Windows 10: OpenOffice von openoffice.de heruntergeladen. Möglicherweise Malwarebefall.
Liebes Trojaner-Board,
Ich habe mir gestern OpenOffice unwissentlich von einer Fake-Seite (openoffice.de anstatt openoffice.org) heruntergeladen. In diesem Zusammenhang wird oft beschrieben, dass man sich Malware mit herunterlädt. Heute morgen gab es dementsprechend einen "Black-Screen", woraufhin ich den PC auf Werkeinstellungen zurückgesetzt habe (über Update und Sicherheit - Wiederherstellung - Diesen PC zurücksetzen - Alles entfernen - Cloud-Download). Ist die Frage, ob ich damit das Problem eventuell schon behoben haben könnte oder nicht. Anbei findet ihr die FRST-Logs vor dem Zurücksetzen des PCs und einmal nach dem Zurücksetzen des PCs.
FRST-Logs vor dem Zurücksetzen: Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-12-2021
durchgeführt von ***** (Administrator) auf DESKTOP-LITRSL7 (LENOVO 20Y7003SGE) (05-12-2021 10:11:26)
Gestartet von C:\Users\*****\Downloads
Geladene Profile: *****
Plattform: Microsoft Windows 10 Pro Version 20H2 19042.1348 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0371413.inf_amd64_2fa4a0eafb13c9ec\B371133\atieclxx.exe
(Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0371413.inf_amd64_2fa4a0eafb13c9ec\B371133\atiesrxx.exe
(Amazon.com Services LLC -> Amazon.com Services LLC) C:\Users\*****\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~1.INF\DAX3API.exe
(Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_bbc2d331dc619068\DAX3API.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ELANFPService.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ElanIapService.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_17beb7a2da3ab46e\driver\tphkload.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FNF202~1.INF\driver\shtctky.exe
(Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FNF202~1.INF\driver\tposd.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.Amd64.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\Lenovo.Vantage.AddinHost.x86.exe
(Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Lenovo -> Lenovo.) C:\Windows\System32\LITSSvc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.21102.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\ElevocControlService.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c51a65fb5ec70f9d\RtkAudUService64.exe <3>
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKU\S-1-5-21-3543955943-4071330901-1462076641-1001\...\Run: [Amazon Music Helper] => C:\Users\*****\AppData\Local\Amazon Music\Amazon Music Helper.exe [2356312 2021-11-18] (Amazon.com Services LLC -> Amazon.com Services LLC)
HKU\S-1-5-21-3543955943-4071330901-1462076641-1001\...\Run: [Amazon Music] => C:\Users\*****\AppData\Local\Amazon Music\Amazon Music.exe [21120600 2021-11-18] (Amazon.com Services LLC -> Amazon.com Services LLC) <==== ACHTUNG
HKU\S-1-5-21-3543955943-4071330901-1462076641-1001\...\Run: [OpenOffice Updater] => C:\Users\*****\AppData\Roaming\OpenOffice Updater\Updater.exe [367480 2021-07-28] (Arne Koenig -> ) <==== ACHTUNG
HKLM\...\Print\Monitors\HP Standard TCP/IP Port: C:\Windows\system32\HpTcpMon.dll [331264 2009-09-16] (Hewlett Packard) [Datei ist nicht signiert]
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {01899C59-8D41-47E1-BE79-5016629B0116} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\Windows\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [201584 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
Task: {01C1B4B9-684F-43D0-9211-ACA0851D1601} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [112824 2021-07-11] (Lenovo -> Lenovo)
Task: {0E8A0F25-E8A7-4A9D-9065-932A228F08E2} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\bbd97f6b-d5a9-44f0-b7ee-6c4412111dff => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {1B76F620-A096-4624-899F-B586908911AC} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\PowerMgrInst.exe [62136 2021-07-11] (Lenovo -> )
Task: {25671C94-4442-4092-AD2B-CA0047B7307B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {27414AE3-C3E8-4B46-869F-24FCB1934232} - System32\Tasks\RtkAudUService64_BG => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c51a65fb5ec70f9d\RtkAudUService64.exe [1249848 2021-03-03] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {277AFE0A-3C39-44C7-8A7D-858D9AC0870A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22654872 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {2D5C7652-0E0E-4129-8B7A-FFF81BADF784} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1673272 2021-11-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {3CF29464-7A0D-47D2-AAA6-2FF7B7EADDC5} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {3EC68452-34D1-40D4-BA98-88524FE0F7EB} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {422CA3C9-5AF6-4E8C-BE73-EA226A1225D3} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [29851288 2021-09-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {478867E5-7C22-470D-A71F-7045D2B79332} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\Windows\system32\ImController.InfInstaller.exe [63728 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {5F725F45-97EE-4B0B-B8C5-C8F532B58EB3} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" <==== ACHTUNG
