNDM, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}, In Quarantäne, 2398, 169164, 1.0.37341, , ame, , ,
Registrierungswert: 22
PUP.Optional.DigitalSites, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{844AD169-9956-4A09-B7AF-B23BF411E026}|PATH, In Quarantäne, 1989, 258411, 1.0.37341, , ame, , ,
RiskWare.Script, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\Odfried|653, In Quarantäne, 8534, 901769, 1.0.37341, , ame, , ,
RiskWare.Script.MZreg, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\Odfried1|0, In Quarantäne, 16671, 884748, 1.0.37341, , ame, , ,
RiskWare.Script.Powershell, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\ENVIRONMENT|ODFRIED, In Quarantäne, 16611, 911451, 1.0.37341, , ame, , ,
PUP.Optional.Conduit, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, In Quarantäne, 139, 236865, 1.0.37341, , ame, , ,
PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, In Quarantäne, 4261, 233272, 1.0.37341, , ame, , ,
PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FAVICONURL, In Quarantäne, 4261, 233272, 1.0.37341, , ame, , ,
PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, In Quarantäne, 4261, 233272, 1.0.37341, , ame, , ,
RiskWare.Script.Powershell, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|ODFRIED, In Quarantäne, 16611, 903622, 1.0.37341, , ame, , ,
PUP.Optional.SweetSearch, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MOZILLA\EXTENDS|APPID, In Quarantäne, 5016, 243782, 1.0.37341, , ame, , ,
PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\SECURITYUTILITY|INSTALL_DIR, In Quarantäne, 16593, 879457, 1.0.37341, , ame, , ,
PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, In Quarantäne, 16593, -1, 0.0.0, , action, , ,
PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|APPINIT_DLLS, In Quarantäne, 16593, -1, 0.0.0, , action, , ,
PUP.Optional.InstallCore, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\PRODUCTSETUP|TB, In Quarantäne, 112, 481004, 1.0.37341, , ame, , ,
PUP.Optional.Reimage, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, In Quarantäne, 7965, 327204, 1.0.37341, , ame, , ,
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{AE07101B-46D4-4A98-AF68-0333EA26E113}, In Quarantäne, 137, 189776, , , , , ,
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{AE07101B-46D4-4A98-AF68-0333EA26E113}, In Quarantäne, 137, 189776, 1.0.37341, , ame, , ,
PUP.Optional.HelperBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}|URL, In Quarantäne, 4661, 245666, 1.0.37341, , ame, , ,
PUP.Optional.SweetSearch, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|SWEETSEARCH@GMAIL.COM, In Quarantäne, 5016, 243783, 1.0.37341, , ame, , ,
PUP.Optional.CouponMarvel.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\SECURITYUTILITY|INSTALL_DIR, In Quarantäne, 16593, 879457, 1.0.37341, , ame, , ,
PUP.Optional.MiuiTab, HKLM\SOFTWARE\WOW6432NODE\SUPDP|DIR, In Quarantäne, 4781, 240843, 1.0.37341, , ame, , ,
PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|PTID, In Quarantäne, 440, 243702, 1.0.37341, , ame, , ,
Registrierungsdaten: 6
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|DEFAULT_SEARCH_URL, Ersetzt, 4261, 291148, 1.0.37341, , ame, , ,
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|DEFAULT_PAGE_URL, Ersetzt, 4261, 291148, 1.0.37341, , ame, , ,
PUP.Optional.IStartSurf.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, Ersetzt, 4261, 291148, 1.0.37341, , ame, , ,
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SEARCH PAGE, Ersetzt, 4306, 291143, 1.0.37341, , ame, , ,
PUP.Optional.IStartSurf.ShrtCln, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|DEFAULT_PAGE_URL, Ersetzt, 4261, 291146, 1.0.37341, , ame, , ,
PUP.Optional.MyStartSearch.ShrtCln, HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|DEFAULT_SEARCH_URL, Ersetzt, 4306, 291143, 1.0.37341, , ame, , ,
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 1
PUP.Optional.DigitalSites, C:\USERS\ODFRIED\APPDATA\ROAMING\DIGITALSITES, In Quarantäne, 1989, 319816, 1.0.37341, , ame, , ,
Datei: 40
PUP.Optional.DigitalSites, C:\WINDOWS\TASKS\Digital Sites.job, In Quarantäne, 1989, 237778, , , , , 06AEF3333D831B8D8651AA1198037D6E, 2A0B8E5126C5C5B3D91EC22C2C8EDA32F4677B42F088506C3B7BE322613C6737
PUP.Optional.DigitalSites, C:\WINDOWS\SYSTEM32\TASKS\DIGITAL SITES, In Quarantäne, 1989, 237778, 1.0.37341, , ame, , BFDE46BC9A31CE8A3219C0CDE70A2F84, 9A71DFCB0CA96B73A52CAC0327FA46B7F1EAC298B5AB35AEEE2A70085CCC645F
PUP.Optional.FabTabs, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5VXS6ZL8.DEFAULT-1367272190906\EXTENSIONS\FABTAB@CAPTAINCAVEMAN.NL.XPI, In Quarantäne, 6689, 246306, 1.0.37341, , ame, , 72D19F1AD099BF9CF13124A7D844FDA0, 7315DF943DAB658C8385F639840A3ED3075101C850841709389E764124BAADFB
PUP.Optional.SysTweak, C:\WINDOWS\SYSTEM32\ROBOOT64.EXE, In Quarantäne, 2881, 395666, 1.0.37341, , ame, , E78A37BFEF666B8BAA8C1071F4DF9794, 3D0696FD256B67253E951FF2596632CD944CD1422849C680285FB276D2AE8C1E
PUP.Optional.FabTabs, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPCS8WM8.DEFAULT\EXTENSIONS\FABTAB@CAPTAINCAVEMAN.NL.XPI, In Quarantäne, 6689, 246306, 1.0.37341, , ame, , 72D19F1AD099BF9CF13124A7D844FDA0, 7315DF943DAB658C8385F639840A3ED3075101C850841709389E764124BAADFB
PUP.Optional.Babylon, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5VXS6ZL8.DEFAULT-1367272190906\PREFS.JS, Ersetzt, 52, 301501, 1.0.37341, , ame, , 69D9C982ABBE933211D161B35919119F, C65C89FB2BF6C96A1179B099B6EA6FA189106FD4C4141EA70C0F2ECC8328C967
PUP.Optional.Babylon, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5VXS6ZL8.DEFAULT-1367272190906\PREFS.JS, Ersetzt, 52, 301501, 1.0.37341, , ame, , 69D9C982ABBE933211D161B35919119F, C65C89FB2BF6C96A1179B099B6EA6FA189106FD4C4141EA70C0F2ECC8328C967
