|
Log-Analyse und Auswertung: WIN10 PC gehackt, T-Online Emails werden in meinem Namen versendet, Fremdzugriff über TeamViewer?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.06.2021, 12:54 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | WIN10 PC gehackt, T-Online Emails werden in meinem Namen versendet, Fremdzugriff über TeamViewer? Störende, veraltete oder unnötige Programme deinstallieren Bitte über Programme und Features (appwiz.cpl) deinstallieren: Adobe Acrobat Reader DC - Deutsch AntiBrowserSpy 2020 AnyDesk CCleaner PDF-Viewer VLC media player WinRAR 5.31 (64-Bit)
__________________ Logfiles bitte immer in CODE-Tags posten |
18.06.2021, 13:23 | #17 |
| WIN10 PC gehackt, T-Online Emails werden in meinem Namen versendet, Fremdzugriff über TeamViewer? Erledigt und neu gestartet.
__________________ |
18.06.2021, 13:24 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | WIN10 PC gehackt, T-Online Emails werden in meinem Namen versendet, Fremdzugriff über TeamViewer? adwCleaner
__________________Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags. adwcleaner zwecks Kontrolle bitte wiederholen, falls es Funde gab.
__________________ |
18.06.2021, 14:02 | #19 |
| WIN10 PC gehackt, T-Online Emails werden in meinem Namen versendet, Fremdzugriff über TeamViewer?Code:
ATTFilter # ------------------------------- # Malwarebytes AdwCleaner 8.2.0.0 # ------------------------------- # Build: 03-22-2021 # Database: 2021-05-17.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 06-18-2021 # Duration: 00:00:01 # OS: Windows 10 Pro # Cleaned: 43 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion Deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion Deleted C:\Users\Popp\AppData\Local\Downloaded Installations\{DAD82379-C684-4D04-83D5-2B9934A9C362} ***** [ Files ] ***** Deleted C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini Deleted C:\Windows\SysWOW64\lavasofttcpservice.dll Deleted C:\Windows\System32\LavasoftTcpService64.dll Deleted C:\Windows\System32\LavasoftTcpServiceOff.ini ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Lavasoft\Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com Deleted HKLM\Software\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9} Deleted HKLM\Software\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4} Deleted HKLM\Software\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D} Deleted HKLM\Software\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD} Deleted HKLM\Software\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519} Deleted HKLM\Software\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF} Deleted HKLM\Software\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890} Deleted HKLM\Software\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105} Deleted HKLM\Software\Classes\LavasoftTcpServiceLib.DataContainer Deleted HKLM\Software\Classes\LavasoftTcpServiceLib.DataContainer.1 Deleted HKLM\Software\Classes\LavasoftTcpServiceLib.DataController Deleted HKLM\Software\Classes\LavasoftTcpServiceLib.DataController.1 Deleted HKLM\Software\Classes\LavasoftTcpServiceLib.DataTable Deleted HKLM\Software\Classes\LavasoftTcpServiceLib.DataTable.1 Deleted HKLM\Software\Classes\LavasoftTcpServiceLib.DataTableFields Deleted HKLM\Software\Classes\LavasoftTcpServiceLib.DataTableFields.1 Deleted HKLM\Software\Classes\LavasoftTcpServiceLib.DataTableHolder Deleted HKLM\Software\Classes\LavasoftTcpServiceLib.DataTableHolder.1 Deleted HKLM\Software\Classes\LavasoftTcpServiceLib.LSPLogic Deleted HKLM\Software\Classes\LavasoftTcpServiceLib.LSPLogic.1 Deleted HKLM\Software\Classes\LavasoftTcpServiceLib.ReadOnlyManager Deleted HKLM\Software\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1 Deleted HKLM\Software\Classes\LavasoftTcpServiceLib.WFPController Deleted HKLM\Software\Classes\LavasoftTcpServiceLib.WFPController.1 Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com Deleted HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com Deleted HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com Deleted HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\dospop.com Deleted HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\incredibar.com ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [7507 octets] - [18/05/2021 09:15:47] AdwCleaner[S01].txt - [7568 octets] - [18/06/2021 14:30:27] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ########## Aber: Bei "vorinstallierten Dateien" ist mein Sony Kameraprogramm aufgeführt. Da habe ich mich nicht getraut das in Quarantäne zu verschieben. Da sind meine ganzen Bilder und Videos drauf. Code:
ATTFilter # ------------------------------- # Malwarebytes AdwCleaner 8.2.0.0 # ------------------------------- # Build: 03-22-2021 # Database: 2021-05-17.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 06-18-2021 # Duration: 00:00:14 # OS: Windows 10 Pro # Scanned: 31983 # Detected: 13 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** Preinstalled.HPSupportAssistant Folder C:\Users\Popp\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Folder C:\Users\Popp\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{56D27851-B9A6-430F-875A-E2D7A3802C7B} Preinstalled.SonyPlayMemoriesHome File C:\Users\Public\Desktop\PlayMemories Home.lnk Preinstalled.SonyPlayMemoriesHome Folder C:\Program Files (x86)\SONY\PLAYMEMORIES HOME Preinstalled.SonyPlayMemoriesHome Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|PMBVolumeWatcher Preinstalled.SonyPlayMemoriesHome Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|PMBVolumeWatcher Preinstalled.SonyPlayMemoriesHome Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{4F95DC94-A29D-41F6-AF34-15AA0D666186} Preinstalled.SonyPlayMemoriesHome Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{7D3A0097-9E0E-4073-801C-295BBDAEAED8} Preinstalled.SonyPlayMemoriesHome Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{94F4815B-755A-4FFA-AFDC-EE8FE776981E} Preinstalled.SonyPlayMemoriesHome Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{D3981248-DBE7-4050-B666-A7FE5AFFC62C} Preinstalled.SonyPlayMemoriesHome Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{E03CD71A-F595-49DF-9ADC-0CFC93B1B211} Preinstalled.VAIOEntertainmentCommonService Folder C:\Program Files\Common Files\SONY SHARED\VAIO ENTERTAINMENT PLATFORM AdwCleaner[S00].txt - [7507 octets] - [18/05/2021 09:15:47] AdwCleaner[S01].txt - [7568 octets] - [18/06/2021 14:30:27] AdwCleaner[C01].txt - [5258 octets] - [18/06/2021 14:32:24] AdwCleaner[S02].txt - [3309 octets] - [18/06/2021 14:37:07] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ########## |
18.06.2021, 16:19 | #20 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | WIN10 PC gehackt, T-Online Emails werden in meinem Namen versendet, Fremdzugriff über TeamViewer?Zitat:
Du scheinst wohl irgendwie zu glauben, dass alle Bilder und Videos weg sind, nur weil man ein Programm deinstalliert, dass diese Medien betrachten kann - echt jetzt? Noch nie gehört, dass Bilder in deinem Bilderordner liegen und Programme nach C:\Program Files installiert werden? Oder glaubst du Programmdatei und Bilddateien verschmelzen zu einer großen Datei? Ich hab auch den Eindruck, dass du noch nie was von Datensicherung gehört hast, obwohl du so besorgt um deine Bilder und Videos bist. Ist ja lt. deiner Befüchtung alles komplett weg wenn du das Programm deinstallierst. Was willst du denn machen, wenn deine Festplatte/SSD kaputtgeht?
__________________ Logfiles bitte immer in CODE-Tags posten |
18.06.2021, 16:30 | #21 |
| WIN10 PC gehackt, T-Online Emails werden in meinem Namen versendet, Fremdzugriff über TeamViewer? So weit mir bekannt ist, speichert das Sony-Programm die Bilder nicht in einen Windows Bilderordner. Ich kann die Bilder auch nur über dieses Programm ansehen, es sei denn ich habe was übersehen. Wenn es so wichtig ist (war mir nicht bewusst, sorry), mache ich eine Sicherung und werde das Programm entfernen. Wäre allerdings schade, denn das Programm kommuniziert (über Wlan) direkt mit der Kamera. Bestimmt existiert eine (ältere) Sicherung, wollte es aber nicht darauf ankommen lassen. Kann ich das Programm nach Abschluss unserer Arbeiten dann wieder installieren, oder muss ich darauf verzichten? |
18.06.2021, 16:50 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | WIN10 PC gehackt, T-Online Emails werden in meinem Namen versendet, Fremdzugriff über TeamViewer? Was ist denn das für ein bescheuertes Programm? Wenn das mal irgendwann nicht mehr geht, kein Support mehr da ist oder was iauch immer, dann sind auch alle Fotos weg??! Wenn das wirklich so ist, solltest du dir schleunigst ein anderes Programm suchen.
__________________ Logfiles bitte immer in CODE-Tags posten |
18.06.2021, 17:06 | #23 |
| WIN10 PC gehackt, T-Online Emails werden in meinem Namen versendet, Fremdzugriff über TeamViewer? Naja, es gehört halt zur Kamera und ich habe eine grosse Menge Bilder und Videos drauf. Bis jetzt hat es sehr gut funktioniert. Aber im Prinzip hast du natürlich Recht Ich versuche gerade die Dateien über den Explorer auf eine externe Festplatte zu kopieren. Das scheint aber ewig zu dauern. Programmseits habe ich keine Sicherungsoption gefunden. Was anderes fällt mir jetzt nicht dazu ein, bin etwas Überfordert. |
18.06.2021, 22:09 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | WIN10 PC gehackt, T-Online Emails werden in meinem Namen versendet, Fremdzugriff über TeamViewer? Gut dann lass es drauf. Aber allgemein sollte man schon diesen vorinstallierten Mist auch entfernen. Obwohl ich immer noch nicht davon ganz überzeugt bin, dass dieses Programm wirkilch so tickt wie du behauptest. Es kann doch nicht wahr sein, dass die Bilder quasi zerstört und in irgendeinem undurchsichtigen Format gespeichert werden Dann jetzt bitte neu FRST-Logs.
__________________ Logfiles bitte immer in CODE-Tags posten |
18.06.2021, 22:36 | #25 |
| WIN10 PC gehackt, T-Online Emails werden in meinem Namen versendet, Fremdzugriff über TeamViewer? Ich bin leider immer noch damit beschäftigt, die Dateien zu sichern (auf externe Festplatte kopieren). Problem: Ich erhalte die Meldung dass nicht genügend Speicherplatz vorhanden wäre. Allerdings sind von den 4TB von der ext. FP. noch etwa 3TB frei. Ich mache morgen weiter und versuche eine Lösung zu finden. Nochmals zur Sicherheit: Muss das Programm wirklich weg? Mein Sohn macht mich einen Kopf kürzer wenn ich das nicht wieder hinbekomme und freut sich auf das frühzeitige Erbe! Ach ja... ganz vergessen: Das Sony-Programm war nicht vorinstalliert. Das habe ich (mein Sohn) selbst auf den Rechner installiert. Auch das HP -Programm war nicht vorinstalliert. Es gehört sicherlich zu einem ehemaligen Plotter, den es allerdings seit einigen Jahren nicht mehr gibt. Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 16-06-2021 durchgeführt von Popp (Administrator) auf DELL-PC (Dell Inc. OptiPlex 7010) (18-06-2021 23:31:16) Gestartet von C:\Users\Popp\Downloads Geladene Profile: Popp & SFDatabaseServiceV4 Platform: Windows 10 Pro Version 2004 19041.1052 (X64) Sprache: Deutsch (Deutschland) Standard-Browser: FF Start-Modus: Normal ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome Remote Desktop\91.0.4472.10\remoting_host.exe <2> (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\140\LocalDB\Binn\sqlservr.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\MsMpEng.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2105.5-0\NisSrv.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <8> (Plex, Inc -> Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe (Sony Corporation -> Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation -> Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Imaging Products & Solutions Inc. -> Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH -> Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\SFirmV3\SFUpdateService.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH -> Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\SFirmV4\SFAutomatService.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH -> Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\SFirmV4\SFDatabaseService.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH -> Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\SFirmV4\SFSQLServerBackingService\SFSqlServerBackingService.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH -> Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\SFirmV4\SFUpdateService.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Registry (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Network Configuration] => C:\Program Files (x86)\Okidata\ActKey\Network Configuration.exe [725280 2012-08-27] (Oki Data Corporation -> Oki Data Corporation) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [2926336 2015-08-04] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942864 2016-10-13] (Logitech -> Logitech, Inc.) HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) [Datei ist nicht signiert] HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) [Datei ist nicht signiert] HKLM-x32\...\Run: [SfWinStartInfoV3] => C:\Program Files (x86)\SFirmV3\sfWinStartupInfo.exe [151024 2015-10-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH -> Star Finanz - Software Entwicklung und Vertriebs GmbH) HKLM-x32\...\Run: [SFUpdateProviderV3] => C:\Program Files (x86)\SFirmV3\SFUpdateProvider.exe [35312 2015-10-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH -> Star Finanz - Software Entwicklung und Vertriebs GmbH) HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3029480 2018-05-09] (Sony Imaging Products & Solutions Inc. -> Sony Corporation) HKLM-x32\...\Run: [SfWinStartInfoV4] => C:\Program Files (x86)\SFirmV4\sfWinStartupInfo.exe [832400 2021-03-15] (Star Finanz - Software Entwicklung und Vertriebs GmbH -> Star Finanz - Software Entwicklung und Vertriebs GmbH) HKLM-x32\...\Run: [SFUpdateProviderV4] => C:\Program Files (x86)\SFirmV4\SFUpdateProvider.exe [716176 2021-03-15] (Star Finanz - Software Entwicklung und Vertriebs GmbH -> Star Finanz - Software Entwicklung und Vertriebs GmbH) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation) HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\Run: [DymoQuickPrint] => C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe [1867056 2014-03-20] (Sanford, L.P. -> Sanford, L.P.) HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [16971752 2017-12-13] (Plex, Inc -> Plex, Inc.) HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\Run: [FreeAC] => C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe [3015072 2016-01-19] (Comfort Software Group -> Comfort Software Group) HKLM\...\Windows x64\Print Processors\OPLAPP3: C:\Windows\System32\spool\prtprocs\x64\OPLAPP3.dll [43520 2012-04-05] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation) HKLM\...\Print\Monitors\DYMO LabelWriter Monitor: C:\WINDOWS\system32\LW400MON.DLL [16384 2013-03-04] (Microsoft Windows Hardware Compatibility Publisher -> DYMO Corp.) HKLM\...\Print\Monitors\EvoUN01 Language Monitor: C:\WINDOWS\system32\EVOUN01MON.DLL [76472 2017-08-17] (Evolis -> Evolis Card Printer) HKLM\...\Print\Monitors\Oki Language Monitor v2 x64: C:\WINDOWS\system32\OKLMON64.DLL [27648 2009-06-25] (Microsoft Windows Hardware Compatibility Publisher -> Oki Data Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.106\Installer\chrmstp.exe [2021-06-17] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Evolis Printer Manager.lnk [2017-12-12] ShortcutTarget: Evolis Printer Manager.