Task: {6F625EC4-F988-4068-A502-21755C01B44A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\19a40486-10af-475b-9aba-9e804ae60a09 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {80AB006B-8AE9-4F94-992D-685EF8AA52C0} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\14eef97a-a230-4eb3-a77b-bb3a7ed296e4 => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
Task: {95B8FF25-ADDA-415D-B761-BCBEE4642CF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {963C7FB0-6043-42FB-8519-06C9902FCCEA} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {A3FCD1B4-8C77-4326-AAE2-7DAD0608C10F} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2648424 2021-11-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {A7C22FDC-E91E-495C-9991-99E088984DC1} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\ScheduleEventAction.exe [26656 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
Task: {A7E6FA25-3C09-4965-B206-A04B17A0DF84} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [443248 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
Task: {AF3B8E17-148F-4BD5-A35D-BD116418D79D} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.5.27.0\ScheduleEventAction.exe VantageTelemetryAddinTask (Keine Datei)
Task: {BC1DC8C7-5666-44D6-8E5E-025F2825B21E} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {CE432E9F-A546-44C9-89DA-F1BBE2F12F53} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [138600 2021-11-14] (Microsoft Corporation -> Microsoft Corporation)
Task: {D8A549B0-DB26-45EA-AD00-59F631A1F448} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {DBF2FDD0-07B7-4F4F-8F6B-FB394147EFBD} - System32\Tasks\Avira_Security_Update => C:\Windows\system32\net.exe [59904 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {DC7FC3FE-56BB-4AEF-862D-53DA76C40F87} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {DD2A7E8E-82A1-4D85-A621-FC1280B9A4F8} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {E9F4DFDD-DBC4-41F2-A235-1EA0321B2EA2} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [237216 2021-11-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {FEE4AC94-B3A3-4D69-81CA-4166E7C56D4A} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ad8d977f-1562-4960-9dfb-51121a4b02eb => C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{6cba4a52-add4-4506-bfb5-42f166e8e614}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e2e34a52-550f-4118-8c6e-4717e6e0274f}: [DhcpNameServer] 150.221.1.6
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\*****\AppData\Local\Microsoft\Edge\User Data\Default [2021-12-04]
Edge Extension: (Avira Password Manager) - C:\Users\*****\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle [2021-08-29]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
FireFox:
========
FF DefaultProfile: g0wv313d.default
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\g0wv313d.default [2021-08-27]
FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\szgnj00e.default-release [2021-12-05]
FF Notifications: Mozilla\Firefox\Profiles\szgnj00e.default-release -> hxxps://web.whatsapp.com
FF Extension: (Avira Browserschutz) - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\szgnj00e.default-release\Extensions\abs@avira.com.xpi [2021-10-25]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1206648 2021-06-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [538000 2021-06-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [485048 2021-06-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [485048 2021-06-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [574672 2021-07-06] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2989160 2021-08-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [384480 2021-08-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [275320 2021-11-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [273536 2021-11-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [159080 2021-04-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12034464 2021-11-04] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_bbc2d331dc619068\DAX3API.exe [2305120 2021-03-01] (Dolby Laboratories, Inc. -> Dolby Laboratories)
R2 ElanIapService; C:\Windows\System32\ElanIapService.exe [317048 2021-07-26] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.)
R2 ElevocService; C:\Windows\System32\ElevocControlService.exe [405944 2021-04-02] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 ImControllerService; C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [83200 2021-11-07] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.9.23.0\LenovoVantageService.exe [31248 2021-09-16] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\Windows\System32\LITSSvc.exe [997816 2021-09-01] (Lenovo -> Lenovo.)