PUP.Optional.HelperBar, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5VXS6ZL8.DEFAULT-1367272190906\PREFS.JS, Ersetzt, 4661, 301575, 1.0.37341, , ame, , 69D9C982ABBE933211D161B35919119F, C65C89FB2BF6C96A1179B099B6EA6FA189106FD4C4141EA70C0F2ECC8328C967
PUP.Optional.HelperBar, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5VXS6ZL8.DEFAULT-1367272190906\PREFS.JS, Ersetzt, 4661, 301576, 1.0.37341, , ame, , 69D9C982ABBE933211D161B35919119F, C65C89FB2BF6C96A1179B099B6EA6FA189106FD4C4141EA70C0F2ECC8328C967
PUP.Optional.Babylon, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPCS8WM8.DEFAULT\PREFS.JS, Ersetzt, 52, 301501, 1.0.37341, , ame, , 051E2E8139BC335AF6E38BEC614CC646, 1AF9DF78A56137BEA9DB70A11E1CF903086B9DFB74F86943E9332ADF9FDA46F2
PUP.Optional.Babylon, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPCS8WM8.DEFAULT\PREFS.JS, Ersetzt, 52, 301501, 1.0.37341, , ame, , 051E2E8139BC335AF6E38BEC614CC646, 1AF9DF78A56137BEA9DB70A11E1CF903086B9DFB74F86943E9332ADF9FDA46F2
PUP.Optional.HelperBar, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPCS8WM8.DEFAULT\PREFS.JS, Ersetzt, 4661, 301575, 1.0.37341, , ame, , 051E2E8139BC335AF6E38BEC614CC646, 1AF9DF78A56137BEA9DB70A11E1CF903086B9DFB74F86943E9332ADF9FDA46F2
PUP.Optional.HelperBar, C:\USERS\ODFRIED\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPCS8WM8.DEFAULT\PREFS.JS, Ersetzt, 4661, 301576, 1.0.37341, , ame, , 051E2E8139BC335AF6E38BEC614CC646, 1AF9DF78A56137BEA9DB70A11E1CF903086B9DFB74F86943E9332ADF9FDA46F2
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\CORE TEMP - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 562568, 1.0.37341, 151DA1CAA9592B50FA7DBC16, dds, 01126287, 75F687652BE916CB10D748D43389309A, 34381473714F8882692DB5F839E826AA9544020E9F78E78827E4689A369D1A31
PUP.Optional.InstallCore, C:\USERS\ODFRIED\DOWNLOADS\MIRANDA-IM-V0.10.32-UNICODE.EXE, In Quarantäne, 112, 301105, 1.0.37341, 3951C6B6CAE2CAE9D0615733, dds, 01126287, 27912C7321D56837ED255DF88321978F, FEF7A3AD53B7824DFE88D7728CEF34DF0062C3DA590C2A29D15BEC25687E189C
PUP.Optional.TweakBit, C:\USERS\ODFRIED\DOWNLOADS\DRIVER-UPDATER-SETUP.EXE, In Quarantäne, 5379, 803569, 1.0.37341, , ame, , 7AC81C1E57E614426C896AC1E3391A0F, 68C5E770BE23B0047071E446D2C2F5B862645BAB217928756F5014E6B55C0C35
PUP.Optional.Reimage, C:\USERS\ODFRIED\DOWNLOADS\REIMAGEREPAIR.EXE, In Quarantäne, 7965, 331559, 1.0.37341, , ame, , 2CB8703D2ABE5F4F5A5480D450E29204, D817015E2F1A6BE55B297A34FB8ECD44630B2FBFB4EA7EE941D23908A88106E5
PUP.Optional.InstallCore, C:\USERS\ODFRIED\DOWNLOADS\MIRANDA-IM-V0.EXE, In Quarantäne, 112, 301065, 1.0.37341, , ame, , B3952DAC4359C8C16D3BE081F6D1A0C3, 97C01869ECD2F20E060CA9AD453AE316E89ED01B0E85C27E874E2B968DB27CB1
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\MACRIUM REFLECT FREE - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 562568, 1.0.37341, 26BDBE6ADEFC8A3260C80E1C, dds, 01126287, 539B2E5E2BC5DA16A59A80DBAFEE8E86, 58EA990D8620EE20A1BB623DA39500CC7C925F1F2BBCDC51CBDCC7720186BF78
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\A702_1.2 - CHIP-INSTALLER (1).EXE, In Quarantäne, 9554, 562568, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, B60335106D4A48851C62C2E4CF3082F8, 26D3F6763DF7C02F723819A88621229FBB4D8315958AACB27BA05D4DAA77958C
PUP.Optional.ChipDe, C:\USERS\ODFRIED\APPDATA\LOCAL\DOWNLOADED INSTALLATIONS\{DAD82379-C684-4D04-83D5-2B9934A9C362}\CHIP INSTALLER.MSI, In Quarantäne, 9554, 594115, 1.0.37341, , ame, , B611022B10D24A0DEFC90AAFA7DDA4DA, 04D0380AE3F5F63DC514B46A65FE26114E69B2610F644F8BD9114D8460CBFEB8
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\A702_1.2 - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 562568, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, 73245D51D0463C2754AF1F186D1B69C2, 185AE354E1C71BA043460426D576D317BE4DB09D81F2B3070E1D064287FEED10
Adware.Downloader, C:\USERS\ODFRIED\DOWNLOADS\WACUP_PREVIEW_V1_0_11_5456_CB-DL-MANAGER.EXE, In Quarantäne, 2800, 494758, 1.0.37341, 2749740277275D74BAFC8B59, dds, 01126287, A311D69937636FF3E3A155398F2804DE, 72EAC78E434A0A85CD71C3B1B62906BC700108718E004679D61BE4824D82DD5A
PUP.Optional.InstallCore, C:\USERS\ODFRIED\DOWNLOADS\MIRANDA-IM-V0.10.25-UNICODE.EXE, In Quarantäne, 112, 301105, 1.0.37341, 5443D6156A67AA62F2443101, dds, 01126287, 91AEF510C9D8D2A66A05B758FD29B099, 964A36635C2CFE74ABC297B4546207A267E6CFB1D288777C5CD616254B24B0F6
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\SONY PC COMPANION - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 562568, 1.0.37341, 26BDBE6ADEFC8A3260C80E1C, dds, 01126287, A3304EFCBC54BCEB17D8744AA47E013A, 60289D6DB38A7C44AF69EEE642325D0BBBD6023E4B57F4455D2A13024534A75E
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\TAB MIX PLUS - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 562568, 1.0.37341, 151DA1CAA9592B50FA7DBC16, dds, 01126287, BF1C54A609A29513A5A1C163B3CEFF0F, A0A1E4D963D737B21E408218DE707554F4688B356FE76DA122AE6024B3F82C03
PUP.Optional.InstallCore, C:\USERS\ODFRIED\DOWNLOADS\MIRANDA-IM-V0.10.31-UNICODE.EXE, In Quarantäne, 112, 301105, 1.0.37341, 3951C6B6CAE2CAE9D0615733, dds, 01126287, 1B1A16DEB255F6A42E770AA7E136B6AC, 6EA38703269F98CB83A86233A078152C7ECF146BF1B06434951916B8C463AFCD
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\7 ZIP 64 BIT - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 621518, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, E87246562DB743000EFA82A480EE626D, A9CF4CE3BC227F6E9F012CE21611B977AFE7B84B3C5423D886BF5DB6A52FBC35
PUP.Optional.InstallCore, C:\USERS\ODFRIED\DOWNLOADS\MIRANDA-IM-V0.10.44-UNICODE.EXE, In Quarantäne, 112, 301065, 1.0.37341, , ame, , B52E5E98F40F2D7014B8F415B39988D4, 963512552DA27D2ACCB3C590574115FA33D3B5B40E996CE035ED33201FA4DAE2
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\WINDOWS REPAIR TOOLBOX - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 562568, 1.0.37341, 151DA1CAA9592B50FA7DBC16, dds, 01126287, 90968770D98F86E5826389C3C116F3C6, 477CC37846784CFEF3701BF52CC08F4F015B3F239B3E13EC1E0FEB8BE25A9ED3