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\PrinterManager.exe (Evolis -> Evolis Card Printer) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk [2016-02-14] ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) [Datei ist nicht signiert] Startup: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk [2016-02-14] ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) [Datei ist nicht signiert] Startup: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk [2016-02-14] ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) [Datei ist nicht signiert] Startup: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk [2020-06-29] ShortcutTarget: DeskPins.lnk -> C:\Program Files (x86)\DeskPins\deskpins.exe (Elias Fotinis) [Datei ist nicht signiert] Startup: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk [2021-06-18] ShortcutTarget: DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) [Datei ist nicht signiert] Startup: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagentaCLOUD.lnk [2020-09-21] ShortcutTarget: MagentaCLOUD.lnk -> C:\Program Files (x86)\Telekom\MagentaCloud\MagentaCloud.App.exe (Deutsche Telekom AG -> ) BootExecute: autocheck autochk * sdnclean64.exe GroupPolicy: Beschränkung ? <==== ACHTUNG Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {040E19E0-3FF3-4020-B47E-3FA12B98FE02} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe Task: {054ADAAB-1C72-4FF9-ADF7-4AB5EAE6FF2D} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe Task: {079ABE46-2B85-4F8C-9C49-748396C38D96} - System32\Tasks\Abelssoft\AccountAlarm_106 => C:\Program Files (x86)\AccountAlarm\AbLauncher.exe [21736 2021-04-22] (Ascora GmbH -> ) Task: {09B3DFE9-38BC-4348-9C8E-131A8D6494CE} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [495248 2014-01-16] (Sony Corporation -> Sony Corporation) Task: {0CCC09F9-BA7F-4445-9897-E212D598503B} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {19F93400-0985-4B60-AC5C-8FE3310BD854} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {1B083F34-2B3D-40C9-BA62-57BDD6C44C3E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation) Task: {232D2253-3AF1-48A5-8350-83C716E4B052} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe Task: {239C19D8-5AB3-45A4-8F46-3038F3C0107B} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe Task: {26FABCF9-1372-4D82-92CC-848B3BFE9F55} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [3059280 2021-03-06] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) Task: {2827F839-3A8A-4782-A915-25B5023E4437} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe Task: {2AD1E353-E598-4D49-AAF6-67901E2ECC51} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-17] (Mozilla Corporation -> Mozilla Foundation) Task: {2CDCDA85-CE12-42EC-B509-FDEA06CDBFF8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe Task: {2DECFE53-12A3-4D03-8FA0-376D30F7B840} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe Task: {2F6EDE96-1A90-4E86-A603-D40FE0D30184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-17] (Google Inc -> Google Inc.) Task: {33B64045-9529-4165-AD45-1D661AB2D70F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe Task: {3A32FF18-67EE-4C9B-9FA0-53355B7B8288} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {3FB688C2-3F85-4A3F-88E2-981D621CDD0C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe Task: {405CCE1E-15DB-4B3C-A8A0-71D30F60F6B4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3953096 2021-05-27] (Microsoft Corporation -> Microsoft Corporation) Task: {42CBCCAA-F998-41D4-A615-51D011606121} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {529974B2-75E5-4ACA-9CA5-02318533540D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe Task: {5419F753-BBC0-4ACE-9E49-5D968BC1AAB5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {56D16294-0716-4A80-BF4D-43EA3C320E6F} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {590F3F64-8DA9-4F5A-AF63-07FAEC940022} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {59ABDE15-90BA-40D9-8FF6-239CED2A7142} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-07-17] (Google Inc -> Google Inc.) Task: {5B29ED17-B5C1-4409-82BB-FFB9C6DCB331} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {627EBC90-5873-47E9-9250-9422271A7CCE} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {684606C1-AB7C-4AF9-92B9-7BB78D5EF746} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-06-12] (Microsoft Corporation -> Microsoft Corporation) Task: {6B3CAC9C-9644-4CF6-8126-7841E8846620} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {6BA53248-DC73-419C-81FE-7B8F04AE7B09} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe Task: {6BB1D149-D753-4057-AF3A-300A92B9997D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {6FF5B52A-E2FC-43C7-AA15-48C1375F0954} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {7CDDB027-7CF5-47F1-8D6C-DEE641715EF0} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {8AD1D1F0-7C51-47F1-8764-8EF06F03476B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe Task: {986D7CB7-BD9F-4277-8100-01209DDBB96F} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe Task: {9CD57278-D4F2-4037-8E7E-004C0331444F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe Task: {A4AE0861-D717-4EB2-B30C-BA0722680AC0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {B184E1DF-7028-4F90-BEB6-7A8437BFFFC6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [3953096 2021-05-27] (Microsoft Corporation -> Microsoft Corporation) Task: {B7492F06-29CD-4FDC-869E-B7B3CDEC2493} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {C6D8C2A7-E05F-4BB3-AA03-1D91A402BEC5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {CD5CD9F8-2DC2-4AA5-8FF9-E616590639E0} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe Task: {D2840624-0294-4FCD-8807-14E722D1C613} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MpCmdRun.exe [644888 2021-06-17] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {DE5E6EA5-6AE0-4CB4-BB40-3FFA5A1A031F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23124856 2021-06-03] (Microsoft Corporation -> Microsoft Corporation) Task: {E4F5B945-0A6E-402F-A34B-74C1E409B16A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG Task: {F03F6E97-5E4B-45A3-BF3D-B2D77573F0A1} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe Task: {F313DA81-4AD0-4B16-9652-811BD2A8D259} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [118088 2021-06-12] (Microsoft Corporation -> Microsoft Corporation) Task: {F5578029-B45C-4194-A9B2-48227DE79832} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {F5C9A58B-CFDD-4171-9872-A3A78C826FA0} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe Task: {FFBB7CC1-1020-4241-BC7E-44803EFA90F3} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{5ff1a44e-f36c-4a0a-b0a3-d7342e281167}: [DhcpNameServer] 192.168.178.1 Edge: ======= Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden] Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden] Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden] Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden] Edge DefaultProfile: Default Edge Profile: C:\Users\Popp\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-18] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: ewmeglni.default-1477417793024 FF ProfilePath: C:\Users\Popp\AppData\Roaming\Mozilla\Firefox\Profiles\ewmeglni.default-1477417793024 [2021-06-18] FF Extension: (Privacy Badger) - C:\Users\Popp\AppData\Roaming\Mozilla\Firefox\Profiles\ewmeglni.default-1477417793024\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2020-03-10] FF Extension: (Browsing Protection by F-Secure) - C:\Users\Popp\AppData\Roaming\Mozilla\Firefox\Profiles\ewmeglni.default-1477417793024\Extensions\ols@f-secure.com.xpi [2021-06-11] [UpdateUrl:hxxps://download.sp.f-secure.com/online-safety/updates.json] FF Extension: (uBlock Origin) - C:\Users\Popp\AppData\Roaming\Mozilla\Firefox\Profiles\ewmeglni.default-1477417793024\Extensions\uBlock0@raymondhill.net.xpi [2020-01-11] FF Extension: (G DATA WebProtection) - C:\Users\Popp\AppData\Roaming\Mozilla\Firefox\Profiles\ewmeglni.default-1477417793024\Extensions\webprotection@gdata.de.xpi [2021-02-27] [UpdateUrl:hxxps://gdata-a.akamaihd.net/R/CommonUpdate/extensions/webprotection/updates.json] FF Extension: (Startpage.com — Datenschutz-Suchmaschine) - C:\Users\Popp\AppData\Roaming\Mozilla\Firefox\Profiles\ewmeglni.default-1477417793024\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2019-03-27] FF Extension: (Video DownloadHelper) - C:\Users\Popp\AppData\Roaming\Mozilla\Firefox\Profiles\ewmeglni.default-1477417793024\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2019-11-02] FF Extension: (Google Analytics Blocker) - C:\Users\Popp\AppData\Roaming\Mozilla\Firefox\Profiles\ewmeglni.default-1477417793024\Extensions\{c7c3483c-0e96-45f4-8772-f84462cdc047}.xpi [2020-09-28] FF Extension: (Save time by asking Buster to solve captchas for you.) - C:\Users\Popp\AppData\Roaming\Mozilla\Firefox\Profiles\ewmeglni.default-1477417793024\Extensions\{e58d3966-3d76-4cd9-8552-1582fbc800c1}.xpi [2019-10-01] FF Plugin: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-06-06] (Oracle America, Inc. -> Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-06-06] (Oracle America, Inc. -> Oracle Corporation) FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] (Sanford, L.P. -> Sanford L.P.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-27] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-27] (Microsoft Corporation -> Microsoft Corporation) FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\prefs.js [2016-02-13] Chrome: ======= CHR Profile: C:\Users\Popp\AppData\Local\Google\Chrome\User Data\Default [2021-06-17] CHR Extension: (Präsentationen) - C:\Users\Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-06-19] CHR Extension: (Docs) - C:\Users\Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-06-19] CHR Extension: (Google Drive) - C:\Users\Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-03-23] CHR Extension: (YouTube) - C:\Users\Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-17] CHR Extension: (Tabellen) - C:\Users\Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-06-19] CHR Extension: (Chrome Remote Desktop) - C:\Users\Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2017-07-17] CHR Extension: (Google Docs Offline) - C:\Users\Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-03-23] CHR Extension: (Malwarebytes Browser Guard) - C:\Users\Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-06-09] CHR Extension: (G DATA WebProtection) - C:\Users\Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\iokapgenfjiafbmphhhcgmgkobiiomcp [2021-06-09] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-23] CHR Extension: (Google Mail) - C:\Users\Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-03-23] CHR Extension: (Chrome Media Router) - C:\Users\Popp\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-06-09] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Dienste (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\91.0.4472.10\remoting_host.exe [71280 2021-04-14] (Google LLC -> Google LLC) S2 cjpcsc; C:\WINDOWS\SysWOW64\cjpcsc.exe [611336 2018-11-15] (Reiner Kartengeraete GmbH und Co.KG -> REINER SCT) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11279752 2021-06-03] (Microsoft Corporation -> Microsoft Corporation) S2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [6282048 2020-07-15] (devolo AG -> devolo AG) S2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P. -> Sanford, L.P.) S2 Evolis Print Center Service; C:\Program Files\Evolis Card Printer\Evolis Premium Suite\EvoPCSvc.exe [2523328 2017-09-19] (Evolis -> Evolis Card Printer) S2 Evolis Services Provider; C:\Program Files\Evolis Card Printer\Evolis Premium Suite\ESPFSvc.exe [1716416 2017-08-17] (Evolis -> Evolis Card Printer) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2020-03-17] (Mixbyte Inc -> Freemake) S2 MagentaCLOUDMaintenanceService; C:\Program Files (x86)\Telekom\MagentaCloud\Updater\MaintenanceService.exe [945352 2017-09-26] (Deutsche Telekom AG -> ) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-05-08] (Malwarebytes Inc -> Malwarebytes) S2 MTAgentService; C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe [783344 2020-12-31] (MiniTool Software Limited -> ) S2 MTSchedulerService; C:\Program Files (x86)\MiniTool ShadowMaker\SchedulerService.exe [226800 2020-12-31] (MiniTool Software Limited -> ) R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2102248 2017-12-13] (Plex, Inc -> Plex, Inc.) S2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [498152 2018-05-09] (Sony Imaging Products & Solutions Inc. -> Sony Corporation) S2 PSI_SVC_2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-12] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SFAutomatServiceV4; C:\Program Files (x86)\SFirmV4\SFAutomatService.exe [712080 2021-03-15] (Star Finanz - Software Entwicklung und Vertriebs GmbH -> Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 SFDatabaseServiceV4; C:\Program Files (x86)\SFirmV4\SFDatabaseService.exe [721808 2021-03-15] (Star Finanz - Software Entwicklung und Vertriebs GmbH -> Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 SFirmV4SqlServerBackingService; C:\Program Files (x86)\SFirmV4\SFSQLServerBackingService\SFSqlServerBackingService.exe [1035664 2021-03-15] (Star Finanz - Software Entwicklung und Vertriebs GmbH -> Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 SFUpdateServiceV3; C:\Program Files (x86)\SFirmV3\SFUpdateService.exe [35312 2015-10-19] (Star Finanz - Software Entwicklung und Vertriebs GmbH -> Star Finanz - Software Entwicklung und Vertriebs GmbH) R2 SFUpdateServiceV4; C:\Program Files (x86)\SFirmV4\SFUpdateService.exe [716176 2021-03-15] (Star Finanz - Software Entwicklung und Vertriebs GmbH -> Star Finanz - Software Entwicklung und Vertriebs GmbH) S3 TDslMgrService; C:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe [307200 2008-10-23] (T-Systems Enterprise Services GmbH) [Datei ist nicht signiert] R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13261608 2021-05-28] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\NisSrv.exe [2644776 2021-06-17] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2105.5-0\MsMpEng.exe [136656 2021-06-17] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 avmaura; C:\WINDOWS\System32\drivers\avmaura.sys [116480 2017-08-29] (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) S3 BrSerId; C:\WINDOWS\system32\DRIVERS\BrSerId.sys [290816 2012-03-27] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.) S3 BrUsbSer; C:\WINDOWS\system32\DRIVERS\BrUsbSer.sys [14720 2011-07-18] (Microsoft Windows Hardware Compatibility Publisher -> Brother Industries Ltd.