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [904144 2021-09-02] (Lenovo -> Lenovo)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6103464 2021-11-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TPHKLOAD; C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_17beb7a2da3ab46e\driver\TPHKLOAD.exe [466920 2021-09-28] (Lenovo -> Lenovo Group Limited)
R2 UDCService; C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe [116592 2021-07-21] (Lenovo -> Lenovo Group Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 amdwddmg; C:\Windows\System32\DriverStore\FileRepository\u0371413.inf_amd64_2fa4a0eafb13c9ec\B371133\amdkmdag.sys [80463184 2021-09-08] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\Windows\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R0 avdevprot; C:\Windows\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\Windows\System32\drivers\avelam.sys [22848 2021-06-25] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [209088 2021-11-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [199312 2021-02-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38352 2021-09-02] (Lenovo -> Lenovo)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49336 2018-03-11] (Microsoft Corporation -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-12-05 10:11 - 2021-12-05 10:11 - 000023662 _____ C:\Users\*****\Downloads\FRST.txt
2021-12-05 10:11 - 2021-12-05 10:11 - 000000000 ____D C:\FRST
2021-12-05 10:10 - 2021-12-05 10:10 - 002311680 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe
2021-12-04 15:47 - 2021-12-04 15:47 - 000000000 ____D C:\Users\*****\AppData\Roaming\OpenOffice
2021-12-04 15:46 - 2021-12-04 15:46 - 000001132 _____ C:\Users\Public\Desktop\OpenOffice 4.1.11.lnk
2021-12-04 15:46 - 2021-12-04 15:46 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.11
2021-12-04 15:46 - 2021-12-04 15:46 - 000000000 ____D C:\Program Files (x86)\OpenOffice 4
2021-12-04 15:45 - 2021-12-04 15:45 - 000000000 ____D C:\Program Files (x86)\Open Office
2021-12-04 15:42 - 2021-12-05 08:38 - 000000000 ____D C:\Users\*****\AppData\Roaming\OpenOffice Updater
2021-12-04 15:40 - 2021-12-04 15:40 - 000249552 _____ C:\Users\*****\Downloads\OpenOffice_Setup.exe
2021-12-01 12:26 - 2021-12-01 12:26 - 000068006 _____ C:\Users\*****\Downloads\Auftragsbestätigung Überweisung - ***** und *****(2).pdf
2021-12-01 12:17 - 2021-12-01 12:17 - 000225220 _____ C:\Users\*****\Downloads\*****_2021_Preis- und Leistungsverzeichnis_vom_06.10.2021_20211201121718.pdf
2021-12-01 12:14 - 2021-12-01 12:14 - 000083256 _____ C:\Users\*****\Downloads\*****_2021_Nr.011_Kontoauszug_vom_01.12.2021_20211201121423.pdf
2021-12-01 09:32 - 2021-12-01 09:32 - 000003428 _____ C:\Windows\system32\Tasks\Avira_Security_Service_SCM_Watchdog
2021-11-29 12:36 - 2021-11-29 12:36 - 000349295 _____ C:\Users\*****\Downloads\HAZ-29.11.2021[12](1).pdf
2021-11-29 12:34 - 2021-11-29 12:34 - 000349295 _____ C:\Users\*****\Downloads\HAZ-29.11.2021[12].pdf
2021-11-28 11:38 - 2021-11-28 11:38 - 001001991 _____ C:\Users\*****\Downloads\Expose_*****(1).pdf
2021-11-27 20:01 - 2021-11-27 20:01 - 001507282 _____ C:\Users\*****\Downloads\Baubeschreibung.pdf
2021-11-27 19:58 - 2021-11-27 19:58 - 001001991 _____ C:\Users\*****\Downloads\Expose_*****.pdf
2021-11-25 11:33 - 2021-11-25 11:33 - 000576526 _____ C:\Users\*****\Downloads\XXXXXXXXXXXXXXXX_2021_Kreditkarten-Umsatzaufstellung_vom_20.11.2021_20211125113304.pdf
2021-11-25 11:26 - 2021-11-25 11:26 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-11-24 08:18 - 2021-12-05 08:56 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-11-19 10:52 - 2021-11-19 10:52 - 000000000 ____D C:\Users\*****\Apple
2021-11-19 10:50 - 2021-11-19 10:50 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2021-11-15 11:42 - 2021-11-15 11:42 - 000018621 _____ C:\Users\*****\Downloads\emailanfrage(1).pdf
2021-11-13 11:03 - 2021-11-13 11:03 - 001328408 _____ C:\Windows\system32\FaceTrackerInternal.dll
2021-11-13 11:03 - 2021-11-13 11:03 - 001321984 _____ C:\Windows\system32\FaceProcessor.dll
2021-11-13 11:03 - 2021-11-13 11:03 - 000503576 _____ C:\Windows\system32\FaceProcessorCore.dll
2021-11-13 11:02 - 2021-11-13 11:02 - 000272384 _____ C:\Windows\system32\TpmTool.exe
2021-11-13 11:02 - 2021-11-13 11:02 - 000223744 _____ C:\Windows\SysWOW64\TpmTool.exe
2021-11-13 11:02 - 2021-11-13 11:02 - 000060928 _____ C:\Windows\system32\runexehelper.exe
2021-11-13 11:02 - 2021-11-13 11:02 - 000011363 _____ C:\Windows\system32\DrtmAuthTxt.wim
2021-11-13 10:56 - 2021-11-13 10:56 - 000000000 ___HD C:\$WinREAgent
2021-11-11 12:34 - 2021-11-11 12:34 - 000066986 _____ C:\Users\*****\Downloads\Auftragsbestätigung Überweisung - ***** und *****(1).pdf