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\MEDIATHEKVIEW - CHIP-INSTALLER (1).EXE, In Quarantäne, 9554, 562568, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, 29B85EBD8E0536B54ADB19A289AC3E3D, 975F602BA241C7B6CE8B38BE6D845867BE1D9E57118ACEC9F65ACBC6C5674D26
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\A702_1.2 - CHIP-INSTALLER (2).EXE, In Quarantäne, 9554, 562568, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, 28FF38BCC9CA2757846BBE2831F48AB4, 1D6CBCCE4709ED081DB06F44FA1F84F119EACA6A6D13546EBE45F512AF4D5842
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\JAVA RUNTIME ENVIRONMENT 32 BIT - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 621518, 1.0.37341, 4A9E4C7E6FE2D3289E734298, dds, 01126287, 0FFE8C8D2745DBD6AB5B7AED33D06D72, BA99937E10F40252E4A86B0AFCA71C1C7661B0350FABEE57E105614D843C5D5A
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\MEDIATHEKVIEW - CHIP-INSTALLER (3).EXE, In Quarantäne, 9554, 562568, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, 805DB5444564923F4F3748D061824AFD, A898D5D24D34DE10654A649CDD227CF429CD7179A53A68DEABE349DF86001C19
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\WINDOWS 10 UPDATE ASSISTENT - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 562568, 1.0.37341, 26BDBE6ADEFC8A3260C80E1C, dds, 01126287, 242DEB2E4DD82613E6B3991873317D7D, E156683C6A8C4660B51FE54BF1C2AFB2C9053502ABFD1C3D00CD1F3FCA0F763C
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\MEDIATHEKVIEW - CHIP-INSTALLER (4).EXE, In Quarantäne, 9554, 562568, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, 8328EA92E5E4457F693476B436CDD7A5, D5619B9F6C06AB8C33CDBA7E4AD3307475A6D4A9C74019445CFC2F9D32ECFEC7
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\XNVIEW KOMPLETT - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 621518, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, 501D4D140A97D6D6E9F5BA1481DDDB0D, 0800B7A9A6AA0BB11DE0D34F5621B921BBD7B0D73B9D992906A00D6123E43863
PUP.Optional.Softonic, C:\USERS\ODFRIED\DOWNLOADS\SOFTONICDOWNLOADER32736.EXE, In Quarantäne, 7784, 598989, 1.0.37341, 60F97D341DAA794AF143C504, dds, 01126287, B84BE460943566BAB30F835409809006, 8D23597BC88A5C927F81FAB39365B814002980C70BD30F8FE2A69DFD1E48016C
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\MEDIATHEKVIEW - CHIP-INSTALLER (2).EXE, In Quarantäne, 9554, 562568, 1.0.37341, C2BF7BCB91C3F9EDC4D26450, dds, 01126287, 5556AC47AEE8FCC5D5FEE76B599836DF, 853CDF93537E44FEAA6D33385685789B6DFC3BE130C2FF7134C9036418197518
PUP.Optional.ChipDe, C:\USERS\ODFRIED\DOWNLOADS\MEDIATHEKVIEW - CHIP-INSTALLER.EXE, In Quarantäne, 9554, 562568, 1.0.37341, 151DA1CAA9592B50FA7DBC16, dds, 01126287, 9F5D1AB17ED7B4DB1B3D029A90050722, 450B41976956681D7761C5399F1593819A062DD1BB76A5581A15BBE9E8FB39FA
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end) Logdatei von AdwCleaner: Code:
# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build: 02-15-2021
# Database: 2021-01-26.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 02-21-2021
# Duration: 00:00:01
# OS: Windows 10 Pro
# Cleaned: 44
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Program Files (x86)\FoxTab
Deleted C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
Deleted C:\ProgramData\IHProtectUpDate
Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion
Deleted C:\Users\Odfried\AppData\LocalLow\HPAppData
Deleted C:\Users\Odfried\AppData\Local\Downloaded Installations\{DAD82379-C684-4D04-83D5-2B9934A9C362}
Deleted C:\Users\Odfried\AppData\Local\YSearchUtil
Deleted C:\Users\Odfried\Documents\Mobogenie
***** [ Files ] *****
Deleted C:\Users\Odfried\daemonprocess.txt
Deleted C:\Windows\Reimage.ini
Deleted C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
Deleted C:\Windows\SysWOW64\lavasofttcpservice.dll
Deleted C:\Windows\System32\LavasoftTcpService64.dll
Deleted C:\Windows\System32\LavasoftTcpServiceOff.ini
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKCU\Software\IGearSettings
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchUrl|Default
Deleted HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\SOFTWARE\Classes\Record\{181480C8-90AC-3430-B39A-CD121E034A1A}
Deleted HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
Deleted HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
Deleted HKLM\SOFTWARE\Classes\Record\{8F54FA54-1DF8-3B20-890C-CDD95364BC95}
Deleted HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
Deleted HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
Deleted HKLM\Software\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Deleted HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Deleted HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Deleted HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Opera Browser Assistant
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Deleted HKLM\Software\Reimage
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted HKLM\Software\Wow6432Node\\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Deleted HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Deleted HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [6440 octets] - [21/02/2021 15:20:22]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## FRST.txt Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-02-2021 01
durchgeführt von Odfried (Administrator) auf GARFIELD (ASUS All Series) (21-02-2021 15:24:28)
Gestartet von F:\Documents\!Dokumente\I-Netz, Computergelöt etc\Trojaner
Geladene Profile: Odfried
Platform: Windows 10 Pro Version 1909 18363.1379 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <13>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [snpstd3] => C:\WINDOWS\vsnpstd3.exe [835584 2007-05-10] (SONIX TECHNOLOGY CO. , LTD -> )
