Trojaner-Board - Windows 11: Webseite von AV Antivirus wird plötzlich geöffnet und zeigt an, dass der PC infiziert ist.

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Windows 11: Webseite von AV Antivirus wird plötzlich geöffnet und zeigt an, dass der PC infiziert ist. (https://www.trojaner-board.de/211389-windows-11-webseite-av-antivirus-ploetzlich-geoeffnet-zeigt-pc-infiziert.html)

Windows 11: Webseite von AV Antivirus wird plötzlich geöffnet und zeigt an, dass der PC infiziert ist.

Hallo,

beim öffnen vom Edge wird manchmal automatisch die Seite vom AV Antivirus geöffnet und angezeigt, dass man 18 Viren haben soll. Der Edge hat sich auch schon automatisch geöffnet, ohne dass man ihn geöffnet hat. Das angezeigte Programm sollte sich eigentlich nicht auf meinem PC befinden.

Code:



Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08.2024

durchgeführt von micha (Administrator) auf LAPTOP-8BQEBHKB (HP Victus by HP Laptop 16-d1xxx) (18-08-2024 14:31:02)

Gestartet von C:\Users\micha\Desktop\Virusscan\FRST64.exe

Geladene Profile: micha

Plattform: Microsoft Windows 11 Home Version 23H2 22631.4037 (X64) Sprache: Deutsch (Deutschland)

Standard-Browser: Edge

Start-Modus: Normal
 

==================== Prozesse (Nicht auf der Ausnahmeliste) =================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
 

(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

(C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe ->) (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

(C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe

(C:\Program Files\McAfee\WebAdvisor\servicehost.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\uihost.exe

(C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe

(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.18500.10.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.105\msedgewebview2.exe <6>

(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\BridgeCommunication.exe <2>

(DriverStore\FileRepository\ipf_cpu.inf_amd64_e6050705c26c770f\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_e6050705c26c770f\ipf_helper.exe

(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe

(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <14>

(EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationService.exe

(SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe

(services.exe ->) (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrYNSvc.exe

(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe

(services.exe ->) (Geek Software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>

(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\AppHelperCap.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\DiagsCap.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\NetworkCap.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\SysInfoCap.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_9f1f5222288bdf88\x64\OmenCap\OmenCap.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_4a0efaf978352e5b\ipfsvc.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_0fdf6ce291234272\IntelCpHDCPSvc.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_e6050705c26c770f\ipf_uf.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe

(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe

(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe

(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe

(services.exe ->) (McAfee, LLC -> McAfee, LLC) C:\Program Files\McAfee\WebAdvisor\servicehost.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe

(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe

(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_41c48f20ac7de4fb\Display.NvContainer\NVDisplay.Container.exe <2>

(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <3>

(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe

(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe

(sihost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\AD2F1837.myHP_35.52430.841.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe

(svchost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\AD2F1837.myHP_35.52430.841.0_x64__v10z8vjag6ke6\HP.myHP.exe

(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.25992.9000.0_x64__8wekyb3d8bbwe\SecHealthUI.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.18500.10.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe

(svchost.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\SecurityHealth\1.0.2402.27001-0\SecurityHealthHost.exe

(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
 

==================== Registry (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
 

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961256 2023-11-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [645976 2024-06-06] (Geek Software GmbH -> geek software GmbH)

HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [370088 2021-10-08] (EXPRSVPN LLC -> ExpressVPN)

HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [141815104 2023-02-13] (Microsoft Corporation -> Microsoft Corporation)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2013-12-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [Datei ist nicht signiert]

HKU\S-1-5-19\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [539152 2024-05-01] (HP Inc. -> HP Inc.)

HKU\S-1-5-19\...\RunOnce: [OMENCC_InstallationBooster] => C:\system.sav\util\OMENCC_InstallationBooster.exe [16424 2020-03-07] (HP Inc. -> )

HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-20\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [539152 2024-05-01] (HP Inc. -> HP Inc.)

HKU\S-1-5-20\...\RunOnce: [OMENCC_InstallationBooster] => C:\system.sav\util\OMENCC_InstallationBooster.exe [16424 2020-03-07] (HP Inc. -> )

HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-2643785182-3745920480-3260537949-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [539152 2024-05-01] (HP Inc. -> HP Inc.)

HKU\S-1-5-21-2643785182-3745920480-3260537949-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-2643785182-3745920480-3260537949-1001\...\Run: [MicrosoftEdgeAutoLaunch_ED02E366447D09E4F124EF89B233D989] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3814952 2024-08-14] (Microsoft Corporation -> Microsoft Corporation)
 

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

Task: {7348A97A-D95B-47E6-A991-296683317D5E} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://ABO

Task: {0455C594-39CC-4BF4-BE75-C54758675F65} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BatteryStatusError

Task: {69095701-69AF-46A7-8715-E6287D84F35E} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BatteryStatusTest

Task: {E93AF06F-2171-47E5-856F-AA4F4D344E96} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BCF

Task: {404F7D1C-E672-4A97-9D14-53785D7183B0} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BHM1

Task: {D319D64B-B151-4D72-99DA-290B1CEE69A8} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BHM2

Task: {EAFE56D7-9FE1-49F1-91C2-C542428E94B3} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://LaunchUI

Task: {285E9A1B-539F-4410-8447-4BE648ED0C1D} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags:

Task: {DF782740-1E60-41B7-8CC8-A7F3CDCEDB13} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://SmartCheckError

Task: {B961DDA4-790D-445C-AC02-EB84646360C0} - System32\Tasks\Hewlett-Packard\HP Diagnostics\Uninstall-BatteryStatusTest => c:\Windows\System32\schtasks.exe [258048 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> /Change /Disable /tn "\Hewlett-Packard\HP Diagnostics\BatteryStatusTest"

Task: {2CCCF7ED-6FD2-4053-834B-A0116ADB13D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-07-25] (HP Inc. -> HP Inc.)

Task: {C205993C-6ECA-4C63-A5D2-B76A90F0EC1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-07-25] (HP Inc. -> HP Inc.)

Task: {97312991-8AA7-4ACB-B663-244C4CF62F38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-07-25] (HP Inc. -> HP Inc.)

Task: {F2217E35-47BC-4A42-8BCF-D10B9047E3AC} - System32\Tasks\HP\Consent Manager Launcher => C:\windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice

Task: {B84F85E2-D6E7-4DE6-AC3A-C39855CD064D} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1651288 2021-11-14] (HP Inc. -> HP Inc.)

Task: {A795F3D2-AFB8-47B9-825D-D781A0D8387E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28584424 2024-07-31] (Microsoft Corporation -> Microsoft Corporation)

Task: {C43FA183-0447-47E8-8F3C-3C6FD6683807} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28584424 2024-07-31] (Microsoft Corporation -> Microsoft Corporation)

Task: {732D3795-FBB3-4555-B468-B0D30BA346E4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312288 2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Task: {A3FDF89D-4761-4D8A-AD39-4C6B3EE18A66} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312288 2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Task: {6ECF8B10-B4C6-4CF2-AD5E-CD7EC3F7E344} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [182240 2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Task: {E9E206DD-AE51-42D2-9B6F-1E61BD6A8BCD} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4465048 2024-07-26] (Microsoft Corporation -> Microsoft Corporation)

Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Keine Datei)

Task: {C97CA7D6-A4D9-4F27-A2B7-9CA0E8071525} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {C970363B-FC30-4F8A-80E3-9D45719F5E74} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {EDF0C86F-463C-43C7-A03B-14E4B8BA7F3A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {36229817-7C7F-4B42-83AE-6149C5A216C1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)

Task: {7116D08B-398E-4E17-87CD-480B218DC338} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [675744 2024-07-02] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).

Task: {729099BE-EEBA-4408-85F0-898BB92404A0} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2643785182-3745920480-3260537949-1001 E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [675744 2024-07-02] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).

Task: {F681BE72-E746-40F8-BEFD-0B71D088F1C8} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [33696 2024-07-02] (Mozilla Corporation -> Mozilla Foundation)

Task: {357CBC3B-A9D5-4279-A032-56E7771DF978} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1009872 2022-02-22] (Nvidia Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log

Task: {42F79FD7-B044-4862-91DB-816BF749D3EA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339472 2022-02-22] (Nvidia Corporation -> NVIDIA Corporation)

Task: {FCD3EC5F-E03E-4C5F-B252-6E0E6266364A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647376 2022-02-22] (Nvidia Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler

Task: {37A5FEA5-2FD0-4DDF-8CD4-B159C3843EC5} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-02-22] (Nvidia Corporation -> NVIDIA Corporation)

Task: {9957147D-15BF-4358-8671-9A6562836D4C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-02-22] (Nvidia Corporation -> NVIDIA Corporation)

Task: {DC2651E0-6E73-4670-A71B-F12A477D1CCB} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-02-22] (Nvidia Corporation -> NVIDIA Corporation)

Task: {DC402892-6135-4EE5-AAFE-DD56AD6F94DF} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-02-22] (Nvidia Corporation -> NVIDIA Corporation)

Task: {551995B0-E2FF-4158-BFA8-C47A216F99FB} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

Task: {827D0E79-12A4-451A-8CD5-D6F9202426E9} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2643785182-3745920480-3260537949-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-08-17] (Microsoft Corporation -> Microsoft Corporation)
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
 
 

==================== Internet (Nicht auf der Ausnahmeliste) ====================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
 

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{1827eda8-51a6-4d18-96d9-f25bb7885cd5}: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{1827eda8-51a6-4d18-96d9-f25bb7885cd5}: [DhcpDomain] fritz.box

Tcpip\..\Interfaces\{1827eda8-51a6-4d18-96d9-f25bb7885cd5}\2535D2353686CFC65627: [DhcpNameServer] 172.16.1.1
 

Edge: 

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default [2024-08-18]

Edge Notifications: Default -> hxxps://login.schulmanager-online.de; hxxps://re-captcha-23.azurewebsites.net

Edge Extension: (McAfee® WebAdvisor) - C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd [2024-07-17]

Edge Extension: (Google Docs Offline) - C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-11]

Edge Extension: (Edge relevant text changes) - C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]

Edge HKLM-x32\...\Edge\Extension: [fdhgeoginicibhagdmblfikbgbkahibd]
 

FireFox:

========

FF DefaultProfile: dedm7rum.default

FF ProfilePath: C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\dedm7rum.default [2024-08-10]

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
 

==================== Dienste (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13995624 2024-07-31] (Microsoft Corporation -> Microsoft Corporation)

R2 dptftcs; C:\WINDOWS\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_4a0efaf978352e5b\ipfsvc.exe [545432 2022-10-27] (Intel Corporation -> Intel Corporation)

R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437160 2021-10-08] (EXPRSVPN LLC -> ExpressVPN)

S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncHelper.exe [3523088 2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [475680 2023-04-14] (HP Inc. -> HP Inc.)

R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\AppHelperCap.exe [928192 2024-07-18] (HP Inc. -> HP Inc.)

R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\DiagsCap.exe [926768 2024-07-18] (HP Inc. -> HP Inc.)

R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\NetworkCap.exe [922672 2024-07-18] (HP Inc. -> HP Inc.)

R2 HPOmenCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_9f1f5222288bdf88\x64\OmenCap\OmenCap.exe [755216 2024-06-17] (HP Inc. -> HP Inc.)

R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [241104 2024-08-10] (HP Inc. -> HP Inc.)

S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1149480 2018-06-07] (HP Inc. -> HP)

R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\SysInfoCap.exe [926248 2024-07-18] (HP Inc. -> HP Inc.)

R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-07] (HP Inc. -> HP Inc.)

S2 Intel(R) Platform License Manager Service; C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-14] (Intel Corporation -> Intel(R) Corporation)

R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe [530520 2023-10-18] (Intel Corporation -> Intel)

R2 ipfsvc; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_e6050705c26c770f\ipf_uf.exe [2733712 2022-01-17] (Intel Corporation -> Intel Corporation)

R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [937296 2024-08-17] (McAfee, LLC -> McAfee, LLC)

R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe [1427024 2024-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_41c48f20ac7de4fb\Display.NvContainer\NVDisplay.Container.exe [1275544 2024-03-19] (NVIDIA Corporation -> NVIDIA Corporation)

S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.151.0728.0003\OneDriveUpdaterService.exe [3863568 2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

R2 PDF24; C:\Program Files\PDF24\pdf24.exe [645976 2024-06-06] (Geek Software GmbH -> geek software GmbH)

R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe [3199648 2024-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe [133704 2024-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
 

===================== Treiber (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [544768 2023-06-26] (Microsoft Corporation) [Datei ist nicht signiert]

S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2023-06-26] (Microsoft Corporation) [Datei ist nicht signiert]

S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Datei ist nicht signiert]

S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [45640 2021-10-08] (ExprsVPN LLC -> ExpressVPN)

R3 expressvpntun; C:\WINDOWS\System32\drivers\expressvpn-tun.sys [46896 2021-10-08] (Express VPN International Ltd. -> ExpressVPN)

R3 GlPciSD; C:\WINDOWS\System32\drivers\GlPciSD.sys [233776 2023-01-06] (GENESYS LOGIC, INC. -> Genesys Logic)

S3 GSCAuxDriver; C:\WINDOWS\System32\DriverStore\FileRepository\gscauxdriver.inf_amd64_47dea9773e9dfab7\GSCAuxDriverx64.sys [79976 2021-12-06] (Intel Corporation -> Intel Corporation)

S3 GSCx64; C:\WINDOWS\System32\DriverStore\FileRepository\gscheci.inf_amd64_1027aa064fe1f3f7\TeeDriverGSCW8x64.sys [258104 2021-12-06] (Intel Corporation -> Intel Corporation)

R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)

R3 HPOmenCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpomencustomcapdriver.inf_amd64_ca73a0631db38b6a\x64\hpomencustomcapdriver.sys [25072 2024-06-17] (HP Inc. -> HP Inc.)

R2 HpReadHWData; C:\WINDOWS\system32\drivers\HpReadHWData.sys [52192 2023-06-29] (HP Inc. -> Windows (R) Win 7 DDK provider)

R3 iaLPSS2_GPIO2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys [150616 2022-10-18] (Intel Corporation -> Intel Corporation)

R3 iaLPSS2_I2C_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys [220224 2022-10-18] (Intel Corporation -> Intel Corporation)

S3 iaLPSS2_SPI_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_spi_adl.inf_amd64_2d1a1b06fd89c8d4\iaLPSS2_SPI_ADL.sys [160912 2021-11-21] (Intel Corporation -> Intel Corporation)

S3 iaLPSS2_UART2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_adl.inf_amd64_9f84cae4176aa5ed\iaLPSS2_UART2_ADL.sys [318624 2021-11-21] (Intel Corporation -> Intel Corporation)

R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel(R) Corporation)

R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88776 2022-06-22] (Intel Corporation -> Intel Corporation)

S3 ipf_acpi; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_de6ec16890c1b449\ipf_acpi.sys [85648 2022-01-17] (Intel Corporation -> Intel Corporation)

R3 ipf_cpu; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_e6050705c26c770f\ipf_cpu.sys [79496 2022-01-17] (Intel Corporation -> Intel Corporation)

R3 ipf_lf; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_e6050705c26c770f\ipf_lf.sys [431256 2022-01-17] (Intel Corporation -> Intel Corporation)

R3 MpKsl8a12996c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{72E71C46-F7FF-4B30-8242-EA987E85C030}\MpKslDrv.sys [271640 2024-08-16] (Microsoft Windows -> Microsoft Corporation)

R3 MpKsl91b5d659; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6E303F9D-9FF4-4BFE-8063-F1FD807BD1F4}\MpKslDrv.sys [271640 2024-08-18] (Microsoft Windows -> Microsoft Corporation)

S3 MpKslc795b5d0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{72E71C46-F7FF-4B30-8242-EA987E85C030}\MpKslDrv.sys [271640 2024-08-16] (Microsoft Windows -> Microsoft Corporation)

R3 MTKBTFilterX64; C:\WINDOWS\system32\DRIVERS\mtkbtfilterx.sys [296952 2023-02-23] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)

R3 mtkwlex; C:\WINDOWS\System32\drivers\mtkwl6ex.sys [1420704 2023-02-24] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)

R3 nvpcf; C:\WINDOWS\System32\drivers\nvpcf.sys [248936 2024-03-19] (NVIDIA Corporation -> NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2022-02-22] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)

R3 rt68cx21; C:\WINDOWS\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_0942876b93fc9223\rt68cx21x64.sys [727960 2023-05-23] (Realtek Semiconductor Corp. -> Realtek)

R1 rtf64; C:\WINDOWS\system32\DRIVERS\rtf64x64.sys [67496 2022-07-28] (Realtek Semiconductor Corp. -> Realtek)

R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [61496 2021-10-08] (ExprsVPN LLC -> The OpenVPN Project)

S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602504 2024-08-09] (Microsoft Windows -> Microsoft Corporation)

R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2024-08-09] (Microsoft Windows -> Microsoft Corporation)

S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
 

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 

==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 

2024-08-18 14:30 - 2024-08-18 14:31 - 000000000 ____D C:\FRST

2024-08-18 14:21 - 2024-08-18 14:31 - 000000000 ____D C:\Users\micha\Desktop\Virusscan

2024-08-18 13:54 - 2024-08-18 13:54 - 000765750 _____ C:\WINDOWS\system32\perfh007.dat

2024-08-18 13:54 - 2024-08-18 13:54 - 000167482 _____ C:\WINDOWS\system32\perfc007.dat

2024-08-15 11:33 - 2024-08-15 11:33 - 000000000 ____D C:\Users\micha\AppData\Roaming\Microsoft\HTML Help

2024-08-13 16:27 - 2024-03-20 18:54 - 000799592 _____ C:\WINDOWS\SysWOW64\IccSdk.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000768872 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\IntelOverclockingSDK.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000279296 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\XtuCommon.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000277352 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\HardwareAccess.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000256768 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\XtuApplication.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000099688 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\HardwareServices.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000090984 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\HardwareServiceInterfaces.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000060264 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\IntelBenchmarkSDK.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000060160 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\XtuCoreServer.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000055896 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iocbios2.sys

2024-08-13 16:27 - 2024-03-20 18:54 - 000044120 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ICCWDT.sys