2021-11-06 14:18 - 2021-11-06 14:18 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-12-05 10:09 - 2021-08-27 18:30 - 000000000 ____D C:\Users\*****\AppData\LocalLow\Mozilla
2021-12-05 10:08 - 2021-08-27 18:03 - 000000000 ____D C:\Users\*****\AppData\Local\D3DSCache
2021-12-05 09:49 - 2020-05-06 19:33 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-12-05 09:22 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-05 09:04 - 2021-06-23 18:02 - 000707316 _____ C:\Windows\system32\perfh007.dat
2021-12-05 09:04 - 2021-06-23 18:02 - 000142574 _____ C:\Windows\system32\perfc007.dat
2021-12-05 09:04 - 2020-05-06 19:41 - 001632024 _____ C:\Windows\system32\PerfStringBackup.INI
2021-12-05 09:04 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-12-05 08:57 - 2021-08-27 18:04 - 000000000 ___RD C:\Users\*****\OneDrive
2021-12-05 08:56 - 2021-08-27 18:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-12-05 08:56 - 2021-08-27 17:58 - 000000000 ____D C:\Users\*****
2021-12-05 08:56 - 2020-05-06 19:33 - 000477912 _____ C:\Windows\system32\FNTCACHE.DAT
2021-12-05 08:56 - 2020-05-06 19:33 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-05 08:56 - 2020-05-06 19:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-12-05 08:56 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ServiceState
2021-12-04 15:45 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2021-12-04 11:45 - 2021-06-23 08:11 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-04 11:45 - 2021-06-23 08:11 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-04 11:45 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-04 11:45 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-12-02 14:06 - 2021-08-27 18:04 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3543955943-4071330901-1462076641-1001
2021-12-02 14:06 - 2021-08-27 17:58 - 000002406 _____ C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-12-01 09:37 - 2021-08-27 18:19 - 000000000 ____D C:\Users\Public\Security Sessions
2021-12-01 09:32 - 2021-08-27 18:13 - 000003650 _____ C:\Windows\system32\Tasks\Avira_Security_Update
2021-12-01 09:32 - 2021-08-27 18:13 - 000001085 _____ C:\Users\Public\Desktop\Avira.lnk
2021-12-01 09:32 - 2021-08-27 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2021-12-01 09:32 - 2021-08-27 18:13 - 000000000 ____D C:\ProgramData\Avira
2021-11-30 17:46 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-11-30 11:42 - 2021-08-27 18:03 - 000000000 ____D C:\Users\*****\AppData\Local\Packages
2021-11-25 11:26 - 2021-08-27 18:30 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-23 16:05 - 2021-08-27 18:27 - 000000000 ____D C:\Users\*****\AppData\Local\Comms
2021-11-22 10:44 - 2021-10-29 11:14 - 000000796 _____ C:\Windows\storelibdebug.txt
2021-11-20 07:48 - 2021-09-07 11:09 - 000000000 ____D C:\Users\*****\AppData\Local\Amazon Music
2021-11-19 08:08 - 2021-08-27 18:12 - 000000000 ____D C:\ProgramData\Packages
2021-11-18 07:34 - 2021-06-23 08:11 - 000003700 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-18 07:34 - 2021-06-23 08:11 - 000003576 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-11-14 13:38 - 2021-06-23 08:15 - 000000000 ____D C:\Program Files\Microsoft Office
2021-11-14 07:23 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2021-11-13 17:28 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-11-13 17:26 - 2021-06-23 18:00 - 000000000 ___SD C:\Windows\system32\AppV
2021-11-13 17:26 - 2021-06-23 18:00 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-11-13 17:26 - 2019-12-07 10:14 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2021-11-13 17:26 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-11-13 17:26 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\setup
2021-11-13 17:26 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Dism
2021-11-13 17:26 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2021-11-13 17:26 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\setup
2021-11-13 17:26 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2021-11-13 17:26 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Dism
2021-11-13 17:26 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\ShellExperiences
2021-11-13 17:26 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-11-13 17:26 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2021-11-13 17:26 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2021-11-13 12:27 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-11-09 17:33 - 2021-08-29 09:49 - 000000000 ____D C:\Windows\system32\MRT