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-02] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [tsnpstd3] => C:\Windows\tsnpstd3.exe [270336 2007-04-21] () [Datei ist nicht signiert]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [PC Suite for Smartphones] => C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe [548864 2007-12-25] () [Datei ist nicht signiert]
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl) [Datei ist nicht signiert]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [P17RunE] => C:\Windows\SysWOW64\P17RunE.dll [14848 2008-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [OpenVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [643200 2017-09-26] (OpenVPN Technologies, Inc. -> )
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [Dropbox Update] => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [Opera Browser Assistant] => C:\Users\Odfried\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\Odfried\AppData\Local\WebEx\ciscowebexstart.exe [2499272 2021-02-05] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\MountPoints2: {05c6e8b7-6ae7-11e7-8ff3-f07959620f10} - "H:\ting.exe"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\MountPoints2: {3d6c9de4-5921-11e3-88e0-00219b0a9324} - "D:\ting.exe"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [38400 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MG6100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAG.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [100352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6100 series: C:\Windows\system32\CNMLMAG.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\Windows\system32\hpz3llhn.dll [36352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\Windows\system32\hpz3lw71.dll [46080 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\Installer\chrmstp.exe [2021-02-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2015-08-10]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe (Buhl Data Service GmbH -> )
Startup: C:\Users\Odfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2021-02-19]
ShortcutTarget: Dropbox.lnk -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02F16EF5-DA89-4C74-9F91-B445DA3E783A} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {05FCEBC4-A202-409F-9F5C-66793028EB4F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0636C657-0D20-460F-B3C0-1CE741FD5192} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142152 2021-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {0FA8CCB1-19BA-49E6-9775-501FA81B9ECE} - System32\Tasks\Opera scheduled Autoupdate 1554660614 => C:\Users\Odfried\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software)
Task: {11AF8D37-58C4-4EA5-8443-7FE8BC43950E} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe
Task: {12D27C9A-BE70-4026-A661-DE7D774D1FDA} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {163C6066-DD30-42A0-B22D-714CDDEDEC57} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {16DF50F4-806C-4034-BF5B-C8D083C373A4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {18789C37-5759-4B90-8E98-84C109E73459} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {22DD9189-E11D-4663-B309-C3245CCD7825} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {237AC49C-DA6C-4E70-ACC5-7B68320C8B28} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {243A36D8-C397-4D18-A651-33C5D4D58FA0} - System32\Tasks\Opera scheduled assistant Autoupdate 1556059648 => C:\Users\Odfried\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Odfried\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {24635473-8EB8-411A-9325-9E7FE2779A9C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {27AA67FB-FE5D-4637-9E55-257F55BA18E0} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {2F6D73C1-E4F7-4341-A6AE-7F85E3CEAA8E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {2FC0FC55-5838-40C8-9AC8-BF840F9C3F93} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142152 2021-02-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {324F6ACA-7C64-444A-BB9B-993E1D74E659} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {36D1B2E5-EA06-40E8-A631-D8EE48A1CF7A} - System32\Tasks\{E40A1890-E2CC-4608-9D46-3AC5F98A605B} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {3D56BF8A-244B-4C77-93C9-B7B17DDF893F} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {45EB8795-8535-422F-82AB-C36BCBFDFE1D} - \Microsoft\Windows\Setup\EOSNotify -> Keine Datei <==== ACHTUNG
Task: {465EB530-CC48-4D84-8129-4B220AEE6711} - System32\Tasks\{A60F6C2A-9D6F-46CF-97DC-5C4FE0E4B1A2} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {46E22D31-6554-488D-852F-CB1A361C50D8} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {47595455-0496-41A1-9B92-84F6EC0F9F2B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4B3C1AC7-62C5-46D0-8C1D-1EA96F241576} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {4DAEA773-B9BE-428A-BE0F-05EA40B43037} - System32\Tasks\{1E1E9B51-1923-4F42-A29D-1A4772FE7542} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {511BDB6F-D447-4C31-B23A-372D09CC879A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5189F503-B5C4-4310-9357-E43F857F6A34} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {565B10CF-9FF9-43BD-8A7A-EC8E09511D72} - System32\Tasks\{EBF172FD-0BAA-42AF-88F2-9166E166AEB1} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {57944CC0-3838-4611-AFD9-2E40A2EEEBA9} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5D22340B-4E4A-49E8-BB83-77823B58C717} - System32\Tasks\{76BEFD47-23C8-47B7-A1D9-0FD4EFE7201F} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {633B1526-1E3E-4431-9616-706DE6876574} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {657EC7F2-E145-402E-8DB4-8A64795B840B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-18] (Google Inc -> Google Inc.)