2024-08-13 16:27 - 2024-03-20 18:54 - 000041320 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\PerfTuneAppMutex.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000034552 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\HardwareAccessInterfaces.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000033640 _____ ( ) C:\WINDOWS\SysWOW64\Interop.IccProxy.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000033024 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\XtuInterface.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000029952 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\XtuService.exe

2024-08-13 16:27 - 2024-03-20 18:54 - 000029440 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\XtuApplicationInterfaces.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000029440 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\ProfileHelperModel.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000028920 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\PlatformDetection.dll

2024-08-07 15:59 - 2024-08-07 15:59 - 000000000 ____D C:\Program Files\Common Files\DESIGNER

2024-08-07 15:58 - 2024-08-07 15:58 - 000002518 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (Preview).lnk

2024-08-07 13:17 - 2024-08-07 13:17 - 000089164 _____ C:\Users\micha\Downloads\TICKET286300559256-1.pkpass

2024-08-07 13:08 - 2024-08-07 13:08 - 000089168 _____ C:\Users\micha\Downloads\TICKET286300559233-2.pkpass

2024-08-07 13:08 - 2024-08-07 13:08 - 000089165 _____ C:\Users\micha\Downloads\TICKET286300559233-1.pkpass

2024-08-07 13:08 - 2024-08-07 13:08 - 000089162 _____ C:\Users\micha\Downloads\TICKET286300559233-3.pkpass

2024-08-06 13:31 - 2024-08-06 13:31 - 000009199 _____ C:\Users\micha\Desktop\Sponsoren.xlsx

2024-08-04 17:52 - 2024-08-04 17:52 - 000026169 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json

2024-08-04 17:52 - 2024-08-04 17:52 - 000026169 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json

2024-08-04 17:38 - 2024-08-04 17:38 - 000001719 _____ C:\Users\Public\Desktop\PDF24 Launcher.lnk

2024-08-04 17:38 - 2024-08-04 17:38 - 000001714 _____ C:\Users\Public\Desktop\PDF24 Toolbox.lnk

2024-08-04 17:38 - 2024-08-04 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24

2024-08-04 17:37 - 2024-08-04 17:38 - 000000000 ____D C:\Program Files\PDF24

2024-08-04 10:49 - 2024-08-04 10:49 - 000083187 _____ C:\Users\micha\Downloads\201847_2024_Nr.006_Kontoauszug_vom_2024.06.28_20240804104755.pdf

2024-08-04 10:49 - 2024-08-04 10:49 - 000081432 _____ C:\Users\micha\Downloads\201847_2024_Nr.007_Kontoauszug_vom_2024.07.31_20240804104748.pdf

2024-08-04 10:49 - 2024-08-04 10:49 - 000074345 _____ C:\Users\micha\Downloads\5500201847_2024_Nr.002_Kontoauszug_vom_2024.06.28_20240804104753.pdf

2024-08-04 10:49 - 2024-08-04 10:49 - 000073708 _____ C:\Users\micha\Downloads\201847_2024_Mitteilung_vom_2024.06.28_20240804104751.pdf

2024-08-04 10:49 - 2024-08-04 10:49 - 000073248 _____ C:\Users\micha\Downloads\201847_2024_Wir informieren Sie - Ihre Kontoabrechnung_vom_2024.06.28_20240804104752.pdf

2024-08-04 10:49 - 2024-08-04 10:49 - 000072736 _____ C:\Users\micha\Downloads\201847_2024_Ihre Entgelte_vom_2024.07.31_20240804104749.pdf

2024-08-04 10:48 - 2024-08-04 10:48 - 000083313 _____ C:\Users\micha\Downloads\6166111269_2024_Depotauszug_vom_2024.07.03_20240804104744.pdf
 

==================== Ein Monat (geänderte) ==================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 

2024-08-18 14:30 - 2022-05-07 07:22 - 000000000 ____D C:\WINDOWS\INF

2024-08-18 14:27 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemTemp

2024-08-18 14:19 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2024-08-18 14:17 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\AppReadiness

2024-08-18 14:02 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps

2024-08-18 14:01 - 2022-08-04 05:34 - 000000000 ____D C:\ProgramData\NVIDIA

2024-08-18 13:56 - 2021-06-25 20:10 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2024-08-18 13:56 - 2021-06-25 20:10 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2024-08-18 13:54 - 2023-06-27 03:14 - 001774666 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2024-08-18 13:50 - 2023-06-27 03:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2024-08-18 13:50 - 2023-06-26 19:09 - 000000000 ____D C:\Program Files\Microsoft OneDrive

2024-08-18 13:50 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ServiceState

2024-08-18 13:50 - 2021-06-25 20:10 - 000012288 ___SH C:\DumpStack.log.tmp

2024-08-17 14:22 - 2022-05-07 07:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI

2024-08-17 14:21 - 2023-06-27 03:12 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2643785182-3745920480-3260537949-1001

2024-08-17 14:21 - 2023-06-27 03:12 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task

2024-08-17 14:21 - 2023-06-26 19:03 - 000002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2024-08-17 14:18 - 2023-06-27 03:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2024-08-15 18:20 - 2023-10-13 18:41 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView

2024-08-15 18:20 - 2023-06-27 03:07 - 000588992 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2024-08-15 18:20 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemResources

2024-08-15 18:20 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm

2024-08-15 18:20 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates

2024-08-15 18:20 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\schemas

2024-08-15 18:20 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\bcastdvr

2024-08-15 16:05 - 2022-05-07 07:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll

2024-08-15 16:05 - 2022-05-07 07:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll

2024-08-15 16:05 - 2022-05-07 07:17 - 000000000 ____D C:\WINDOWS\CbsTemp

2024-08-15 13:58 - 2023-06-26 18:11 - 000000000 ____D C:\Users\micha\AppData\Local\Packages

2024-08-15 13:54 - 2023-06-26 18:42 - 000000000 ____D C:\Users\micha\AppData\Roaming\Microsoft\Word

2024-08-15 11:27 - 2023-06-26 20:03 - 000000000 ____D C:\Users\micha\AppData\Roaming\Microsoft\Excel

2024-08-15 11:23 - 2023-06-28 14:17 - 000000350 _____ C:\WINDOWS\BRRBCOM.INI

2024-08-15 10:43 - 2023-06-26 18:17 - 000000000 ____D C:\Users\micha\AppData\Local\D3DSCache

2024-08-15 10:32 - 2023-06-26 18:19 - 000000000 ___RD C:\Users\micha\OneDrive

2024-08-15 10:22 - 2023-06-26 19:07 - 000000000 ____D C:\Users\micha\AppData\Roaming\Microsoft\Teams

2024-08-14 16:16 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\USOPrivate

2024-08-14 12:27 - 2023-06-26 19:27 - 000000000 ____D C:\WINDOWS\system32\MRT

2024-08-14 12:25 - 2023-06-26 19:27 - 197093640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2024-08-13 16:27 - 2023-07-01 12:38 - 000000000 ____D C:\SWSetup

2024-08-10 12:13 - 2023-06-27 03:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard

2024-08-10 11:27 - 2023-07-15 12:38 - 000000000 ____D C:\Program Files\HPPrintScanDoctor

2024-08-10 11:27 - 2023-06-27 03:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP

2024-08-09 15:12 - 2021-06-25 20:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2024-08-07 15:58 - 2022-03-23 02:25 - 000000000 ____D C:\Program Files\Microsoft Office

2024-08-07 15:47 - 2024-06-09 10:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

2024-08-07 13:10 - 2024-04-14 10:33 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\WUModels

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\UUS

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemApps

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\oobe

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Dism

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\appraiser

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellExperiences

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellComponents

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\Provisioning

2024-07-29 13:50 - 2023-06-27 03:12 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2024-07-29 13:50 - 2023-06-27 03:12 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2024-07-20 15:44 - 2023-09-12 17:42 - 000000000 ____D C:\Users\micha\AppData\Local\CrashDumps
 

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
 

2024-05-23 08:27 - 2024-05-23 08:27 - 000005439 _____ () C:\Users\micha\AppData\Local\recently-used.xbel

2023-07-02 15:43 - 2023-07-02 15:43 - 000007605 _____ () C:\Users\micha\AppData\Local\resmon.resmoncfg
 

==================== SigCheck ============================
 

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
 

==================== Ende von FRST.txt ========================

Code:



Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-08.2024

durchgeführt von micha (18-08-2024 14:32:38)

Gestartet von C:\Users\micha\Desktop\Virusscan

Microsoft Windows 11 Home Version 23H2 22631.4037 (X64) (2023-06-27 01:12:30)

Start-Modus: Normal

==========================================================
 
 

==================== Konten: =============================
 
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
 

Administrator (S-1-5-21-2643785182-3745920480-3260537949-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-2643785182-3745920480-3260537949-503 - Limited - Disabled)

Gast (S-1-5-21-2643785182-3745920480-3260537949-501 - Limited - Disabled)

micha (S-1-5-21-2643785182-3745920480-3260537949-1001 - Administrator - Enabled) => C:\Users\micha

WDAGUtilityAccount (S-1-5-21-2643785182-3745920480-3260537949-504 - Limited - Disabled)
 

==================== Sicherheits-Center ========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installierte Programme ======================
 

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
 

Brother MFL-Pro Suite DCP-9022CDW (HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.5.0 - Brother Industries, Ltd.)

ExpressVPN (HKLM-x32\...\{91acec93-88d2-4afe-bbc3-e3e376c03732}) (Version: 10.9.0.20 - ExpressVPN)

ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B8765D7845}) (Version: 10.9.0.20 - ExpressVPN) Hidden

GIMP 2.10.34-2 (HKLM\...\GIMP-2_is1) (Version: 2.10.34 - The GIMP Team)

HP Audio Switch (HKLM-x32\...\{534FA660-E3B9-4826-9CFD-6870A7700062}) (Version: 1.0.213.0 - HP Inc.)

HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.20.0 - HP Inc)

HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)

HP Software Framework (HKLM-x32\...\{71E18A14-1BDB-4B58-A67F-1BCDA12462FD}) (Version: 7.1.15.1 - HP)

Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.17830.20138 - Microsoft Corporation)

Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17830.20138 - Microsoft Corporation)

Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.17830.20138 - Microsoft Corporation)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 127.0.2651.105 - Microsoft Corporation)

Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 127.0.2651.105 - Microsoft Corporation)

Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.151.0728.0003 - Microsoft Corporation)

Microsoft OneNote - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.17830.20138 - Microsoft Corporation)

Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.17830.20138 - Microsoft Corporation)

Microsoft Teams classic (HKU\S-1-5-21-2643785182-3745920480-3260537949-1001\...\Teams) (Version: 1.7.00.3653 - Microsoft Corporation)

Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.19202 - Microsoft)

Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)

Microsoft Visual C++ 2019 X64 Additional Runtime - 14.22.27821 (HKLM\...\{6E2C7A8E-B17A-4637-9CE9-F0B1157CF378}) (Version: 14.22.27821 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.22.27821 (HKLM\...\{0093C20C-273D-4397-B623-515CB8616CB9}) (Version: 14.22.27821 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2019 X86 Additional Runtime - 14.22.27821 (HKLM-x32\...\{3BDE80F7-7EC9-448E-8160-4ADA0CDA8879}) (Version: 14.22.27821 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.22.27821 (HKLM-x32\...\{1E6FC929-567E-4D22-9206-C5B83F0A21B9}) (Version: 14.22.27821 - Microsoft Corporation) Hidden

Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 127.0 (x64 de)) (Version: 127.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 127.0.0.8923 - Mozilla)

NVIDIA FrameView SDK 1.2.7321.30900954 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7321.30900954 - NVIDIA Corporation)

NVIDIA GeForce Experience 3.25.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.0.84 - NVIDIA Corporation)

NVIDIA Grafiktreiber 546.80 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 546.80 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.20.0221 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.20.0221 - NVIDIA Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17830.20138 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17830.20138 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden

Opel Update 1.5.1 (HKLM\...\e7416028-04bb-5421-a775-0ed8d70f442e) (Version: 1.5.1 - PSA Automobiles SA)

PDF24 Creator 11.18.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.18.0 - geek software GmbH)

Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.6.0.4472 - Microsoft Corporation)

VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)

WebAdvisor von McAfee (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.1.1.934 - McAfee, LLC)

WISO Steuer 2023 (HKLM-x32\...\{1F164B5F-3A66-4829-AE24-FF2C79A80F8F}) (Version: 30.10.3890 - Buhl Data Service GmbH)

Zoom (HKU\S-1-5-21-2643785182-3745920480-3260537949-1001\...\ZoomUMX) (Version: 5.16.10 (26186) - Zoom Video Communications, Inc.)
 

Packages:

=========
 

Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1177.0_x64__22t9g3sebte08 [2024-07-17] (AMZN Mobile LLC.) [Startup Task]

AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5587.0_x64__8j3eq9eme6ctt [2024-08-10] (INTEL CORP) [Startup Task]

B＆O Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BOAudioControl_1.47.308.0_x64__v10z8vjag6ke6 [2024-01-19] (HP Inc.)

Dropbox-Sonderaktion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.27.0_x64__xbfy0k16fey96 [2024-08-10] (Dropbox Inc.)

Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2024-08-10] (HP Inc.)

HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.6.2.0_x64__v10z8vjag6ke6 [2024-07-10] (HP Inc.)

HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2024-08-14] (HP Inc.)

HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6 [2023-06-29] (HP Inc.)

HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_155.1.1088.0_x64__v10z8vjag6ke6 [2024-08-10] (HP Inc.)

HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.37.11.0_x64__v10z8vjag6ke6 [2024-08-10] (HP Inc.)

HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6 [2024-07-11] (HP Inc.)

iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa [2024-05-22] (Apple Inc.) [Startup Task]

Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-15] (Microsoft Corp.)

Microsoft Teams -> C:\Program Files\WindowsApps\MSTeams_24193.1805.3040.8975_x64__8wekyb3d8bbwe [2024-08-13] (Microsoft) [Startup Task]

Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-07-17] (Microsoft Corporation)

Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.2.1293.0_x64__8wekyb3d8bbwe [2024-06-02] (Microsoft Corporation)

Microsoft.BingSearch -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.95.0_x64__8wekyb3d8bbwe [2024-07-28] (Microsoft Corporation)

MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24072.45.0_x64__cw5n1h2txyewy [2024-08-18] (Microsoft Windows) [Startup Task]

myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_35.52430.841.0_x64__v10z8vjag6ke6 [2024-08-10] (HP Inc.) [Startup Task]

NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-04-27] (NVIDIA Corp.)

Solitär -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.5.18.0_x64__kx24dqmazqk8j [2024-08-10] (Random Salad Games LLC)

Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.243.420.0_x64__zpdnekdrzrea0 [2024-08-10] (Spotify AB) [Startup Task]

The Chess Lv.100 -> C:\Program Files\WindowsApps\6918E89D.THECHESSLV.100_2.9.0.0_x64__66n08swfvvka0 [2024-05-30] (UNBALANCE corp.)

TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2024-07-13] (Bytedance Pte. Ltd.)

TikTok -> C:\Program Files\WindowsApps\www.tiktok.com-4C63E479_1.0.5.1_neutral__s5gx0acfdhdxa [2024-07-13] (www.tiktok.com)

Water Retreat PREMIUM -> C:\Program Files\WindowsApps\Microsoft.WaterRetreatPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2023-07-02] (Microsoft Corporation)

WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2431.2.0_x64__cv1g1gvanyjgm [2024-08-10] (WhatsApp Inc.) [Startup Task]

WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-10] (Microsoft Corp.)

WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-10] (Microsoft Corp.)

Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\LKG\MicrosoftWindows.LKG.DesktopSpotlight_cw5n1h2txyewy [2024-08-15] (Microsoft Windows)

Windows-Fotoanzeige -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.31001.0_x64__8wekyb3d8bbwe [2024-08-10] (Microsoft Corporation) [Startup Task]
 

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

CustomCLSID: HKU\S-1-5-21-2643785182-3745920480-3260537949-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\micha\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.19202\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2643785182-3745920480-3260537949-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\micha\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_41c48f20ac7de4fb\nvshext.dll [2024-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
 

==================== Codecs (Nicht auf der Ausnahmeliste) ====================
 

==================== Verknüpfungen & WMI ========================
 

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
 

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com.lnk -> C:\Program Files (x86)\Online Services\Amazon\WizLink.exe () -> hxxp://www.amazon.com/gp/ubp/oneButton/config/redirectHome?tagbase=hpga1-ubpl&ref=aagateway-taskbar-hp
 

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
 

2023-06-28 14:16 - 2009-02-27 16:38 - 000139264 ____R () [Datei ist nicht signiert] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

2023-06-28 14:16 - 2005-04-22 06:36 - 000143360 _____ () [Datei ist nicht signiert] C:\WINDOWS\system32\BrSNMP64.dll

2023-06-28 14:16 - 2013-06-12 19:06 - 000385024 ____R (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrMonitor.dll

2023-06-28 14:16 - 2010-09-29 17:07 - 000180224 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BroSNMP.dll

2023-06-28 14:16 - 2011-02-28 11:32 - 000208896 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll

2023-06-28 14:17 - 2013-10-10 21:55 - 002040320 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll

2023-06-28 14:16 - 2013-12-05 13:04 - 000137728 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll

2023-06-28 14:16 - 2014-02-17 19:24 - 000084480 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll

2023-06-28 14:16 - 2014-02-17 19:24 - 017905152 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll

2023-06-28 14:16 - 2013-11-15 10:17 - 000088064 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcLGer.dll

2023-06-28 14:16 - 2012-07-14 10:53 - 000087040 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\WINDOWS\system32\BrNetSti.dll

2022-03-23 02:25 - 2022-03-23 02:25 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll

2022-03-23 02:25 - 2022-03-23 02:25 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
 

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
 

AlternateDataStreams: C:\ProgramData:BDSDRMHK [64]

AlternateDataStreams: C:\Users\All Users:BDSDRMHK [64]

AlternateDataStreams: C:\ProgramData\Anwendungsdaten:BDSDRMHK [64]
 

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
 

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
 

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
 

SearchScopes: HKLM -> {40458B66-6194-4185-B45C-A209A9E50D51} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 -> {40458B66-6194-4185-B45C-A209A9E50D51} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-2643785182-3745920480-3260537949-1001 -> {40458B66-6194-4185-B45C-A209A9E50D51} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-07-25] (HP Inc. -> HP Inc.)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-07-25] (HP Inc. -> HP Inc.)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
 

IE trusted site: HKU\S-1-5-21-2643785182-3745920480-3260537949-1001\...\sharepoint.com -> hxxps://brklgst-files.sharepoint.com
 

==================== Hosts Inhalt: =========================
 

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
 

2021-06-05 14:08 - 2021-06-05 14:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 

==================== Andere Bereiche ===========================
 

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 

HKU\S-1-5-21-2643785182-3745920480-3260537949-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\micha\AppData\Local\Microsoft\Windows\Themes\Water Ret\DesktopBackground\01 gettyimages-501973530_resized.jpg

DNS Servers: 192.168.178.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

 ist aktiviert.
 