2021-11-09 17:31 - 2021-08-29 09:49 - 141529560 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-11-07 22:36 - 2021-06-23 17:56 - 000429952 _____ (Lenovo Group Limited) C:\Windows\system32\iMDriverHelper.dll
2021-11-07 22:36 - 2021-06-23 17:56 - 000109296 _____ (Lenovo Group Ltd.) C:\Windows\system32\WudfUpdate_02000.dll
2021-11-07 22:36 - 2021-06-23 08:14 - 000109296 _____ (Lenovo Group Ltd.) C:\Windows\system32\ImController.CoInstaller.dll
2021-11-07 22:36 - 2021-06-23 08:14 - 000063728 _____ (Lenovo Group Ltd.) C:\Windows\system32\ImController.InfInstaller.exe
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-12-2021
durchgeführt von ***** (05-12-2021 10:12:49)
Gestartet von C:\Users\*****\Downloads
Microsoft Windows 10 Pro Version 20H2 19042.1348 (X64) (2021-08-27 22:48:43)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-3543955943-4071330901-1462076641-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3543955943-4071330901-1462076641-503 - Limited - Disabled)
***** (S-1-5-21-3543955943-4071330901-1462076641-1001 - Administrator - Enabled) => C:\Users\*****
Gast (S-1-5-21-3543955943-4071330901-1462076641-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-3543955943-4071330901-1462076641-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {8A154ED8-4428-DB2D-0E3F-BD82C448FD94}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat DC (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 21.007.20099 - Adobe)
Amazon Music (HKU\S-1-5-21-3543955943-4071330901-1462076641-1001\...\Amazon Amazon Music) (Version: 8.8.1.2303 - Amazon.com Services LLC)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2111.2126 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.7.25887 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.59.25531 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{5FFF909D-D88F-42B9-9A85-328A1290611C}) (Version: 2.0.6.48309 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.13.0.11216 - Avira Operations GmbH & Co. KG) Hidden
HP Dropbox Plugin (HKLM-x32\...\{19EDEC5D-055E-4AD0-88AC-C342608FC47E}) (Version: 36.0.445.57508 - HP)
HP Google Drive Plugin (HKLM-x32\...\{1B225296-B1F1-40B3-8427-844E97CB2D1B}) (Version: 36.0.445.57508 - HP)
HP LaserJet Pro MFP M426-M427 (HKLM-x32\...\{ba385a8d-d398-4df7-9507-0c6a318b1371}) (Version: 16.0.19133.687 - Hewlett-Packard)
HPLJProMFPM426M427 (HKLM-x32\...\{2304BE7D-2849-406C-9A96-58013461E506}) (Version: 0.05.0000 - Hewlett-Packard) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CF10F6BC-C710-4F6F-B7E1-4057699A59AA}) (Version: 12.3.6.10 - HP)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.9.23.0 - Lenovo Group Ltd.)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.14527.20276 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.43 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.43 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3543955943-4071330901-1462076641-1001\...\OneDriveSetup.exe) (Version: 21.230.1107.0004 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 94.0.2 (x64 de)) (Version: 94.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 91.0.2 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14527.20276 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.14527.20234 - Microsoft Corporation) Hidden
OpenOffice 4.1.11 (HKLM-x32\...\{372A5898-9772-4413-9767-06E9F4580830}) (Version: 4.111.9808 - Apache Software Foundation)
OpenOffice Updater (HKU\S-1-5-21-3543955943-4071330901-1462076641-1001\...\OpenOffice Updater) (Version: 1.1.10 - OpenOffice) <==== ACHTUNG
Windows-PC-Integritätsprüfung (HKLM\...\{68C9C2A4-C212-4310-AB68-12F97050A416}) (Version: 3.2.2110.14001 - Microsoft Corporation)
Packages:
=========
AI Meeting Manager -> C:\Program Files\WindowsApps\E046963F.AIMeetingManager_2.0.59.0_x64__k1h2ywk1493x8 [2021-11-09] (LENOVO INC.)
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30023.0_x64__0a9344xs7nr4m [2021-11-30] (Advanced Micro Devices Inc.) [Startup Task]
AV1 Video Extension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.41601.0_x64__8wekyb3d8bbwe [2021-08-29] (Microsoft Corporation)
Dolby Audio -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAudio_3.20900.902.0_x64__rz1tebttyb220 [2021-08-27] (Dolby Laboratories)
ELAN Touchpad for Thinkpad -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTouchpadforThinkpad_24.121.15.0_x64__stws0m115j6hg [2021-08-29] (ELAN Microelectronics Corporation)
ELAN TrackPoint for Thinkpad -> C:\Program Files\WindowsApps\ELANMicroelectronicsCorpo.ELANTrackPointforThinkpa_24.121.18.0_x64__stws0m115j6hg [2021-08-29] (ELAN Microelectronics Corporation)
Elevoc Vocplus System -> C:\Program Files\WindowsApps\ElevocTechnologyCo.Ltd.ElevocVocplusSystem_1.0.29.0_x64__ttaqwwhyt5s6t [2021-08-29] (Elevoc Technology Co., Ltd.)