Task: {770D324A-DA2F-4F90-A3CB-9251B223B511} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {78D52AA8-0E3A-4B19-A6C2-CDC8C73AB176} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {83B1D6D6-CE7B-4C8D-B420-C3DA25B9B446} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001UA1d5d6e686e592d1 => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {85D6AEEC-BD54-40B7-86EF-5F8E0C3830D5} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {88584F67-F850-4681-96FF-4B3DF5E1D43E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8AA5ADBC-1412-423F-91E3-3077D3DC2E34} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1134752 2014-03-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [Datei ist nicht signiert]
Task: {918D1FBD-F26A-42F8-866F-21154646E19C} - System32\Tasks\{F4AC3217-7AA7-4DF2-866F-F6AA758A2B1B} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.59.124/de/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {97B4B1AA-14F5-4F6F-AE2C-221D976C6FEC} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [677344 2021-02-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {98997B55-CBCC-4230-ABF1-70A0B7F84F55} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A3FE64E2-40E8-4A99-B576-DC5C0632588E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A7F7D24E-64CB-485F-A927-936D664F4CBA} - System32\Tasks\{6AB72824-5BE2-4ED1-9D81-4BC62E506490} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {A9D85489-5A0A-4A6D-8B96-4A55E1635F82} - System32\Tasks\{662BE1F1-2EB0-49D4-B3DC-E8B861B34561} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {AEDBFB8E-8D04-4C15-9218-BBF3A4D61D7F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B1E811CC-575A-4452-9C20-F8BB40FF56EC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B2B53B78-00E4-468D-B90A-6D184568B2B0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B2BC6668-1903-48DC-A818-E6D2D1CDC918} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B3B7B085-3ABB-4131-9CA8-DDF7B9602E79} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B52E1054-CBAA-4186-8030-7241D19D8246} - \Microsoft\Windows\Setup\EOSNotify2 -> Keine Datei <==== ACHTUNG
Task: {B60D549B-FD6B-454A-BEFE-6929A10CBD90} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BA566C26-280D-4AE6-BA13-4DDB8CB0EEFB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD701784-6CBB-4B62-9C91-140066EEB9F7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BFDDF7E0-7363-4D50-8806-4E633D8E5BA3} - System32\Tasks\{B1B76516-D9B3-468D-A754-2E1B55C3989E} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {CA09EA7E-DCA4-4766-8C24-A33A9304AC3F} - System32\Tasks\{755E9608-94CD-4E91-B7DE-29DCEC3FA01D} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {D04CFDF6-EFA9-4A44-992E-E1BB36E508E1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D48B5812-B46E-4069-B2B7-2EBF5B632B26} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {DA7FD33A-A65A-4D7F-B775-F66E56B8BABD} - System32\Tasks\{9AE08988-8A99-4777-80FD-FB009CD6424A} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {DAA9A05C-5C19-402D-962B-A93139CCD392} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001Core1d5d6e686de6c49 => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {DB8AA674-A0AD-451E-94C0-A18A841A397B} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {DCEB16B9-FC07-4BFE-B66F-158EA7708F1C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E4899B01-B0F4-4695-BCEA-F9B8C655C5BE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {E5D8AD48-FFE4-4970-B39A-02CF85D1281B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E89DC814-B895-4D44-9915-14567BF9DC21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-18] (Google Inc -> Google Inc.)
Task: {EB1F8FC0-D572-40DD-BF85-47EA8D1B9C40} - System32\Tasks\{A1ECF503-D185-4A59-BC6C-B2C1AD3F6C18} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {ECD8C33D-8C4C-4A76-AB31-809F1AFC5995} - System32\Tasks\{8D406AE9-20B6-410C-826C-6FFA1E851313} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {ED19018D-65D5-49A5-86DD-F27C47FF5B97} - System32\Tasks\{202118AC-06CA-4AA7-8A0C-2DEF6AB0437E} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {ED933949-B405-495A-A6F0-4DF50AC59406} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE7762D2-A6F1-4B6E-BF19-71419769D68C} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
Task: {F00B6CD5-62A6-4012-A3A5-E1264B85C382} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F1A53E80-3616-4324-BFDE-199889475F5E} - System32\Tasks\{94182C64-7217-48F2-9968-DCC433EC4249} => C:\Windows\system32\pcalua.exe -a "D:\Documents\!Gym\!01 zu sortieren\!NEU - CD Kopien vom IGV\Klett\Mediothek\Menschenkunde III\SETUP.EXE" -d "D:\Documents\!Gym\!01 zu sortieren\!NEU - CD Kopien vom IGV\Klett\Mediothek\Menschenkunde III"
Task: {F7BB771D-81D7-4997-8FAD-B6643946B176} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001Core1d5d6e686de6c49.job => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001UA1d5d6e686e592d1.job => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6680B1A0-F27B-4FB0-B8A7-2007C656A238}: [DhcpNameServer] 10.16.1.1 10.16.1.1
Tcpip\..\Interfaces\{94625661-2794-475A-BC2F-F61267FD981A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{992E0AA0-DDED-47C6-A988-6D4E10461D3A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A3B9A9AD-A5F1-4192-88EA-91FE1B634007}: [DhcpNameServer] 192.168.2.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Odfried\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-21]
Edge Notifications: Default -> hxxps://teams.microsoft.com
Edge Extension: (Cisco Webex Extension) - C:\Users\Odfried\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cmihkeafcknlomclapaddfljaeegfbdl [2020-12-21]
Edge Extension: (Tab Group) - C:\Users\Odfried\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gjgjkhbmehogehkdnoooeihkipifimme [2020-08-29]
Edge HKLM-x32\...\Edge\Extension: [cmihkeafcknlomclapaddfljaeegfbdl]
FireFox:
========
FF DefaultProfile: j4ybr3md.default-1367272240666-1613676244687
FF ProfilePath: C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\j4ybr3md.default-1367272240666-1613676244687 [2021-02-21]
FF Extension: (Cisco Webex Extension) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\j4ybr3md.default-1367272240666-1613676244687\Extensions\ciscowebexstart1@cisco.com.xpi [2021-02-18]
FF ProfilePath: C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906 [2021-02-14]
FF user.js: detected! => C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\user.js [2013-11-20]
FF Homepage: Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906 -> hxxps://www.google.com/calendar/render?tab=wc
FF Session Restore: Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906 -> ist aktiviert.
FF Extension: (Search and New Tab by Yahoo) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2017-05-16] []
FF Extension: (Download Statusbar) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2013-05-07] [] [ist nicht signiert]
FF Extension: (Tab Mix Plus) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-04-20] [] [ist nicht signiert]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) [Datei ist nicht signiert]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-02-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-02-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @webex.com/npatgpc -> C:\Program Files (x86)\Webex\npatgpc.dll [2020-12-11] (Cisco WebEx LLC -> Cisco WebEx LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-15] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default [2021-02-19]
CHR Session Restore: Default -> ist aktiviert.