Network Binding:

=============

LAN-Verbindung: ExpressVPN TUN Driver -> expressvpn-tun.sys

Ethernet: Realtek Gaming GbE Family Controller -> rt68cx21x64.sys

Ethernet 2: ExpressVPN TAP Adapter -> tapexpressvpn.sys

Bluetooth-Netzwerkverbindung: Bluetooth Device (Personal Area Network) -> bthpan.sys

WLAN: MediaTek MT7921 Wi-Fi 6 802.11ax PCIe Adapter -> mtkwl6ex.sys
 

nt_rtf64: Realtek LightWeight Filter (NDIS6.40)
 

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
 

HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"

HKU\S-1-5-21-2643785182-3745920480-3260537949-1001\...\StartupApproved\Run: => "OneDrive"
 

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

FirewallRules: [{163FAF03-E992-4B61-A253-CAFE67526CE4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [{9F9BE754-5B9B-4E7E-91E2-84AF14CB8AA3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [{39E53AC5-9E07-4EF6-BE45-DDB78C475373}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [{62C082DC-B036-4FEC-B78F-D2440A98DF6A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [{6A80DD62-1D1A-473C-A5C9-DFF9C05E952D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [{AF2EA214-E81E-4834-B8BF-98254A448729}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [{584231CC-1ADB-4C94-BC33-0D0D36365CD8}] => (Allow) LPort=54925

FirewallRules: [{7563E9A7-12F9-4A38-9040-553A9FCF103D}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{932137F2-3861-47A2-BEB4-183A4176B3A4}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{94BD54DF-6FEF-4840-9513-689E4657EC2B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{F6B88540-C578-4A93-BF99-C5F72F1317FE}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{34DE8CB3-3FB9-40FC-9357-5DF5204D4AAD}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{533DD338-0EA1-4294-ACB9-57AB5DCE257B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{F225CD21-2DE7-4CFE-B833-9C9D5B4E421A}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{162490D3-9DC8-4A02-A650-6719349E102B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{50DF06EE-1394-461D-B203-80F142B85D8C}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{45B3984C-265E-4D87-917E-A07CC19D8B21}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{5E1513D5-0C70-4C6B-A306-8B029347E045}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{F62FDC8F-E2FD-4B5D-BBA3-305DF5AA8CCE}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{151BAE14-B008-4963-9C29-11D5B82B68F1}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{DAC20150-58E8-4A6F-99CA-BB67BC5CB2CC}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{EACAC995-75EC-49C1-ABCC-CA816D409658}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{777994E7-C384-4FCA-8EC8-8C005B4B3FA1}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{4E7AC3D3-4537-471A-97B2-E9075B2A49F0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.MinecraftEducationEdition_1.19.5300.0_x64__8wekyb3d8bbwe\Minecraft.Windows.exe (Microsoft Corporation -> )

FirewallRules: [{8AF791D1-2DDE-4EF3-A404-B09B7226F57A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.MinecraftEducationEdition_1.19.5300.0_x64__8wekyb3d8bbwe\Minecraft.Windows.exe (Microsoft Corporation -> )

FirewallRules: [{248F2D0B-3D1A-486B-80E5-33516F76A452}] => (Allow) C:\Users\micha\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{E44A814F-E99E-41F4-9461-ECE0E688B1E7}] => (Allow) C:\Users\micha\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{144B994A-EF69-461F-9D12-7552E589F6CC}] => (Allow) C:\Users\micha\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{C6EECD48-F28D-4AD8-84B4-66607C1DFA81}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{9E439893-0B0B-4D31-9071-08F50F3D416F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{5EB997F6-1986-4BE8-85F6-0FC29D501650}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{0490D5F3-FBDB-4240-86E4-03342205E6AB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{33D7F696-4C2F-43B2-B9D8-C3516B54141B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{22AF6F13-4DDF-4847-BFED-E72200D761DF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{91D533F0-191F-475F-9384-C3CEB2E4F968}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{FE669408-FB87-419E-B923-0E967ED53DB4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{9A96B302-3842-4A4B-B7E3-1AA20289DFD7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{03FCA313-6EC2-4000-A3E8-7C155D3F7251}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{343120A7-1C80-480D-B57F-00F035E931F1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{776F8DFD-049A-4DF9-9A3E-2D7AE46E3296}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{02ABCE7D-5D1E-4CA1-AF84-F258E30CD3AD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{83C402D7-B3FF-4800-898D-14ADBFDD5AD9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{C6073ED6-FF20-4F6C-B557-AEEFB57CE389}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{72996003-D432-416E-AC20-36264DF4A752}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24193.1904.3031.6050_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{CE38D39C-6E88-4C62-A094-961140B745C6}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24193.1904.3031.6050_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{7D5F3A22-7F63-47F6-B3E7-579FAA510AAA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.243.420.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{0ED22145-D16A-4417-A61A-008E47AC3076}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.243.420.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{3B3DC923-A2B8-491F-9183-C93D0E4B20B4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.243.420.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{08A6292A-992F-4BD4-B536-77A49E408B1E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.243.420.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{8F106ADB-403B-4AED-8360-C7DAFE1F5EC1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.243.420.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{CF978153-04B1-4AFC-800F-5CEE0B3F9B9A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.243.420.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{E2D7E894-D6C5-471E-A886-ADABEBD493B3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.243.420.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{D0F327AF-9516-462E-878A-91D5C5DAD6B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.243.420.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{A7E80212-7194-484D-84AC-CF472964793A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.243.420.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{73917BDD-BE2F-45DB-ACEB-0C9B4BEA0294}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.243.420.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{6D9351AE-4FCE-4629-A268-E4E0282E4B76}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24193.1805.3040.8975_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{DF48AC5A-894B-4489-A175-3C33671CBAE1}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24193.1805.3040.8975_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{D766ECD2-F8F8-4A19-886F-4B5D37D7139F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.105\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
 

==================== Wiederherstellungspunkte =========================
 

ACHTUNG: Systemwiederherstellung ist deaktiviert (Total:475.84 GB) (Free:300.99 GB) (63%)
 

==================== Fehlerhafte Geräte im Gerätemanager ============
 
 

==================== Fehlereinträge in der Ereignisanzeige: ========================
 

Applikationsfehler:

==================

Error: (08/18/2024 02:23:30 PM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)

Description: Das Programm WhatsApp.exe Version 0.0.0.0 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.
 

Error: (08/18/2024 02:08:07 PM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)

Description: Das Programm StartMenuExperienceHost.exe Version 10.0.22621.3958 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.
 

Error: (08/18/2024 01:50:16 PM) (Source: IPF) (EventID: 17) (User: NT-AUTORITÄT)

Description: Event-ID 17
 

Error: (08/18/2024 01:50:16 PM) (Source: IPF) (EventID: 17) (User: NT-AUTORITÄT)

Description: Event-ID 17
 

Error: (08/18/2024 01:50:16 PM) (Source: IPF) (EventID: 17) (User: NT-AUTORITÄT)

Description: Event-ID 17
 

Error: (08/18/2024 01:50:16 PM) (Source: IPF) (EventID: 17) (User: NT-AUTORITÄT)

Description: Event-ID 17
 

Error: (08/18/2024 01:50:16 PM) (Source: IPF) (EventID: 17) (User: NT-AUTORITÄT)

Description: Event-ID 17
 

Error: (08/18/2024 01:50:16 PM) (Source: IPF) (EventID: 17) (User: NT-AUTORITÄT)

Description: Event-ID 17
 
 

Systemfehler:

=============

Error: (08/18/2024 02:19:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200b fehlgeschlagen: Security Intelligence-Update für Microsoft Defender Antivirus – KB2267602 (Version 1.417.185.0) – Aktueller Kanal (Allgemein)
 

Error: (08/18/2024 02:16:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)

Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240016 fehlgeschlagen: Security Intelligence-Update für Microsoft Defender Antivirus – KB2267602 (Version 1.417.185.0) – Aktueller Kanal (Allgemein)
 

Error: (08/17/2024 08:38:03 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-8BQEBHKB)

Description: Der Server "Microsoft.AAD.BrokerPlugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 

Error: (08/17/2024 08:38:03 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-8BQEBHKB)

Description: Der Server "Microsoft.AAD.BrokerPlugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 

Error: (08/17/2024 08:38:01 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-8BQEBHKB)

Description: Der Server "Microsoft.AAD.BrokerPlugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy!Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 

Error: (08/17/2024 08:37:49 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-8BQEBHKB)

Description: Der Server "{A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 

Error: (08/17/2024 08:36:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WinDefend erreicht.
 

Error: (08/17/2024 08:34:57 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )

Description: Für den Miniport "Microsoft Wi-Fi Direct Virtual Adapter #2, {41974041-2232-4b70-918d-69aa395d3b0e}" ist das Ereignis "74" aufgetreten.
 
 

Windows Defender:

================

Date: 2024-08-17 08:38:01

Description: 

Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.

Überprüfungs-ID: {7FF36510-71A3-4EE5-B1EB-2B84251ED27F}

Überprüfungstyp: Antimalware

Überprüfungsparameter: Benutzerdefinierte Überprüfung

Benutzer: LAPTOP-8BQEBHKB\micha 
 

Date: 2024-07-28 11:17:03

Description: 

Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.

Überprüfungs-ID: {B480998C-C23C-4A56-9AE6-F45D15D26E0B}

Überprüfungstyp: Antimalware

Überprüfungsparameter: Schnellüberprüfung

Benutzer: NT-AUTORITÄT\SYSTEM 
 

Date: 2024-04-22 17:24:46

Description: 

Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.

Überprüfungs-ID: {7F518F9C-1332-46A8-B019-94F778D046D3}

Überprüfungstyp: Antimalware

Überprüfungsparameter: Schnellüberprüfung

Benutzer: NT-AUTORITÄT\SYSTEM 
 

Date: 2024-03-23 10:34:43

Description: 

Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.

Überprüfungs-ID: {9DC179F3-C956-4F40-B309-81E66A805898}

Überprüfungstyp: Antimalware

Überprüfungsparameter: Schnellüberprüfung

Benutzer: NT-AUTORITÄT\SYSTEM 
 

Date: 2024-02-21 09:11:46

Description: 

Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.

Überprüfungs-ID: {9AB1C3AB-5F91-412B-8DCE-8DEBEFC15614}

Überprüfungstyp: Antimalware

Überprüfungsparameter: Schnellüberprüfung

Benutzer: NT-AUTORITÄT\SYSTEM 

Event[0]
 

Date: 2024-08-18 14:22:44

Description: 

Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.

Neue Version der Sicherheitsinformationen: 

%Vorherige Version der Sicherheitsinformationen: 1.417.151.0

Update Source: Microsoft Center zum Schutz vor Schadsoftware

Sicherheitstyp: AntiVirus

Updatetyp: Voll

Benutzer: NT-AUTORITÄT\SYSTEM

Aktuelle Modulversion: 

%Vorherige Modulversion: 1.1.24070.3

Fehlercode: 0x80070102

Fehlerbeschreibung: Der Wartevorgang wurde abgebrochen.  
 

Date: 2024-08-18 14:16:42

Description: 

Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.

Neue Version der Sicherheitsinformationen: 

%Vorherige Version der Sicherheitsinformationen: 1.417.151.0

Update Source: Microsoft Update-Server

Sicherheitstyp: AntiVirus

Updatetyp: Voll

Benutzer: NT-AUTORITÄT\SYSTEM

Aktuelle Modulversion: 

%Vorherige Modulversion: 1.1.24070.3

Fehlercode: 0x80240016

Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".  
 

Date: 2024-08-08 05:11:51

Description: 

Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.

Neue Version der Sicherheitsinformationen: 

%Vorherige Version der Sicherheitsinformationen: 1.417.9.0

Update Source: Microsoft Update-Server

Sicherheitstyp: AntiVirus

Updatetyp: Voll

Benutzer: NT-AUTORITÄT\SYSTEM

Aktuelle Modulversion: 

%Vorherige Modulversion: 1.1.24070.3

Fehlercode: 0x8024000b

Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".  
 

Date: 2024-08-06 16:53:15

Description: 

Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.

Neue Version der Sicherheitsinformationen: 

%Vorherige Version der Sicherheitsinformationen: 1.415.527.0

Update Source: Microsoft Update-Server

Sicherheitstyp: AntiVirus

Updatetyp: Voll

Benutzer: NT-AUTORITÄT\SYSTEM

Aktuelle Modulversion: 

%Vorherige Modulversion: 1.1.24060.5

Fehlercode: 0x8024001e

Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".  
 

Date: 2024-07-17 13:21:11

Description: 

Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.

Neue Version der Sicherheitsinformationen: 

%Vorherige Version der Sicherheitsinformationen: 1.415.140.0

Update Source: Microsoft Update-Server

Sicherheitstyp: AntiVirus

Updatetyp: Voll

Benutzer: NT-AUTORITÄT\SYSTEM

Aktuelle Modulversion: 

%Vorherige Modulversion: 1.1.24060.5

Fehlercode: 0x80240022

Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.  
 

CodeIntegrity:

===============

Date: 2024-08-15 08:53:30

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.98\msedgewebview2.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Microsoft signing level requirements. 
 

Date: 2024-08-12 13:36:02

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.113\msedgewebview2.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Microsoft signing level requirements. 
 

Date: 2024-07-03 13:12:54

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\nvspcap64.dll that did not meet the Microsoft signing level requirements. 
 

Date: 2024-05-22 17:44:21

Description: 

Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system. 
 
 

==================== Speicherinformationen =========================== 
 

BIOS: AMI F.14 11/09/2023

Hauptplatine: HP 8A25

Prozessor: 12th Gen Intel(R) Core(TM) i7-12700H

Prozentuale Nutzung des RAM: 47%

Installierter physikalischer RAM: 16051.87 MB

Verfügbarer physikalischer RAM: 8389.64 MB

Summe virtueller Speicher: 17075.87 MB

Verfügbarer virtueller Speicher: 9142.64 MB
 

==================== Laufwerke ================================
 

Drive c: (Windows) (Fixed) (Total:475.84 GB) (Free:301.04 GB) (Model: WD PC SN810 SDCPNRY-512G-1006) (Protected) NTFS
 

\\?\Volume{fded71f0-41de-4b9c-a21c-bd0193bfb869}\ () (Fixed) (Total:0.83 GB) (Free:0.11 GB) NTFS

\\?\Volume{a91dad71-b892-4932-8ef9-2c06333159ee}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
 

==================== MBR & Partitionstabelle ====================
 

==========================================================

Disk: 0 (Size: 476.9 GB) (Disk ID: 05B31706)
 

Partition: GPT.
 

==================== Ende von Addition.txt =======================

System aufräumen: unnötige und veraltete Programme deinstallieren

Bitte über Einstellungen/Apps folgende Programme/Apps deinstallieren:

ExpressVPN
GIMP 2.10.34-2
HP Connection Optimizer
HP Documentation
HP Software Framework
VLC media player 3.0.16
WebAdvisor von McAfee

Ich habe alle angegebenen Apps deinstalliert.

Zitat:

ExpressVPN
GIMP 2.10.34-2
HP Connection Optimizer
HP Documentation
HP Software Framework
VLC media player 3.0.16
WebAdvisor von McAfee

adwCleaner

Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags.

adwcleaner zwecks Kontrolle bitte wiederholen, falls es Funde gab.

Code:



Malwarebytes

www.malwarebytes.com
 

-Protokolldetails-

Scan-Datum: 18.08.2024

Scan-Zeit: 19:32

Protokolldatei: d073af4a-5d87-11ef-8b49-5c60bab8a3a1.json
 

-Softwaredaten-

Version: 5.1.8.123

Komponentenversion: 1.0.5007

Version des Aktualisierungspakets: 1.0.88030

Lizenz: Testversion
 

-Systemdaten-

Betriebssystem: Windows 11 (Build 22631.4037)

CPU: x64

Dateisystem: NTFS

Benutzer: LAPTOP-8BQEBHKB\micha
 

-Scan-Übersicht-

Scan-Typ: Bedrohungs-Scan

Scan gestartet von: Manuell

Ergebnis: Abgeschlossen

Gescannte Objekte: 234577

Erkannte Bedrohungen: 1

In die Quarantäne verschobene Bedrohungen: 1

Abgelaufene Zeit: 4 Min., 26 Sek.
 

-Scan-Optionen-

Speicher: Aktiviert

Start: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Erkennung

PUM: Erkennung
 

-Scan-Details-

Prozess: 0

(keine bösartigen Elemente erkannt)
 

Modul: 0

(keine bösartigen Elemente erkannt)
 

Registrierungsschlüssel: 0

(keine bösartigen Elemente erkannt)
 

Registrierungswert: 0

(keine bösartigen Elemente erkannt)
 

Registrierungsdaten: 0

(keine bösartigen Elemente erkannt)
 

Daten-Stream: 0

(keine bösartigen Elemente erkannt)
 

Ordner: 0

(keine bösartigen Elemente erkannt)
 

Datei: 1

PUP.Optional.OneLaunch, C:\USERS\MICHA\DOWNLOADS\ONELAUNCH - PDF_8PQJZ.EXE, In Quarantäne, 11696, 1260754, 1.0.88030, , ame, , C89AED68182AC196162B7CD0CE85BA77, 0323990FF44F3037CCC0A8F34936F16F0DD3C10F1ABDA5B6F259D79E64F2DC1F
 

Physischer Sektor: 0

(keine bösartigen Elemente erkannt)
 

WMI: 0

(keine bösartigen Elemente erkannt)
 
 

(end)

Code:



Malwarebytes

www.malwarebytes.com
 

-Protokolldetails-

Scan-Datum: 18.08.2024

Scan-Zeit: 19:53

Protokolldatei: d0f1058c-5d8a-11ef-b232-5c60bab8a3a1.json
 

-Softwaredaten-

Version: 5.1.8.123

Komponentenversion: 1.0.5007

Version des Aktualisierungspakets: 1.0.88030

Lizenz: Testversion
 

-Systemdaten-

Betriebssystem: Windows 11 (Build 22631.4037)

CPU: x64

Dateisystem: NTFS

Benutzer: LAPTOP-8BQEBHKB\micha
 

-Scan-Übersicht-

Scan-Typ: Bedrohungs-Scan

Scan gestartet von: Manuell

Ergebnis: Abgeschlossen

Gescannte Objekte: 234735

Erkannte Bedrohungen: 0

In die Quarantäne verschobene Bedrohungen: 0

Abgelaufene Zeit: 1 Min., 12 Sek.
 

-Scan-Optionen-

Speicher: Aktiviert

Start: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Erkennung

PUM: Erkennung
 

-Scan-Details-

Prozess: 0

(keine bösartigen Elemente erkannt)
 

Modul: 0

(keine bösartigen Elemente erkannt)
 

Registrierungsschlüssel: 0

(keine bösartigen Elemente erkannt)
 

Registrierungswert: 0

(keine bösartigen Elemente erkannt)
 

Registrierungsdaten: 0

(keine bösartigen Elemente erkannt)
 

Daten-Stream: 0

(keine bösartigen Elemente erkannt)
 

Ordner: 0

(keine bösartigen Elemente erkannt)
 

Datei: 0

(keine bösartigen Elemente erkannt)
 

Physischer Sektor: 0

(keine bösartigen Elemente erkannt)
 

WMI: 0

(keine bösartigen Elemente erkannt)
 
 

(end)

Ich bekomme immer noch komische Meldungen auf meinem Laptop. Ich habe davon einen Screenshot gemacht. Leider kann ich diese Datei nicht hochladen.

1. Bitte Anleitungen richtig lesen. Du solltest den adwcleaner ausführen, nicht Malwarebytes Anti-Malware
2. Es wurde hier nirgends geschrieben, dass sofort alle Probleme nach einem Tool weg sind. Und schon dreimal nicht, wenn man auch noch die Instruktionen falsch umsetzt.

Entschuldige, dass ich das falsche Programm auf der Seite runtergeladen habe. Darüber hinaus wollte ich auch nur noch mitteilen, dass immer wieder ein Fenster aufploppt, welches ich nicht auf meinen Tread setzen kann.

Code:



# -------------------------------

# Malwarebytes AdwCleaner 8.4.2.0

# -------------------------------

# Build:    03-04-2024

# Database: 2024-03-04.1 (Cloud)

# Support:  https://www.malwarebytes.com/support

#

# -------------------------------

# Mode: Clean

# -------------------------------

# Start:    08-19-2024

# Duration: 00:00:01

# OS:       Windows 11 (Build 22631.4037)

# Cleaned:  20

# Failed:   0
 
 

***** [ Services ] *****
 

No malicious services cleaned.
 

***** [ Folders ] *****
 

No malicious folders cleaned.
 

***** [ Files ] *****
 

No malicious files cleaned.
 

***** [ DLL ] *****
 

No malicious DLLs cleaned.
 

***** [ WMI ] *****
 

No malicious WMI cleaned.
 

***** [ Shortcuts ] *****
 

No malicious shortcuts cleaned.
 

***** [ Tasks ] *****
 

No malicious tasks cleaned.
 

***** [ Registry ] *****
 

No malicious registry entries cleaned.
 

***** [ Chromium (and derivatives) ] *****
 

No malicious Chromium entries cleaned.
 

***** [ Chromium URLs ] *****
 

No malicious Chromium URLs cleaned.
 

***** [ Firefox (and derivatives) ] *****
 

No malicious Firefox entries cleaned.
 

***** [ Firefox URLs ] *****
 

No malicious Firefox URLs cleaned.
 

***** [ Hosts File Entries ] *****
 

No malicious hosts file entries cleaned.
 

***** [ Preinstalled Software ] *****
 

Deleted       Preinstalled.HPAudioSwitch   Folder   C:\Program Files (x86)\HP\HPAUDIOSWITCH

Deleted       Preinstalled.HPAudioSwitch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B84F85E2-D6E7-4DE6-AC3A-C39855CD064D} 

Deleted       Preinstalled.HPAudioSwitch   Registry   HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch

Deleted       Preinstalled.HPAudioSwitch   Task   C:\Windows\System32\Tasks\HPAUDIOSWITCH

Deleted       Preinstalled.HPCleanFLC   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher

Deleted       Preinstalled.HPCleanFLC   Registry   HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher

Deleted       Preinstalled.HPCleanFLC   Registry   HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher

Deleted       Preinstalled.HPCleanFLC   Registry   HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher

Deleted       Preinstalled.HPRegistrationService   Folder   C:\ProgramData\HP\HP REGISTRATION SERVICE

Deleted       Preinstalled.HPSupportAssistant   Folder   C:\HP\SUPPORT

Deleted       Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK

Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\micha\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK

Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}

Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}

Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}

Deleted       Preinstalled.HPSupportAssistant   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}

Deleted       Preinstalled.HPTouchpointAnalyticsClient   Folder   C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT

Deleted       Preinstalled.HPTouchpointAnalyticsClient   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}

Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}

Deleted       Preinstalled.WildTangentGamesBundle   Registry   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A97880C-7DD3-4C6E-8DE0-881B1FC02BE6}
 
 

*************************
 

[+] Delete Tracing Keys

[+] Reset Winsock
 

*************************
 

AdwCleaner[S00].txt - [3846 octets] - [19/08/2024 07:44:02]
 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Ok dann bitte jetzt neue FRST-Logs.

FRST Additions Logfile:

Code:

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-08.2024

durchgeführt von micha (19-08-2024 10:46:21)

Gestartet von C:\Users\micha\Desktop\Virusscan

Microsoft Windows 11 Home Version 23H2 22631.4037 (X64) (2023-06-27 01:12:30)

Start-Modus: Normal

==========================================================
 
 

==================== Konten: =============================
 
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
 

Administrator (S-1-5-21-2643785182-3745920480-3260537949-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-2643785182-3745920480-3260537949-503 - Limited - Disabled)

Gast (S-1-5-21-2643785182-3745920480-3260537949-501 - Limited - Disabled)

micha (S-1-5-21-2643785182-3745920480-3260537949-1001 - Administrator - Enabled) => C:\Users\micha

WDAGUtilityAccount (S-1-5-21-2643785182-3745920480-3260537949-504 - Limited - Disabled)
 

==================== Sicherheits-Center ========================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
 

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 

==================== Installierte Programme ======================
 

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
 

Brother MFL-Pro Suite DCP-9022CDW (HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.5.0 - Brother Industries, Ltd.)

HP Audio Switch (HKLM-x32\...\{534FA660-E3B9-4826-9CFD-6870A7700062}) (Version: 1.0.213.0 - HP Inc.)

Malwarebytes version 5.1.8.123 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.1.8.123 - Malwarebytes)

Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.17830.20138 - Microsoft Corporation)

Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.17830.20138 - Microsoft Corporation)

Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.17830.20138 - Microsoft Corporation)

Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 127.0.2651.105 - Microsoft Corporation)

Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 127.0.2651.105 - Microsoft Corporation)

Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.151.0728.0003 - Microsoft Corporation)

Microsoft OneNote - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.17830.20138 - Microsoft Corporation)

Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.17830.20138 - Microsoft Corporation)

Microsoft Teams classic (HKU\S-1-5-21-2643785182-3745920480-3260537949-1001\...\Teams) (Version: 1.7.00.3653 - Microsoft Corporation)

Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.19202 - Microsoft)

Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.22.27821 (HKLM-x32\...\{6361b579-2795-4886-b2a8-53d5239b6452}) (Version: 14.22.27821.0 - Microsoft Corporation)

Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 (HKLM-x32\...\{5bfc1380-fd35-4b85-9715-7351535d077e}) (Version: 14.22.27821.0 - Microsoft Corporation)

Microsoft Visual C++ 2019 X64 Additional Runtime - 14.22.27821 (HKLM\...\{6E2C7A8E-B17A-4637-9CE9-F0B1157CF378}) (Version: 14.22.27821 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.22.27821 (HKLM\...\{0093C20C-273D-4397-B623-515CB8616CB9}) (Version: 14.22.27821 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2019 X86 Additional Runtime - 14.22.27821 (HKLM-x32\...\{3BDE80F7-7EC9-448E-8160-4ADA0CDA8879}) (Version: 14.22.27821 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.22.27821 (HKLM-x32\...\{1E6FC929-567E-4D22-9206-C5B83F0A21B9}) (Version: 14.22.27821 - Microsoft Corporation) Hidden

Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 127.0 (x64 de)) (Version: 127.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 127.0.0.8923 - Mozilla)

NVIDIA FrameView SDK 1.2.7321.30900954 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.2.7321.30900954 - NVIDIA Corporation)

NVIDIA GeForce Experience 3.25.0.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.25.0.84 - NVIDIA Corporation)

NVIDIA Grafiktreiber 546.80 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 546.80 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.20.0221 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.20.0221 - NVIDIA Corporation)

Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17830.20138 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17830.20138 - Microsoft Corporation) Hidden

Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.17628.20110 - Microsoft Corporation) Hidden

Opel Update 1.5.1 (HKLM\...\e7416028-04bb-5421-a775-0ed8d70f442e) (Version: 1.5.1 - PSA Automobiles SA)

PDF24 Creator 11.18.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.18.0 - geek software GmbH)

Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.6.0.4472 - Microsoft Corporation)

WISO Steuer 2023 (HKLM-x32\...\{1F164B5F-3A66-4829-AE24-FF2C79A80F8F}) (Version: 30.10.3890 - Buhl Data Service GmbH)

Zoom (HKU\S-1-5-21-2643785182-3745920480-3260537949-1001\...\ZoomUMX) (Version: 5.16.10 (26186) - Zoom Video Communications, Inc.)
 

Packages:

=========
 

Amazon Alexa -> C:\Program Files\WindowsApps\57540AMZNMobileLLC.AmazonAlexa_3.25.1177.0_x64__22t9g3sebte08 [2024-07-17] (AMZN Mobile LLC.) [Startup Task]

AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5587.0_x64__8j3eq9eme6ctt [2024-08-10] (INTEL CORP) [Startup Task]

B＆O Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BOAudioControl_1.47.308.0_x64__v10z8vjag6ke6 [2024-01-19] (HP Inc.)

Dropbox-Sonderaktion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.27.0_x64__xbfy0k16fey96 [2024-08-10] (Dropbox Inc.)

Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2024-08-10] (HP Inc.)

HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.6.2.0_x64__v10z8vjag6ke6 [2024-07-10] (HP Inc.)

HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2024-08-14] (HP Inc.)

HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6 [2023-06-29] (HP Inc.)

HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_155.1.1088.0_x64__v10z8vjag6ke6 [2024-08-10] (HP Inc.)

HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.37.11.0_x64__v10z8vjag6ke6 [2024-08-10] (HP Inc.)

HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6 [2024-07-11] (HP Inc.)

iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa [2024-05-22] (Apple Inc.) [Startup Task]

Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-15] (Microsoft Corp.)

Microsoft Teams -> C:\Program Files\WindowsApps\MSTeams_24193.1805.3040.8975_x64__8wekyb3d8bbwe [2024-08-13] (Microsoft) [Startup Task]

Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.21110.548.0_x64__8wekyb3d8bbwe [2024-08-18] (Microsoft Corporation)

Microsoft.AV1VideoExtension -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.2.1293.0_x64__8wekyb3d8bbwe [2024-06-02] (Microsoft Corporation)

Microsoft.BingSearch -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.95.0_x64__8wekyb3d8bbwe [2024-07-28] (Microsoft Corporation)

MicrosoftWindows.CrossDevice -> C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24072.45.0_x64__cw5n1h2txyewy [2024-08-18] (Microsoft Windows) [Startup Task]

myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_35.52430.841.0_x64__v10z8vjag6ke6 [2024-08-10] (HP Inc.) [Startup Task]

NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-04-27] (NVIDIA Corp.)

Solitär -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.5.18.0_x64__kx24dqmazqk8j [2024-08-10] (Random Salad Games LLC)

Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0 [2024-08-18] (Spotify AB) [Startup Task]

The Chess Lv.100 -> C:\Program Files\WindowsApps\6918E89D.THECHESSLV.100_2.9.0.0_x64__66n08swfvvka0 [2024-05-30] (UNBALANCE corp.)

TikTok -> C:\Program Files\WindowsApps\BytedancePte.Ltd.TikTok_1.0.5.0_neutral__6yccndn6064se [2024-07-13] (Bytedance Pte. Ltd.)

TikTok -> C:\Program Files\WindowsApps\www.tiktok.com-4C63E479_1.0.5.1_neutral__s5gx0acfdhdxa [2024-07-13] (www.tiktok.com)

Water Retreat PREMIUM -> C:\Program Files\WindowsApps\Microsoft.WaterRetreatPREMIUM_1.0.0.0_neutral__8wekyb3d8bbwe [2023-07-02] (Microsoft Corporation)

WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2431.2.0_x64__cv1g1gvanyjgm [2024-08-10] (WhatsApp Inc.) [Startup Task]

WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.214.1843.0_x64__8wekyb3d8bbwe [2024-08-18] (Microsoft Corp.)

WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_5001.178.1908.0_x64__8wekyb3d8bbwe [2024-07-10] (Microsoft Corp.)

Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\LKG\MicrosoftWindows.LKG.DesktopSpotlight_cw5n1h2txyewy [2024-08-15] (Microsoft Windows)

Windows-Fotoanzeige -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2024.11070.31001.0_x64__8wekyb3d8bbwe [2024-08-10] (Microsoft Corporation) [Startup Task]
 

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

CustomCLSID: HKU\S-1-5-21-2643785182-3745920480-3260537949-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\micha\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.19202\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-2643785182-3745920480-3260537949-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\micha\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-08-18] (Malwarebytes Inc. -> Malwarebytes)

ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncShell64.dll [2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_41c48f20ac7de4fb\nvshext.dll [2024-03-19] (NVIDIA Corporation -> NVIDIA Corporation)

ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-08-18] (Malwarebytes Inc. -> Malwarebytes)
 

==================== Codecs (Nicht auf der Ausnahmeliste) ====================
 

==================== Verknüpfungen & WMI ========================
 

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
 

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com.lnk -> C:\Program Files (x86)\Online Services\Amazon\WizLink.exe () -> hxxp://www.amazon.com/gp/ubp/oneButton/config/redirectHome?tagbase=hpga1-ubpl&ref=aagateway-taskbar-hp
 

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
 

2023-06-28 14:16 - 2009-02-27 16:38 - 000139264 ____R () [Datei ist nicht signiert] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

2023-06-28 14:16 - 2005-04-22 06:36 - 000143360 _____ () [Datei ist nicht signiert] C:\WINDOWS\system32\BrSNMP64.dll

2023-06-28 14:16 - 2013-06-12 19:06 - 000385024 ____R (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrMonitor.dll

2023-06-28 14:16 - 2010-09-29 17:07 - 000180224 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BroSNMP.dll

2023-06-28 14:16 - 2011-02-28 11:32 - 000208896 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll

2023-06-28 14:17 - 2013-10-10 21:55 - 002040320 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll

2023-06-28 14:16 - 2013-12-05 13:04 - 000137728 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll

2023-06-28 14:16 - 2014-02-17 19:24 - 000084480 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll

2023-06-28 14:16 - 2014-02-17 19:24 - 017905152 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll

2023-06-28 14:16 - 2013-11-15 10:17 - 000088064 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcLGer.dll

2023-06-28 14:16 - 2012-07-14 10:53 - 000087040 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\WINDOWS\system32\BrNetSti.dll
 

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
 

AlternateDataStreams: C:\ProgramData:BDSDRMHK [64]

AlternateDataStreams: C:\Users\All Users:BDSDRMHK [64]

AlternateDataStreams: C:\ProgramData\Anwendungsdaten:BDSDRMHK [64]

AlternateDataStreams: C:\Users\micha\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [343]
 

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
 

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
 

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
 

SearchScopes: HKLM -> {40458B66-6194-4185-B45C-A209A9E50D51} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 -> {40458B66-6194-4185-B45C-A209A9E50D51} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-2643785182-3745920480-3260537949-1001 -> {40458B66-6194-4185-B45C-A209A9E50D51} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-08-07] (Microsoft Corporation -> Microsoft Corporation)
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
 

IE trusted site: HKU\S-1-5-21-2643785182-3745920480-3260537949-1001\...\sharepoint.com -> hxxps://brklgst-files.sharepoint.com
 

==================== Hosts Inhalt: =========================
 

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
 

2021-06-05 14:08 - 2021-06-05 14:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
 

==================== Andere Bereiche ===========================
 

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 

HKU\S-1-5-21-2643785182-3745920480-3260537949-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\micha\AppData\Local\Microsoft\Windows\Themes\Water Ret\DesktopBackground\01 gettyimages-501973530_resized.jpg

DNS Servers: 192.168.178.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

 ist aktiviert.
 