Glance by Mirametrix -> C:\Program Files\WindowsApps\MirametrixInc.GlancebyMirametrix_8.19.2743.0_x64__17mer8kcn3j54 [2021-11-20] (Mirametrix Inc.) [Startup Task]
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_132.4.265.0_x64__v10z8vjag6ke6 [2021-11-30] (HP Inc.)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-11-17] (Apple Inc.) [Startup Task]
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2110.17.0_x64__k1h2ywk1493x8 [2021-11-19] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-08-29] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-08-29] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]
MPEG-2-Videoerweiterung -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.42152.0_x64__8wekyb3d8bbwe [2021-08-29] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.25.245.0_x64__dt26b99r8h8gj [2021-08-27] (Realtek Semiconductor Corp)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-3543955943-4071330901-1462076641-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-04-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-09-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-09-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2021-09-08] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2021-09-02] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-04-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2021-09-07 11:09 - 2020-04-02 17:15 - 002266624 _____ (Digia Plc and/or its subsidiary(-ies)) [Datei ist nicht signiert] C:\Users\*****\AppData\Local\Amazon Music\QtCore4.dll
2021-09-07 11:09 - 2020-04-02 17:25 - 006267392 _____ (Digia Plc and/or its subsidiary(-ies)) [Datei ist nicht signiert] C:\Users\*****\AppData\Local\Amazon Music\QtGui4.dll
2021-09-07 11:09 - 2020-04-02 17:16 - 000802816 _____ (Digia Plc and/or its subsidiary(-ies)) [Datei ist nicht signiert] C:\Users\*****\AppData\Local\Amazon Music\QtNetwork4.dll
2009-09-16 17:44 - 2009-09-16 17:44 - 000153088 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\Windows\System32\hptcpmib.dll
2009-09-16 17:45 - 2009-09-16 17:45 - 000331264 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\Windows\System32\HpTcpMon.dll
2009-09-16 10:44 - 2009-09-16 10:44 - 000132096 _____ (Hewlett Packard) [Datei ist nicht signiert] C:\Windows\System32\hpzjrd01.dll
2009-09-16 17:45 - 2009-09-16 17:45 - 000317440 _____ (Microsoft Corporation) [Datei ist nicht signiert] C:\Windows\System32\HPTcpMUI.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKU\S-1-5-21-3543955943-4071330901-1462076641-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKLM -> DefaultScope {7550502C-4F71-407F-9682-5870D6FE0FF0} URL = hxxp://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM -> {7550502C-4F71-407F-9682-5870D6FE0FF0} URL = hxxp://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM-x32 -> DefaultScope {7550502C-4F71-407F-9682-5870D6FE0FF0} URL = hxxp://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
SearchScopes: HKLM-x32 -> {7550502C-4F71-407F-9682-5870D6FE0FF0} URL = hxxp://www.bing.com/search?q={SearchTerms}&form=PRLNC1&src=IE11TR&pc=LCTE
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-11-01] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-3543955943-4071330901-1462076641-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\*****\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\{fa673f93-a38c-430c-84e3-f19ebbc4b329}.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{B10D7F64-3E56-454E-9AD9-37E706EF5A0F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{E0CDC76F-896B-49A2-B165-92EC481C4F27}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{EF5AA4B6-31AF-4886-B2AD-20B364881BB6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B53546E3-54BF-42B4-850C-92496633FE58}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{46D9107E-2A08-43BA-8210-3D47BFDD530F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{CD78ECBF-B535-49E6-A93D-FDA80B09D165}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{47F69187-87FC-4FBC-9293-09A84E451C67}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E8A62407-0EA7-447F-8D49-A527E793D7B2}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{893BCF36-72B9-445A-BC44-7936CEC7C431}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{38800693-804A-44BC-BC9F-53C138BEADC5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{A23950DA-07C9-49AC-A720-77708237122F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{133BA4E7-ADC8-402C-96C1-FFAF82909701}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{944DFEC3-8674-43B8-BD4C-023D1819D44A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D4E02160-A6BD-4E00-A0E8-A8165F3CB8A0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D0EF1C26-37CC-44B1-956F-70F793FB2F67}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{96C778D4-D083-4DC4-8EB7-9AD6895E6029}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.43\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BDC2DD81-F89C-4AF8-84DC-00D395F1D4FA}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{8BAF5B33-09B4-419C-828C-027995C0222F}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{AE2853C2-64E8-4B39-913A-10DBEF20716A}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
==================== Wiederherstellungspunkte =========================
19-11-2021 10:50:39 Windows Update
28-11-2021 09:38:46 Geplanter Prüfpunkt
04-12-2021 15:46:10 OpenOffice 4.1.11 wird installiert
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (12/05/2021 08:56:36 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\Windows\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).
Error: (12/04/2021 03:39:56 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {1D378765-7077-4318-95BA-456DB113A6ED}
Error: (12/04/2021 03:39:27 PM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {A86339CA-6CF3-460E-B989-DD9274EDA721}
Error: (12/01/2021 09:32:24 AM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\Windows\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).