CHR Extension: (Google Drive) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (YouTube) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Google Mail) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-27]
CHR Extension: (Chrome Media Router) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-05]
CHR HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [jlhmfgmfgeifomenelglieieghnjghma]
Opera:
=======
OPR Profile: C:\Users\Odfried\AppData\Roaming\Opera Software\Opera Stable [2021-02-14]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.de/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] (ASUSTeK Computer Inc. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-13] (Microsoft Corporation -> Microsoft Corporation)
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-09-14] (Creative Labs) [Datei ist nicht signiert]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [Datei ist nicht signiert]
S4 hasplms; C:\Windows\system32\hasplms.exe [3500552 2018-07-18] (SafeNet Canada, Inc. -> SafeNet, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2021-02-21] (Malwarebytes Inc -> Malwarebytes)
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] () [Datei ist nicht signiert]
S4 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73856 2017-09-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S4 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73856 2017-09-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S4 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek) [Datei ist nicht signiert]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6264144 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Sony Mobile Communications AB -> Avanquest Software) [Datei ist nicht signiert]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WebexService; C:\Program Files (x86)\Webex\Webex\Applications\WebExService.exe [146240 2020-12-11] (Cisco WebEx LLC -> Cisco WebEx LLC)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] (ASUSTeK Computer Inc. -> )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [153312 2021-02-21] (Malwarebytes Corporation -> Malwarebytes)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [1971208 2018-07-18] (SafeNet Canada, Inc. -> SafeNet, Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220616 2021-02-21] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-02-21] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198248 2021-02-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77496 2021-02-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-02-21] (Malwarebytes Inc -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [142416 2021-02-21] (Malwarebytes Inc -> Malwarebytes)
R3 P17; C:\WINDOWS\system32\drivers\P17.sys [1309696 2009-10-16] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R3 seehcri; C:\WINDOWS\System32\drivers\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications AB -> Sony Ericsson Mobile Communications)
S3 SNPSTD3; C:\WINDOWS\system32\DRIVERS\snpstd3.sys [10693120 2007-10-16] (SONIX TECHNOLOGY CO. , LTD -> Sonix Co. Ltd.)
S3 SNPSTD3; C:\Windows\SysWOW64\DRIVERS\snpstd3.sys [10376576 2007-10-16] (SONIX TECHNOLOGY CO. , LTD -> Sonix Co. Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R1 Uim_DEVIM; C:\WINDOWS\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] (Paragon Software GmbH -> )
R1 Uim_IM; C:\WINDOWS\System32\DRIVERS\uim_im.sys [700296 2014-05-19] (Paragon Software GmbH -> )
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50176 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49552 2021-02-12] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [419040 2021-02-12] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-12] (Microsoft Windows -> Microsoft Corporation)
R3 zebrceb; C:\WINDOWS\System32\drivers\zebrceb.sys [81280 2008-01-15] (MCCI Corporation -> MCCI)
S3 ALSysIO; \??\C:\Users\Odfried\AppData\Local\Temp\ALSysIO64.sys [X] <==== ACHTUNG
U3 idsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-21 15:21 - 2021-02-21 15:21 - 000005106 _____ C:\Users\Odfried\Desktop\AdwCleaner[C00].txt
2021-02-21 15:19 - 2021-02-21 15:20 - 000000000 ____D C:\AdwCleaner
2021-02-21 15:19 - 2021-02-21 15:19 - 008463216 _____ (Malwarebytes) C:\Users\Odfried\Downloads\adwcleaner_8.1.exe
2021-02-21 15:18 - 2021-02-21 15:18 - 000022324 _____ C:\Users\Odfried\Desktop\MBAM.txt
2021-02-21 15:12 - 2021-02-21 15:12 - 000198248 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2021-02-21 15:12 - 2021-02-21 15:12 - 000142416 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2021-02-21 15:12 - 2021-02-21 15:12 - 000077496 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2021-02-21 14:59 - 2021-02-21 14:59 - 000012924 _____ C:\Users\Odfried\Downloads\8a Niederschrift Klassenkonferenz Halbjahr.pdf
2021-02-21 14:58 - 2021-02-21 14:58 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-02-21 14:58 - 2021-02-21 14:58 - 000220616 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-02-21 14:58 - 2021-02-21 14:58 - 000153312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-02-21 14:58 - 2021-02-21 14:58 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-02-21 14:58 - 2021-02-21 14:58 - 000006590 _____ C:\Users\Odfried\Downloads\Zeugnisbemerkungen_9c.pdf
2021-02-21 14:58 - 2021-02-21 14:58 - 000002042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-02-21 14:58 - 2021-02-21 14:58 - 000002030 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2021-02-21 14:58 - 2021-02-21 14:58 - 000000000 ____D C:\Program Files\Malwarebytes
2021-02-21 14:57 - 2021-02-21 14:57 - 002084016 _____ (Malwarebytes) C:\Users\Odfried\Downloads\MBSetup.exe
2021-02-21 14:57 - 2021-02-21 14:57 - 002084016 _____ (Malwarebytes) C:\Users\Odfried\Downloads\MBSetup (1).exe
2021-02-19 10:05 - 2021-02-19 10:05 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-02-18 21:19 - 2021-02-21 15:24 - 000000000 ____D C:\FRST
2021-02-18 20:35 - 2021-02-18 20:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-02-18 20:34 - 2021-02-18 20:34 - 000333112 _____ (Mozilla) C:\Users\Odfried\Downloads\Firefox Installer.exe