Network Binding:

=============

Ethernet: Realtek Gaming GbE Family Controller -> rt68cx21x64.sys

Bluetooth-Netzwerkverbindung: Bluetooth Device (Personal Area Network) -> bthpan.sys

WLAN: MediaTek MT7921 Wi-Fi 6 802.11ax PCIe Adapter -> mtkwl6ex.sys
 

nt_rtf64: Realtek LightWeight Filter (NDIS6.40)
 

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
 

HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"

HKU\S-1-5-21-2643785182-3745920480-3260537949-1001\...\StartupApproved\Run: => "OneDrive"
 

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

FirewallRules: [{163FAF03-E992-4B61-A253-CAFE67526CE4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [{9F9BE754-5B9B-4E7E-91E2-84AF14CB8AA3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [{39E53AC5-9E07-4EF6-BE45-DDB78C475373}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [{62C082DC-B036-4FEC-B78F-D2440A98DF6A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [{6A80DD62-1D1A-473C-A5C9-DFF9C05E952D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [{AF2EA214-E81E-4834-B8BF-98254A448729}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Nvidia Corporation -> NVIDIA Corporation)

FirewallRules: [{584231CC-1ADB-4C94-BC33-0D0D36365CD8}] => (Allow) LPort=54925

FirewallRules: [{7563E9A7-12F9-4A38-9040-553A9FCF103D}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{932137F2-3861-47A2-BEB4-183A4176B3A4}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{94BD54DF-6FEF-4840-9513-689E4657EC2B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{F6B88540-C578-4A93-BF99-C5F72F1317FE}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{34DE8CB3-3FB9-40FC-9357-5DF5204D4AAD}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{533DD338-0EA1-4294-ACB9-57AB5DCE257B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{F225CD21-2DE7-4CFE-B833-9C9D5B4E421A}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{162490D3-9DC8-4A02-A650-6719349E102B}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{50DF06EE-1394-461D-B203-80F142B85D8C}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{45B3984C-265E-4D87-917E-A07CC19D8B21}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{5E1513D5-0C70-4C6B-A306-8B029347E045}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{F62FDC8F-E2FD-4B5D-BBA3-305DF5AA8CCE}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{151BAE14-B008-4963-9C29-11D5B82B68F1}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{DAC20150-58E8-4A6F-99CA-BB67BC5CB2CC}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{EACAC995-75EC-49C1-ABCC-CA816D409658}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{777994E7-C384-4FCA-8EC8-8C005B4B3FA1}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2306.4.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)

FirewallRules: [{4E7AC3D3-4537-471A-97B2-E9075B2A49F0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.MinecraftEducationEdition_1.19.5300.0_x64__8wekyb3d8bbwe\Minecraft.Windows.exe (Microsoft Corporation -> )

FirewallRules: [{8AF791D1-2DDE-4EF3-A404-B09B7226F57A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.MinecraftEducationEdition_1.19.5300.0_x64__8wekyb3d8bbwe\Minecraft.Windows.exe (Microsoft Corporation -> )

FirewallRules: [{248F2D0B-3D1A-486B-80E5-33516F76A452}] => (Allow) C:\Users\micha\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{E44A814F-E99E-41F4-9461-ECE0E688B1E7}] => (Allow) C:\Users\micha\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{144B994A-EF69-461F-9D12-7552E589F6CC}] => (Allow) C:\Users\micha\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)

FirewallRules: [{C6EECD48-F28D-4AD8-84B4-66607C1DFA81}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{9E439893-0B0B-4D31-9071-08F50F3D416F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

FirewallRules: [{5EB997F6-1986-4BE8-85F6-0FC29D501650}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{0490D5F3-FBDB-4240-86E4-03342205E6AB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{33D7F696-4C2F-43B2-B9D8-C3516B54141B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{22AF6F13-4DDF-4847-BFED-E72200D761DF}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{91D533F0-191F-475F-9384-C3CEB2E4F968}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{FE669408-FB87-419E-B923-0E967ED53DB4}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{9A96B302-3842-4A4B-B7E3-1AA20289DFD7}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{03FCA313-6EC2-4000-A3E8-7C155D3F7251}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{343120A7-1C80-480D-B57F-00F035E931F1}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{776F8DFD-049A-4DF9-9A3E-2D7AE46E3296}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{02ABCE7D-5D1E-4CA1-AF84-F258E30CD3AD}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{83C402D7-B3FF-4800-898D-14ADBFDD5AD9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)

FirewallRules: [{C6073ED6-FF20-4F6C-B557-AEEFB57CE389}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{72996003-D432-416E-AC20-36264DF4A752}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24193.1904.3031.6050_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{CE38D39C-6E88-4C62-A094-961140B745C6}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24193.1904.3031.6050_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{6D9351AE-4FCE-4629-A268-E4E0282E4B76}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24193.1805.3040.8975_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{DF48AC5A-894B-4489-A175-3C33671CBAE1}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24193.1805.3040.8975_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{D766ECD2-F8F8-4A19-886F-4B5D37D7139F}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.105\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

FirewallRules: [{8EBC2E08-C9DC-4AA2-AFD1-EC3B98FC496C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{5A42CBC5-9781-4FD2-870D-337CB219D45A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{ED7CC3FD-A2D1-4721-9EEA-B1D47A028FFD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{9572B332-78B7-4616-95A3-D55D92C4A0B2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{EC27F179-2065-4D48-BBB1-7600B409F4FF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{B1235728-347D-4A41-8E94-DC0E8AFDCF1C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{B4A4D0D5-5ED7-44C6-8E51-446E88B035DC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{F5B8FD7A-C12A-48F5-AD6E-618DC1EFA8B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{C46F7F24-3ED9-414F-A25D-0FF27712A99F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)

FirewallRules: [{B24B9BDA-30CD-47AC-BA23-01EF3C7EF353}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.244.405.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
 

==================== Wiederherstellungspunkte =========================
 

ACHTUNG: Systemwiederherstellung ist deaktiviert (Total:475.84 GB) (Free:303.76 GB) (64%)
 

==================== Fehlerhafte Geräte im Gerätemanager ============
 
 

==================== Fehlereinträge in der Ereignisanzeige: ========================
 

Applikationsfehler:

==================

Error: (08/19/2024 10:41:38 AM) (Source: IPF) (EventID: 17) (User: NT-AUTORITÄT)

Description: Event-ID 17
 

Error: (08/19/2024 10:41:38 AM) (Source: IPF) (EventID: 17) (User: NT-AUTORITÄT)

Description: Event-ID 17
 

Error: (08/19/2024 10:41:38 AM) (Source: IPF) (EventID: 17) (User: NT-AUTORITÄT)

Description: Event-ID 17
 

Error: (08/19/2024 10:41:38 AM) (Source: IPF) (EventID: 17) (User: NT-AUTORITÄT)

Description: Event-ID 17
 

Error: (08/19/2024 10:41:38 AM) (Source: IPF) (EventID: 17) (User: NT-AUTORITÄT)

Description: Event-ID 17
 

Error: (08/19/2024 10:41:38 AM) (Source: IPF) (EventID: 17) (User: NT-AUTORITÄT)

Description: Event-ID 17
 

Error: (08/19/2024 10:41:38 AM) (Source: IPF) (EventID: 17) (User: NT-AUTORITÄT)

Description: Event-ID 17
 

Error: (08/19/2024 10:41:38 AM) (Source: IPF) (EventID: 17) (User: NT-AUTORITÄT)

Description: Event-ID 17
 
 

Systemfehler:

=============

Error: (08/19/2024 08:23:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Microsoft Office Click-to-Run Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (08/19/2024 08:23:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "PDF24" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (08/19/2024 08:23:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Realtek Audio Universal Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (08/19/2024 08:23:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (08/19/2024 08:23:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "Intel(R) Innovation Platform Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
 

Error: (08/19/2024 08:23:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Intel(R) Audio Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (08/19/2024 08:23:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: Dienst "Sound Research SECOMN Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 

Error: (08/19/2024 08:23:39 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: Der Dienst "HP Insights Analytics" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
 

Windows Defender:

================

Date: 2024-08-17 08:38:01

Description: 

Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.

Überprüfungs-ID: {7FF36510-71A3-4EE5-B1EB-2B84251ED27F}

Überprüfungstyp: Antimalware

Überprüfungsparameter: Benutzerdefinierte Überprüfung

Benutzer: LAPTOP-8BQEBHKB\micha 
 

Date: 2024-07-28 11:17:03

Description: 

Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.

Überprüfungs-ID: {B480998C-C23C-4A56-9AE6-F45D15D26E0B}

Überprüfungstyp: Antimalware

Überprüfungsparameter: Schnellüberprüfung

Benutzer: NT-AUTORITÄT\SYSTEM 
 

Date: 2024-04-22 17:24:46

Description: 

Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.

Überprüfungs-ID: {7F518F9C-1332-46A8-B019-94F778D046D3}

Überprüfungstyp: Antimalware

Überprüfungsparameter: Schnellüberprüfung

Benutzer: NT-AUTORITÄT\SYSTEM 
 

Date: 2024-03-23 10:34:43

Description: 

Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.

Überprüfungs-ID: {9DC179F3-C956-4F40-B309-81E66A805898}

Überprüfungstyp: Antimalware

Überprüfungsparameter: Schnellüberprüfung

Benutzer: NT-AUTORITÄT\SYSTEM 
 

Date: 2024-02-21 09:11:46

Description: 

Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.

Überprüfungs-ID: {9AB1C3AB-5F91-412B-8DCE-8DEBEFC15614}

Überprüfungstyp: Antimalware

Überprüfungsparameter: Schnellüberprüfung

Benutzer: NT-AUTORITÄT\SYSTEM 

Event[0]
 

Date: 2024-08-19 08:42:55

Description: 

Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren.

Security Intelligence versucht: Sicherung

Fehlercode: 0x80004004

Fehlerbeschreibung: Vorgang abgebrochen 

Security Intelligence-Version: 1.417.151.0;1.417.151.0

Modulversion: 1.1.24070.3 
 

Date: 2024-08-19 08:42:55

Description: 

Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren.

Security Intelligence versucht: Aktuell

Fehlercode: 0x80501102

Fehlerbeschreibung: Unerwartetes Problem. Installieren Sie bei Bedarf verfügbare Updates, und starten Sie das Programm dann erneut. Informationen zum Installieren von Updates finden Sie unter "Hilfe und Support". 

Security Intelligence-Version: 1.417.185.0;1.417.185.0

Modulversion: 1.1.24070.3 
 

Date: 2024-08-18 14:22:44

Description: 

Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.

Neue Version der Sicherheitsinformationen: 

%Vorherige Version der Sicherheitsinformationen: 1.417.151.0

Update Source: Microsoft Center zum Schutz vor Schadsoftware

Sicherheitstyp: AntiVirus

Updatetyp: Voll

Benutzer: NT-AUTORITÄT\SYSTEM

Aktuelle Modulversion: 

%Vorherige Modulversion: 1.1.24070.3

Fehlercode: 0x80070102

Fehlerbeschreibung: Der Wartevorgang wurde abgebrochen.  
 

Date: 2024-08-18 14:16:42

Description: 

Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.

Neue Version der Sicherheitsinformationen: 

%Vorherige Version der Sicherheitsinformationen: 1.417.151.0

Update Source: Microsoft Update-Server

Sicherheitstyp: AntiVirus

Updatetyp: Voll

Benutzer: NT-AUTORITÄT\SYSTEM

Aktuelle Modulversion: 

%Vorherige Modulversion: 1.1.24070.3

Fehlercode: 0x80240016

Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".  
 

Date: 2024-08-08 05:11:51

Description: 

Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.

Neue Version der Sicherheitsinformationen: 

%Vorherige Version der Sicherheitsinformationen: 1.417.9.0

Update Source: Microsoft Update-Server

Sicherheitstyp: AntiVirus

Updatetyp: Voll

Benutzer: NT-AUTORITÄT\SYSTEM

Aktuelle Modulversion: 

%Vorherige Modulversion: 1.1.24070.3

Fehlercode: 0x8024000b

Fehlerbeschreibung: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".  
 

CodeIntegrity:

===============

Date: 2024-08-19 10:44:29

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements. 
 

Date: 2024-08-19 10:44:00

Description: 

Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements. 
 
 

==================== Speicherinformationen =========================== 
 

BIOS: AMI F.14 11/09/2023

Hauptplatine: HP 8A25

Prozessor: 12th Gen Intel(R) Core(TM) i7-12700H

Prozentuale Nutzung des RAM: 34%

Installierter physikalischer RAM: 16051.87 MB

Verfügbarer physikalischer RAM: 10457.6 MB

Summe virtueller Speicher: 17075.87 MB

Verfügbarer virtueller Speicher: 11052.63 MB
 

==================== Laufwerke ================================
 

Drive c: (Windows) (Fixed) (Total:475.84 GB) (Free:303.76 GB) (Model: WD PC SN810 SDCPNRY-512G-1006) (Protected) NTFS
 

\\?\Volume{fded71f0-41de-4b9c-a21c-bd0193bfb869}\ () (Fixed) (Total:0.83 GB) (Free:0.11 GB) NTFS

\\?\Volume{a91dad71-b892-4932-8ef9-2c06333159ee}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32
 

==================== MBR & Partitionstabelle ====================
 

==========================================================

Disk: 0 (Size: 476.9 GB) (Disk ID: 05B31706)
 

Partition: GPT.
 

==================== Ende von Addition.txt =======================

--- --- ---

FRST Logfile:

Code:

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 12-08.2024

durchgeführt von micha (Administrator) auf LAPTOP-8BQEBHKB (HP Victus by HP Laptop 16-d1xxx) (19-08-2024 10:45:49)

Gestartet von C:\Users\micha\Desktop\Virusscan\FRST64.exe

Geladene Profile: micha

Plattform: Microsoft Windows 11 Home Version 23H2 22631.4037 (X64) Sprache: Deutsch (Deutschland)

Standard-Browser: Edge

Start-Modus: Normal
 

==================== Prozesse (Nicht auf der Ausnahmeliste) =================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
 

(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

(C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe ->) (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe

(C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe

(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.18500.10.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\127.0.2651.105\msedgewebview2.exe <6>

(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\BridgeCommunication.exe <2>

(DriverStore\FileRepository\ipf_cpu.inf_amd64_e6050705c26c770f\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_e6050705c26c770f\ipf_helper.exe

(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe

(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <12>

(SECOMN64.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe

(services.exe ->) (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrYNSvc.exe

(services.exe ->) (Geek Software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>

(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\AppHelperCap.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\DiagsCap.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\NetworkCap.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\SysInfoCap.exe

(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_9f1f5222288bdf88\x64\OmenCap\OmenCap.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_4a0efaf978352e5b\ipfsvc.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_0fdf6ce291234272\IntelCpHDCPSvc.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_e6050705c26c770f\ipf_uf.exe

(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe

(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe

(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe

(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe

(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe

(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_41c48f20ac7de4fb\Display.NvContainer\NVDisplay.Container.exe <2>

(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe <3>

(services.exe ->) (Sound Research Corporation -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe

(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe

(sihost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\AD2F1837.myHP_35.52430.841.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe

(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2431.2.0_x64__cv1g1gvanyjgm\WhatsApp.exe

(svchost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\AD2F1837.myHP_35.52430.841.0_x64__v10z8vjag6ke6\HP.myHP.exe

(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileCoAuth.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.18500.10.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe

(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe

(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe
 

==================== Registry (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
 

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe [1961256 2023-11-24] (Realtek Semiconductor Corp. -> Realtek Semiconductor)

HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [645976 2024-06-06] (Geek Software GmbH -> geek software GmbH)

HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [141815104 2023-02-13] (Microsoft Corporation -> Microsoft Corporation)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2013-12-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [Datei ist nicht signiert]

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG

HKU\S-1-5-19\...\RunOnce: [OMENCC_InstallationBooster] => C:\system.sav\util\OMENCC_InstallationBooster.exe [16424 2020-03-07] (HP Inc. -> )

HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-20\...\RunOnce: [OMENCC_InstallationBooster] => C:\system.sav\util\OMENCC_InstallationBooster.exe [16424 2020-03-07] (HP Inc. -> )

HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-2643785182-3745920480-3260537949-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4919312 2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

HKU\S-1-5-21-2643785182-3745920480-3260537949-1001\...\Run: [MicrosoftEdgeAutoLaunch_ED02E366447D09E4F124EF89B233D989] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3814952 2024-08-14] (Microsoft Corporation -> Microsoft Corporation)
 

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

Task: {7348A97A-D95B-47E6-A991-296683317D5E} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ABO => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://ABO

Task: {0455C594-39CC-4BF4-BE75-C54758675F65} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusError => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BatteryStatusError

Task: {69095701-69AF-46A7-8715-E6287D84F35E} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BatteryStatusTest => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BatteryStatusTest

Task: {E93AF06F-2171-47E5-856F-AA4F4D344E96} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BCF => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BCF

Task: {404F7D1C-E672-4A97-9D14-53785D7183B0} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM1 => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BHM1

Task: {D319D64B-B151-4D72-99DA-290B1CEE69A8} - System32\Tasks\Hewlett-Packard\HP Diagnostics\BHM2 => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://BHM2

Task: {EAFE56D7-9FE1-49F1-91C2-C542428E94B3} - System32\Tasks\Hewlett-Packard\HP Diagnostics\LaunchUI => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://LaunchUI

Task: {285E9A1B-539F-4410-8447-4BE648ED0C1D} - System32\Tasks\Hewlett-Packard\HP Diagnostics\ShowUI => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags:

Task: {DF782740-1E60-41B7-8CC8-A7F3CDCEDB13} - System32\Tasks\Hewlett-Packard\HP Diagnostics\SmartCheckError => C:\windows\system32\cmd.exe [323584 2024-05-30] (Microsoft Windows -> Microsoft Corporation) -> /c start hpdiags://SmartCheckError

Task: {B961DDA4-790D-445C-AC02-EB84646360C0} - System32\Tasks\Hewlett-Packard\HP Diagnostics\Uninstall-BatteryStatusTest => c:\Windows\System32\schtasks.exe [258048 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> /Change /Disable /tn "\Hewlett-Packard\HP Diagnostics\BatteryStatusTest"

Task: {2CCCF7ED-6FD2-4053-834B-A0116ADB13D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-07-25] (HP Inc. -> HP Inc.)

Task: {C205993C-6ECA-4C63-A5D2-B76A90F0EC1F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-07-25] (HP Inc. -> HP Inc.)

Task: {97312991-8AA7-4ACB-B663-244C4CF62F38} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1161744 2024-07-25] (HP Inc. -> HP Inc.)

Task: {F2217E35-47BC-4A42-8BCF-D10B9047E3AC} - System32\Tasks\HP\Consent Manager Launcher => C:\windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice

Task: {A795F3D2-AFB8-47B9-825D-D781A0D8387E} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28584424 2024-07-31] (Microsoft Corporation -> Microsoft Corporation)

Task: {C43FA183-0447-47E8-8F3C-3C6FD6683807} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28584424 2024-07-31] (Microsoft Corporation -> Microsoft Corporation)

Task: {732D3795-FBB3-4555-B468-B0D30BA346E4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312288 2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Task: {A3FDF89D-4761-4D8A-AD39-4C6B3EE18A66} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312288 2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Task: {6ECF8B10-B4C6-4CF2-AD5E-CD7EC3F7E344} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [182240 2024-08-07] (Microsoft Corporation -> Microsoft Corporation)

Task: {E9E206DD-AE51-42D2-9B6F-1E61BD6A8BCD} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4465048 2024-07-26] (Microsoft Corporation -> Microsoft Corporation)

Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Keine Datei)

Task: {7116D08B-398E-4E17-87CD-480B218DC338} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [675744 2024-07-02] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).