Error: (11/30/2021 11:42:39 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {A96C9ABB-B61F-4935-81FC-6C843437E624}
Error: (11/30/2021 11:42:17 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x305; CorrelationId: {2F0B0AF6-A257-4D66-9D55-0E289301DCD7}
Error: (11/26/2021 04:52:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 10.0.19041.546, Zeitstempel: 0x058e175a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.1348, Zeitstempel: 0x76fcd692
Ausnahmecode: 0xc0000602
Fehleroffset: 0x000000000010b302
ID des fehlerhaften Prozesses: 0x26f4
Startzeit der fehlerhaften Anwendung: 0x01d7e2a8040255df
Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: c5d742ae-2923-4e81-b1fe-a881e291f176
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/23/2021 04:32:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 10.0.19041.546, Zeitstempel: 0x058e175a
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.1348, Zeitstempel: 0x76fcd692
Ausnahmecode: 0xc0000602
Fehleroffset: 0x000000000010b302
ID des fehlerhaften Prozesses: 0x5010
Startzeit der fehlerhaften Anwendung: 0x01d7df709fd2f394
Pfad der fehlerhaften Anwendung: C:\Windows\System32\svchost.exe
Pfad des fehlerhaften Moduls: C:\Windows\System32\KERNELBASE.dll
Berichtskennung: 205e419e-b850-49ec-8afc-7b273932003f
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (12/05/2021 08:56:28 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 05.12.2021 um 08:49:01 unerwartet heruntergefahren.
Error: (12/05/2021 08:38:30 AM) (Source: Schannel) (EventID: 4103) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Erstellen der Client-Anmeldeinformationen für TLS. Der interne Fehlerstatus ist 10013.
Error: (12/05/2021 08:38:29 AM) (Source: Schannel) (EventID: 4103) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Erstellen der Client-Anmeldeinformationen für TLS. Der interne Fehlerstatus ist 10013.
Error: (12/04/2021 07:25:02 PM) (Source: Schannel) (EventID: 4103) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Erstellen der Client-Anmeldeinformationen für TLS. Der interne Fehlerstatus ist 10013.
Error: (12/04/2021 07:24:51 PM) (Source: Schannel) (EventID: 4103) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Erstellen der Client-Anmeldeinformationen für TLS. Der interne Fehlerstatus ist 10013.
Error: (12/04/2021 07:24:49 PM) (Source: Schannel) (EventID: 4103) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Erstellen der Client-Anmeldeinformationen für TLS. Der interne Fehlerstatus ist 10013.
Error: (12/04/2021 07:24:33 PM) (Source: Schannel) (EventID: 4103) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Erstellen der Client-Anmeldeinformationen für TLS. Der interne Fehlerstatus ist 10013.
Error: (12/04/2021 06:15:49 PM) (Source: Schannel) (EventID: 4103) (User: NT-AUTORITÄT)
Description: Schwerwiegender Fehler beim Erstellen der Client-Anmeldeinformationen für TLS. Der interne Fehlerstatus ist 10013.
CodeIntegrity:
===============
Date: 2021-08-28 00:48:40
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\McAfee\Platform\Core\vtploader.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
BIOS: LENOVO R1OET27W (1.06 ) 05/17/2021
Hauptplatine: LENOVO 20Y7003SGE
Prozessor: AMD Ryzen 5 5500U with Radeon Graphics
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 15178.43 MB
Verfügbarer physikalischer RAM: 10037.03 MB
Summe virtueller Speicher: 17482.43 MB
Verfügbarer virtueller Speicher: 11050.26 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:475.69 GB) (Free:416.13 GB) (Protected) NTFS
\\?\Volume{d43b379c-bf3c-4a3a-a86a-823f614ff15d}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.23 GB) NTFS
\\?\Volume{afb8ced2-0224-44e1-a937-44f3556d1fe0}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 850B7C8E)
Partition: GPT.
==================== Ende von Addition.txt =======================
Code:
Untersuchungsergebnis der Verknüpfungen des Benutzers (x64) Version: 01-12-2021
durchgeführt von ***** (05-12-2021 10:13:21)
Gestartet von C:\Users\*****\Downloads
Start-Modus: Normal
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk -> C:\Program Files (x86)\HP\IrisOCR_12.3.6.10\regipe.exe (I.R.I.S. Image Recognition Integrated Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk -> C:\Program Files\PCHealthCheck\PCHealthCheck.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.11\OpenOffice Base.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sbase.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.11\OpenOffice Calc.lnk -> C:\Program Files (x86)\OpenOffice 4\program\scalc.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.11\OpenOffice Draw.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.11\OpenOffice Impress.lnk -> C:\Program Files (x86)\OpenOffice 4\program\simpress.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.11\OpenOffice Math.lnk -> C:\Program Files (x86)\OpenOffice 4\program\smath.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.11\OpenOffice Writer.lnk -> C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.11\OpenOffice.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office-Spracheinstellungen.lnk -> C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Pro MFP M426-M427\Benutzerhandbuch.lnk -> C:\Program Files (x86)\HP\HP LaserJet Pro MFP M426-M427\LJPMFPM426M427_use_deww.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Pro MFP M426-M427\Handbuch zu Garantie und rechtlichen Hinweisen.lnk -> C:\Program Files (x86)\HP\HP LaserJet Pro MFP M426-M427\LJPMFPM426M427_warranty-legal_deww.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Pro MFP M426-M427\HP Scan.lnk -> C:\Program Files (x86)\HP\HP LaserJet Pro MFP M426-M427\bin\HPScan.exe (Hewlett-Packard Development Company, LP)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk -> C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\*****\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\Links\Desktop.lnk -> C:\Users\*****\Desktop ()