2021-02-18 20:24 - 2021-02-18 20:24 - 000000000 ____D C:\Users\Odfried\Desktop\Alte Firefox-Daten
2021-02-18 19:13 - 2021-02-18 19:13 - 000002271 _____ C:\Users\Odfried\Desktop\nacl_synthese_anim - Verknüpfung.lnk
2021-02-18 19:13 - 2021-02-18 19:13 - 000002143 _____ C:\Users\Odfried\Desktop\VIDEO - NaCl Synthese - Verknüpfung.lnk
2021-02-18 19:12 - 2021-02-18 19:12 - 000000000 ____D C:\Users\Odfried\Desktop\Mo 22.02
2021-02-18 15:24 - 2021-02-18 15:24 - 000059910 _____ C:\Users\Odfried\Downloads\klassenliste.pdf
2021-02-17 15:33 - 2021-02-17 15:33 - 000129490 _____ C:\Users\Odfried\Downloads\Ausschreibung_Mitarbeiter_im_Direktorat_-_Gymnasien_Alle_staatlichen_Gymnasien_und_staatlichen_Fach-_und_Berufsoberschulen_(per_OWA).pdf
2021-02-17 15:32 - 2021-02-17 15:32 - 000133157 _____ C:\Users\Odfried\Downloads\Ausschreibung_Ständige_Stellvertretung_im_Bereich_der_Gymnasien_Alle_staatlichen_Gymnasien_und_staatlichen_Fach-_und_Berufsoberschulen_(per_OWA).pdf
2021-02-14 17:42 - 2021-02-14 17:42 - 001369279 _____ C:\Users\Odfried\Downloads\stromleitung.zip
2021-02-14 17:42 - 2021-02-14 17:42 - 000000000 ____D C:\Users\Odfried\Downloads\stromleitung
2021-02-14 17:31 - 2021-02-14 17:42 - 000000000 ____D C:\Users\Odfried\Downloads\redox
2021-02-14 17:31 - 2021-02-14 17:31 - 001275659 _____ C:\Users\Odfried\Downloads\redox.zip
2021-02-14 17:28 - 2021-02-14 17:30 - 000000000 ____D C:\Users\Odfried\Downloads\oberflaeche
2021-02-14 17:28 - 2021-02-14 17:28 - 002671735 _____ C:\Users\Odfried\Downloads\oberflaeche.zip
2021-02-14 16:11 - 2021-02-14 16:11 - 000294912 _____ C:\Users\Odfried\Downloads\WVZ 2021.xls
2021-02-14 12:17 - 2021-02-14 12:17 - 030584912 _____ (Piriform Software Ltd) C:\Users\Odfried\Downloads\ccsetup576.exe
2021-02-14 11:02 - 2021-02-21 14:47 - 140247040 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-02-12 10:05 - 2021-02-12 10:05 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-12 10:05 - 2021-02-12 10:05 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-12 10:05 - 2021-02-12 10:05 - 000232752 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-02-12 08:17 - 2021-02-12 08:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-02-10 21:34 - 2021-02-14 11:02 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-02-10 09:18 - 2021-02-10 09:18 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\Odfried\AppData\Roaming\Odfried.exe
2021-02-10 09:15 - 2021-02-10 09:15 - 000001885 _____ C:\Users\Odfried\Downloads\hp_scan_software_download_kostenlos.zip
2021-01-31 19:04 - 2021-01-31 19:04 - 000114117 _____ C:\Users\Odfried\Downloads\Pinguin_Vorlage.pdf
2021-01-31 19:01 - 2021-01-31 19:01 - 000455871 _____ C:\Users\Odfried\Downloads\ios_U8aM06FJfh8H3K3O.pdf
2021-01-31 19:01 - 2021-01-31 19:01 - 000189665 _____ C:\Users\Odfried\Downloads\fetch (3).pdf
2021-01-31 19:00 - 2021-01-31 19:00 - 000136722 _____ C:\Users\Odfried\Downloads\kindergedichte_morgenstern_diedreispatzen.pdf
2021-01-31 18:58 - 2021-01-31 18:58 - 000212367 _____ C:\Users\Odfried\Downloads\fetch (2).pdf
2021-01-31 18:58 - 2021-01-31 18:58 - 000059212 _____ C:\Users\Odfried\Downloads\ios_ZCH7mlpZ2PQdRYgB.pdf
2021-01-31 18:55 - 2021-01-31 18:55 - 000258529 _____ C:\Users\Odfried\Downloads\fetch (1).pdf
2021-01-31 18:54 - 2021-01-31 18:54 - 000273197 _____ C:\Users\Odfried\Downloads\Unbestimmter_Artikel.pdf
2021-01-31 18:52 - 2021-01-31 18:52 - 000097018 _____ C:\Users\Odfried\Downloads\fetch.pdf
2021-01-31 18:51 - 2021-01-31 18:51 - 000396875 _____ C:\Users\Odfried\Downloads\BESTIMMTER_ARTIKEL.pdf
2021-01-31 18:48 - 2021-01-31 18:48 - 003193217 _____ C:\Users\Odfried\Downloads\Fitnessplan1.pdf
2021-01-31 14:55 - 2021-01-31 14:55 - 000001114 _____ C:\Users\Odfried\Desktop\Paint.lnk
2021-01-31 14:52 - 2021-01-31 14:53 - 000000000 ____D C:\Users\Odfried\AppData\Local\paint.net
2021-01-31 14:52 - 2021-01-31 14:52 - 012712515 _____ C:\Users\Odfried\Downloads\paint.net.4.2.15.install.zip
2021-01-31 14:52 - 2021-01-31 14:52 - 000001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2021-01-31 14:52 - 2021-01-31 14:52 - 000001157 _____ C:\ProgramData\Desktop\paint.net.lnk
2021-01-31 14:52 - 2021-01-31 14:52 - 000000000 ____D C:\Program Files\paint.net
2021-01-27 19:52 - 2021-01-27 19:52 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Odfried\Downloads\Zoom_cm_fo42anktZ9vvrZo4_msdjsfll6lM3t7XjJbsV8mPRVMf9T7JxZJZ3J@lF8vKQNYov0iPiAK_kb61b781a5a9e0565_.exe
2021-01-24 19:33 - 2021-01-24 19:34 - 000012534 _____ C:\Users\Odfried\Downloads\Padlet - 2c Padlet 2501.xlsx
2021-01-23 12:26 - 2021-01-23 12:26 - 000218106 _____ C:\Users\Odfried\Downloads\LW2.pdf
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-21 15:20 - 2019-12-30 15:08 - 000000000 ____D C:\Users\Odfried
2021-02-21 15:20 - 2015-07-24 22:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-02-21 15:20 - 2012-11-28 17:14 - 000000000 ____D C:\Users\Odfried\AppData\Local\Downloaded Installations
2021-02-21 15:18 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-21 15:16 - 2019-12-30 15:08 - 001932080 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-21 15:16 - 2019-03-19 13:16 - 000821584 _____ C:\WINDOWS\system32\perfh007.dat
2021-02-21 15:16 - 2019-03-19 13:16 - 000183320 _____ C:\WINDOWS\system32\perfc007.dat
2021-02-21 15:16 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-21 15:14 - 2013-04-29 21:57 - 000000000 ____D C:\Program Files\CCleaner
2021-02-21 15:12 - 2019-12-30 15:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-21 15:12 - 2019-12-30 15:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-21 15:01 - 2019-12-30 15:11 - 000000000 ____D C:\Users\Odfried\AppData\Local\Packages
2021-02-21 14:58 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-02-21 14:54 - 2011-09-13 11:06 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-21 14:52 - 2020-09-30 08:32 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-21 14:51 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-21 14:51 - 2016-11-19 13:52 - 000000000 ____D C:\Users\Odfried\AppData\LocalLow\Mozilla
2021-02-21 14:51 - 2012-04-25 12:30 - 000000000 ____D C:\ProgramData\Mozilla