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert] R3 cjusb; C:\WINDOWS\System32\drivers\cjusb.sys [43224 2017-03-28] (REINER Kartengeraete GmbH & Co. KG -> REINER SCT) R1 DslMNLwf; C:\WINDOWS\system32\DRIVERS\dslmnlwf.sys [19008 2007-08-01] (T-Systems Enterprise Services GmbH -> T-Systems Enterprise Services GmbH) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-06-17] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-05-08] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-17] (Malwarebytes Inc -> Malwarebytes) R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [36496 2020-07-15] (devolo AG -> Riverbed Technology, Inc.) S3 usbser; C:\Windows\SysWOW64\drivers\usbser.sys [25600 2014-04-11] (Microsoft Corporation) [Datei ist nicht signiert] S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2021-06-17] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [425184 2021-06-17] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [76000 2021-06-17] (Microsoft Windows -> Microsoft Corporation) U3 idsvc; kein ImagePath ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2021-06-18 14:25 - 2021-06-18 14:25 - 008534696 _____ (Malwarebytes) C:\Users\Popp\Downloads\adwcleaner_8.2(1).exe 2021-06-17 23:52 - 2021-06-17 23:52 - 001828352 _____ C:\Users\Popp\Downloads\AVCleaner.exe 2021-06-17 14:48 - 2021-06-17 14:48 - 031506184 _____ (Piriform Software Ltd) C:\Users\Popp\Downloads\ccsetup581_slim.exe 2021-06-17 14:09 - 2021-06-17 14:09 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-06-17 14:03 - 2021-06-18 14:21 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2021-06-17 13:38 - 2021-06-17 23:21 - 000090310 _____ C:\Users\Popp\Downloads\Shortcut.txt 2021-06-17 13:37 - 2021-06-17 23:21 - 000059702 _____ C:\Users\Popp\Downloads\Addition.txt 2021-06-17 13:33 - 2021-06-18 23:31 - 000032242 _____ C:\Users\Popp\Downloads\FRST.txt 2021-06-17 13:33 - 2021-06-18 23:31 - 000000000 ____D C:\FRST 2021-06-17 13:33 - 2021-06-17 13:33 - 000000000 ____D C:\Users\Popp\Downloads\FRST-OlderVersion 2021-06-17 13:32 - 2021-06-17 13:33 - 002300416 _____ (Farbar) C:\Users\Popp\Downloads\FRST64.exe 2021-06-17 12:56 - 2021-06-17 12:56 - 005819544 _____ (Stanislav Polshyn & Trend Micro Inc.) C:\Users\Popp\Downloads\HiJackThis_v2.8.0.4.exe 2021-06-15 14:41 - 2021-06-17 12:55 - 000756080 _____ C:\WINDOWS\ntbtlog.txt 2021-06-15 14:41 - 2021-06-17 12:54 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-06-15 14:41 - 2021-06-17 12:54 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2021-06-13 16:33 - 2021-06-13 16:33 - 000311197 _____ C:\Users\Popp\Desktop\120621.pdf 2021-06-12 22:29 - 2021-06-12 22:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData 2021-06-12 15:19 - 2021-06-12 15:19 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-06-12 15:19 - 2021-06-12 15:19 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-06-12 15:19 - 2021-06-12 15:19 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll 2021-06-12 15:19 - 2021-06-12 15:19 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-06-12 15:19 - 2021-06-12 15:19 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2021-06-12 15:19 - 2021-06-12 15:19 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-06-12 15:19 - 2021-06-12 15:19 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2021-06-12 15:19 - 2021-06-12 15:19 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-06-12 15:19 - 2021-06-12 15:19 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2021-06-12 15:19 - 2021-06-12 15:19 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-06-12 15:18 - 2021-06-12 15:18 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2021-06-12 15:18 - 2021-06-12 15:18 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-06-12 15:18 - 2021-06-12 15:18 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-06-12 15:18 - 2021-06-12 15:18 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-06-12 15:18 - 2021-06-12 15:18 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-06-12 15:18 - 2021-06-12 15:18 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-06-12 15:18 - 2021-06-12 15:18 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2021-06-12 15:18 - 2021-06-12 15:18 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-06-11 23:25 - 2021-06-11 23:25 - 000000000 ____D C:\Program Files (x86)\F-Secure 2021-06-11 23:23 - 2021-06-11 23:23 - 001816408 _____ (F-Secure Corporation) C:\Users\Popp\Downloads\F-Secure-Safe-Network-Installer_w0dcsq1ndzdvf_.exe 2021-06-11 23:18 - 2021-06-11 23:18 - 000000085 _____ C:\WINDOWS\wininit.ini 2021-06-11 23:16 - 2021-06-17 23:06 - 000000000 ____D C:\ProgramData\F-Secure 2021-06-11 23:16 - 2021-06-11 23:28 - 000000000 ____D C:\Users\Popp\AppData\Local\F-Secure 2021-06-11 23:16 - 2021-06-11 23:16 - 001816408 _____ (F-Secure Corporation) C:\Users\Popp\Downloads\F-Secure-Safe-Network-Installer_hiapik1l4fm1x_.exe 2021-06-07 21:24 - 2021-06-07 21:24 - 000206842 _____ C:\Users\Popp\Desktop\070621.pdf 2021-06-06 21:54 - 2021-06-06 21:54 - 000000000 ____D C:\Users\Popp\AppData\Roaming\java 2021-06-06 21:52 - 2021-06-06 21:52 - 000191776 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2021-06-06 21:52 - 2021-06-06 21:52 - 000000000 ____D C:\Users\Popp\AppData\Roaming\Sun 2021-06-06 21:52 - 2021-06-06 21:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2021-06-06 21:52 - 2021-06-06 21:52 - 000000000 ____D C:\Program Files\Java 2021-06-06 21:51 - 2021-06-06 21:52 - 084613384 _____ (Oracle Corporation) C:\Users\Popp\Downloads\jre-8u291-windows-x64.exe 2021-06-04 09:59 - 2021-06-04 09:59 - 000104121 _____ C:\Users\Popp\Desktop\Angels Bestellung 4.6.21.pdf 2021-05-29 00:25 - 2021-05-29 00:25 - 000461881 _____ C:\Users\Popp\Desktop\Kaufvertrag Jimny.pdf 2021-05-26 19:59 - 2021-05-26 19:59 - 000287578 _____ C:\Users\Popp\Desktop\TT Doppelbestellung.pdf 2021-05-26 19:00 - 2021-05-26 19:00 - 000191356 _____ C:\Users\Popp\Desktop\Soya Fehlmenge.pdf 2021-05-25 11:43 - 2021-05-25 11:43 - 000002028 _____ C:\Users\Public\Desktop\AccountAlarm.lnk 2021-05-25 11:43 - 2021-05-25 11:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\Abelssoft 2021-05-25 11:43 - 2021-05-25 11:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AccountAlarm 2021-05-25 11:43 - 2021-05-25 11:43 - 000000000 ____D C:\ProgramData\Abelssoft 2021-05-25 11:43 - 2021-05-25 11:43 - 000000000 ____D C:\Program Files (x86)\AccountAlarm 2021-05-25 11:42 - 2021-05-25 11:42 - 004991544 _____ (Abelssoft ) C:\Users\Popp\Downloads\AccountAlarm_Setup.exe 2021-05-25 11:39 - 2021-05-25 11:43 - 000000000 ____D C:\Users\Popp\AppData\Local\Abelssoft 2021-05-25 11:39 - 2021-05-25 11:39 - 000000000 ____D C:\Users\Popp\AppData\Roaming\Abelssoft 2021-05-25 11:39 - 2021-05-25 11:39 - 000000000 ____D C:\ProgramData\XDMessagingv4 2021-05-25 11:38 - 2021-05-25 11:38 - 009815496 _____ (Abelssoft ) C:\Users\Popp\Downloads\AntiBrowserSpy-2020-CB-Online.exe 2021-05-20 21:34 - 2021-05-20 21:34 - 000054698 _____ C:\Users\Popp\Desktop\Muster_Testnachweis.pdf 2021-05-20 14:31 - 2021-05-20 14:31 - 000198824 ____N C:\Users\Popp\Desktop\Deurag.pdf ==================== Ein Monat (geänderte) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2021-06-18 23:32 - 2016-02-13 01:21 - 000000000 ____D C:\Users\Popp\AppData\Roaming\NetSpeedMonitor 2021-06-18 23:12 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-06-18 22:04 - 2020-10-02 15:38 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-06-18 17:37 - 2021-02-27 17:39 - 000000000 ____D C:\Users\Popp\AppData\Local\CrashDumps 2021-06-18 17:22 - 2020-10-02 15:47 - 000004152 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{ED39372D-3D4D-4158-A507-1EB9775FB781} 2021-06-18 14:36 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-06-18 14:33 - 2016-11-19 13:41 - 000000000 ____D C:\Users\Popp\AppData\LocalLow\Mozilla 2021-06-18 14:32 - 2021-05-18 09:14 - 000000000 ____D C:\AdwCleaner 2021-06-18 14:32 - 2017-04-04 14:40 - 000000000 ____D C:\Users\Popp\AppData\Local\Downloaded Installations 2021-06-18 14:32 - 2016-02-13 01:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2021-06-18 14:28 - 2020-10-02 15:46 - 001917390 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-06-18 14:28 - 2019-12-07 16:51 - 000820884 _____ C:\WINDOWS\system32\perfh007.dat 2021-06-18 14:28 - 2019-12-07 16:51 - 000177416 _____ C:\WINDOWS\system32\perfc007.dat 2021-06-18 14:28 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2021-06-18 14:21 - 2020-10-02 15:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-06-18 14:21 - 2020-10-02 15:38 - 000008192 ___SH C:\DumpStack.log.tmp 2021-06-18 14:21 - 2017-07-17 16:15 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2021-06-18 14:21 - 2016-02-16 14:46 - 000000000 ____D C:\Program Files\WinRAR 2021-06-18 14:21 - 2016-02-13 21:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-06-18 14:21 - 2016-02-13 03:57 - 000000000 __SHD C:\Users\Popp\IntelGraphicsProfiles 2021-06-18 14:19 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2021-06-18 14:14 - 2016-10-20 22:37 - 000000000 ____D C:\Program Files\VideoLAN 2021-06-18 14:12 - 2020-02-27 16:26 - 000000000 ____D C:\ProgramData\AnyDesk 2021-06-18 14:12 - 2020-02-27 16:26 - 000000000 ____D C:\Program Files (x86)\AnyDesk 2021-06-18 14:12 - 2020-02-27 16:23 - 000000000 ____D C:\Users\Popp\AppData\Roaming\AnyDesk 2021-06-18 14:11 - 2016-08-04 18:41 - 000000000 ____D C:\Program Files (x86)\Adobe 2021-06-18 13:07 - 2020-04-01 20:13 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-06-18 13:07 - 2020-04-01 20:13 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2021-06-18 13:07 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-06-18 12:20 - 2016-02-21 16:50 - 000000000 ____D C:\FL_Temp 2021-06-18 12:20 - 2016-02-13 00:59 - 000000000 ____D C:\Users\Popp\AppData\Local\VirtualStore 2021-06-18 09:49 - 2016-08-10 10:57 - 000000000 ____D C:\Users\Popp\Documents\Outlook-Dateien 2021-06-18 03:33 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-06-17 23:17 - 2018-05-22 11:53 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2021-06-17 23:06 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-06-17 17:18 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF 2021-06-17 17:16 - 2016-02-14 17:58 - 000000432 _____ C:\WINDOWS\BRWMARK.INI 2021-06-17 17:15 - 2016-02-18 02:34 - 000000000 ____D C:\Users\Popp\AppData\Local\ElevatedDiagnostics 2021-06-17 15:02 - 2017-07-17 21:48 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-06-17 15:02 - 2017-07-17 21:48 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2021-06-17 14:10 - 2020-10-02 15:47 - 000003360 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-814051134-1916513075-1057447149-1000 2021-06-17 14:10 - 2020-10-02 15:39 - 000002429 _____ C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-06-17 14:10 - 2016-02-13 14:52 - 000000000 ___RD C:\Users\Popp\OneDrive 2021-06-17 14:09 - 2016-02-13 21:08 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-06-17 14:08 - 2021-04-14 20:37 - 000000000 ____D C:\Program Files (x86)\SFirmV4 2021-06-17 14:07 - 2021-05-08 15:11 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-06-12 22:31 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-06-12 22:29 - 2020-10-02 15:38 - 000595832 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-06-12 22:28 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-06-12 22:28 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-06-12 22:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2021-06-12 22:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2021-06-12 22:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX 2021-06-12 22:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-06-12 22:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-06-12 22:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-06-12 22:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-06-12 22:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-06-12 22:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-06-12 22:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX 2021-06-12 22:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-06-12 22:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-06-12 22:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-06-12 22:28 - 2016-08-06 18:03 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2021-06-12 15:18 - 2016-02-13 00:56 - 000414020 __RSH C:\bootmgr 2021-06-11 23:24 - 2018-01-17 13:10 - 000000000 ____D C:\Program Files\Common Files\AV 2021-06-11 23:19 - 2021-02-23 17:06 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2021-06-11 23:18 - 2021-02-23 17:06 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy 2021-06-11 23:10 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2021-06-10 22:33 - 2016-02-13 03:42 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-06-10 22:30 - 2016-02-13 03:42 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-06-10 10:16 - 2017-12-10 18:06 - 000000000 ____D C:\Users\Popp\AppData\Local\Packages 2021-06-09 10:04 - 2017-07-17 16:15 - 000000000 ____D C:\Users\Popp\AppData\Roaming\TeamViewer 2021-06-06 22:44 - 2017-09-12 08:28 - 000000000 ____D C:\Users\Popp\AppData\Roaming\Tangysoft 2021-06-06 21:54 - 2018-12-24 01:15 - 000000000 ____D C:\Users\Popp\.mediathek3 2021-06-05 12:11 - 2018-02-07 18:07 - 000000000 ____D C:\Users\Popp\Documents\Rechnungen Buchhaltungsmonat 2021-06-04 10:24 - 2019-01-30 15:21 - 000000000 ____D C:\ProgramData\Mozilla 2021-06-01 10:26 - 2017-11-30 21:14 - 000000000 ____D C:\Users\Popp\Documents\SFIRM KTO 2021-05-30 22:38 - 2021-05-08 15:11 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-05-30 22:38 - 2021-05-08 15:11 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-05-23 12:37 - 2019-10-12 14:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2021-05-23 12:37 - 2019-08-29 16:24 - 000002583 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2021-05-23 12:37 - 2019-08-29 16:24 - 000002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2021-05-23 12:37 - 2019-08-29 16:24 - 000002558 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2021-05-23 12:37 - 2019-08-29 16:24 - 000002536 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2021-05-23 12:37 - 2019-08-29 16:24 - 000002533 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2021-05-23 12:37 - 2019-08-29 16:24 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2021-05-23 12:37 - 2019-08-29 16:24 - 000002497 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk 2021-05-23 12:37 - 2019-08-29 16:24 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======== 2016-02-22 21:12 - 2016-02-22 21:13 - 000037226 _____ () C:\Program Files (x86)\DLS8Uninstall.log 2016-02-13 19:55 - 2016-02-13 19:55 - 000000000 _____ () C:\Users\Popp\AppData\Roaming\gdfw.log 2016-02-13 19:55 - 2021-05-17 22:37 - 000002337 _____ () C:\Users\Popp\AppData\Roaming\gdscan.log 2016-05-19 13:08 - 2020-11-03 19:25 - 000000175 _____ () C:\Users\Popp\AppData\Roaming\Opusbext.dat 2019-09-23 23:45 - 2019-09-23 23:45 - 000007655 _____ () C:\Users\Popp\AppData\Local\Resmon.ResmonCfg 2008-02-05 14:28 - 2008-02-05 14:28 - 000000051 _____ () C:\Users\Popp\AppData\Local\setup.txt ==================== SigCheck ============================ (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) ==================== Ende von FRST.txt ======================== Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 16-06-2021 durchgeführt von Popp (18-06-2021 23:32:53) Gestartet von C:\Users\Popp\Downloads Windows 10 Pro Version 2004 19041.1052 (X64) (2020-10-02 13:48:02) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-814051134-1916513075-1057447149-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-814051134-1916513075-1057447149-503 - Limited - Disabled) Gast (S-1-5-21-814051134-1916513075-1057447149-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-814051134-1916513075-1057447149-1002 - Limited - Enabled) Popp (S-1-5-21-814051134-1916513075-1057447149-1000 - Administrator - Enabled) => C:\Users\Popp WDAGUtilityAccount (S-1-5-21-814051134-1916513075-1057447149-504 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8} AV: G DATA INTERNET SECURITY (Disabled - Up to date) {A9C56A9B-ECCD-57EA-78F6-92511DA1C885} AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: G DATA INTERNET SECURITY (Disabled) {91FEEBBE-A6A2-56B2-53A9-3B64E3728FFE} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) AccountAlarm 2021 (HKLM-x32\...\f9a6b7ed-0223-427f-8e73-61c3d74aa8f1_is1) (Version: 3.01 - Abelssoft) ActKey (HKLM-x32\...\{681B82EF-A457-4849-AABC-5B6099380FA5}) (Version: 1.7.1.0 - Oki Data Corporation) Hidden ASUS MultiFrame (HKLM-x32\...\{FB4D076A-DEFD-4EAF-AD63-70D5A3BC262A}) (Version: 1.1.0 - ASUS) AusweisApp2 (HKLM-x32\...\{85FBA664-D994-4E05-BBF8-E531E73D99EA}) (Version: 1.20.0 - Governikus GmbH & Co. KG) AVM FRITZ!Box AddOn (IE) (HKLM-x32\...\{CEAD06D8-D033-4D2A-9328-AF49089E129F}) (Version: 1.7.0 - AVM Berlin) Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.) CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6229 - CDBurnerXP) Chrome Remote Desktop Host (HKLM-x32\...\{536BCB9B-9D3F-493F-9236-8D50A93B70F9}) (Version: 91.0.4472.10 - Google LLC) Corel Compatibility Pack (HKLM-x32\...\{77ECF7E9-5758-4965-803D-77AABC474747}) (Version: 12.4518.1018 - Corel Corporation) Corel Graphics - Windows Shell Extension (HKLM\...\_{340C451C-F2FD-4309-B259-580FD5E44025}) (Version: 18.1.0.661 - Corel Corporation) Corel Graphics - Windows Shell Extension (HKLM\...\{340C451C-F2FD-4309-B259-580FD5E44025}) (Version: 18.1.661 - Corel Corporation) Hidden Corel Graphics - Windows Shell Extension 32 Bit Keys (HKLM\...\{B86D7255-2418-45F1-A36F-7E1FF617550C}) (Version: 18.1.661 - Corel Corporation) Hidden Corel Update Manager (HKLM\...\{B8C05FFE-C36F-4F17-AD20-739E4BC65AC9}) (Version: 2.11.552 - Corel corporation) Hidden CorelDRAW Graphics Suite X8 - IPM Content (x64) (HKLM\...\{FB081BA0-08D2-4C8C-9E55-788A90430BE3}) (Version: 18.