Task: {729099BE-EEBA-4408-85F0-898BB92404A0} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2643785182-3745920480-3260537949-1001 E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [675744 2024-07-02] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).

Task: {F681BE72-E746-40F8-BEFD-0B71D088F1C8} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [33696 2024-07-02] (Mozilla Corporation -> Mozilla Foundation)

Task: {357CBC3B-A9D5-4279-A032-56E7771DF978} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1009872 2022-02-22] (Nvidia Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log

Task: {42F79FD7-B044-4862-91DB-816BF749D3EA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339472 2022-02-22] (Nvidia Corporation -> NVIDIA Corporation)

Task: {FCD3EC5F-E03E-4C5F-B252-6E0E6266364A} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [647376 2022-02-22] (Nvidia Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler

Task: {37A5FEA5-2FD0-4DDF-8CD4-B159C3843EC5} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-02-22] (Nvidia Corporation -> NVIDIA Corporation)

Task: {9957147D-15BF-4358-8671-9A6562836D4C} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-02-22] (Nvidia Corporation -> NVIDIA Corporation)

Task: {DC2651E0-6E73-4670-A71B-F12A477D1CCB} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-02-22] (Nvidia Corporation -> NVIDIA Corporation)

Task: {DC402892-6135-4EE5-AAFE-DD56AD6F94DF} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1656320 2022-02-22] (Nvidia Corporation -> NVIDIA Corporation)

Task: {551995B0-E2FF-4158-BFA8-C47A216F99FB} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

Task: {827D0E79-12A4-451A-8CD5-D6F9202426E9} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2643785182-3745920480-3260537949-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4209168 2024-08-17] (Microsoft Corporation -> Microsoft Corporation)
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
 
 

==================== Internet (Nicht auf der Ausnahmeliste) ====================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
 

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{1827eda8-51a6-4d18-96d9-f25bb7885cd5}: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{1827eda8-51a6-4d18-96d9-f25bb7885cd5}: [DhcpDomain] fritz.box

Tcpip\..\Interfaces\{1827eda8-51a6-4d18-96d9-f25bb7885cd5}\2535D2353686CFC65627: [DhcpNameServer] 172.16.1.1
 

Edge: 

=======

Edge DefaultProfile: Default

Edge Profile: C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default [2024-08-19]

Edge Notifications: Default -> hxxps://login.schulmanager-online.de; hxxps://re-captcha-23.azurewebsites.net

Edge Extension: (Google Docs Offline) - C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-07-11]

Edge Extension: (Edge relevant text changes) - C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
 

FireFox:

========

FF DefaultProfile: dedm7rum.default

FF ProfilePath: C:\Users\micha\AppData\Roaming\Mozilla\Firefox\Profiles\dedm7rum.default [2024-08-10]

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
 

==================== Dienste (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13995624 2024-07-31] (Microsoft Corporation -> Microsoft Corporation)

R2 dptftcs; C:\WINDOWS\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_4a0efaf978352e5b\ipfsvc.exe [545432 2022-10-27] (Intel Corporation -> Intel Corporation)

S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.151.0728.0003\FileSyncHelper.exe [3523088 2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\AppHelperCap.exe [928192 2024-07-18] (HP Inc. -> HP Inc.)

R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\DiagsCap.exe [926768 2024-07-18] (HP Inc. -> HP Inc.)

R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\NetworkCap.exe [922672 2024-07-18] (HP Inc. -> HP Inc.)

R2 HPOmenCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_9f1f5222288bdf88\x64\OmenCap\OmenCap.exe [755216 2024-06-17] (HP Inc. -> HP Inc.)

R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [241104 2024-08-10] (HP Inc. -> HP Inc.)

R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_1d957930b3685886\x64\SysInfoCap.exe [926248 2024-07-18] (HP Inc. -> HP Inc.)

R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe [569008 2024-05-07] (HP Inc. -> HP Inc.)

S2 Intel(R) Platform License Manager Service; C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe [741488 2023-12-14] (Intel Corporation -> Intel(R) Corporation)

R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe [530520 2023-10-18] (Intel Corporation -> Intel)

R2 ipfsvc; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_e6050705c26c770f\ipf_uf.exe [2733712 2022-01-17] (Intel Corporation -> Intel Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8965728 2024-08-18] (Malwarebytes Inc. -> Malwarebytes)

S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-08-18] (Malwarebytes Inc. -> Malwarebytes)

S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe [1427024 2024-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)

R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_41c48f20ac7de4fb\Display.NvContainer\NVDisplay.Container.exe [1275544 2024-03-19] (NVIDIA Corporation -> NVIDIA Corporation)

S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.151.0728.0003\OneDriveUpdaterService.exe [3863568 2024-08-17] (Microsoft Corporation -> Microsoft Corporation)

R2 PDF24; C:\Program Files\PDF24\pdf24.exe [645976 2024-06-06] (Geek Software GmbH -> geek software GmbH)

S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe [3199648 2024-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)

S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe [133704 2024-08-09] (Microsoft Windows Publisher -> Microsoft Corporation)
 

===================== Treiber (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)

S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [544768 2023-06-26] (Microsoft Corporation) [Datei ist nicht signiert]

S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2023-06-26] (Microsoft Corporation) [Datei ist nicht signiert]

S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Datei ist nicht signiert]

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-08-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 GlPciSD; C:\WINDOWS\System32\drivers\GlPciSD.sys [233776 2023-01-06] (GENESYS LOGIC, INC. -> Genesys Logic)

S3 GSCAuxDriver; C:\WINDOWS\System32\DriverStore\FileRepository\gscauxdriver.inf_amd64_47dea9773e9dfab7\GSCAuxDriverx64.sys [79976 2021-12-06] (Intel Corporation -> Intel Corporation)

S3 GSCx64; C:\WINDOWS\System32\DriverStore\FileRepository\gscheci.inf_amd64_1027aa064fe1f3f7\TeeDriverGSCW8x64.sys [258104 2021-12-06] (Intel Corporation -> Intel Corporation)

R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)

R3 HPOmenCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpomencustomcapdriver.inf_amd64_ca73a0631db38b6a\x64\hpomencustomcapdriver.sys [25072 2024-06-17] (HP Inc. -> HP Inc.)

R2 HpReadHWData; C:\WINDOWS\system32\drivers\HpReadHWData.sys [52192 2023-06-29] (HP Inc. -> Windows (R) Win 7 DDK provider)

R3 iaLPSS2_GPIO2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys [150616 2022-10-18] (Intel Corporation -> Intel Corporation)

R3 iaLPSS2_I2C_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys [220224 2022-10-18] (Intel Corporation -> Intel Corporation)

S3 iaLPSS2_SPI_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_spi_adl.inf_amd64_2d1a1b06fd89c8d4\iaLPSS2_SPI_ADL.sys [160912 2021-11-21] (Intel Corporation -> Intel Corporation)

S3 iaLPSS2_UART2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_adl.inf_amd64_9f84cae4176aa5ed\iaLPSS2_UART2_ADL.sys [318624 2021-11-21] (Intel Corporation -> Intel Corporation)

R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel(R) Corporation)

R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88776 2022-06-22] (Intel Corporation -> Intel Corporation)

S3 ipf_acpi; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_de6ec16890c1b449\ipf_acpi.sys [85648 2022-01-17] (Intel Corporation -> Intel Corporation)

R3 ipf_cpu; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_e6050705c26c770f\ipf_cpu.sys [79496 2022-01-17] (Intel Corporation -> Intel Corporation)

R3 ipf_lf; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_e6050705c26c770f\ipf_lf.sys [431256 2022-01-17] (Intel Corporation -> Intel Corporation)

R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [231504 2024-08-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-08-18] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)

R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt11.sys [234168 2024-08-19] (Malwarebytes Inc. -> Malwarebytes)

R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78800 2024-08-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2024-08-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)

R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [189776 2024-08-19] (Malwarebytes Inc. -> Malwarebytes)

R3 MTKBTFilterX64; C:\WINDOWS\system32\DRIVERS\mtkbtfilterx.sys [296952 2023-02-23] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)

R3 mtkwlex; C:\WINDOWS\System32\drivers\mtkwl6ex.sys [1420704 2023-02-24] (Microsoft Windows Hardware Compatibility Publisher -> MediaTek Inc.)

R3 nvpcf; C:\WINDOWS\System32\drivers\nvpcf.sys [248936 2024-03-19] (NVIDIA Corporation -> NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48552 2022-02-22] (Microsoft Windows Hardware Compatibility Publisher -> NVIDIA Corporation)

R3 rt68cx21; C:\WINDOWS\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_0942876b93fc9223\rt68cx21x64.sys [727960 2023-05-23] (Realtek Semiconductor Corp. -> Realtek)

R1 rtf64; C:\WINDOWS\system32\DRIVERS\rtf64x64.sys [67496 2022-07-28] (Realtek Semiconductor Corp. -> Realtek)

S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [22080 2024-08-09] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)

U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [602504 2024-08-09] (Microsoft Windows -> Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2024-08-09] (Microsoft Windows -> Microsoft Corporation)

S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
 

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 

==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 

2024-08-19 10:41 - 2024-08-19 10:41 - 000234168 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys

2024-08-19 10:41 - 2024-08-19 10:41 - 000189776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2024-08-19 08:34 - 2024-08-19 08:34 - 000765750 _____ C:\WINDOWS\system32\perfh007.dat

2024-08-19 08:34 - 2024-08-19 08:34 - 000167482 _____ C:\WINDOWS\system32\perfc007.dat

2024-08-19 08:22 - 2024-08-19 08:22 - 002596072 _____ (Malwarebytes) C:\Users\micha\Downloads\MBSetup.exe

2024-08-19 07:43 - 2024-08-19 08:23 - 000000000 ____D C:\AdwCleaner

2024-08-19 07:43 - 2024-08-19 07:43 - 008790880 _____ (Malwarebytes) C:\Users\micha\Downloads\adwcleaner.exe

2024-08-18 19:30 - 2024-08-19 08:35 - 000000000 ____D C:\Users\micha\AppData\Local\Malwarebytes

2024-08-18 19:30 - 2024-08-18 19:30 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk

2024-08-18 19:30 - 2024-08-18 19:30 - 000002088 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2024-08-18 19:29 - 2024-08-18 19:29 - 000000000 ____D C:\ProgramData\Malwarebytes

2024-08-18 19:29 - 2024-08-18 19:29 - 000000000 ____D C:\Program Files\Malwarebytes

2024-08-18 19:28 - 2024-08-18 19:28 - 002596072 _____ (Malwarebytes) C:\Users\micha\Downloads\MBSetup (1).exe

2024-08-18 14:30 - 2024-08-19 10:45 - 000000000 ____D C:\FRST

2024-08-18 14:21 - 2024-08-19 10:45 - 000000000 ____D C:\Users\micha\Desktop\Virusscan

2024-08-15 11:33 - 2024-08-15 11:33 - 000000000 ____D C:\Users\micha\AppData\Roaming\Microsoft\HTML Help

2024-08-13 16:27 - 2024-03-20 18:54 - 000799592 _____ C:\WINDOWS\SysWOW64\IccSdk.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000768872 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\IntelOverclockingSDK.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000279296 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\XtuCommon.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000277352 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\HardwareAccess.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000256768 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\XtuApplication.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000099688 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\HardwareServices.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000090984 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\HardwareServiceInterfaces.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000060264 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\IntelBenchmarkSDK.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000060160 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\XtuCoreServer.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000055896 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iocbios2.sys

2024-08-13 16:27 - 2024-03-20 18:54 - 000044120 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\ICCWDT.sys

2024-08-13 16:27 - 2024-03-20 18:54 - 000041320 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\PerfTuneAppMutex.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000034552 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\HardwareAccessInterfaces.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000033640 _____ ( ) C:\WINDOWS\SysWOW64\Interop.IccProxy.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000033024 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\XtuInterface.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000029952 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\XtuService.exe

2024-08-13 16:27 - 2024-03-20 18:54 - 000029440 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\XtuApplicationInterfaces.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000029440 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\ProfileHelperModel.dll

2024-08-13 16:27 - 2024-03-20 18:54 - 000028920 _____ (Intel(R) Corporation) C:\WINDOWS\SysWOW64\PlatformDetection.dll

2024-08-07 15:59 - 2024-08-07 15:59 - 000000000 ____D C:\Program Files\Common Files\DESIGNER

2024-08-07 15:58 - 2024-08-07 15:58 - 000002518 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (Preview).lnk

2024-08-07 13:17 - 2024-08-07 13:17 - 000089164 _____ C:\Users\micha\Downloads\TICKET286300559256-1.pkpass

2024-08-07 13:08 - 2024-08-07 13:08 - 000089168 _____ C:\Users\micha\Downloads\TICKET286300559233-2.pkpass

2024-08-07 13:08 - 2024-08-07 13:08 - 000089165 _____ C:\Users\micha\Downloads\TICKET286300559233-1.pkpass

2024-08-07 13:08 - 2024-08-07 13:08 - 000089162 _____ C:\Users\micha\Downloads\TICKET286300559233-3.pkpass

2024-08-06 13:31 - 2024-08-06 13:31 - 000009199 _____ C:\Users\micha\Desktop\Sponsoren.xlsx

2024-08-04 17:52 - 2024-08-04 17:52 - 000026169 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json

2024-08-04 17:52 - 2024-08-04 17:52 - 000026169 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json

2024-08-04 17:38 - 2024-08-04 17:38 - 000001719 _____ C:\Users\Public\Desktop\PDF24 Launcher.lnk

2024-08-04 17:38 - 2024-08-04 17:38 - 000001714 _____ C:\Users\Public\Desktop\PDF24 Toolbox.lnk

2024-08-04 17:38 - 2024-08-04 17:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24

2024-08-04 17:37 - 2024-08-04 17:38 - 000000000 ____D C:\Program Files\PDF24

2024-08-04 10:49 - 2024-08-04 10:49 - 000083187 _____ C:\Users\micha\Downloads\201847_2024_Nr.006_Kontoauszug_vom_2024.06.28_20240804104755.pdf

2024-08-04 10:49 - 2024-08-04 10:49 - 000081432 _____ C:\Users\micha\Downloads\201847_2024_Nr.007_Kontoauszug_vom_2024.07.31_20240804104748.pdf

2024-08-04 10:49 - 2024-08-04 10:49 - 000074345 _____ C:\Users\micha\Downloads\5500201847_2024_Nr.002_Kontoauszug_vom_2024.06.28_20240804104753.pdf

2024-08-04 10:49 - 2024-08-04 10:49 - 000073708 _____ C:\Users\micha\Downloads\201847_2024_Mitteilung_vom_2024.06.28_20240804104751.pdf

2024-08-04 10:49 - 2024-08-04 10:49 - 000073248 _____ C:\Users\micha\Downloads\201847_2024_Wir informieren Sie - Ihre Kontoabrechnung_vom_2024.06.28_20240804104752.pdf

2024-08-04 10:49 - 2024-08-04 10:49 - 000072736 _____ C:\Users\micha\Downloads\201847_2024_Ihre Entgelte_vom_2024.07.31_20240804104749.pdf

2024-08-04 10:48 - 2024-08-04 10:48 - 000083313 _____ C:\Users\micha\Downloads\6166111269_2024_Depotauszug_vom_2024.07.03_20240804104744.pdf
 

==================== Ein Monat (geänderte) ==================
 

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 

2024-08-19 10:45 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemTemp

2024-08-19 10:42 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2024-08-19 10:41 - 2023-06-27 03:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT

2024-08-19 10:41 - 2022-08-04 05:34 - 000000000 ____D C:\ProgramData\NVIDIA

2024-08-19 10:41 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ServiceState

2024-08-19 10:41 - 2021-06-25 20:10 - 000012288 ___SH C:\DumpStack.log.tmp

2024-08-19 08:42 - 2022-05-07 07:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI

2024-08-19 08:34 - 2023-06-27 03:14 - 001774666 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2024-08-19 08:34 - 2022-05-07 07:22 - 000000000 ____D C:\WINDOWS\INF

2024-08-19 08:24 - 2022-03-23 02:23 - 000000000 ____D C:\ProgramData\HP

2024-08-19 08:23 - 2023-06-26 18:34 - 000000000 ____D C:\Users\micha\AppData\Roaming\Hewlett-Packard

2024-08-19 08:23 - 2022-08-04 06:01 - 000000000 ____D C:\ProgramData\Hewlett-Packard

2024-08-19 08:23 - 2022-03-23 02:32 - 000000000 ___HD C:\hp

2024-08-19 08:23 - 2022-03-23 02:23 - 000000000 ____D C:\Program Files (x86)\HP

2024-08-19 08:21 - 2023-06-27 03:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy

2024-08-19 07:43 - 2023-06-26 18:17 - 000000000 ____D C:\Users\micha\AppData\Local\D3DSCache

2024-08-18 20:00 - 2023-06-26 18:42 - 000000000 ____D C:\Users\micha\AppData\Roaming\Microsoft\Word

2024-08-18 19:30 - 2022-05-07 07:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP

2024-08-18 19:24 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\AppReadiness

2024-08-18 19:18 - 2022-08-04 05:44 - 000000000 ____D C:\ProgramData\McAfee

2024-08-18 19:17 - 2024-05-30 10:17 - 000000000 ____D C:\Program Files\VideoLAN

2024-08-18 19:15 - 2022-03-23 02:24 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2024-08-18 19:15 - 2022-03-23 02:23 - 000000000 ____D C:\Program Files\HP

2024-08-18 19:13 - 2022-08-04 05:34 - 000000000 ____D C:\ProgramData\Package Cache

2024-08-18 15:38 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps

2024-08-18 13:56 - 2021-06-25 20:10 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk

2024-08-18 13:56 - 2021-06-25 20:10 - 000002283 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk

2024-08-18 13:50 - 2023-06-26 19:09 - 000000000 ____D C:\Program Files\Microsoft OneDrive

2024-08-17 14:21 - 2023-06-27 03:12 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2643785182-3745920480-3260537949-1001

2024-08-17 14:21 - 2023-06-27 03:12 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task

2024-08-17 14:21 - 2023-06-26 19:03 - 000002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2024-08-15 18:20 - 2023-10-13 18:41 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView

2024-08-15 18:20 - 2023-06-27 03:07 - 000588992 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2024-08-15 18:20 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemResources

2024-08-15 18:20 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm

2024-08-15 18:20 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates

2024-08-15 18:20 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\schemas

2024-08-15 18:20 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\bcastdvr

2024-08-15 16:05 - 2022-05-07 07:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll

2024-08-15 16:05 - 2022-05-07 07:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll

2024-08-15 16:05 - 2022-05-07 07:17 - 000000000 ____D C:\WINDOWS\CbsTemp

2024-08-15 13:58 - 2023-06-26 18:11 - 000000000 ____D C:\Users\micha\AppData\Local\Packages

2024-08-15 11:27 - 2023-06-26 20:03 - 000000000 ____D C:\Users\micha\AppData\Roaming\Microsoft\Excel

2024-08-15 11:23 - 2023-06-28 14:17 - 000000350 _____ C:\WINDOWS\BRRBCOM.INI

2024-08-15 10:32 - 2023-06-26 18:19 - 000000000 ___RD C:\Users\micha\OneDrive

2024-08-15 10:22 - 2023-06-26 19:07 - 000000000 ____D C:\Users\micha\AppData\Roaming\Microsoft\Teams

2024-08-14 16:16 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\USOPrivate

2024-08-14 12:27 - 2023-06-26 19:27 - 000000000 ____D C:\WINDOWS\system32\MRT

2024-08-14 12:25 - 2023-06-26 19:27 - 197093640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2024-08-13 16:27 - 2023-07-01 12:38 - 000000000 ____D C:\SWSetup

2024-08-10 12:13 - 2023-06-27 03:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard

2024-08-10 11:27 - 2023-07-15 12:38 - 000000000 ____D C:\Program Files\HPPrintScanDoctor

2024-08-10 11:27 - 2023-06-27 03:12 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP

2024-08-09 15:12 - 2021-06-25 20:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd

2024-08-07 15:58 - 2022-03-23 02:25 - 000000000 ____D C:\Program Files\Microsoft Office

2024-08-07 15:47 - 2024-06-09 10:02 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox

2024-08-07 13:10 - 2024-04-14 10:33 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\WUModels

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\UUS

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemApps

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\oobe

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Dism

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\appraiser

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellExperiences

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellComponents

2024-08-04 17:55 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\Provisioning

2024-07-29 13:50 - 2023-06-27 03:12 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA

2024-07-29 13:50 - 2023-06-27 03:12 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore

2024-07-20 15:44 - 2023-09-12 17:42 - 000000000 ____D C:\Users\micha\AppData\Local\CrashDumps
 

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
 

2024-05-23 08:27 - 2024-05-23 08:27 - 000005439 _____ () C:\Users\micha\AppData\Local\recently-used.xbel

2023-07-02 15:43 - 2023-07-02 15:43 - 000007605 _____ () C:\Users\micha\AppData\Local\resmon.resmoncfg
 

==================== SigCheck ============================
 

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
 

==================== Ende von FRST.txt ========================

--- --- ---

Scripting/Repair mit FRST64

WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!

Kopiere den gesamten Inhalt der folgenden Code-Box:

Code:

Start:: CloseProcesses: HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd Edge Notifications: Default -> https://login.schulmanager-online.de; https://re-captcha-23.azurewebsites.net EmptyTemp: End::
Starte nun FRST und klicke direkt den Reparieren Button.Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
Gegebenenfalls muss dein Rechner neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Code:



Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-08.2024

durchgeführt von micha (19-08-2024 12:36:21) Run:1

Gestartet von C:\Users\micha\Desktop\Virusscan

Geladene Profile: micha

Start-Modus: Normal

==============================================
 

fixlist Inhalt:

*****************

Start::

CloseProcesses:

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG

HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG

C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd

Edge Notifications: Default -> https://login.schulmanager-online.de; https://re-captcha-23.azurewebsites.net

EmptyTemp:

End::

*****************
 

Prozesse erfolgreich geschlossen.

HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiSpyware"="0" => Wert erfolgreich wiederhergestellt

HKLM\SOFTWARE\Microsoft\Windows Defender\\"DisableAntiVirus"="0" => Wert erfolgreich wiederhergestellt

"C:\Users\micha\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\fdhgeoginicibhagdmblfikbgbkahibd" => nicht gefunden

"Edge Notifications" => erfolgreich entfernt
 

=========== EmptyTemp: ==========
 

FlushDNS => abgeschlossen

BITS transfer queue => 1310720 B

DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 255919964 B

Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B

Windows/system/drivers => 543186617 B

Edge => 0 B

Firefox => 590586037 B

Opera => 0 B
 

Temp, IE cache, history, cookies, recent:

Default => 0 B

ProgramData => 0 B

Public => 0 B

systemprofile => 344686 B

systemprofile32 => 344686 B

LocalService => 1079180 B

NetworkService => 1356710 B

micha => 1568079937 B
 

RecycleBin => 469110487 B

EmptyTemp: => 3.2 GB temporäre Dateien entfernt.
 

================================
 
 

Das System musste neu gestartet werden.
 

==== Ende von Fixlog 12:36:52 ====

Kontrollscans mit MBAM und RK

Wir sind fast fertig. Jetzt ist es an der Zeit für Kontrollscans mit

Poste nach Abschluss der beiden Scans die Logs in CODE-Tags.

Code:



Malwarebytes

www.malwarebytes.com
 

-Protokolldetails-

Scan-Datum: 19.08.2024

Scan-Zeit: 13:22

Protokolldatei: 426a1d06-5e1d-11ef-93a3-5c60bab8a3a1.json
 

-Softwaredaten-

Version: 5.1.8.123

Komponentenversion: 1.0.5007

Version des Aktualisierungspakets: 1.0.88066

Lizenz: Testversion
 

-Systemdaten-

Betriebssystem: Windows 11 (Build 22631.4037)

CPU: x64

Dateisystem: NTFS

Benutzer: LAPTOP-8BQEBHKB\micha
 

-Scan-Übersicht-

Scan-Typ: Bedrohungs-Scan

Scan gestartet von: Manuell

Ergebnis: Abgeschlossen

Gescannte Objekte: 229870

Erkannte Bedrohungen: 0

In die Quarantäne verschobene Bedrohungen: 0

Abgelaufene Zeit: 2 Min., 36 Sek.
 

-Scan-Optionen-

Speicher: Aktiviert

Start: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Erkennung

PUM: Erkennung
 

-Scan-Details-

Prozess: 0

(keine bösartigen Elemente erkannt)
 

Modul: 0

(keine bösartigen Elemente erkannt)
 

Registrierungsschlüssel: 0

(keine bösartigen Elemente erkannt)
 

Registrierungswert: 0

(keine bösartigen Elemente erkannt)
 

Registrierungsdaten: 0

(keine bösartigen Elemente erkannt)
 

Daten-Stream: 0

(keine bösartigen Elemente erkannt)
 

Ordner: 0

(keine bösartigen Elemente erkannt)
 

Datei: 0

(keine bösartigen Elemente erkannt)
 

Physischer Sektor: 0

(keine bösartigen Elemente erkannt)
 

WMI: 0

(keine bösartigen Elemente erkannt)
 
 

(end)

Ich weiß nicht, ob das so richtig ist, aber ich konnte den Bericht nicht wie beschrieben ein einer RK.txt Datei speichern.

Code:



{"header": {"date": 133685407241810000, "properties": [{"key": "program", "value": "RogueKiller Anti-Malware"}, {"key": "version", "value": "15.18.0.0"}, {"key": "x64", "value": true}, {"key": "program_date", "value": "Aug  1 2024"}, {"key": "location", "value": "C:\\Users\\micha\\Downloads\\RogueKiller_portable64.exe"}, {"key": "premium", "value": false}, {"key": "company", "value": "Adlice Software"}, {"key": "website", "value": "https://www.adlice.com/"}, {"key": "contact", "value": "https://adlice.com/contact/"}, {"key": "website", "value": "https://adlice.com/download/roguekiller/"}, {"key": "os", "value": "Windows 11 (10.0.22631) 64-bit"}, {"key": "os_x64", "value": true}, {"key": "startup", "value": 0}, {"key": "winpe", "value": false}, {"key": "user", "value": "micha"}, {"key": "user_admin", "value": true}, {"key": "date", "value": "2024/08/19 11:32:04"}, {"key": "type", "value": "scan"}, {"key": "aborted", "value": false}, {"key": "scan_mode", "value": "standard"}, {"key": "is_ucheck", "value": false}, {"key": "duration", "value": 140}, {"key": "found_count", "value": 1}, {"key": "total_count", "value": 83009}, {"key": "signatures_version", "value": "20240815_102323"}, {"key": "log_legit", "value": false}, {"key": "expert_mode", "value": false}, {"key": "truesight_loaded", "value": true}, {"key": "cloud_id", "value": ""}, {"key": "removal_id", "value": 0}, {"key": "scan_id", "value": 0}, {"key": "updates_count", "value": 13}]}, "sections": [{"entries": [], "id": "WARNINGS", "name": "warnings"}, {"entries": [{"entries": [], "id": "update", "properties": [{"key": "update_name", "value": "Mozilla Firefox (x64 de)"}, {"key": "update_current_version", "value": "127.0"}, {"key": "update_available_version", "value": "129.0.1"}, {"key": "update_size", "value": 249812992}, {"key": "update_wow_64_32", "value": true}, {"key": "update_portable", "value": false}, {"key": "update_location", "value": "C:\\Program Files (x86)\\Mozilla Firefox"}]}, {"entries": [], "id": "update", "properties": [{"key": "update_name", "value": "Zoom"}, {"key": "update_current_version", "value": "5.16.10 (26186)"}, {"key": "update_available_version", "value": "5.17.42282"}, {"key": "update_size", "value": 0}, {"key": "update_wow_64_32", "value": false}, {"key": "update_portable", "value": false}, {"key": "update_location", "value": "C:\\Users\\micha\\AppData\\Roaming\\Zoom\\bin"}]}, {"entries": [], "id": "update", "properties": [{"key": "update_name", "value": "Microsoft 365 Apps for Enterprise - de-de"}, {"key": "update_current_version", "value": "16.0.17830.20138"}, {"key": "update_available_version", "value": "16.0.17830.20162"}, {"key": "update_size", "value": 0}, {"key": "update_wow_64_32", "value": false}, {"key": "update_portable", "value": false}, {"key": "update_location", "value": "C:\\Program Files\\Microsoft Office"}]}, {"entries": [], "id": "update", "properties": [{"key": "update_name", "value": "NVIDIA GeForce Experience 3.25.0.84"}, {"key": "update_current_version", "value": "3.25.0.84"}, {"key": "update_available_version", "value": "3.28.0.417"}, {"key": "update_size", "value": 0}, {"key": "update_wow_64_32", "value": false}, {"key": "update_portable", "value": false}, {"key": "update_location", "value": "C:\\Program Files\\NVIDIA Corporation\\Installer2\\Display.GFExperience.{7FBC3B77-4694-4597-AD18-BD7B2A745B25}"}]}, {"entries": [], "id": "update", "properties": [{"key": "update_name", "value": "NVIDIA PhysX-Systemsoftware 9.20.0221"}, {"key": "update_current_version", "value": "9.20.0221"}, {"key": "update_available_version", "value": "9.21.0713"}, {"key": "update_size", "value": 0}, {"key": "update_wow_64_32", "value": true}, {"key": "update_portable", "value": false}, {"key": "update_location", "value": "C:\\Program Files (x86)\\NVIDIA Corporation\\PhysX"}]}, {"entries": [], "id": "update", "properties": [{"key": "update_name", "value": "Microsoft Teams classic"}, {"key": "update_current_version", "value": "1.7.00.3653"}, {"key": "update_available_version", "value": "1.7.00.19353"}, {"key": "update_size", "value": 142717952}, {"key": "update_wow_64_32", "value": true}, {"key": "update_portable", "value": false}, {"key": "update_location", "value": "C:\\Users\\micha\\AppData\\Local\\Microsoft\\Teams"}]}, {"entries": [], "id": "update", "properties": [{"key": "update_name", "value": "Opel Update 1.5.1"}, {"key": "update_current_version", "value": "1.5.1"}, {"key": "update_available_version", "value": "1.6.1"}, {"key": "update_size", "value": 377277440}, {"key": "update_wow_64_32", "value": false}, {"key": "update_portable", "value": false}, {"key": "update_location", "value": ""}]}, {"entries": [], "id": "update", "properties": [{"key": "update_name", "value": "Microsoft 365 - de-de"}, {"key": "update_current_version", "value": "16.0.17830.20138"}, {"key": "update_available_version", "value": "16.0.18011.20000"}, {"key": "update_size", "value": 0}, {"key": "update_wow_64_32", "value": false}, {"key": "update_portable", "value": false}, {"key": "update_location", "value": "C:\\Program Files\\Microsoft Office"}]}, {"entries": [], "id": "update", "properties": [{"key": "update_name", "value": "Microsoft 365 - en-us"}, {"key": "update_current_version", "value": "16.0.17830.20138"}, {"key": "update_available_version", "value": "16.0.18011.20000"}, {"key": "update_size", "value": 0}, {"key": "update_wow_64_32", "value": false}, {"key": "update_portable", "value": false}, {"key": "update_location", "value": "C:\\Program Files\\Microsoft Office"}]}, {"entries": [], "id": "update", "properties": [{"key": "update_name", "value": "Microsoft OneNote - en-us"}, {"key": "update_current_version", "value": "16.0.17830.20138"}, {"key": "update_available_version", "value": "16.0.17928.20066"}, {"key": "update_size", "value": 0}, {"key": "update_wow_64_32", "value": false}, {"key": "update_portable", "value": false}, {"key": "update_location", "value": "C:\\Program Files\\Microsoft Office"}]}, {"entries": [], "id": "update", "properties": [{"key": "update_name", "value": "NVIDIA Grafiktreiber 546.80"}, {"key": "update_current_version", "value": "546.80"}, {"key": "update_available_version", "value": "560.81"}, {"key": "update_size", "value": 0}, {"key": "update_wow_64_32", "value": false}, {"key": "update_portable", "value": false}, {"key": "update_location", "value": "C:\\Program Files\\NVIDIA Corporation\\Installer2\\Display.Driver.{7C9D93A6-4C08-43F4-B8E0-BFDE6BCFC2B5}"}]}, {"entries": [], "id": "update", "properties": [{"key": "update_name", "value": "NVIDIA FrameView SDK 1.2.7321.30900954"}, {"key": "update_current_version", "value": "1.2.7321.30900954"}, {"key": "update_available_version", "value": "1.4.10316.34570960"}, {"key": "update_size", "value": 0}, {"key": "update_wow_64_32", "value": false}, {"key": "update_portable", "value": false}, {"key": "update_location", "value": "C:\\Program Files\\NVIDIA Corporation\\FrameViewSDK"}]}, {"entries": [], "id": "update", "properties": [{"key": "update_name", "value": "WISO Steuer 2023"}, {"key": "update_current_version", "value": "30.10.3890"}, {"key": "update_available_version", "value": "31.08.4020"}, {"key": "update_size", "value": 0}, {"key": "update_wow_64_32", "value": true}, {"key": "update_portable", "value": false}, {"key": "update_location", "value": "C:\\Program Files (x86)\\WISO\\Steuersoftware 2023\\"}]}], "id": "UPDATES", "name": "updates"}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "[System Process]"}, {"key": "path", "value": ""}, {"key": "pid", "value": 0}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "smss.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\smss.exe"}, {"key": "pid", "value": 724}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "Memory Compression"}, {"key": "path", "value": "MemCompression"}, {"key": "pid", "value": 3676}]}], "id": "process_item", "properties": [{"key": "name", "value": "System"}, {"key": "path", "value": ""}, {"key": "pid", "value": 4}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "Registry"}, {"key": "path", "value": "Registry"}, {"key": "pid", "value": 268}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "csrss.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\csrss.exe"}, {"key": "pid", "value": 800}]}, {"entries": [{"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 864}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1160}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1312}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "RuntimeBroker.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\RuntimeBroker.exe"}, {"key": "pid", "value": 1168}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "RuntimeBroker.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\RuntimeBroker.exe"}, {"key": "pid", "value": 2216}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "ShellExperienceHost.exe"}, {"key": "path", "value": "C:\\Windows\\SystemApps\\ShellExperienceHost_cw5n1h2txyewy\\ShellExperienceHost.exe"}, {"key": "pid", "value": 3736}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "smartscreen.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\smartscreen.exe"}, {"key": "pid", "value": 3972}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "WmiPrvSE.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe"}, {"key": "pid", "value": 4624}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "WmiPrvSE.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\wbem\\WmiPrvSE.exe"}, {"key": "pid", "value": 4632}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "unsecapp.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\wbem\\unsecapp.exe"}, {"key": "pid", "value": 4900}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "RuntimeBroker.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\RuntimeBroker.exe"}, {"key": "pid", "value": 6616}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "RuntimeBroker.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\RuntimeBroker.exe"}, {"key": "pid", "value": 8896}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "SystemSettings.exe"}, {"key": "path", "value": "C:\\Windows\\ImmersiveControlPanel\\SystemSettings.exe"}, {"key": "pid", "value": 10256}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "SearchHost.exe"}, {"key": "path", "value": "C:\\Windows\\SystemApps\\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\\SearchHost.exe"}, {"key": "pid", "value": 10368}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "StartMenuExperienceHost.exe"}, {"key": "path", "value": "C:\\Windows\\SystemApps\\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\\StartMenuExperienceHost.exe"}, {"key": "pid", "value": 10392}]}, {"entries": [{"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedgewebview2.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\EdgeWebView\\Application\\127.0.2651.105\\msedgewebview2.exe"}, {"key": "pid", "value": 1888}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedgewebview2.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\EdgeWebView\\Application\\127.0.2651.105\\msedgewebview2.exe"}, {"key": "pid", "value": 3128}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedgewebview2.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\EdgeWebView\\Application\\127.0.2651.105\\msedgewebview2.exe"}, {"key": "pid", "value": 8504}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedgewebview2.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\EdgeWebView\\Application\\127.0.2651.105\\msedgewebview2.exe"}, {"key": "pid", "value": 9032}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedgewebview2.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\EdgeWebView\\Application\\127.0.2651.105\\msedgewebview2.exe"}, {"key": "pid", "value": 11916}]}], "id": "process_item", "properties": [{"key": "name", "value": "msedgewebview2.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\EdgeWebView\\Application\\127.0.2651.105\\msedgewebview2.exe"}, {"key": "pid", "value": 5176}]}], "id": "process_item", "properties": [{"key": "name", "value": "Widgets.exe"}, {"key": "path", "value": "C:\\Program Files\\WindowsApps\\MicrosoftWindows.Client.WebExperience_524.18500.10.0_x64__cw5n1h2txyewy\\Dashboard\\Widgets.exe"}, {"key": "pid", "value": 10512}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "RuntimeBroker.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\RuntimeBroker.exe"}, {"key": "pid", "value": 10596}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "ApplicationFrameHost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\ApplicationFrameHost.exe"}, {"key": "pid", "value": 10688}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "RuntimeBroker.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\RuntimeBroker.exe"}, {"key": "pid", "value": 10712}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "dllhost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\dllhost.exe"}, {"key": "pid", "value": 10868}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "WidgetService.exe"}, {"key": "path", "value": "C:\\Program Files\\WindowsApps\\MicrosoftWindows.Client.WebExperience_524.18500.10.0_x64__cw5n1h2txyewy\\Dashboard\\widgetservice.exe"}, {"key": "pid", "value": 10888}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "dllhost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\dllhost.exe"}, {"key": "pid", "value": 11040}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "WidgetService.exe"}, {"key": "path", "value": "C:\\Program Files\\WindowsApps\\MicrosoftWindows.Client.WebExperience_524.18500.10.0_x64__cw5n1h2txyewy\\Dashboard\\widgetservice.exe"}, {"key": "pid", "value": 11056}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "PhoneExperienceHost.exe"}, {"key": "path", "value": "C:\\Program Files\\WindowsApps\\Microsoft.YourPhone_1.24072.111.0_x64__8wekyb3d8bbwe\\PhoneExperienceHost.exe"}, {"key": "pid", "value": 12144}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "backgroundTaskHost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\backgroundTaskHost.exe"}, {"key": "pid", "value": 12700}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "UserOOBEBroker.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\oobe\\UserOOBEBroker.exe"}, {"key": "pid", "value": 13208}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "WhatsApp.exe"}, {"key": "path", "value": "C:\\Program Files\\WindowsApps\\5319275A.WhatsAppDesktop_2.2432.5.0_x64__cv1g1gvanyjgm\\WhatsApp.exe"}, {"key": "pid", "value": 13216}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "unsecapp.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\wbem\\unsecapp.exe"}, {"key": "pid", "value": 13860}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "HP.myHP.exe"}, {"key": "path", "value": "C:\\Program Files\\WindowsApps\\AD2F1837.myHP_35.52430.841.0_x64__v10z8vjag6ke6\\HP.myHP.exe"}, {"key": "pid", "value": 13932}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "RuntimeBroker.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\RuntimeBroker.exe"}, {"key": "pid", "value": 14056}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "TextInputHost.exe"}, {"key": "path", "value": "C:\\Windows\\SystemApps\\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\\TextInputHost.exe"}, {"key": "pid", "value": 14340}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "LockApp.exe"}, {"key": "path", "value": "C:\\Windows\\SystemApps\\Microsoft.LockApp_cw5n1h2txyewy\\LockApp.exe"}, {"key": "pid", "value": 14628}]}], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1360}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1408}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "WUDFHost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\WUDFHost.exe"}, {"key": "pid", "value": 1440}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1504}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1548}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1648}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "WUDFHost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\WUDFHost.exe"}, {"key": "pid", "value": 1724}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1780}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1800}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1816}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1820}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1824}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1852}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1904}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1944}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 1960}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2028}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2120}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "IntelCpHDCPSvc.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\iigd_dch.inf_amd64_0fdf6ce291234272\\IntelCpHDCPSvc.exe"}, {"key": "pid", "value": 2184}]}, {"entries": [{"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "DesktopExtension.exe"}, {"key": "path", "value": "C:\\Program Files\\WindowsApps\\AD2F1837.myHP_35.52430.841.0_x64__v10z8vjag6ke6\\win32\\DesktopExtension.exe"}, {"key": "pid", "value": 14240}]}], "id": "process_item", "properties": [{"key": "name", "value": "sihost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\sihost.exe"}, {"key": "pid", "value": 6868}]}], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2208}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2236}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2268}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2340}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2400}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2428}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2436}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2508}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2560}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "OmenCap.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\hpomencustomcapcomp.inf_amd64_9f1f5222288bdf88\\x64\\OmenCap\\OmenCap.exe"}, {"key": "pid", "value": 2652}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2836}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2896}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "taskhostw.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\taskhostw.exe"}, {"key": "pid", "value": 9564}]}], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 2948}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3004}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "SynTPEnh.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\SynTPEnh.exe"}, {"key": "pid", "value": 11852}]}], "id": "process_item", "properties": [{"key": "name", "value": "SynTPEnhService.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\SynTPEnhService.exe"}, {"key": "pid", "value": 3112}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3160}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "NVDisplay.Container.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\nvhm.inf_amd64_41c48f20ac7de4fb\\Display.NvContainer\\NVDisplay.Container.exe"}, {"key": "pid", "value": 4228}]}], "id": "process_item", "properties": [{"key": "name", "value": "NVDisplay.Container.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\nvhm.inf_amd64_41c48f20ac7de4fb\\Display.NvContainer\\NVDisplay.Container.exe"}, {"key": "pid", "value": 3240}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "WUDFHost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\WUDFHost.exe"}, {"key": "pid", "value": 3328}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3404}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3420}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3440}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3456}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3464}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3612}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3724}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3772}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3780}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "BridgeCommunication.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\hpcustomcapcomp.inf_amd64_1d957930b3685886\\x64\\BridgeCommunication.exe"}, {"key": "pid", "value": 7808}]}], "id": "process_item", "properties": [{"key": "name", "value": "SysInfoCap.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\hpcustomcapcomp.inf_amd64_1d957930b3685886\\x64\\SysInfoCap.exe"}, {"key": "pid", "value": 3788}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "BridgeCommunication.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\hpcustomcapcomp.inf_amd64_1d957930b3685886\\x64\\BridgeCommunication.exe"}, {"key": "pid", "value": 3768}]}], "id": "process_item", "properties": [{"key": "name", "value": "NetworkCap.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\hpcustomcapcomp.inf_amd64_1d957930b3685886\\x64\\NetworkCap.exe"}, {"key": "pid", "value": 3796}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "DiagsCap.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\hpcustomcapcomp.inf_amd64_1d957930b3685886\\x64\\DiagsCap.exe"}, {"key": "pid", "value": 3804}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "TouchpointAnalyticsClientService.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\\x64\\TouchpointAnalyticsClientService.exe"}, {"key": "pid", "value": 3812}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "AppHelperCap.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\hpcustomcapcomp.inf_amd64_1d957930b3685886\\x64\\AppHelperCap.exe"}, {"key": "pid", "value": 3820}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3880}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 3996}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 4048}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 4092}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 4256}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 4656}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "audiodg.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\audiodg.exe"}, {"key": "pid", "value": 1328}]}], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 4752}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "ctfmon.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\ctfmon.exe"}, {"key": "pid", "value": 12808}]}], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 4780}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 4936}]}, {"entries": [{"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "conhost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\conhost.exe"}, {"key": "pid", "value": 5512}]}], "id": "process_item", "properties": [{"key": "name", "value": "wlanext.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\wlanext.exe"}, {"key": "pid", "value": 5492}]}], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 5188}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 5248}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "spoolsv.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\spoolsv.exe"}, {"key": "pid", "value": 5320}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 5384}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 5464}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 5536}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 5744}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "HPPrintScanDoctorService.exe"}, {"key": "path", "value": "C:\\Program Files\\HPPrintScanDoctor\\HPPrintScanDoctorService.exe"}, {"key": "pid", "value": 5752}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "IntelAudioService.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\intcoed.inf_amd64_29fd1afabcf5470c\\AS\\IAS\\IntelAudioService.exe"}, {"key": "pid", "value": 5760}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "OneApp.IGCC.WinService.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\igcc_dch.inf_amd64_a687edda40db3316\\OneApp.IGCC.WinService.exe"}, {"key": "pid", "value": 5768}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "OfficeClickToRun.exe"}, {"key": "path", "value": "C:\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\OfficeClickToRun.exe"}, {"key": "pid", "value": 5776}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "pdf24.exe"}, {"key": "path", "value": "C:\\Program Files\\PDF24\\pdf24.exe"}, {"key": "pid", "value": 5788}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 5804}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "ipfsvc.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\dtt_sw.inf_amd64_4a0efaf978352e5b\\ipfsvc.exe"}, {"key": "pid", "value": 5820}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 5840}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 5848}]}, {"entries": [{"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "conhost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\conhost.exe"}, {"key": "pid", "value": 9212}]}], "id": "process_item", "properties": [{"key": "name", "value": "SECOCL64.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\SECOCL64.exe"}, {"key": "pid", "value": 9204}]}], "id": "process_item", "properties": [{"key": "name", "value": "SECOMN64.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\SECOMN64.exe"}, {"key": "pid", "value": 5856}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "ipf_helper.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\ipf_cpu.inf_amd64_e6050705c26c770f\\ipf_helper.exe"}, {"key": "pid", "value": 9116}]}], "id": "process_item", "properties": [{"key": "name", "value": "ipf_uf.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\ipf_cpu.inf_amd64_e6050705c26c770f\\ipf_uf.exe"}, {"key": "pid", "value": 5864}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "XtuService.exe"}, {"key": "path", "value": "C:\\Windows\\SysWOW64\\XtuService.exe"}, {"key": "pid", "value": 5872}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "AggregatorHost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\AggregatorHost.exe"}, {"key": "pid", "value": 7876}]}], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 5884}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 5896}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "RtkAudUService64.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\realtekservice.inf_amd64_04ff63d068f8c626\\RtkAudUService64.exe"}, {"key": "pid", "value": 11752}]}], "id": "process_item", "properties": [{"key": "name", "value": "RtkAudUService64.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\realtekservice.inf_amd64_04ff63d068f8c626\\RtkAudUService64.exe"}, {"key": "pid", "value": 5904}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "WMIRegistrationService.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\mewmiprov.inf_amd64_cad1db73e8c782a6\\WMIRegistrationService.exe"}, {"key": "pid", "value": 5912}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "Malwarebytes.exe"}, {"key": "path", "value": "C:\\Program Files\\Malwarebytes\\Anti-Malware\\Malwarebytes.exe"}, {"key": "pid", "value": 9124}]}], "id": "process_item", "properties": [{"key": "name", "value": "MBAMService.exe"}, {"key": "path", "value": "C:\\Program Files\\Malwarebytes\\Anti-Malware\\MBAMService.exe"}, {"key": "pid", "value": 5948}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "MpDefenderCoreService.exe"}, {"key": "path", "value": "C:\\ProgramData\\Microsoft\\Windows Defender\\Platform\\4.18.24070.5-0\\MpDefenderCoreService.exe"}, {"key": "pid", "value": 5960}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 6048}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 6056}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 6132}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "jhi_service.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\dal.inf_amd64_b5484efd38adbe8d\\jhi_service.exe"}, {"key": "pid", "value": 6320}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 6884}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 7156}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 7456}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 8628}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "MoUsoCoreWorker.exe"}, {"key": "path", "value": "C:\\Windows\\UUS\\Packages\\Preview\\amd64\\MoUsoCoreWorker.exe"}, {"key": "pid", "value": 8840}]}], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 8744}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 8860}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 9672}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 9832}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 10140}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 10248}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 10612}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 10860}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 10948}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 11468}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 11624}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "SearchProtocolHost.exe"}, {"key": "path", "value": ""}, {"key": "pid", "value": 5276}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "SearchFilterHost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\SearchFilterHost.exe"}, {"key": "pid", "value": 6820}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "SearchProtocolHost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\SearchProtocolHost.exe"}, {"key": "pid", "value": 9484}]}], "id": "process_item", "properties": [{"key": "name", "value": "SearchIndexer.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\SearchIndexer.exe"}, {"key": "pid", "value": 11772}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 12604}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "SecurityHealthService.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\SecurityHealthService.exe"}, {"key": "pid", "value": 13032}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "svchost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\svchost.exe"}, {"key": "pid", "value": 13988}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "BrYNSvc.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Browny02\\BrYNSvc.exe"}, {"key": "pid", "value": 14716}]}], "id": "process_item", "properties": [{"key": "name", "value": "services.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\services.exe"}, {"key": "pid", "value": 1208}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "lsass.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\lsass.exe"}, {"key": "pid", "value": 1232}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "fontdrvhost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\fontdrvhost.exe"}, {"key": "pid", "value": 1384}]}], "id": "process_item", "properties": [{"key": "name", "value": "wininit.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\wininit.exe"}, {"key": "pid", "value": 1136}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "csrss.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\csrss.exe"}, {"key": "pid", "value": 1156}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "fontdrvhost.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\fontdrvhost.exe"}, {"key": "pid", "value": 1652}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "dwm.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\dwm.exe"}, {"key": "pid", "value": 2984}]}], "id": "process_item", "properties": [{"key": "name", "value": "winlogon.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\winlogon.exe"}, {"key": "pid", "value": 1600}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "HPSystemEventUtilityHost.exe"}, {"key": "path", "value": "C:\\Program Files\\WindowsApps\\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6\\SystemEventUtility\\HPSystemEventUtilityHost.exe"}, {"key": "pid", "value": 10288}]}], "id": "process_item", "properties": [{"key": "name", "value": "HPSystemEventUtilityBackground.exe"}, {"key": "path", "value": "C:\\Program Files\\WindowsApps\\AD2F1837.HPSystemEventUtility_1.5.15.0_x64__v10z8vjag6ke6\\SystemEventUtility\\HPSystemEventUtilityBackground.exe"}, {"key": "pid", "value": 3416}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "RtkAudUService64.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\DriverStore\\FileRepository\\realtekservice.inf_amd64_04ff63d068f8c626\\RtkAudUService64.exe"}, {"key": "pid", "value": 5836}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "SecurityHealthSystray.exe"}, {"key": "path", "value": "C:\\Windows\\System32\\SecurityHealthSystray.exe"}, {"key": "pid", "value": 6788}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "pdf24.exe"}, {"key": "path", "value": "C:\\Program Files\\PDF24\\pdf24.exe"}, {"key": "pid", "value": 11368}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 1636}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 1892}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 2112}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 7440}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 11016}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 11104}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 12172}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 12564}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 13432}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 13440}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 13472}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 13484}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 13644}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 14208}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "RogueKiller_portable64.exe"}, {"key": "path", "value": "C:\\Users\\micha\\Downloads\\RogueKiller_portable64.exe"}, {"key": "pid", "value": 14364}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 14532}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 14960}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 15152}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 15288}]}], "id": "process_item", "properties": [{"key": "name", "value": "msedge.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe"}, {"key": "pid", "value": 11408}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "Notepad.exe"}, {"key": "path", "value": "C:\\Program Files\\WindowsApps\\Microsoft.WindowsNotepad_11.2406.9.0_x64__8wekyb3d8bbwe\\Notepad\\Notepad.exe"}, {"key": "pid", "value": 12368}]}], "id": "process_item", "properties": [{"key": "name", "value": "explorer.exe"}, {"key": "path", "value": "C:\\Windows\\explorer.exe"}, {"key": "pid", "value": 9816}]}, {"entries": [{"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "BrCcUxSys.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\ControlCenter4\\BrCcUxSys.exe"}, {"key": "pid", "value": 14620}]}], "id": "process_item", "properties": [{"key": "name", "value": "BrCtrlCntr.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\ControlCenter4\\BrCtrlCntr.exe"}, {"key": "pid", "value": 14404}]}, {"entries": [], "id": "process_item", "properties": [{"key": "name", "value": "BrStMonW.exe"}, {"key": "path", "value": "C:\\Program Files (x86)\\Browny02\\Brother\\BrStMonW.exe"}, {"key": "pid", "value": 14652}]}], "id": "PROCESSES", "name": "processes"}, {"entries": [], "id": "PROCESS_MODULES", "name": "modules"}, {"entries": [], "id": "SERVICES", "name": "services"}, {"entries": [], "id": "TASKS", "name": "tasks"}, {"entries": [], "id": "REGISTRY", "name": "registry"}, {"entries": [], "id": "WMI", "name": "wmi"}, {"entries": [{"entries": [], "id": "info", "properties": [{"key": "is_too_big", "value": false}, {"key": "hosts_file_path", "value": "C:\\Windows\\System32\\drivers\\etc\\hosts"}]}, {"entries": [], "id": "lines", "properties": []}], "id": "HOSTS", "name": "hosts"}, {"entries": [{"entries": [], "id": "filesystem", "properties": [{"key": "scan_what", "value": 1}, {"key": "vendors", "value": ["PUP.AutoIt.Gen"]}, {"key": "type", "value": 1}, {"key": "name", "value": "FRST64.exe"}, {"key": "path", "value": "C:\\Users\\micha\\Desktop\\Virusscan\\FRST64.exe"}, {"key": "path_compressed", "value": "%USERPROFILE%\\Desktop\\Virusscan\\FRST64.exe"}, {"key": "target", "value": ""}, {"key": "target_param", "value": ""}, {"key": "file_md5", "value": "FED0E4A53768F2E769A9F1C1512BB0C8"}, {"key": "file_sha256", "value": "B775A76514FCCE084181C7B18CAE4476575BD36EA7139AA1881F8702F3D9F376"}, {"key": "file_exists", "value": true}, {"key": "file_signed", "value": false}, {"key": "file_signer", "value": ""}, {"key": "file_vtscore", "value": 0}, {"key": "file_vttotal", "value": 0}, {"key": "is_malicious", "value": true}, {"key": "detection_level", "value": 3}, {"key": "status", "value": 1}, {"key": "status_str", "value": "[[FOUND]]"}, {"key": "status_choice", "value": 2}, {"key": "status_removal", "value": 0}, {"key": "malpe_score", "value": -1}, {"key": "id", "value": 0}, {"key": "removed", "value": false}]}], "id": "FILESYSTEM", "name": "filesystem"}, {"entries": [], "id": "WEB_BROWSERS", "name": "web_browsers"}, {"entries": [], "id": "ANTIROOTKIT", "name": "antirootkit"}], "type": "RK-REPORT"}

Dann wären wir durch! :daumenhoc

Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus:

Abschließend unbedingt folgende Sicherheitsmaßnahmen lesen und umsetzen:

Anleitung: Cleanup & Maßnahmen zur Absicherung des Rechners

Wir sind froh, dass wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.