2021-02-21 14:49 - 2019-07-24 19:49 - 000000958 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager.lnk
2021-02-21 14:49 - 2019-07-24 19:49 - 000000946 _____ C:\ProgramData\Desktop\tiptoi® Manager.lnk
2021-02-21 14:49 - 2019-07-24 19:49 - 000000000 ____D C:\Program Files\tiptoi® Manager
2021-02-19 12:35 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-19 10:05 - 2011-09-15 16:38 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\Dropbox
2021-02-19 09:26 - 2020-04-19 11:00 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-18 21:58 - 2020-05-18 09:46 - 000000000 ____D C:\Users\Odfried\AppData\Local\CrashDumps
2021-02-18 20:55 - 2013-04-29 22:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-18 20:48 - 2017-12-09 22:57 - 000002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-18 20:35 - 2020-04-16 07:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-02-18 20:35 - 2013-04-29 22:32 - 000001237 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-18 19:26 - 2011-10-10 21:25 - 000000000 ____D C:\ProgramData\HP
2021-02-18 18:11 - 2021-01-14 11:09 - 000002412 _____ C:\Users\Odfried\Desktop\Microsoft Teams.lnk
2021-02-18 17:27 - 2011-04-16 11:25 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\vlc
2021-02-18 15:06 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-02-17 23:24 - 2015-07-21 15:46 - 000002145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-14 16:02 - 2019-12-30 15:05 - 000575536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-14 12:27 - 2020-01-10 22:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-02-14 12:23 - 2012-07-28 13:48 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\Amazon
2021-02-14 12:23 - 2012-07-28 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2021-02-14 12:23 - 2012-07-28 13:47 - 000000000 ____D C:\Program Files (x86)\Amazon
2021-02-14 12:18 - 2020-01-19 20:20 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-02-14 12:18 - 2013-04-29 21:57 - 000000872 _____ C:\ProgramData\Desktop\CCleaner.lnk
2021-02-13 17:53 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-12 14:26 - 2019-12-30 15:11 - 000000000 ___RD C:\Users\Odfried\3D Objects
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-12 10:07 - 2019-03-19 13:19 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-02-12 10:07 - 2019-03-19 13:19 - 000019469 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-02-12 10:07 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-12 08:17 - 2021-01-14 10:40 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-02-12 02:59 - 2019-12-30 15:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-02-11 20:40 - 2021-01-14 11:09 - 000002420 _____ C:\Users\Odfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-02-11 13:03 - 2019-12-30 15:10 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-11 05:28 - 2020-04-19 11:00 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-11 05:28 - 2020-04-19 11:00 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-10 22:58 - 2011-03-22 07:27 - 000000000 ____D C:\Users\Odfried\AppData\Local\ElevatedDiagnostics
2021-02-10 21:53 - 2011-03-22 08:08 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-10 21:18 - 2020-12-21 11:35 - 000000000 ____D C:\Users\Odfried\AppData\Local\WebEx
2021-02-10 09:17 - 2020-12-21 11:35 - 000000000 ____D C:\Users\Odfried\AppData\LocalLow\WebEx
2021-02-09 21:03 - 2013-08-18 02:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-09 10:46 - 2020-09-30 09:14 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\BiBox 2.0
2021-02-08 09:05 - 2020-01-02 10:50 - 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2726028846-1901948702-833121358-1001
2021-02-08 09:05 - 2020-01-02 10:50 - 000000000 ___RD C:\Users\Odfried\OneDrive
2021-02-08 09:05 - 2019-12-30 15:08 - 000002431 _____ C:\Users\Odfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-06 09:54 - 2019-12-30 15:10 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-06 09:54 - 2019-12-30 15:10 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-05 20:30 - 2020-09-30 08:32 - 000916288 _____ (Microsoft Corporation) C:\WINDOWS\system32\sedplugins.dll
2021-02-05 20:30 - 2020-09-30 08:32 - 000437056 _____ (Microsoft Corporation) C:\WINDOWS\system32\QualityUpdateAssistant.dll
2021-02-04 08:52 - 2011-12-22 18:23 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\MediaMonkey
2021-02-04 07:52 - 2017-04-02 12:43 - 000000000 ____D C:\Users\Odfried\AppData\Local\Spotify
2021-02-04 07:00 - 2017-04-02 12:43 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\Spotify
2021-02-01 12:43 - 2012-12-04 20:20 - 000000646 _____ C:\Users\Odfried\Desktop\Total Commander 64 bit.lnk
2021-01-27 11:47 - 2017-07-26 11:40 - 000001424 _____ C:\Users\Odfried\Desktop\ting - Verknüpfung.lnk
2021-01-24 20:21 - 2020-01-29 21:56 - 000001250 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001UA1d5d6e686e592d1.job
2021-01-24 20:21 - 2020-01-29 21:56 - 000001198 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001Core1d5d6e686de6c49.job
2021-01-22 10:07 - 2011-03-22 07:36 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-22 08:59 - 2020-01-29 21:56 - 000004402 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001UA1d5d6e686e592d1
2021-01-22 08:59 - 2020-01-29 21:56 - 000004026 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001Core1d5d6e686de6c49
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2021-02-10 09:18 - 2021-02-10 09:18 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\Odfried\AppData\Roaming\Odfried.exe
2014-01-16 19:07 - 2014-02-24 00:12 - 000000184 _____ () C:\Users\Odfried\AppData\Roaming\WB.CFG
2014-01-16 19:07 - 2014-01-29 20:07 - 000000005 _____ () C:\Users\Odfried\AppData\Roaming\WBPU-TTL.DAT
2011-12-10 14:40 - 2018-07-16 20:07 - 000005632 _____ () C:\Users\Odfried\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-19 23:32 - 2011-11-19 23:32 - 000000600 _____ () C:\Users\Odfried\AppData\Local\PUTTY.RND
2013-05-01 18:26 - 2019-05-14 16:25 - 000007657 _____ () C:\Users\Odfried\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ======================== |