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - IPM T (x64) (HKLM\...\{A040C72A-0ADC-4FB9-9DB4-19B18F6053F1}) (Version: 18.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 - Writing Tools (x64) (HKLM\...\{23A2ABD8-8231-48AD-AD71-FF0566A7DD8F}) (Version: 18.1 - Corel Corporation) Hidden CorelDRAW Graphics Suite X8 (64-Bit) (HKLM\...\_{4B3FC55D-E999-4BEC-AF29-1091E574961F}) (Version: 18.1.0.661 - Corel Corporation) CR11_Reportengine (HKLM-x32\...\{00012160-D627-44B3-A1C5-3D14672837EA}) (Version: 11.0.0.0 - NBD-Systems) cyberJack Base Components (HKLM-x32\...\{FC338210-F594-11D3-BA24-00001C3AB4DF}) (Version: 7.7.2 - REINER SCT) Datalogic Aladdin (HKLM-x32\...\Aladdin) (Version: 1.12.0.0 - datalogic.com) Dell System Detect (HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell) Design & Print (HKLM-x32\...\Design & Print 4.0.0) (Version: 4.0.0 - Avery Zweckform) DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery) DeskPins (HKLM-x32\...\DeskPins) (Version: 1.32 - Elias Fotinis) devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 5.1.4.0 - devolo AG) DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.) etope Lister 2 (HKLM-x32\...\etope Lister_is1) (Version: - Freshworx GmbH & Co.KG) Evolis Premium Suite version 6.29.0.1183 (HKLM\...\Evolis Premium Suite_is1) (Version: 6.29.0.1183 - Evolis Card Printer) eXtra Buttons (HKLM-x32\...\eXtra Buttons) (Version: - ) FashionLager25_BASIS (HKLM-x32\...\FashionLager25_BASIS) (Version: 2.60.0.94 - NBD-Systems) FashionLager30 (HKLM-x32\...\{93AB2D0A-5A7F-4548-A7BF-B86937A05E5A}) (Version: 3.5.0.163 - NBD-Systems) Free Alarm Clock (HKLM-x32\...\{8ED5A2F1-338F-4608-8AF7-BCD1ADC1E1F7}_is1) (Version: 4.0.1.0 - Comfort Software Group) FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: - Marek Jasinski) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Hidden Gigaset QuickSync (HKLM\...\{5f46d2d1-51d8-4682-8092-c7d8964f9cfc}) (Version: 8.6.0881.1 - Gigaset Communications GmbH) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.106 - Google LLC) INSTAR Camera Tool (HKLM-x32\...\{B69EDBC4-E9D7-4DCA-B636-B8B9E8BC05CC}) (Version: 2.0.7.0 - INSTAR Deutschland GmbH) InstarVision 2.7 (HKLM-x32\...\InstarVision_is1) (Version: 2.7 - INSTAR Deutschland GmbH) Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel(R) Network Connections 16.8.45.00 (HKLM\...\PROSetDX) (Version: 16.8.45.00 - Dell) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) iSpy (64 bit) (HKLM\...\{94BF44A0-CBD4-428A-84FC-C80064865F2A}) (Version: 6.8.5.0 - DeveloperInABox) iSpy package installer (64 bit) (HKLM-x32\...\{f9edb82a-15a3-4dba-86f5-425d6c74b283}) (Version: 6.8.5.0 - DeveloperInABox) Java 8 Update 291 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180291F0}) (Version: 8.0.2910.10 - Oracle Corporation) MagentaCLOUD Software (HKLM-x32\...\{4ED18EBF-A841-45C5-A05F-3FCC5C6BFFA1}) (Version: 5.5.0.0 - Deutsche Telekom AG) Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes) Mediaport (HKLM-x32\...\Mediaport) (Version: - ) MergeModule_x64 (HKLM\...\{12DCC5A7-0100-4433-B4FF-217A3C5DC83B}) (Version: 9.3.00 - Sony Corporation) Hidden MergeModule_x86 (HKLM-x32\...\{42251A8D-C4AE-4D3B-8A50-948CB98A0969}) (Version: 10.5.00 - Sony Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.53 - Microsoft Corporation) Microsoft ODBC Driver 17 for SQL Server (HKLM\...\{DBCD7798-30AE-474B-A733-717996DCCA41}) (Version: 17.6.1.1 - Microsoft Corporation) Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.14026.20270 - Microsoft Corporation) Microsoft OLE DB Driver for SQL Server (HKLM\...\{EE6D1BC2-277F-4841-8FC9-DE132F856BB8}) (Version: 18.2.1.0 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\OneDriveSetup.exe) (Version: 21.099.0516.0003 - Microsoft Corporation) Microsoft SQL Server 2017 LocalDB (HKLM\...\{216778FC-CC9A-4D47-AF5E-8223A37626D4}) (Version: 14.0.1000.169 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{dd8b09df-3ef8-49f1-bd1a-65278435860b}) (Version: 14.0.23217 - Microsoft Corporation) MiniTool ShadowMaker Free Edition (HKLM-x32\...\MT-75D7C412-925B-4AD0-90DC-5E4FEE22EAE1_is1) (Version: 3.6 - MiniTool Software Limited) Mozilla Firefox 89.0.1 (x64 de) (HKLM\...\Mozilla Firefox 89.0.1 (x64 de)) (Version: 89.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1 - Mozilla) NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 18.0.1 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.14026.20270 - Microsoft Corporation) Hidden Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.14026.20270 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.14026.20246 - Microsoft Corporation) Hidden OKI ActKey (HKLM-x32\...\InstallShield_{681B82EF-A457-4849-AABC-5B6099380FA5}) (Version: 1.7.1.0 - Oki Data Corporation) OKI Color Swatch-Dienstprogramm (HKLM-x32\...\{A344F95E-E51A-450C-8F84-C940BF61903E}) (Version: 2.1.12 - Okidata) OKI MC5(3)x2/ES5(3)4x2 Scanner (HKLM-x32\...\InstallShield_{14915907-DB64-49DC-BB9D-1935D38CD250}) (Version: 1.0.2.0 - Oki Data Corporation) OKI Network Extension (HKLM-x32\...\{38ADB9A6-798C-11D6-A855-00105A80791C}) (Version: 1.00.000 - Okidata) Opera Stable 45.0.2552.635 (HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\Opera 45.0.2552.635) (Version: 45.0.2552.635 - Opera Software) PlayMemories Home (HKLM-x32\...\{D3981248-DBE7-4050-B666-A7FE5AFFC62C}) (Version: 5.5.01.05091 - Sony Corporation) Plex Media Server (HKLM-x32\...\{2fb84613-d20f-4778-8955-66178d5dee6f}) (Version: 1.10.1.4602 - Plex, Inc.) Plex Media Server (HKLM-x32\...\{CB3C17B5-1DE6-4D78-9447-38C6F1277A2A}) (Version: 1.10.1602 - Plex, Inc.) Hidden PMB_ModeEditor (HKLM-x32\...\{E95982CA-945F-41F2-B156-A603897AB242}) (Version: 10.3.00 - Sony Corporation) Hidden PMB_ServiceUploader (HKLM-x32\...\{7D3A0097-9E0E-4073-801C-295BBDAEAED8}) (Version: 10.5.01 - Sony Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6075 - Realtek Semiconductor Corp.) remove.bg (HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\remove) (Version: 1.4.1 - Kaleido AI GmbH) Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 6.3.0.330 - Samsung Electronics) ScannerDriver (HKLM\...\{14915907-DB64-49DC-BB9D-1935D38CD250}) (Version: 1.0.2.0 - Oki Data Corporation) Hidden SFirm (HKLM-x32\...\{837075BE-29D5-49EB-A316-DCBB81EC96C3}) (Version: 4.55.52.400.0 - Star Finanz GmbH) SOHLib for PlayMemories Home (HKLM\...\{E6F6EB33-C0A6-4277-98C4-3529DE87D5B1}) (Version: 1.0.4.03050 - Sony Corporation) Hidden Stopping Plex (HKLM-x32\...\{5E4EA395-F2C2-4A16-A4C7-99897E1859F2}) (Version: 1.10.1602 - Plex, Inc.) Hidden supra IPCam (HKLM-x32\...\{A18AE023-7013-4381-95B8-6C383EEE99CE}) (Version: 1.9.1.0 - SUPRA Foto-Elektronik-Vertriebs-GmbH) Tangysoft (HKLM-x32\...\Tangysoft_is1) (Version: - Tangysoft Ltd.) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.18.5 - TeamViewer) TechniPort Plus Beta (HKLM-x32\...\TechniPort Plus Beta) (Version: 0.9.5.4_beta - TechniSat) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation) USBCOMInstaller (HKLM-x32\...\{E9AAAF26-52A4-4A44-AA14-708EB7A9BC58}) (Version: 6.3.2 - Datalogic) VirtualDJ 8 (HKLM-x32\...\{E1962904-0960-42F6-9072-3EC7D66A5495}) (Version: 8.2.3994.0 - Atomix Productions) Packages: ========= InstarVision -> C:\Program Files\WindowsApps\INSTARDeutschlandGmbH.InstarVision_1.2.8.0_x64__v4jvt15wr9gya [2020-12-01] (INSTAR Deutschland GmbH) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-18] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.5310.0_x64__8wekyb3d8bbwe [2021-06-06] (Microsoft Studios) [MS Ad] MSN Sport -> C:\Program Files\WindowsApps\Microsoft.BingSports_4.36.20714.0_x64__8wekyb3d8bbwe [2020-03-24] (Microsoft Corporation) [MS Ad] Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-12] (Twitter Inc.) WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2016-02-13] (Microsoft Corporation) XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52 [2021-06-06] (New Work SE) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-814051134-1916513075-1057447149-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) ShellIconOverlayIdentifiers: [ MagentaOverlayIconCheck] -> {4dfbbee1-4bea-3ce8-883e-009600f0a407} => C:\Program Files (x86)\Telekom\MagentaCloud\ShellExtensions\MagentaCloudShellExtensions.dll [2018-02-14] (Deutsche Telekom AG -> ) ShellIconOverlayIdentifiers: [ MagentaOverlayIconError] -> {7f0bb1a7-0c46-3fce-8520-71fc13a3eada} => C:\Program Files (x86)\Telekom\MagentaCloud\ShellExtensions\MagentaCloudShellExtensions.dll [2018-02-14] (Deutsche Telekom AG -> ) ShellIconOverlayIdentifiers: [ MagentaOverlayIconSync] -> {18ad8c11-3ce2-348e-a6e9-833f0571c2cf} => C:\Program Files (x86)\Telekom\MagentaCloud\ShellExtensions\MagentaCloudShellExtensions.dll [2018-02-14] (Deutsche Telekom AG -> ) ContextMenuHandlers1: [MagentaCopyExtension] -> {a6d27c21-925c-3983-9a5b-75c8af3c2abc} => C:\Program Files (x86)\Telekom\MagentaCloud\ShellExtensions\MagentaCloudShellExtensions.dll [2018-02-14] (Deutsche Telekom AG -> ) ContextMenuHandlers1: [MagentaShareExtension] -> {75829b29-e291-3968-917d-0c7828857580} => C:\Program Files (x86)\Telekom\MagentaCloud\ShellExtensions\MagentaCloudShellExtensions.dll [2018-02-14] (Deutsche Telekom AG -> ) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-08] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [MagentaCopyExtension] -> {a6d27c21-925c-3983-9a5b-75c8af3c2abc} => C:\Program Files (x86)\Telekom\MagentaCloud\ShellExtensions\MagentaCloudShellExtensions.dll [2018-02-14] (Deutsche Telekom AG -> ) ContextMenuHandlers4: [MagentaShareExtension] -> {75829b29-e291-3968-917d-0c7828857580} => C:\Program Files (x86)\Telekom\MagentaCloud\ShellExtensions\MagentaCloudShellExtensions.dll [2018-02-14] (Deutsche Telekom AG -> ) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-05-08] (Malwarebytes Corporation -> Malwarebytes) ==================== Codecs (Nicht auf der Ausnahmeliste) ==================== ==================== Verknüpfungen & WMI ======================== (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com ShortcutWithArgument: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============= 2016-02-14 17:58 - 2005-04-22 14:36 - 000143360 _____ () [Datei ist nicht signiert] C:\WINDOWS\system32\BrSNMP64.dll 2016-02-14 17:58 - 2009-02-24 15:01 - 000082944 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\WINDOWS\system32\BrNetSti.dll 2010-04-05 00:08 - 2010-04-05 00:08 - 001253376 _____ (Florian Gilles) [Datei ist nicht signiert] C:\Program Files\NetSpeedMonitor\nsm.dll 2020-04-18 14:44 - 2020-04-18 14:44 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\AppVIsvSubsystems32.dll 2020-04-18 14:44 - 2020-04-18 14:44 - 000000000 ____L (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Root\Office16\c2r32.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\TEMP:CB0AACC9 [153] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ================= ==================== Internet Explorer (Nicht auf der Ausnahmeliste) ========== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-c9ac31fc HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-814051134-1916513075-1057447149-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00 SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c9ac31fc&q={searchTerms} SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c9ac31fc&q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c9ac31fc&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c9ac31fc&q={searchTerms} SearchScopes: HKU\S-1-5-21-814051134-1916513075-1057447149-1000 -> DefaultScope {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00 SearchScopes: HKU\S-1-5-21-814051134-1916513075-1057447149-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-c9ac31fc&q={searchTerms} SearchScopes: HKU\S-1-5-21-814051134-1916513075-1057447149-1000 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00 BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2021-05-27] (Microsoft Corporation -> Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_291\bin\ssv.dll [2021-06-06] (Oracle America, Inc. -> Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-06-06] (Oracle America, Inc. -> Oracle Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2021-05-27] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: FRITZ!Box Addon BHO -> {C0C86BBE-9509-4296-8459-FDBFDAF4B673} -> C:\Program Files (x86)\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll [2012-12-11] (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-27] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-27] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-27] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2021-05-27] (Microsoft Corporation -> Microsoft Corporation) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Da befinden sich 7940 mehr Seiten. IE trusted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\localhost -> localhost IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\123simsen.com -> www.123simsen.com Da befinden sich 7940 mehr Seiten. IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\...\123simsen.com -> www.123simsen.com Da befinden sich 7940 mehr Seiten. ==================== Hosts Inhalt: ========================= (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2009-07-14 04:34 - 2021-05-03 15:05 - 000454708 ____R C:\WINDOWS\system32\drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123haustiereundmehr.com 127.0.0.1 123moviedownload.com 127.0.0.1 www.123moviedownload.com Da befinden sich 15607 zusätzliche Einträge. ==================== Andere Bereiche =========================== (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;%C_EM64T_REDIST11%bin\Intel64;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Microsoft SQL Server\140\Tools\Binn\ HKU\S-1-5-21-814051134-1916513075-1057447149-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg HKU\S-1-5-80-984045770-530578318-3922014146-158851812-3803115751\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Keine Datei) ist aktiviert. Network Binding: ============= LAN-Verbindung: DSL-Manager NDIS LightWeight Filter -> TS_DslMNLwf (enabled) ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) HKLM\...\StartupApproved\StartupFolder: => "Evolis Printer Manager.lnk" HKLM\...\StartupApproved\StartupFolder: => "AnyDesk.lnk" HKLM\...\StartupApproved\Run32: => "SfWinStartInfoV3" HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher" HKLM\...\StartupApproved\Run32: => "SFUpdateProviderV3" HKLM\...\StartupApproved\Run32: => "SfWinStartInfoV4" HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\StartupApproved\StartupFolder: => "MagentaCLOUD.lnk" HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\StartupApproved\StartupFolder: => "DeskPins.lnk" HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\StartupApproved\Run: => "Plex Media Server" HKU\S-1-5-21-814051134-1916513075-1057447149-1000\...\StartupApproved\Run: => "FreeAC" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{F3F6BBDE-41C9-4107-9A68-1DCFE8F3B67E}] => (Allow) LPort=24727 FirewallRules: [AusweisApp2-Firewall-Rule] => (Allow) C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe (Governikus GmbH & Co. KG -> Governikus GmbH & Co. KG) FirewallRules: [{878CB2C3-FA3F-4CF6-AB11-F7A0B4945011}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs64\CorelPP.exe (Corel Corporation -> Corel Corporation) FirewallRules: [{383DDAB0-8202-4924-894B-D9605A2CF475}] => (Block) c:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs64\CorelDrw.exe (Corel Corporation -> Corel Corporation) FirewallRules: [{850192EF-98A6-4420-AB6B-7F6A2D81901B}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG) FirewallRules: [{3D94C631-18F3-421C-B9A6-F94A704550D9}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe => Keine Datei FirewallRules: [{ED92C0F5-D9DB-4405-AEFB-5E969EF4F0E4}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe => Keine Datei FirewallRules: [{CFEDD57F-9EFD-4B2C-8A66-A4805A17705C}] => (Allow) C:\Program Files (x86)\MediaMonkey\MediaMonkey (non-skinned).exe => Keine Datei FirewallRules: [{AE58AFA8-5FF4-4422-8092-BEB8908A106C}] => (Allow) C:\Users\Popp\AppData\Local\Temp\7zS0455\HP.EasyStart.exe => Keine Datei FirewallRules: [{A6DAB0C7-50A0-405B-8E91-73C2E79DC8F7}] => (Allow) C:\Users\Popp\AppData\Local\Temp\7zS1D7D\hppiw.exe => Keine Datei FirewallRules: [{C3FF59FA-C570-4151-813A-EFD80EFD5219}] => (Allow) C:\Users\Popp\AppData\Local\Temp\7zS1D7D\hppiw.exe => Keine Datei FirewallRules: [{E28033C6-6C4D-4831-BE91-F29FCAD5E9EE}] => (Allow) C:\Users\Popp\AppData\Local\Apps\2.0\2QOQ5T5R.7YR\RWBXXQZ1.BZX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) FirewallRules: [{B72EFB59-3D37-490C-8A04-82B242C5E045}] => (Allow) C:\Users\Popp\AppData\Local\Apps\2.0\2QOQ5T5R.7YR\RWBXXQZ1.BZX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) FirewallRules: [{A74440DF-D0F6-41C8-84CD-41C2B46C0410}] => (Allow) C:\Program Files (x86)\Okidata\ActKey\Network Configuration.exe (Oki Data Corporation -> Oki Data Corporation) FirewallRules: [{E2456D5C-EFDB-46CA-B32F-18776392472C}] => (Allow) C:\Program Files (x86)\Okidata\ActKey\Network Configuration.exe (Oki Data Corporation -> Oki Data Corporation) FirewallRules: [{4F2E2099-B2FC-42D7-A837-3F03FD62AAE6}] => (Allow) C:\Users\Popp\AppData\Local\Apps\2.0\2QOQ5T5R.7YR\RWBXXQZ1.BZX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) FirewallRules: [{9A7154A5-27F3-4F2C-9869-D0170B21F92C}] => (Allow) C:\Users\Popp\AppData\Local\Apps\2.0\2QOQ5T5R.7YR\RWBXXQZ1.BZX\frit..tion_b5355c80db433451_0002.0003_6ff5e44d5e38db65\fritzbox-usb-fernanschluss.exe (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) FirewallRules: [{191C2C30-4980-4A31-89D4-4F16679172FF}] => (Allow) C:\Users\Popp\Downloads\NetworkRepairTool\BrotherNetTool.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.) FirewallRules: [{9F292F20-CB5D-453B-A464-9E4DB2F205B5}] => (Allow) C:\Users\Popp\Downloads\NetworkRepairTool\BrotherNetTool.exe (Brother Industries, Ltd. -> Brother Industries, Ltd.) FirewallRules: [{65D3BF4C-B1E1-4BAC-BCC7-7391D0D0F1A5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{DAE34DC0-14AF-462F-9336-2E48C4E2C0A9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{302E2FEF-F130-476D-80CF-A9C37598725B}] => (Allow) LPort=54925 FirewallRules: [{F3E7BDA1-BA7B-4CF8-8342-BF7832CCC39B}] => (Allow) C:\Program Files (x86)\Brother\Brmfl05c\FAXRX.exe (Brother Industries Ltd.) [Datei ist nicht signiert] FirewallRules: [{FFF40EB1-FCB7-4BB3-BF58-6D430299FFF4}] => (Allow) C:\Program Files (x86)\Brother\Brmfl05c\FAXRX.exe (Brother Industries Ltd.) [Datei ist nicht signiert] FirewallRules: [{6E93809B-1652-4C44-A892-F667EE33F5D7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{5FDE57E0-8A07-4649-90C0-943B99675DE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{F263DF15-808F-4BD9-8535-339D85ED2E00}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc -> Plex, Inc.) FirewallRules: [{554A5D22-6CAF-49DC-B529-8914F5085B22}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe (Plex, Inc -> Python Software Foundation) FirewallRules: [{67A6CF1F-FB44-4B11-980F-4F6FA61455EB}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe (Plex, Inc -> Plex, Inc.) FirewallRules: [{A4DBEB37-0BC6-4289-8BB0-FA89610938C9}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe (Plex, Inc -> Plex) FirewallRules: [{8785A877-5A6E-4345-B766-FFC443B7CBDA}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation -> Sony Corporation) FirewallRules: [{7E1DCDED-CEB6-4C73-A029-129BA079B4A6}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation -> Sony Corporation) FirewallRules: [{FCEE4855-F955-42E9-9368-1D28A562A3E3}] => (Allow) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation -> Sony Corporation) FirewallRules: [{591E2BA7-8B9D-4976-9983-E74F6F18B6EC}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{7B5F30F4-347D-43D5-8FE0-B982970B9E27}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{4A7E9716-6177-4B1B-A160-194467D6008C}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG) FirewallRules: [{C731EAA5-CE18-4710-AF90-CCA0CAABB963}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG) FirewallRules: [{6768F3EB-00DD-4496-99DA-506721E1B4AD}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\91.0.4472.10\remoting_host.exe (Google LLC -> Google LLC) FirewallRules: [{9C2AD135-044F-4B22-9A53-382379574EB6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{D013629A-239C-4830-B0EB-6AC4F295D072}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{DCBA90FD-0E70-43CC-9838-90FE62411F7D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{743EC59B-1E17-4CF2-9ACD-53448BEE502C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{226E2B74-F162-4BF2-9B98-2C45F9CC8956}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{32BB6287-5F8D-4A60-BADD-1E863460E572}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{F3FDDCE8-061F-4981-B524-92246E4468FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{58961C23-F552-434A-A29E-236B44E3D937}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{438D4C31-31A3-4FEC-8BE4-D77A3D915960}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{BBB29F11-756E-49F8-BB75-96E3802E0192}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{EA9511BE-A53F-4EAC-9156-99ABD7D2C915}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{A4AE547D-287F-4B2C-AB67-898ADD69D585}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> ) FirewallRules: [{64CCA687-44A8-4F4A-88B2-BC28445A4A5D}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> ) FirewallRules: [{6DA9460F-BE41-4A44-961B-D6F63E376BC6}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Keine Datei FirewallRules: [{EF32C0B2-ECAF-40FD-9A21-4856AAC7A2B8}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Keine Datei FirewallRules: [{A28BF48A-685E-4F4E-9874-6C6EB8E10035}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Keine Datei FirewallRules: [{02D439D1-2C02-4A77-A8CD-A6E2CB2C4308}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Keine Datei FirewallRules: [{BC177520-2CC6-4A76-822E-9315E6CCE387}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Keine Datei FirewallRules: [{4C32FCED-D8C3-422C-9A3E-FF67D136954A}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe => Keine Datei FirewallRules: [{7B86CDE9-878A-4043-A56B-E4FD55F0F305}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{29D25F42-61A6-4801-994C-ACEFF79C6546}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> ) FirewallRules: [{19458DFA-D329-4674-BBDF-1BAE0035B34F}] => (Allow) C:\Program Files (x86)\MiniTool ShadowMaker\AgentService.exe (MiniTool Software Limited -> ) ==================== Wiederherstellungspunkte ========================= ==================== Fehlerhafte Geräte im Gerätemanager ============ Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Fehlereinträge in der Ereignisanzeige: ======================== Applikationsfehler: ================== Error: (06/18/2021 05:37:56 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: igfxext.exe, Version: 6.15.10.4358, Zeitstempel: 0x567856cc Name des fehlerhaften Moduls: igfxext.exe, Version: 6.15.10.4358, Zeitstempel: 0x567856cc Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000084b0 ID des fehlerhaften Prozesses: 0x21d0 Startzeit der fehlerhaften Anwendung: 0x01d76457e76b80b4 Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\igfxext.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\system32\igfxext.exe Berichtskennung: 6c207237-b2ce-498c-acd1-c22118f0d6db Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (06/18/2021 02:22:19 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: DELL-PC) Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126). Error: (06/18/2021 02:21:43 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: FreemakeUtilsService.exe, Version: 1.0.0.0, Zeitstempel: 0x5e709015 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.19041.1023, Zeitstempel: 0xcbf6f7d1 Ausnahmecode: 0xe0434352 Fehleroffset: 0x0012a6f2 ID des fehlerhaften Prozesses: 0xf8c Startzeit der fehlerhaften Anwendung: 0x01d7643c7f0133f8 Pfad der fehlerhaften Anwendung: C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll Berichtskennung: 54b876a4-3ec5-4dc7-b027-060365c94026 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (06/18/2021 02:21:42 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: FreemakeUtilsService.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.IO.FileNotFoundException bei FreemakeUtilsService.Program.Main(System.String[]) Error: (06/18/2021 11:36:06 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\WINDOWS\Twain_32\okidata\012\common\MFC80U.DLL". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\Twain_32\okidata\012\common\Microsoft.VC80.MFCLOC.MANIFEST" in Zeile 5. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.42". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (06/18/2021 11:36:06 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\WINDOWS\Twain_32\okidata\012\common\MFC80U.DLL". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\Twain_32\okidata\012\common\Microsoft.VC80.MFCLOC.MANIFEST" in Zeile 5. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.42". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (06/18/2021 11:36:06 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\WINDOWS\Twain_32\okidata\012\common\MFC80U.DLL". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\Twain_32\okidata\012\common\Microsoft.VC80.MFCLOC.MANIFEST" in Zeile 5. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.42". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error: (06/18/2021 11:36:06 AM) (Source: SideBySide) (EventID: 35) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "C:\WINDOWS\Twain_32\okidata\012\common\MFC80U.DLL". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\Twain_32\okidata\012\common\Microsoft.VC80.MFCLOC.MANIFEST" in Zeile 5. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0". Definition: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.42". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Systemfehler: ============= Error: (06/18/2021 07:15:20 PM) (Source: volsnap) (EventID: 35) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht vergrößert werden kann. Error: (06/18/2021 02:33:23 PM) (Source: SNMP) (EventID: 1500) (User: ) Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten. Error: (06/18/2021 02:32:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/18/2021 02:32:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "VAIO Entertainment Common Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/18/2021 02:32:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "SNMP-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/18/2021 02:32:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/18/2021 02:32:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "DSL-Manager" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/18/2021 02:32:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "cyberJack PC/SC COM Service " wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Windows Defender: ================ Date: 2021-06-18 04:04:09 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {847F226B-5D2A-443F-A89D-2D4A950D9D52} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM Date: 2021-06-17 23:15:50 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/LoadMoney&threatid=223699&enterprise=0 Name: PUA:Win32/LoadMoney Schweregrad: Niedrig Kategorie: Potenziell unerwünschte Software Pfad: file:_C:\Users\Popp\Downloads\DesignPrintDE-3.0.2.exe Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Echtzeitschutz Benutzer: DELL-PC\Popp Prozessname: C:\Windows\explorer.exe Sicherheitsversion: AV: 1.341.922.0, AS: 1.341.922.0, NIS: 1.341.922.0 Modulversion: AM: 1.1.18200.4, NIS: 1.1.18200.4 CodeIntegrity: =============== Date: 2021-06-17 23:06:51 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\F-Secure\SAFE\Ultralight\ulcore\1623843446\fsamsi64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Speicherinformationen =========================== BIOS: Dell Inc. A08 09/19/2012 Hauptplatine: Dell Inc. 0KRC95 Prozessor: Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz Prozentuale Nutzung des RAM: 37% Installierter physikalischer RAM: 12174.54 MB Verfügbarer physikalischer RAM: 7558.28 MB Summe virtueller Speicher: 24462.54 MB Verfügbarer virtueller Speicher: 19872.22 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:237.96 GB) (Free:0 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)] Drive e: (TOSHIBA EXT) (Fixed) (Total:3725.88 GB) (Free:3482.01 GB) exFAT \\?\Volume{f19a3873-0000-0000-0000-407d3b000000}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS ==================== MBR & Partitionstabelle ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 238.5 GB) (Disk ID: F19A3873) Partition 1: (Active) - (Size=238 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=529 MB) - (Type=27) ========================================================== Disk: 1 (Size: 3726 GB) (Disk ID: 57768FBF) Partition: GPT. ==================== Ende von Addition.txt ======================= |
18.06.2021, 22:37 | #26 |
| WIN10 PC gehackt, T-Online Emails werden in meinem Namen versendet, Fremdzugriff über TeamViewer?Code:
ATTFilter Untersuchungsergebnis der Verknüpfungen des Benutzers (x64) Version: 16-06-2021 durchgeführt von Popp (18-06-2021 23:34:47) Gestartet von C:\Users\Popp\Downloads Start-Modus: Normal ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AusweisApp2.lnk -> C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe (Governikus GmbH & Co. KG) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk -> C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe (Canneverbe Limited) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock.lnk -> C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\supra IPCam Config.lnk -> C:\Program Files (x86)\supra IPCam\IPCConfig.exe (SUPRA Foto-Elektronik-Vertriebs-GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Telekom\MagentaCLOUD\MagentaCLOUD.lnk -> C:\Program Files (x86)\Telekom\MagentaCloud\MagentaCloud.App.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tangysoft\Tangysoft.lnk -> C:\Program Files (x86)\Tangysoft\Tangysoft.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Evolis Printer Manager.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\PrinterManager.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SFirm 4.0\Automat.lnk -> C:\Program Files (x86)\SFirmV4\SFAutomat.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SFirm 4.0\Automatischer Versand.lnk -> C:\Program Files (x86)\SFirmV4\SfAutosend.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SFirm 4.0\SFirm 4.0.lnk -> C:\Program Files (x86)\SFirmV4\SFirm.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SFirm 4.0\SFirm Hilfe und Support.lnk -> C:\Program Files (x86)\SFirmV4\SFSupport.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SFirm 3.2\Automat.lnk -> C:\Program Files (x86)\SFirmV3\SFAutomat.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SFirm 3.2\Automatischer Versand.lnk -> C:\Program Files (x86)\SFirmV3\SfAutosend.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SFirm 3.2\SFirm 3.2.lnk -> C:\Program Files (x86)\SFirmV3\SFirm.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SFirm 3.2\SFirm Hilfe und Support.lnk -> C:\Program Files (x86)\SFirmV3\SFSupport.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician\Samsung Magician entfernen.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician\Samsung Magician.lnk -> C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe (Samsung Electronics Co., Ltd.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REINER SCT cyberJack\cyberJack Gerätemanager, Funktionstest.lnk -> C:\Program Files (x86)\REINER SCT\cyberJack\cJCC.exe (REINER SCT) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server\Plex Media Server.lnk -> C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home\Initialisierungswerkzeug für Einstellungen für PlayMemories Home.lnk -> C:\Program Files (x86)\Sony\PlayMemories Home\PMBInit.exe (Sony Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home\PlayMemories Home.lnk -> C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe (Sony Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Okidata\Color Swatch-Dienstprogramm\Color Swatch-Dienstprogramm.lnk -> C:\Program Files\Okidata\Color Swatch Utility\Swatch.exe (Oki Data Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Okidata\ActKey\ActKey.lnk -> C:\Program Files (x86)\Okidata\ActKey\ActKey.exe (Oki Data Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Okidata\ActKey\Extras\Netzwerkkonfiguration.lnk -> C:\Program Files (x86)\Okidata\ActKey\Network Configuration.exe (Oki Data Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\OBS Studio (32bit).lnk -> C:\Program Files (x86)\obs-studio\bin\32bit\obs32.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\OBS Studio (64bit).lnk -> C:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\Uninstall.lnk -> C:\Program Files (x86)\obs-studio\uninstall.exe (obsproject.com) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool ShadowMaker\MiniTool ShadowMaker Free.lnk -> C:\Program Files (x86)\MiniTool ShadowMaker\system_backup_gui.exe (MiniTool) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool ShadowMaker\Uninstall MiniTool ShadowMaker.lnk -> C:\Program Files (x86)\MiniTool ShadowMaker\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Aufzeichnungs-Manager von Skype for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office-Spracheinstellungen.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetriedashboard für Office.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msotd.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetrieprotokoll für Office.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Java konfigurieren.lnk -> C:\Program Files\Java\jre1.8.0_291\bin\javacpl.exe (Oracle Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpy\iSpy (64 bit).lnk -> C:\Program Files\iSpy\iSpy.exe (www.ispyconnect.com) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\INSTAR\INSTAR Camera Tool.lnk -> C:\Program Files (x86)\INSTAR\INSTAR Camera Tool\INSTAR Camera Tool.exe (INSTAR Deutschland GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\INSTAR\InstarVision\InstarPlayer 2.7.lnk -> C:\Program Files (x86)\INSTAR\InstarVision\InstarPlayer.exe (INSTAR Deutschland GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\INSTAR\InstarVision\InstarVision 2.7.lnk -> C:\Program Files (x86)\INSTAR\InstarVision\InstarWCDog.exe (INSTAR Deutschland GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\INSTAR\InstarVision\Uninstall.lnk -> C:\Program Files (x86)\INSTAR\InstarVision\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigaset QuickSync\Gigaset QuickSync.lnk -> C:\Program Files (x86)\Gigaset QuickSync\Gqs.UI.exe (Gigaset Communications GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCommander XE\FreeCommander on the Web.lnk -> C:\Program Files (x86)\FreeCommander XE\FreeCommander.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCommander XE\FreeCommander XE.lnk -> C:\Program Files (x86)\FreeCommander XE\FreeCommander.exe (Marek Jasinski) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeCommander XE\Uninstall FreeCommander XE.lnk -> C:\Program Files (x86)\FreeCommander XE\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock\Free Alarm Clock entfernen.lnk -> C:\Program Files (x86)\FreeAlarmClock\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock\Free Alarm Clock im Internet.lnk -> C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock\Free Alarm Clock.lnk -> C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FashionLager30\FashionLager 3.0.lnk -> C:\Program Files (x86)\FashionLager30\FashionL.exe (NBD SYstems) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FashionLager25_BASIS\FashionLager 2.5_BASIS-HILFE.lnk -> C:\Program Files (x86)\FashionLager25_BASIS\Fl25_BL.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FashionLager25_BASIS\FashionLager 2.5_BASIS.lnk -> C:\Program Files (x86)\FashionLager25_BASIS\fl_Basis.exe (NBD-Datenbankanwendungen) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eXtra Buttons\eXtra Buttons Help.lnk -> C:\Program Files (x86)\eXtra Buttons\XB.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eXtra Buttons\eXtra Buttons.lnk -> C:\Program Files (x86)\eXtra Buttons\xb.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eXtra Buttons\Uninstall.lnk -> C:\Program Files (x86)\eXtra Buttons\uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Drivers.lnk -> C:\Program Files\Evolis Card Printer\Evolis Drivers () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Premium Suite\Evolis Print Center.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\EvoPCUI.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Premium Suite\Evolis Printer Manager.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\PrinterManager.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Premium Suite\Werkzeuge\Aktualisierungsassistent der Drucker-Firmware.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\WzFirm.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Premium Suite\Werkzeuge\Assistent für den ausschließlichen Laminiervorgang.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\WzLam.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Premium Suite\Werkzeuge\Assistent für die Aktivierung der Duplexdruckfunktion des Druckers.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\WzFlip.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Premium Suite\Werkzeuge\Assistent für die Aktivierung-Deaktivierung des Debug-Betriebs.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\WzLog.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Premium Suite\Werkzeuge\Assistent für die Aktualisierung der Firmware für das Laminiermodul.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\WzUpdLam.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Premium Suite\Werkzeuge\Assistent für die gründliche Reinigung des Druckers.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\WzAdvCln.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Premium Suite\Werkzeuge\Assistent für die periodische Reinigung des Druckers.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\WzCln.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Premium Suite\Werkzeuge\Assistent für die Reinigung des Laminiermoduls.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\WzClnLam.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Premium Suite\Werkzeuge\Assistent für die Überprüfung der Codierstationen PCSC.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\WzTstPCSC.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Premium Suite\Werkzeuge\Assistent für Update-Verifizierung.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\WzUpd.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Premium Suite\Werkzeuge\Evolis Druckereigenschaften (minimaler Modus).lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\DEvoUIP.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Premium Suite\Werkzeuge\Installationsassistent für das Magnetkodierungsmodul.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\Wzmag.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Premium Suite\Werkzeuge\Installationsassistent für einen Netzwerk- und-oder WLAN-Drucker.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\WzNet.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Premium Suite\Werkzeuge\LCD-Kalibrierungsassistent.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\WzCalibLCD.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evolis Card Printer\Evolis Premium Suite\Werkzeuge\LCD-Updateassistent.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\WzUpdLCD.exe (Evolis Card Printer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\etope Lister\etope Lister entfernen.lnk -> C:\Program Files (x86)\Freshworx\etope Lister\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\etope Lister\etope Lister.lnk -> C:\Program Files (x86)\Freshworx\etope Lister\lister.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO\DYMO Add Printer Utility.lnk -> C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPrinterWizard.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO\DYMO Label v.8.lnk -> C:\Program Files (x86)\DYMO\DYMO Label Software\DLS.exe (Sanford, L.P.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DYMO\DYMO QuickPrint.lnk -> C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe (Sanford, L.P.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DSL-Manager\DSL-Manager Hilfe.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo\devolo Cockpit.lnk -> C:\Program Files (x86)\devolo\dlan\frontend\plcnetui.exe ( ) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8 (64-bit)\Corel CAPTURE X8 (64-Bit).lnk -> c:\Windows\Installer\{1253ED86-69FD-4A7B-BDF2-96A522583A88}\NewShortcut8_65BCA6E0337A452DA55C0654EAAD7A0B.exe (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8 (64-bit)\Corel CONNECT X8 (64-Bit).lnk -> C:\Program Files\Corel\CorelDRAW Graphics Suite X8\Connect64\Connect.exe (Corel Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8 (64-bit)\Corel Font Manager X8 (64-Bit).lnk -> C:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs64\FontManager.exe (Corel Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8 (64-bit)\Corel PHOTO-PAINT X8 (64-Bit).lnk -> c:\Windows\Installer\{04D8C47E-C0FE-4CA5-8878-91ECD9552109}\NewShortcut2_EBB51BFEE10948A888CB7ADF96E8EC80.exe (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8 (64-bit)\CorelDRAW X8 (64-Bit).lnk -> c:\Windows\Installer\{A66E09BB-9892-421D-9EB9-311D12AA5244}\NewShortcut1_68427AB8B2C044C58AA777A4C3F75634.exe (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8 (64-bit)\Duplexing Wizard (64-Bit).lnk -> c:\Windows\Installer\{A66E09BB-9892-421D-9EB9-311D12AA5244}\NewShortcut10_BB562587DB944A668ECBA27E6BFD871C.exe (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X8 (64-bit)\Video Tutorials X8 (64-Bit).lnk -> C:\Program Files\Corel\CorelDRAW Graphics Suite X8\VideoBrowser64\VideoBrowser.exe (Corel Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-8460N LAN\Read Me.lnk -> C:\Program Files (x86)\Brother\Brmfl05c\RM09aGer.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-8460N LAN\Scanner-Einstellungen\Read Me.lnk -> C:\Program Files (x86)\Brother\Brmfl05c\ScanRead.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-8460N LAN\Scanner-Einstellungen\Scanner Utility.lnk -> C:\Program Files (x86)\Brother\Brmfl05c\BrScUtil.exe (Brother Industries Ltd.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-8460N LAN\PC-FAX-Empfang\PC-Fax-Empfang verwenden.lnk -> C:\Program Files (x86)\Brother\Brmfl05c\howtousepcfaxrx.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-8460N LAN\PC-Fax senden\PC-Fax-Senden verwenden.lnk -> C:\Program Files (x86)\Brother\Brmfl05c\howtousebrotherpc.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avery Zweckform\Design&Print.lnk -> C:\Program Files (x86)\Design&Print\DesktopDPO.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avery\DesignPro 5.lnk -> C:\Program Files (x86)\Avery\DesignPro 5\labeler.exe (Avery Products Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS\ASUS MultiFrame.lnk -> C:\Windows\Installer\{FB4D076A-DEFD-4EAF-AD63-70D5A3BC262A}\_402F8D6A415B779481E446.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AccountAlarm\AccountAlarm.lnk -> C:\Program Files (x86)\AccountAlarm\AbLauncher.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Popp\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30 Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Popp\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30 Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Popp\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30 Shortcut: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\Links\Desktop.lnk -> C:\Users\Popp\Desktop () Shortcut: C:\Users\Popp\Links\Downloads.lnk -> C:\Users\Popp\Downloads () Shortcut: C:\Users\Popp\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}] Shortcut: C:\Users\Popp\Documents\GESCHÄFT-LADEN\Fashion-Lager_Kasse\FashionLager 2.5_BASIS.lnk -> C:\Program Files (x86)\FashionLager25_BASIS\fl_Basis.exe (NBD-Datenbankanwendungen) Shortcut: C:\Users\Popp\Documents\Corel\CorelDRAW X8 Beispiele\target.lnk -> C:\Program Files\Corel\CorelDRAW Graphics Suite X8\Draw\Samples () Shortcut: C:\Users\Popp\Documents\Corel\Corel PHOTO-PAINT X8 Beispiele\target.lnk -> C:\Program Files\Corel\CorelDRAW Graphics Suite X8\PHOTO-PAINT\Samples () Shortcut: C:\Users\Popp\Desktop\Aladdin.lnk -> C:\Program Files (x86)\Datalogic\Aladdin\aladdin.exe (Smart.it) Shortcut: C:\Users\Popp\Desktop\FreeCommander XE.lnk -> C:\Program Files (x86)\FreeCommander XE\FreeCommander.exe (Marek Jasinski) Shortcut: C:\Users\Popp\Desktop\InstarVision 2.7.lnk -> C:\Program Files (x86)\INSTAR\InstarVision\InstarWCDog.exe (INSTAR Deutschland GmbH) Shortcut: C:\Users\Popp\Desktop\Mediaport.lnk -> C:\Program Files (x86)\Technisat\Mediaport\Mediaport.exe () Shortcut: C:\Users\Popp\Desktop\remove.bg.lnk -> C:\Users\Popp\AppData\Local\remove\removebg-desktop.exe (Kaleido AI GmbH) Shortcut: C:\Users\Popp\Desktop\Start Tor Browser.lnk -> C:\Users\Popp\Desktop\Tor Browser\Browser\firefox.exe (Keine Datei) Shortcut: C:\Users\Popp\Desktop\TechniPort Plus.lnk -> C:\Program Files (x86)\Technisat\TechniPort Plus\TechniPortPlus.exe () Shortcut: C:\Users\Popp\Desktop\VirtualDJ 8.lnk -> C:\Program Files (x86)\VirtualDJ\virtualdj8.exe (Atomix Productions) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Popp\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Users\Popp\AppData\Local\Programs\Opera\launcher.exe (Opera Software) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optionale Features.lnk -> C:\Windows\System32\fodhelper.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk -> C:\Users\Popp\Desktop\Tor Browser\Browser\firefox.exe (Keine Datei) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Setup QuickStart.lnk -> C:\Users\Popp\Documents\VirtualDJ\VirtualDJ 8 - Getting Started.pdf () Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\User Guide.lnk -> C:\Users\Popp\Documents\VirtualDJ\VirtualDJ 8 - User Guide.pdf () Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\VirtualDJ 8.lnk -> C:\Program Files (x86)\VirtualDJ\virtualdj8.exe (Atomix Productions) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Technisat\Mediaport.lnk -> C:\Program Files (x86)\Technisat\Mediaport\Mediaport.exe () Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Technisat\TechniPort Plus\TechniPort Plus.lnk -> C:\Program Files (x86)\Technisat\TechniPort Plus\TechniPortPlus.exe () Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Technisat\TechniPort Plus\TechniSat Website.lnk -> C:\Program Files (x86)\Technisat\TechniPort Plus\TechniSat Website.url () Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Technisat\TechniPort Plus\Uninstall.lnk -> C:\Program Files (x86)\Technisat\TechniPort Plus\uninst.exe () Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30 Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeskPins.lnk -> C:\Program Files (x86)\DeskPins\deskpins.exe (Elias Fotinis) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaleido AI GmbH\remove.bg.lnk -> C:\Users\Popp\AppData\Local\remove\removebg-desktop.exe (Kaleido AI GmbH) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskPins\DeskPins.lnk -> C:\Program Files (x86)\DeskPins\deskpins.exe (Elias Fotinis) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskPins\Help.lnk -> C:\Program Files (x86)\DeskPins\DeskPins.chm () Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DeskPins\Uninstall.lnk -> C:\Program Files (x86)\DeskPins\uninst.exe (Elias Fotinis) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Datalogic\Aladdin\Aladdin.lnk -> C:\Program Files (x86)\Datalogic\Aladdin\aladdin.exe (Smart.it) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Datalogic\Aladdin\Uninstall.lnk -> C:\Program Files (x86)\Datalogic\Aladdin\uninst.exe (Datalogic) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\FreeCommander XE.lnk -> C:\Program Files (x86)\FreeCommander XE\FreeCommander.exe (Marek Jasinski) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Opera.lnk -> C:\Users\Popp\AppData\Local\Programs\Opera\launcher.exe (Opera Software) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ActKey.lnk -> C:\Program Files (x86)\Okidata\ActKey\ActKey.exe (Oki Data Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CorelDRAW X8 (64-Bit).lnk -> c:\Windows\Installer\{A66E09BB-9892-421D-9EB9-311D12AA5244}\NewShortcut1_68427AB8B2C044C58AA777A4C3F75634.exe (Flexera Software LLC) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\DYMO Label v.8.lnk -> C:\Program Files (x86)\DYMO\DYMO Label Software\DLS.exe (Sanford, L.P.) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\FashionLager 3.0.lnk -> C:\Program Files (x86)\FashionLager30\FashionL.exe (NBD SYstems) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox (2).lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox (3).lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox (4).lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\remove.bg.lnk -> C:\Users\Popp\AppData\Local\remove\removebg-desktop.exe (Kaleido AI GmbH) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamViewer 15.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\62ab5e82947cf171\SFirm.lnk -> C:\Program Files (x86)\SFirmV4\SFirm.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) Shortcut: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\AccountAlarm.lnk -> C:\Program Files (x86)\AccountAlarm\AbLauncher.exe () Shortcut: C:\Users\Public\Desktop\ActKey.lnk -> C:\Program Files (x86)\Okidata\ActKey\ActKey.exe (Oki Data Corporation) Shortcut: C:\Users\Public\Desktop\ASUS MultiFrame.lnk -> C:\Windows\Installer\{FB4D076A-DEFD-4EAF-AD63-70D5A3BC262A}\_076A0BB294FED4779A6952.exe () Shortcut: C:\Users\Public\Desktop\AusweisApp2.lnk -> C:\Program Files (x86)\AusweisApp2\AusweisApp2.exe (Governikus GmbH & Co. KG) Shortcut: C:\Users\Public\Desktop\CDBurnerXP.lnk -> C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe (Canneverbe Limited) Shortcut: C:\Users\Public\Desktop\Corel CAPTURE X8 (64-Bit).lnk -> c:\Windows\Installer\{1253ED86-69FD-4A7B-BDF2-96A522583A88}\NewShortcut8_65BCA6E0337A452DA55C0654EAAD7A0B.exe (Flexera Software LLC) Shortcut: C:\Users\Public\Desktop\Corel CONNECT X8 (64-Bit).lnk -> C:\Program Files\Corel\CorelDRAW Graphics Suite X8\Connect64\Connect.exe (Corel Corporation) Shortcut: C:\Users\Public\Desktop\Corel Font Manager X8 (64-Bit).lnk -> C:\Program Files\Corel\CorelDRAW Graphics Suite X8\Programs64\FontManager.exe (Corel Corporation) Shortcut: C:\Users\Public\Desktop\Corel PHOTO-PAINT X8 (64-Bit).lnk -> c:\Windows\Installer\{04D8C47E-C0FE-4CA5-8878-91ECD9552109}\NewShortcut2_EBB51BFEE10948A888CB7ADF96E8EC80.exe (Flexera Software LLC) Shortcut: C:\Users\Public\Desktop\CorelDRAW X8 (64-Bit).lnk -> c:\Windows\Installer\{A66E09BB-9892-421D-9EB9-311D12AA5244}\NewShortcut1_68427AB8B2C044C58AA777A4C3F75634.exe (Flexera Software LLC) Shortcut: C:\Users\Public\Desktop\cyberJack Gerätemanager, Funktionstest.lnk -> C:\Program Files (x86)\REINER SCT\cyberJack\cJCC.exe (REINER SCT) Shortcut: C:\Users\Public\Desktop\Design&Print.lnk -> C:\Program Files (x86)\Design&Print\DesktopDPO.exe () Shortcut: C:\Users\Public\Desktop\DesignPro 5.lnk -> C:\Program Files (x86)\Avery\DesignPro 5\labeler.exe (Avery Products Corporation) Shortcut: C:\Users\Public\Desktop\devolo Cockpit.lnk -> C:\Program Files (x86)\devolo\dlan\frontend\plcnetui.exe ( ) Shortcut: C:\Users\Public\Desktop\DYMO Label v.8.lnk -> C:\Program Files (x86)\DYMO\DYMO Label Software\DLS.exe (Sanford, L.P.) Shortcut: C:\Users\Public\Desktop\Evolis Print Center.lnk -> C:\Program Files\Evolis Card Printer\Evolis Premium Suite\EvoPCUI.exe (Evolis Card Printer) Shortcut: C:\Users\Public\Desktop\FashionLager 3.0.lnk -> C:\Program Files (x86)\FashionLager30\FashionL.exe (NBD SYstems) Shortcut: C:\Users\Public\Desktop\Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Public\Desktop\Free Alarm Clock.lnk -> C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group) Shortcut: C:\Users\Public\Desktop\Gigaset QuickSync.lnk -> C:\Program Files (x86)\Gigaset QuickSync\Gqs.UI.exe (Gigaset Communications GmbH) Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\Users\Public\Desktop\INSTAR Camera Tool.lnk -> C:\Program Files (x86)\INSTAR\INSTAR Camera Tool\INSTAR Camera Tool.exe (INSTAR Deutschland GmbH) Shortcut: C:\Users\Public\Desktop\iSpy (64 bit).lnk -> C:\Program Files\iSpy\iSpy.exe (www.ispyconnect.com) Shortcut: C:\Users\Public\Desktop\MagentaCLOUD.lnk -> C:\Program Files (x86)\Telekom\MagentaCloud\MagentaCloud.App.exe () Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\MiniTool ShadowMaker Free.lnk -> C:\Program Files (x86)\MiniTool ShadowMaker\system_backup_gui.exe (MiniTool) Shortcut: C:\Users\Public\Desktop\OBS Studio.lnk -> C:\Program Files (x86)\obs-studio\bin\64bit\obs64.exe () Shortcut: C:\Users\Public\Desktop\PlayMemories Home.lnk -> C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe (Sony Corporation) Shortcut: C:\Users\Public\Desktop\SFirm 4.0.lnk -> C:\Program Files (x86)\SFirmV4\SFirm.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) Shortcut: C:\Users\Public\Desktop\supra IPCam Config.lnk -> C:\Program Files (x86)\supra IPCam\IPCConfig.exe (SUPRA Foto-Elektronik-Vertriebs-GmbH) Shortcut: C:\Users\Public\Desktop\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REINER SCT cyberJack\ZKA Komponenten aktualisieren.lnk -> C:\Program Files (x86)\REINER SCT\cyberJack\SetupZkaSig.exe (REINER SCT) -> /d ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home\Einstellungen.lnk -> C:\Program Files (x86)\Sony\PlayMemories Home\PMBSettingsTool.exe (Sony Corporation) -> /bootfromsettingshortcut ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home\PlayMemories Home-Hilfe.lnk -> C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe (Sony Corporation) -> /Help ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Okidata\ActKey\Deinstallieren ActKey.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{681B82EF-A457-4849-AABC-5B6099380FA5}\setup.exe (Oki Data Corporation ) -> -runfromtemp -l0x0407 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools\Database Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools\Office Upload Center.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools\Spreadsheet Compare.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Auf Updates prüfen.lnk -> C:\Program Files\Java\jre1.8.0_291\bin\javacpl.exe (Oracle Corporation) -> -tab update ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Info zu Java.lnk -> C:\Program Files\Java\jre1.8.0_291\bin\javacpl.exe (Oracle Corporation) -> -tab about ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpy\iSpy (64 bit) Reset.lnk -> C:\Program Files\iSpy\iSpy.exe (www.ispyconnect.com) -> -reset ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpy\iSpy (64 bit) Silent Start.lnk -> C:\Program Files\iSpy\iSpy.exe (www.ispyconnect.com) -> -silent ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iSpy\Uninstall iSpy (64 bit).lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {94BF44A0-CBD4-428A-84FC-C80064865F2A} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FashionLager30\FashionLager30 deinstallieren.lnk -> C:\Program Files (x86)\FashionLager30\{93AB2D0A-5A7F-4548-A7BF-B86937A05E5A}\AKDeInstall.exe () -> /x ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FashionLager25_BASIS\FashionLager25_BASIS deinstallieren.lnk -> C:\Windows\AKDeInstall.exe () -> /x "C:\Program Files (x86)\FashionLager25_BASIS\unins2.dat" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eXtra Buttons\eXtra Buttons Options.lnk -> C:\Program Files (x86)\eXtra Buttons\xb.exe () -> -options ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DSL-Manager\DSL-Manager Deinstallation.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{90A455A7-0FC8-4508-B7FA-8F135B8F041A}\Setup.exe" -l0x7 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DSL-Manager\DSL-Manager.lnk -> C:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH) -> /ShowGUI ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-8460N LAN\ControlCenter3.lnk -> C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe (Brother Industries, Ltd.) -> /Model=MFC-8460N LAN ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-8460N LAN\Deinstallieren.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}\setup.exe (Macrovision Corporation) -> -runfromtemp -l0x0007 UNINSTALL Reg=ALFB,Brother MFC-8460N,LAN ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-8460N LAN\Installationsprüfung.lnk -> C:\Program Files (x86)\Brother\Brmfl05c\Brinstck.exe (Brother Industries, Ltd.) -> MFC-8460N LAN ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-8460N LAN\Online-Registrierung.lnk -> C:\Program Files (x86)\Brother\Brmfl05c\Brolink\Brolink0.exe (Brother Industories, Ltd.) -> OLR_URL /mMFC-8460N ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-8460N LAN\Remote Setup.lnk -> C:\Program Files (x86)\Brother\Brmfl05c\brmfrmss.exe (Brother Industries Ltd.) -> NET "MFC-8460N LAN" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-8460N LAN\Status Monitor.lnk -> C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.) -> Brother MFC-8460N USB Printer on BRN_90F904 /SHOW ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-8460N LAN\PC-FAX-Empfang\Empfangen.lnk -> C:\Program Files (x86)\Brother\Brmfl05c\FAXRX.exe (Brother Industries Ltd.) -> -Net "MFC-8460N LAN" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-8460N LAN\PC-Fax senden\PC-FAX-Adressbuch.lnk -> C:\Program Files (x86)\Brother\Brmfl05c\AddrBook.exe (Brother Industries, Ltd.) -> PCFAX TOP ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-8460N LAN\PC-Fax senden\PC-FAX-Einstellungen.lnk -> C:\Program Files (x86)\Brother\Brmfl05c\PCfxSet.exe (Brother Industries, Ltd.) -> PCFAX ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E} ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E} ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\LogMeInRemoteUser\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\Users\Popp\AppData\Roaming\Microsoft\Word\AKTUELLER%20BRIEF%20Privat308923353530493118\AKTUELLER%20BRIEF%20Privat.doc.lnk -> C:\Users\Popp\Documents\---PRIVAT---\RICHARD\AKTUELLER BRIEF Privat.doc () -> 12 ShortcutWithArgument: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools ShortcutWithArgument: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagentaCLOUD.lnk -> C:\Program Files (x86)\Telekom\MagentaCloud\MagentaCloud.App.exe () -> /hideexp ShortcutWithArgument: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto ShortcutWithArgument: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation) -> /recycle ShortcutWithArgument: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ControlCenter3.lnk -> C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe (Brother Industries, Ltd.) -> /Model=MFC-8460N LAN ShortcutWithArgument: C:\Users\Popp\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default ShortcutWithArgument: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E} ShortcutWithArgument: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus ShortcutWithArgument: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System ShortcutWithArgument: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo ShortcutWithArgument: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions ShortcutWithArgument: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep ShortcutWithArgument: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes ShortcutWithArgument: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures ShortcutWithArgument: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\Popp\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\Users\Public\Desktop\PlayMemories Home-Hilfe.lnk -> C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe (Sony Corporation) -> /Help InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REINER SCT cyberJack\REINER SCT im Internet.url -> URL: hxxp://www.reiner-sct.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REINER SCT cyberJack\Support.url -> URL: file://C:\Program Files (x86)\REINER SCT\cyberJack\support.htm InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool ShadowMaker\MiniTool Web site.url -> URL: hxxps://www.minitool.com/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Besuchen Sie Java.com.url -> URL: hxxps://java.com/ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Hilfe aufrufen.url -> URL: hxxps://java.com/help InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\etope Lister\etope Lister im Internet.url -> URL: hxxps://freshworx.com InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\MFC-8460N LAN\Online-Hilfe und FAQs.url -> URL: hxxp://solutions.brother.com/cgi-bin/solutions.cgi?MDL=mfc111&LNG=de&SRC=FAQ InternetURL: C:\Users\Popp\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142 InternetURL: C:\Users\Popp\Favorites\Windows Live\Windows Live Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=70742 InternetURL: C:\Users\Popp\Favorites\Windows Live\Windows Live Ideas.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72700 InternetURL: C:\Users\Popp\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72681 InternetURL: C:\Users\Popp\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72682 InternetURL: C:\Users\Popp\Favorites\MSN-Websites\MSN Auto.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72680 InternetURL: C:\Users\Popp\Favorites\MSN-Websites\MSN Fernsehen.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72659 InternetURL: C:\Users\Popp\Favorites\MSN-Websites\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72640 InternetURL: C:\Users\Popp\Favorites\MSN-Websites\MSN Nachrichten.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72636 InternetURL: C:\Users\Popp\Favorites\MSN-Websites\MSN Sport.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72635 InternetURL: C:\Users\Popp\Favorites\MSN-Websites\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72630 InternetURL: C:\Users\Popp\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72186 InternetURL: C:\Users\Popp\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72520 InternetURL: C:\Users\Popp\Favorites\Microsoft-Websites\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813 InternetURL: C:\Users\Popp\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72629 InternetURL: C:\Users\Popp\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72406 InternetURL: C:\Users\Popp\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72893 InternetURL: C:\Users\Popp\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893 InternetURL: C:\Users\Popp\Favorites\Links\Vorgeschlagene Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice InternetURL: C:\Users\Popp\Favorites\Links\Web Slice-Katalog.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315 InternetURL: C:\Users\Popp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Box\FRITZ!Box USB-Fernanschluss Onlineunterstützung.url -> BASEURL: hxxps://avm.de/ URL: hxxps://avm.de/ ==================== Ende vom Shortcut.txt ============================= |
18.06.2021, 22:45 | #27 |
/// Winkelfunktion /// TB-Süch-Tiger™ | WIN10 PC gehackt, T-Online Emails werden in meinem Namen versendet, Fremdzugriff über TeamViewer? Also von solchen Schrottprogrammen müsst ihr euch aber trennen. Es kann doch echt nicht wahr sein, dass man an die Photos und Videos nicht mehr einfach rankommt nur weil man das Programm nicht mehr zur Hand hat. Bilder sind einfach Bilddateien, die man in einen ganz normalen Ordner ablegt und dann mit jedem beliebigen Bildbetrachter oder -editor öffnen kann. Unter Windows nimmt man sehr gerne IrfanView. Und dann kann man die Bilder auch einfacher sichern auf ne DVD (MDISC) oder externe Festplatte. JPG und PNG ist ein so verbreiteter Standard, der schon seit Jahren auch von stinknormalen DVD-Playern gelesen werden kann. Scripting/Repair mit FRST64 WARNUNG AN ALLE MITLESER !!! Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!
__________________ Logfiles bitte immer in CODE-Tags posten |
18.06.2021, 22:58 | #28 |
| WIN10 PC gehackt, T-Online Emails werden in meinem Namen versendet, Fremdzugriff über TeamViewer?Code:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 16-06-2021 durchgeführt von Popp (18-06-2021 23:50:43) Run:1 Gestartet von C:\Users\Popp\Downloads Geladene Profile: Popp & SFDatabaseServiceV4 Start-Modus: Normal ============================================== fixlist Inhalt: ***************** CloseProcesses: AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8} AV: G DATA INTERNET SECURITY (Disabled - Up to date) {A9C56A9B-ECCD-57EA-78F6-92511DA1C885} AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: G DATA INTERNET SECURITY (Disabled) {91FEEBBE-A6A2-56B2-53A9-3B64E3728FFE} GroupPolicy: Beschränkung ? <==== ACHTUNG Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG Task: {42CBCCAA-F998-41D4-A615-51D011606121} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG Task: {5B29ED17-B5C1-4409-82BB-FFB9C6DCB331} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG Task: {A4AE0861-D717-4EB2-B30C-BA0722680AC0} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG Task: {B7492F06-29CD-4FDC-869E-B7B3CDEC2493} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG Task: {E4F5B945-0A6E-402F-A34B-74C1E409B16A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG FF Extension: (Browsing Protection by F-Secure) - C:\Users\Popp\AppData\Roaming\Mozilla\Firefox\Profiles\ewmeglni.default-1477417793024\Extensions\ols@f-secure.com.xpi [2021-06-11] [UpdateUrl:hxxps://download.sp.f-secure.com/online-safety/updates.json] FF Extension: (G DATA WebProtection) - C:\Users\Popp\AppData\Roaming\Mozilla\Firefox\Profiles\ewmeglni.default-1477417793024\Extensions\webprotection@gdata.de.xpi [2021-02-27] [UpdateUrl:hxxps://gdata-a.akamaihd.net/R/CommonUpdate/extensions/webprotection/updates.json] C:\Program Files (x86)\Spybot - Search & Destroy 2 C:\ProgramData\Spybot - Search & Destroy cmd: reg query "HKCU\Environment" cmd: reg query "HKCU\Software" cmd: netsh advfirewall reset emptytemp: hosts: ***************** Prozesse erfolgreich geschlossen. "AV: Spybot - Search and Destroy (Disabled - Out of date) {F77C7796-45C4-531E-0DAE-B4A8229B11C8}" => erfolgreich entfernt "AV: G DATA INTERNET SECURITY (Disabled - Up to date) {A9C56A9B-ECCD-57EA-78F6-92511DA1C885}" => erfolgreich entfernt "AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}" => erfolgreich entfernt "AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}" => erfolgreich entfernt "FW: G DATA INTERNET SECURITY (Disabled) {91FEEBBE-A6A2-56B2-53A9-3B64E3728FFE}" => erfolgreich entfernt C:\WINDOWS\system32\GroupPolicy\Machine => erfolgreich verschoben C:\WINDOWS\system32\GroupPolicy\GPT.ini => erfolgreich verschoben C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => erfolgreich verschoben C:\ProgramData\NTUSER.pol => erfolgreich verschoben HKLM\SOFTWARE\Policies\Google => erfolgreich entfernt "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{42CBCCAA-F998-41D4-A615-51D011606121}" => erfolgreich entfernt "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42CBCCAA-F998-41D4-A615-51D011606121}" => erfolgreich entfernt "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => nicht gefunden "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5B29ED17-B5C1-4409-82BB-FFB9C6DCB331}" => erfolgreich entfernt "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5B29ED17-B5C1-4409-82BB-FFB9C6DCB331}" => erfolgreich entfernt "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => erfolgreich entfernt "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A4AE0861-D717-4EB2-B30C-BA0722680AC0}" => erfolgreich entfernt "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4AE0861-D717-4EB2-B30C-BA0722680AC0}" => erfolgreich entfernt "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => erfolgreich entfernt "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7492F06-29CD-4FDC-869E-B7B3CDEC2493}" => erfolgreich entfernt "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7492F06-29CD-4FDC-869E-B7B3CDEC2493}" => erfolgreich entfernt "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => erfolgreich entfernt "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4F5B945-0A6E-402F-A34B-74C1E409B16A}" => erfolgreich entfernt "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4F5B945-0A6E-402F-A34B-74C1E409B16A}" => erfolgreich entfernt "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => erfolgreich entfernt C:\Users\Popp\AppData\Roaming\Mozilla\Firefox\Profiles\ewmeglni.default-1477417793024\Extensions\ols@f-secure.com.xpi => erfolgreich verschoben C:\Users\Popp\AppData\Roaming\Mozilla\Firefox\Profiles\ewmeglni.default-1477417793024\Extensions\webprotection@gdata.de.xpi => erfolgreich verschoben C:\Program Files (x86)\Spybot - Search & Destroy 2 => erfolgreich verschoben C:\ProgramData\Spybot - Search & Destroy => erfolgreich verschoben ========= reg query "HKCU\Environment" ========= HKEY_CURRENT_USER\Environment Path REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Microsoft\WindowsApps; TEMP REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Temp TMP REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Temp MOZ_PLUGIN_PATH REG_SZ C:\Program Files\Tracker Software\PDF Viewer\Win32 OneDrive REG_EXPAND_SZ C:\Users\Popp\OneDrive ========= Ende von CMD: ========= ========= reg query "HKCU\Software" ========= HKEY_CURRENT_USER\Software\Adobe HKEY_CURRENT_USER\Software\Anvsoft HKEY_CURRENT_USER\Software\AppDataLow HKEY_CURRENT_USER\Software\ASUS HKEY_CURRENT_USER\Software\AvastAdSDK HKEY_CURRENT_USER\Software\Avery HKEY_CURRENT_USER\Software\Avery Dennison HKEY_CURRENT_USER\Software\AVM HKEY_CURRENT_USER\Software\BIVG Hannover Programmeinstellungen HKEY_CURRENT_USER\Software\Brother HKEY_CURRENT_USER\Software\Business Objects HKEY_CURRENT_USER\Software\Canneverbe Limited HKEY_CURRENT_USER\Software\Chromium HKEY_CURRENT_USER\Software\Clients HKEY_CURRENT_USER\Software\ComfortSoftware HKEY_CURRENT_USER\Software\Corel HKEY_CURRENT_USER\Software\DatevLohnViewer HKEY_CURRENT_USER\Software\Dell HKEY_CURRENT_USER\Software\DMGR1.25 HKEY_CURRENT_USER\Software\DYMO HKEY_CURRENT_USER\Software\Elias Fotinis HKEY_CURRENT_USER\Software\Evolis Card Printer HKEY_CURRENT_USER\Software\eXtra Buttons HKEY_CURRENT_USER\Software\F-Secure HKEY_CURRENT_USER\Software\Fast Reports HKEY_CURRENT_USER\Software\Freemake HKEY_CURRENT_USER\Software\G Data HKEY_CURRENT_USER\Software\Geek Uninstaller HKEY_CURRENT_USER\Software\geissplugin HKEY_CURRENT_USER\Software\Google HKEY_CURRENT_USER\Software\Governikus GmbH & Co. KG HKEY_CURRENT_USER\Software\Hewlett-Packard HKEY_CURRENT_USER\Software\IM Providers HKEY_CURRENT_USER\Software\INSTAR HKEY_CURRENT_USER\Software\Intel HKEY_CURRENT_USER\Software\iSpy HKEY_CURRENT_USER\Software\iSpy64 HKEY_CURRENT_USER\Software\Lavasoft HKEY_CURRENT_USER\Software\Licenses HKEY_CURRENT_USER\Software\Local AppWizard-Generated Applications HKEY_CURRENT_USER\Software\LogiShrd HKEY_CURRENT_USER\Software\LogMeIn HKEY_CURRENT_USER\Software\Macromedia HKEY_CURRENT_USER\Software\Malwarebytes HKEY_CURRENT_USER\Software\Microsoft HKEY_CURRENT_USER\Software\Mozilla HKEY_CURRENT_USER\Software\MozillaPlugins HKEY_CURRENT_USER\Software\NBD Systems HKEY_CURRENT_USER\Software\NBD-Systems HKEY_CURRENT_USER\Software\NDB-Datenbankanwendungen HKEY_CURRENT_USER\Software\Netscape HKEY_CURRENT_USER\Software\OCS HKEY_CURRENT_USER\Software\ODBC HKEY_CURRENT_USER\Software\Okidata HKEY_CURRENT_USER\Software\Opera Software HKEY_CURRENT_USER\Software\Plex, Inc. HKEY_CURRENT_USER\Software\Policies HKEY_CURRENT_USER\Software\QtProject HKEY_CURRENT_USER\Software\RadiAnt Viewer HKEY_CURRENT_USER\Software\Realtek HKEY_CURRENT_USER\Software\RegisteredApplications HKEY_CURRENT_USER\Software\REINER SCT HKEY_CURRENT_USER\Software\Safer Networking Limited HKEY_CURRENT_USER\Software\Screentime Media HKEY_CURRENT_USER\Software\Simply Super Software HKEY_CURRENT_USER\Software\Sony Corporation HKEY_CURRENT_USER\Software\StarFinanz HKEY_CURRENT_USER\Software\SUPRA HKEY_CURRENT_USER\Software\TeamViewer HKEY_CURRENT_USER\Software\TechniSat HKEY_CURRENT_USER\Software\Telekom HKEY_CURRENT_USER\Software\The Silicon Realms Toolworks HKEY_CURRENT_USER\Software\TOnline HKEY_CURRENT_USER\Software\Tracker Software HKEY_CURRENT_USER\Software\Trolltech HKEY_CURRENT_USER\Software\undefined HKEY_CURRENT_USER\Software\VB and VBA Program Settings HKEY_CURRENT_USER\Software\VirtualDJ HKEY_CURRENT_USER\Software\Winamp HKEY_CURRENT_USER\Software\WinRAR SFX HKEY_CURRENT_USER\Software\Wondershare HKEY_CURRENT_USER\Software\Wow6432Node HKEY_CURRENT_USER\Software\Classes ========= Ende von CMD: ========= ========= netsh advfirewall reset ========= OK. ========= Ende von CMD: ========= C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben Hosts erfolgreich wiederhergestellt. =========== EmptyTemp: ========== BITS transfer queue => 10510336 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1598116090 B Java, Flash, Steam htmlcache => 1154 B Windows/system/drivers => 22501172 B Edge => 71672 B Chrome => 172032 B Firefox => 25963515 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 17920 B ProgramData => 17920 B Public => 17920 B systemprofile => 17920 B systemprofile32 => 17920 B LocalService => 150748 B NetworkService => 169260 B Popp => 2015334381 B LogMeInRemoteUser => 2015334381 B SFDatabaseServiceV4 => 2015334381 B DefaultAppPool => 2015334381 B RecycleBin => 0 B EmptyTemp: => 9.1 GB temporäre Dateien entfernt. ================================ Das System musste neu gestartet werden. ==== Ende von Fixlog 23:52:17 ==== |
18.06.2021, 23:37 | #29 |
/// Winkelfunktion /// TB-Süch-Tiger™ | WIN10 PC gehackt, T-Online Emails werden in meinem Namen versendet, Fremdzugriff über TeamViewer? Kontrollscans mit MBAM und RK Wir sind fast fertig. Jetzt ist es an der Zeit für Kontrollscans mit Poste nach Abschluss der beiden Scans die Logs in CODE-Tags.
__________________ Logfiles bitte immer in CODE-Tags posten |
19.06.2021, 00:49 | #30 |
| WIN10 PC gehackt, T-Online Emails werden in meinem Namen versendet, Fremdzugriff über TeamViewer?Code:
ATTFilter Malwarebytes www.malwarebytes.com -Protokolldetails- Scan-Datum: 19.06.21 Scan-Zeit: 00:47 Protokolldatei: 318384ae-d087-11eb-b3ea-90b11c7b60d8.json -Softwaredaten- Version: 4.4.0.117 Komponentenversion: 1.0.1318 Version des Aktualisierungspakets: 1.0.41899 Lizenz: Testversion -Systemdaten- Betriebssystem: Windows 10 (Build 19041.1052) CPU: x64 Dateisystem: NTFS Benutzer: DELL-PC\Popp -Scan-Übersicht- Scan-Typ: Bedrohungs-Scan Scan gestartet von: Manuell Ergebnis: Abgeschlossen Gescannte Objekte: 496016 Erkannte Bedrohungen: 0 In die Quarantäne verschobene Bedrohungen: 0 Abgelaufene Zeit: 36 Min., 16 Sek. -Scan-Optionen- Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Erkennung PUM: Erkennung -Scan-Details- Prozess: 0 (keine bösartigen Elemente erkannt) Modul: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswert: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Daten-Stream: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Datei: 0 (keine bösartigen Elemente erkannt) Physischer Sektor: 0 (keine bösartigen Elemente erkannt) WMI: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter RogueKiller Anti-Malware V15.0.3.0 (x64) [Jun 15 2021] (Free) von Adlice Software Mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Betriebssystem : Windows 10 (10.0.19041) 64 bits Gestartet in : Normaler Modus Benutzer : Popp [Administrator] Gestartet von : C:\Users\Popp\Downloads\RogueKiller_portable64.exe Signaturen : 20210615_000001, Treiber : Geladen Modus : Standard-Scan, Löschen -- Datum : 2021/06/19 01:47:40 (Dauer : 00:16:47) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Löschen ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\.DEFAULT\Software\OCS -- -> Gelöscht [PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\S-1-5-21-814051134-1916513075-1057447149-1000\Software\OCS -- -> Gelöscht [PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\S-1-5-18\Software\OCS -- -> Gelöscht [PUM.Proxy (Potenziell bösartig)] HKEY_USERS\S-1-5-21-814051134-1916513075-1057447149-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer -- -> Gelöscht [PUM.Policies (Potenziell bösartig)] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System|ConsentPromptBehaviorAdmin -- -> Ersetzt (2) [PUM.SearchEngine (Potenziell bösartig)] browser.search.defaultenginename -- Bing® -> Gelöscht [PUM.SearchEngine (Potenziell bösartig)] browser.search.selectedEngine -- Bing® -> Gelöscht |
Themen zu WIN10 PC gehackt, T-Online Emails werden in meinem Namen versendet, Fremdzugriff über TeamViewer? |
abgesicherte, abgesicherten, bereits, emails, ergebnis, ersetzt, gdata, gehackt, geschlossen, hoffe, interne, logdateien, lösung, modus, namen, neue, neuen, passwort, passwörter, prüfen, sofort, telekom, versuche, win, zugang |