Shortcut: C:\Users\*****\Links\Downloads.lnk -> C:\Users\*****\Downloads ()
Shortcut: C:\Users\*****\Desktop\Amazon Music.lnk -> C:\Users\*****\AppData\Local\Amazon Music\Amazon Music.exe (Amazon.com Services LLC)
Shortcut: C:\Users\*****\Desktop\iTunes.lnk -> Tile and icon assets
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music.lnk -> C:\Users\*****\AppData\Local\Amazon Music\Amazon Music.exe (Amazon.com Services LLC)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\*****\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music\Amazon Music.lnk -> C:\Users\*****\AppData\Local\Amazon Music\Amazon Music.exe (Amazon.com Services LLC)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music\Uninstall Amazon Music.lnk -> C:\Users\*****\AppData\Local\Amazon Music\Uninstall.exe ()
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\*****\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Tombstones\McAfee LiveSafe.lnk -> C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (Keine Datei)
Shortcut: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\*****\AppData\Local\Amazon Music\Uninstall Amazon Music.lnk -> C:\Users\*****\AppData\Local\Amazon Music\Uninstall.exe ()
Shortcut: C:\Users\Public\Desktop\Adobe Acrobat DC.lnk -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Avira.lnk -> C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\Users\Public\Desktop\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\HP LJ M426M427 Scan.lnk -> C:\Program Files (x86)\HP\HP LaserJet Pro MFP M426-M427\bin\HPScan.exe (Hewlett-Packard Development Company, LP)
Shortcut: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\OpenOffice 4.1.11.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\ThinkTouchPadPlugin\x86\SynCPL.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll",ShowDevicePropPage 1
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\ThinkTouchPadPlugin\x64\SynCPL.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll",ShowDevicePropPage 1
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\HideBatteryGauge.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,HideBatteryGauge
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LaunchPinVantageToolbarToast.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,LaunchPinVantageToolbarToast
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\SetMenuItemNameofBatteryGauge.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,SetMenuItemNameofBatteryGauge
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\ShowBatteryGauge.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,ShowBatteryGauge
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\UnloadBatteryGaugeFromExplorer.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,UnloadBatteryGaugeFromExplorer
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\UnpinFromTaskbar.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,UnpinFromTaskbar
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\UpdateBatteryGaugeToastInfo.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x86\LenovoBatteryGaugePackage.dll,UpdateBatteryGaugeToastInfo
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\HideBatteryGauge.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,HideBatteryGauge
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LaunchPinVantageToolbarToast.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,LaunchPinVantageToolbarToast
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\SetMenuItemNameofBatteryGauge.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,SetMenuItemNameofBatteryGauge
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\ShowBatteryGauge.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,ShowBatteryGauge
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\UnloadBatteryGaugeFromExplorer.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,UnloadBatteryGaugeFromExplorer
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\UnpinFromTaskbar.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,UnpinFromTaskbar
ShortcutWithArgument: C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\UpdateBatteryGaugeToastInfo.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\LenovoBatteryGaugePackage.dll,UpdateBatteryGaugeToastInfo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\*****\Desktop\HP\HP LaserJet Pro MFP M426-M427\HP Gerät neu konfigurieren.lnk -> C:\Program Files (x86)\HP\csiInstaller\ba385a8d-d398-4df7-9507-0c6a318b1371\Setup.exe (Hewlett-Packard) -> /ReconfigWireless
ShortcutWithArgument: C:\Users\*****\Desktop\HP\HP LaserJet Pro MFP M426-M427\Produktsoftware deinstallieren.lnk -> C:\Program Files (x86)\HP\csiInstaller\ba385a8d-d398-4df7-9507-0c6a318b1371\Setup.exe (Hewlett-Packard) -> /Uninstall
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\*****\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\*****\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
InternetURL: C:\Users\*****\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\*****\Favorites\Handy\Lumia Support.url -> URL: hxxp://lumia.linkmicrosoft.com/device/entry/van/nsupport
InternetURL: C:\Users\*****\Favorites\Handy\Tipps und Tricks.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=247436
InternetURL: C:\Users\*****\Favorites\Handy\web´n´walk.url -> URL: hxxp://www.t-mobile-favoriten.de/
==================== Ende vom Shortcut.txt =============================
Die FRST-Logs nach dem Zurücksetzen folgen im nächsten Beitrag, da die Zeichenzahl sonst überschritten wird.
Vielen lieben Dank im Voraus für eure Hilfe! |
Lesestoff: