|
Log-Analyse und Auswertung: CRaccoon auf PCWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.06.2021, 22:42 | #1 |
| CRaccoon auf PC Hallo, wie andere User bin ich auf meinem PC über "CRaccoon" gestolpert, habe mich hier eingelesen und bemerkt, das das Entfernen ein gewisses Fachwissen erfordert. Ich würde mich daher über Unterstützung sehr freuen - vielen Dank vorab! Ich habe bereits selbst gemacht: - In der Systemsteuerung die löschbare "App" deinstalliert (craccoon.ch verblieb). - Mit geekuninstaller versucht, das Ding loszuwerden. - AdwCleaner drübergeschickt (s. log) - MBAM drübergeschickt (s. log, ich hoffe die "falsche" Reihenfolge machts nicht zunichte.) Anbei außerdem FRST logs: FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2021 durchgeführt von Max (Administrator) auf DESKTOP-4Q6LNSQ (LENOVO 20A8S04800) (21-06-2021 23:19:07) Gestartet von C:\Users\Max\Downloads Geladene Profile: Max Platform: Windows 10 Pro Version 2004 19041.1052 (X64) Sprache: Englisch (Großbritannien) -> Deutsch (Deutschland) Standard-Browser: FF Start-Modus: Normal ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3> (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\124.4.4912\QtWebEngineProcess.exe <2> (geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2> (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel Corporation -> Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Intel(R) MBIM Toolkit -> ) C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareApp.exe (Intel(R) MBIM Toolkit -> ) C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareUpdaterService.exe (Intel(R) Modem Authenticator -> Intel Mobile Communications) C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\IntelModemAuthenticator.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe (Lenovo -> Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\dfrctl.exe (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\tphkload.exe (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\shtctky.exe (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\tpnumlkd.exe (Lenovo -> Lenovo Group Limited) C:\Windows\System32\DriverStore\FileRepository\FN11CD~1.INF\driver\tposd.exe (Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe (Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\Max\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MSPaint_6.2105.4017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Program Files\Synaptics\SynFP\Shared\SensorDBSynch.exe (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWbioSyncSvc.exe (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2> (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13> (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Windows\RtsCM64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <2> (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Sierra Wireless, Inc -> Sierra Wireless, Inc.) C:\Program Files\Sierra Wireless Inc\Utils\SwiService.exe (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Common Files\Sophos\Web Intelligence\swi_fc.exe (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe (Sophos Ltd -> Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Endpoint Defense\SEDService.exe (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Endpoint Defense\SSPService.exe (Sophos Ltd -> Sophos Limited) C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe ==================== Registry (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtsCM] => C:\WINDOWS\RTSCM64.EXE [153816 2013-11-30] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [564416 2021-02-19] (geek software GmbH -> geek software GmbH) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [8172320 2021-06-10] (Dropbox, Inc -> Dropbox, Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1669368 2020-12-10] (Cisco Systems, Inc. -> Cisco Systems, Inc.) HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [1525528 2021-02-16] (Sophos Ltd -> Sophos Limited) HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\Max\AppData\Local\WebEx\ciscowebexstart.exe [2689752 2021-03-19] (Cisco WebEx LLC -> Cisco Webex LLC) HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation) HKLM\...\Print\Monitors\LIDIL hpzllw71: C:\WINDOWS\system32\hpzllw71.dll [53248 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\91.0.4472.106\Installer\chrmstp.exe [2021-06-21] (Google LLC -> Google LLC) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2020-04-20] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RunOnce.bat [2019-11-24] () [Datei ist nicht signiert] GroupPolicy\User: Beschränkung ? <==== ACHTUNG ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {158E5068-FD3E-4B85-BF55-9B655EB66162} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147272 2021-06-21] (Microsoft Corporation -> Microsoft Corporation) Task: {1636C9E4-BEBD-411F-8831-9EBB2AB0F2DA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-09] (Google LLC -> Google LLC) Task: {3B543D2D-97A7-4F1A-B0F7-47F2A992CFF0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5310392 2021-06-09] (Microsoft Corporation -> Microsoft Corporation) Task: {3E38B143-380D-40D5-8D3E-D98233654FAF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-17] (Dropbox, Inc -> Dropbox, Inc.) Task: {4027AD33-4357-48C2-8CE6-6246B49E081B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5310392 2021-06-09] (Microsoft Corporation -> Microsoft Corporation) Task: {45CD0526-278C-4839-9F54-FD4055F505BF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.) Task: {484700F7-99C2-4F82-AB3B-EB0970DAA114} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617584 2020-04-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {48AA6DE0-8896-4B6D-9072-7DA5AA28C544} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-12-09] (Google LLC -> Google LLC) Task: {48CA9F88-C232-47CE-B088-22E4690211E0} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758224 2021-04-25] (Lenovo -> ) Task: {6FDBC431-B5D2-43B7-A810-ADC1EA3346B0} - System32\Tasks\TVT\TVSUUpdateTask_UserLogOn => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [1758224 2021-04-25] (Lenovo -> ) Task: {758B6A23-DD18-46D9-9F5A-12CE3CFEBED9} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-17] (Dropbox, Inc -> Dropbox, Inc.) Task: {8181BD6F-4B27-49E6-A0B1-4A52B195F589} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3617584 2020-04-08] (Realtek Semiconductor Corp. -> Realtek Semiconductor) Task: {8D4B51B6-D864-489D-A25C-56B2A71F697C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23180136 2021-06-21] (Microsoft Corporation -> Microsoft Corporation) Task: {8D8A3305-5F3B-4361-A9EA-7EC08F4E647E} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe Task: {9595EBFA-B2C1-4E02-AEA3-77B5B16FF5A9} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [690616 2021-06-21] (Mozilla Corporation -> Mozilla Foundation) Task: {BB39C7A1-A183-46E3-A29E-F8AB9C6F93CC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23180136 2021-06-21] (Microsoft Corporation -> Microsoft Corporation) Task: {C4547A1A-3D6B-40FB-BD65-DB3778961267} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [147272 2021-06-21] (Microsoft Corporation -> Microsoft Corporation) Task: {C7E4F796-9491-438E-A2FF-599B34405507} - System32\Tasks\Lenovo Power Management Driver PnP Task => C:\Windows\System32\ibmpmsvc.exe [949632 2019-12-11] (Lenovo -> Lenovo.) Task: {C9EC1E2B-6271-40B8-A3CA-C1D458B21D37} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [62136 2021-04-20] (Lenovo -> ) Task: {D5E4417F-703D-4A3E-AFBC-6E1D8AF243AB} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4082248 2021-06-09] (Microsoft Corporation -> Microsoft Corporation) Task: {EBEF7E82-BFD9-49A7-BCD1-6ED87EC567AB} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [112824 2021-04-20] (Lenovo -> Lenovo) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{0e07739f-1361-4067-aba2-e089c867fe67}: [DhcpNameServer] 192.168.0.1 Edge: ======= DownloadDir: C:\Users\Max\Downloads Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden] Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden] Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden] Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden] Edge DefaultProfile: Default Edge Profile: C:\Users\Max\AppData\Local\Microsoft\Edge\User Data\Default [2021-06-21] Edge DownloadDir: Default -> C:\Users\Max\Downloads Edge Extension: (Citavi Picker) - C:\Users\Max\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mielbhbkcliienpdicphhecpodcaeefg [2021-06-07] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] Edge HKLM-x32\...\Edge\Extension: [mielbhbkcliienpdicphhecpodcaeefg] FireFox: ======== FF DefaultProfile: 9jbhxvt6.default FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\9jbhxvt6.default [2020-01-17] FF ProfilePath: C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release [2021-06-21] FF DownloadDir: C:\Users\Max\Downloads FF Session Restore: Mozilla\Firefox\Profiles\8nufa7ue.default-release -> ist aktiviert. FF Extension: (AdBlocker Ultimate) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\adblockultimate@adblockultimate.net.xpi [2020-12-07] FF Extension: (German Dictionary, extended for Austria) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\de-AT@dictionaries.addons.mozilla.org.xpi [2020-04-20] FF Extension: (German Dictionary (Switzerland)) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\de-CH@dictionaries.addons.mozilla.org.xpi [2020-04-20] FF Extension: (German Dictionary) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\de-DE@dictionaries.addons.mozilla.org.xpi [2020-04-20] FF Extension: (Ghostery – Datenschutzorientierter Werbeblocker) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\firefox@ghostery.com.xpi [2021-03-03] FF Extension: (Webmail Ad Blocker) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\gmailnoads@mywebber.com.xpi [2020-09-16] FF Extension: (Dizionario italiano) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\it-IT@dictionaries.addons.mozilla.org.xpi [2021-01-03] FF Extension: (AdBlocker for YouTube™) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2021-05-18] FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\langpack-de@firefox.mozilla.org.xpi [2021-06-07] FF Extension: (English (GB) Language Pack) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2021-06-07] FF Extension: (Italiano (IT) Language Pack) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\langpack-it@firefox.mozilla.org.xpi [2021-06-07] FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\marcoagpinto@mail.telepac.pt.xpi [2021-05-31] FF Extension: (Citavi Picker) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2021-04-27] FF Extension: (Feedbro) - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\8nufa7ue.default-release\Extensions\{a9c2ad37-e940-4892-8dce-cd73c6cbbc0c}.xpi [2021-04-27] FF Extension: (Citavi Picker) - C:\Program Files\Mozilla Firefox\distribution\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2018-09-11] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei] FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei] FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-05] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [Keine Datei] FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [Keine Datei] FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-05-28] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-2427878849-3710110941-1615752764-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei] FF Plugin HKU\S-1-5-21-2427878849-3710110941-1615752764-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei] FF Plugin HKU\S-1-5-21-2427878849-3710110941-1615752764-1001: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei] Chrome: ======= CHR Profile: C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default [2020-12-09] CHR Extension: (Präsentationen) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-12-09] CHR Extension: (Docs) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-12-09] CHR Extension: (Google Drive) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-12-09] CHR Extension: (YouTube) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-12-09] CHR Extension: (Tabellen) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-12-09] CHR Extension: (Google Docs Offline) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-12-09] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-12-09] CHR Extension: (Google Mail) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-12-09] CHR Extension: (Chrome Media Router) - C:\Users\Max\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-12-09] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] ==================== Dienste (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9056672 2021-06-09] (Microsoft Corporation -> Microsoft Corporation) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-17] (Dropbox, Inc -> Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2020-01-17] (Dropbox, Inc -> Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44328 2021-06-10] (Dropbox, Inc -> Dropbox, Inc.) R2 FirmwareUpdaterService; C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\FirmwareUpdaterService.exe [108800 2017-05-03] (Intel(R) MBIM Toolkit -> ) R2 IntelModemAuthenticator; C:\Program Files (x86)\Sierra Wireless Inc\LENOVO MBIM Toolkit\IntelModemAuthenticator.exe [57096 2017-05-03] (Intel(R) Modem Authenticator -> Intel Mobile Communications) S2 LPlatSvc; C:\WINDOWS\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7391408 2021-06-21] (Malwarebytes Inc -> Malwarebytes) R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] S3 OfficeSvcManagerAddons; C:\Windows\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [21312 2020-11-05] (Microsoft Windows -> Microsoft Corporation) R2 PDF24; C:\Program Files\PDF24\pdf24.exe [564416 2021-02-19] (geek software GmbH -> geek software GmbH) R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [Datei ist nicht signiert] R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [308056 2021-04-27] (Sophos Ltd -> Sophos Limited) R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [216672 2021-04-27] (Sophos Ltd -> Sophos Limited) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5393304 2021-06-21] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SntpService; C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe [4927592 2020-09-06] (Sophos Ltd -> Sophos Limited) R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [767288 2021-02-16] (Sophos Ltd -> Sophos Limited) R2 Sophos Endpoint Defense Service; C:\Program Files\Sophos\Endpoint Defense\SEDService.exe [3560208 2021-02-16] (Sophos Ltd -> Sophos Limited) R2 Sophos System Protection Service; C:\Program Files\Sophos\Endpoint Defense\SSPService.exe [11330656 2021-02-16] (Sophos Ltd -> Sophos Limited) R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [351336 2020-10-22] (Sophos Ltd -> Sophos Limited) R2 SwiService; C:\Program Files\Sierra Wireless Inc\Utils\SwiService.exe [1551864 2017-05-03] (Sierra Wireless, Inc -> Sierra Wireless, Inc.) R2 swi_filter; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_filter.exe [483680 2021-04-27] (Sophos Ltd -> Sophos Limited) R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3608056 2021-04-27] (Sophos Ltd -> Sophos Limited) R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_700aca387f1cbd51\driver\TPHKLOAD.exe [465200 2020-12-28] (Lenovo -> Lenovo Group Limited) R2 valWBFPolicyService; C:\WINDOWS\system32\valWBFPolicyService.exe [77792 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) R2 valWbioSyncSvc; C:\WINDOWS\system32\valWbioSyncSvc.exe [48608 2018-04-25] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\NisSrv.exe [3206472 2020-01-17] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1911.3-0\MsMpEng.exe [103376 2020-01-17] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.) R3 BcmNfcIc; C:\WINDOWS\system32\DRIVERS\BcmNfcIc.sys [140112 2016-03-18] (Broadcom Corporation -> Broadcom Corporation.) S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert] R3 CM3218x; C:\WINDOWS\System32\drivers\WUDFRd.sys [315392 2019-12-07] (Microsoft Windows -> Microsoft Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [199128 2021-06-21] (Malwarebytes Inc -> Malwarebytes) S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [31744 2017-04-28] (Microsoft Windows Hardware Compatibility Publisher -> Intel Mobile Communications) S3 ldiagio; C:\Program Files\Lenovo\Lenovo Diagnostics Tool\ldiagio.sys [39048 2019-08-10] (Lenovo -> Lenovo Group Limited (R)) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [220752 2021-06-21] (Malwarebytes Inc -> Malwarebytes) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-06-21] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198888 2021-06-21] (Malwarebytes Inc -> Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [69016 2021-06-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-21] (Malwarebytes Inc -> Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [156880 2021-06-21] (Malwarebytes Inc -> Malwarebytes) R0 PMDRVS; C:\WINDOWS\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.) R1 SAVOnAccess; C:\WINDOWS\System32\DRIVERS\savonaccess.sys [216280 2020-09-06] (Sophos Ltd -> Sophos Limited) S3 sdcfilter; C:\WINDOWS\system32\DRIVERS\sdcfilter.sys [38144 2020-01-17] (Sophos Limited -> Sophos Limited) R1 SMIDriverGen; C:\WINDOWS\system32\DRIVERS\smi.sys [31440 2018-04-25] (Synaptics Inc. -> Synaptics Incorporated) R1 sntp; C:\WINDOWS\system32\DRIVERS\sntp.sys [227152 2020-09-06] (Sophos Ltd -> Sophos Limited) S0 Sophos ELAM; C:\WINDOWS\System32\DRIVERS\SophosEL.sys [22152 2020-09-06] (Microsoft Windows Early Launch Anti-Malware Publisher -> Sophos Limited) R0 Sophos Endpoint Defense; C:\WINDOWS\System32\DRIVERS\SophosED.sys [1246792 2021-02-16] (Sophos Ltd -> Sophos Limited) S4 SophosBootDriver; C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys [45840 2020-01-17] (Sophos Limited -> Sophos Limited) R1 swi_callout; C:\WINDOWS\system32\DRIVERS\swi_callout.sys [47760 2020-01-17] (Sophos Limited -> Sophos Limited) S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74048 2020-12-10] (Cisco Systems, Inc. -> Cisco Systems, Inc.) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [45664 2020-01-17] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [355760 2020-01-17] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54192 2020-01-17] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2021-06-21 23:15 - 2021-06-21 23:15 - 000001634 _____ C:\Users\Max\Desktop\MBAM.txt 2021-06-21 23:02 - 2021-06-21 23:02 - 000069016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2021-06-21 23:01 - 2021-06-21 23:01 - 000198888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2021-06-21 23:01 - 2021-06-21 23:01 - 000156880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2021-06-21 22:55 - 2021-06-21 22:55 - 000220752 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2021-06-21 22:53 - 2021-06-21 22:53 - 000039648 _____ C:\Users\Max\Downloads\Shortcut.txt 2021-06-21 22:52 - 2021-06-21 22:53 - 000032053 _____ C:\Users\Max\Downloads\Addition.txt 2021-06-21 22:50 - 2021-06-21 23:19 - 000031475 _____ C:\Users\Max\Downloads\FRST.txt 2021-06-21 22:49 - 2021-06-21 23:19 - 000000000 ____D C:\FRST 2021-06-21 22:48 - 2021-06-21 22:48 - 002300416 _____ (Farbar) C:\Users\Max\Downloads\FRST64.exe 2021-06-21 22:41 - 2021-06-21 22:41 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2021-06-21 22:37 - 2021-06-21 22:37 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2021-06-21 22:37 - 2021-06-21 22:37 - 000199128 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2021-06-21 22:37 - 2021-06-21 22:37 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys 2021-06-21 22:37 - 2021-06-21 22:37 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2021-06-21 22:37 - 2021-06-21 22:37 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2021-06-21 22:37 - 2021-06-21 22:37 - 000002028 _____ C:\ProgramData\Desktop\Malwarebytes.lnk 2021-06-21 22:37 - 2021-06-21 22:37 - 000000000 ____D C:\Users\Max\AppData\Local\mbam 2021-06-21 22:37 - 2021-06-21 22:37 - 000000000 ____D C:\ProgramData\Malwarebytes 2021-06-21 22:36 - 2021-06-21 22:36 - 002094168 _____ (Malwarebytes) C:\Users\Max\Downloads\MBSetup.exe 2021-06-21 22:36 - 2021-06-21 22:36 - 000000000 ____D C:\Program Files\Malwarebytes 2021-06-21 22:34 - 2021-06-21 22:39 - 000000000 ____D C:\AdwCleaner 2021-06-21 22:33 - 2021-06-21 22:33 - 008534696 _____ (Malwarebytes) C:\Users\Max\Downloads\adwcleaner_8.2(1).exe 2021-06-21 22:23 - 2021-06-21 22:23 - 008534696 _____ (Malwarebytes) C:\Users\Max\Downloads\adwcleaner_8.2.exe 2021-06-21 22:19 - 2021-06-21 22:29 - 000000000 ____D C:\Users\Max\AppData\Roaming\Geek Uninstaller 2021-06-21 22:18 - 2021-06-21 22:18 - 002665275 _____ C:\Users\Max\Downloads\geek.zip 2021-06-21 22:17 - 2021-06-21 22:30 - 000000000 ____D C:\Users\Public\Documents\Ashampoo 2021-06-21 22:17 - 2021-06-21 22:30 - 000000000 ____D C:\ProgramData\Documents\Ashampoo 2021-06-21 22:17 - 2021-06-21 22:17 - 000000000 ____D C:\Users\Max\AppData\Local\Ashampoo 2021-06-21 22:15 - 2021-06-21 22:15 - 012752496 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Max\Downloads\ashampoo_uninstaller_free_31187.exe 2021-06-21 22:15 - 2021-06-21 22:15 - 000000000 ____D C:\Program Files (x86)\Ashampoo 2021-06-21 21:59 - 2021-06-21 22:54 - 000000000 ____D C:\Program Files\Mozilla Firefox 2021-06-21 10:05 - 2021-06-21 10:05 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2021-06-21 10:05 - 2021-06-21 10:05 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2021-06-21 10:05 - 2021-06-21 10:05 - 001314120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2021-06-21 10:05 - 2021-06-21 10:05 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2021-06-21 10:05 - 2021-06-21 10:05 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2021-06-21 10:05 - 2021-06-21 10:05 - 000011353 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2021-06-21 10:04 - 2021-06-21 10:04 - 002260480 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll 2021-06-21 10:04 - 2021-06-21 10:04 - 001864192 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll 2021-06-21 10:04 - 2021-06-21 10:04 - 001823792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2021-06-21 10:04 - 2021-06-21 10:04 - 001393496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2021-06-21 10:04 - 2021-06-21 10:04 - 000657464 _____ C:\WINDOWS\system32\WindowManagementAPI.dll 2021-06-21 10:04 - 2021-06-21 10:04 - 000468440 _____ C:\WINDOWS\SysWOW64\WindowManagementAPI.dll 2021-06-21 10:04 - 2021-06-21 10:04 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2021-06-21 10:04 - 2021-06-21 10:04 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2021-06-21 10:04 - 2021-06-21 10:04 - 000097280 _____ C:\WINDOWS\system32\Drivers\cimfs.sys 2021-06-21 10:03 - 2021-06-21 10:03 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2021-06-21 10:03 - 2021-06-21 10:03 - 000287232 _____ C:\WINDOWS\system32\CoreMas.dll 2021-06-21 10:03 - 2021-06-21 10:03 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe 2021-06-21 09:53 - 2021-06-21 09:53 - 000002548 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2021-06-21 09:53 - 2021-06-21 09:53 - 000002544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2021-06-21 09:53 - 2021-06-21 09:53 - 000002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2021-06-21 09:53 - 2021-06-21 09:53 - 000002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk 2021-06-21 09:53 - 2021-06-21 09:53 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2021-06-21 09:53 - 2021-06-21 09:53 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2021-06-21 09:53 - 2021-06-21 09:53 - 000002462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk 2021-06-21 09:53 - 2021-06-21 09:53 - 000002434 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2021-06-21 09:53 - 2021-06-21 09:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2021-06-21 09:45 - 2021-06-21 09:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2021-06-20 11:29 - 2021-06-20 11:29 - 000546389 _____ C:\Users\Max\Downloads\2UniWiND-Spezial_final_online.pdf 2021-06-10 00:37 - 2021-06-10 00:37 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2021-06-10 00:37 - 2021-06-10 00:37 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2021-06-10 00:37 - 2021-06-10 00:37 - 000047600 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2021-06-10 00:37 - 2021-06-10 00:37 - 000044328 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2021-06-08 18:31 - 2021-06-08 18:31 - 000985582 _____ C:\Users\Max\Downloads\Max launches CharITy 2021 campaign - ECB intranet.pdf 2021-06-08 12:57 - 2021-06-08 12:57 - 000428830 _____ C:\Users\Max\Desktop\Tipps und Tricks_Berufseinstieg Wirtschaft.pdf 2021-06-08 12:57 - 2021-06-08 12:57 - 000367311 _____ C:\Users\Max\Desktop\Reflexionsfragen Kompetenzen.pdf 2021-06-08 09:19 - 2021-06-08 09:19 - 000391953 _____ C:\Users\Max\Downloads\Arbeitsblatt Überfachliche Kompetenzen.pdf 2021-06-06 13:54 - 2021-06-06 13:54 - 000059076 _____ C:\Users\Max\Downloads\Finanzreport_Nr._05_per_01.06.20215E744D.pdf 2021-06-03 18:06 - 2021-06-03 18:06 - 000000000 ____D C:\Program Files (x86)\Lenovo 2021-05-25 12:52 - 2021-05-25 12:52 - 005780545 _____ C:\Users\Max\Downloads\bgbl157s0088_29387(1).pdf ==================== Ein Monat (geänderte) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2021-06-21 23:00 - 2020-11-05 23:47 - 000749430 _____ C:\WINDOWS\system32\perfh007.dat 2021-06-21 23:00 - 2020-11-05 23:47 - 000154624 _____ C:\WINDOWS\system32\perfc007.dat 2021-06-21 23:00 - 2020-11-05 23:16 - 001722792 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2021-06-21 23:00 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2021-06-21 22:57 - 2020-01-17 18:29 - 000000000 ____D C:\ProgramData\Mozilla 2021-06-21 22:56 - 2020-01-17 18:29 - 000000000 ____D C:\Users\Max\AppData\LocalLow\Mozilla 2021-06-21 22:55 - 2020-01-21 12:07 - 000000000 ___RD C:\Users\Max\Dropbox 2021-06-21 22:55 - 2020-01-17 20:02 - 000000000 ___RD C:\Users\Max\OneDrive - Bucerius Law School gGmbH 2021-06-21 22:55 - 2020-01-17 16:34 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2021-06-21 22:55 - 2020-01-17 16:34 - 000000000 __SHD C:\Users\Max\IntelGraphicsProfiles 2021-06-21 22:55 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2021-06-21 22:54 - 2020-11-05 23:15 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2021-06-21 22:54 - 2020-11-05 23:06 - 000008192 ___SH C:\DumpStack.log.tmp 2021-06-21 22:54 - 2020-01-17 18:29 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2021-06-21 22:54 - 2020-01-17 16:27 - 000000000 ____D C:\ProgramData\Synaptics 2021-06-21 22:54 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState 2021-06-21 22:54 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2021-06-21 22:41 - 2020-01-17 18:29 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2021-06-21 22:40 - 2020-01-17 19:36 - 000000000 ____D C:\Users\Max\Documents\Citavi 6 2021-06-21 22:39 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Registration 2021-06-21 22:37 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2021-06-21 22:08 - 2019-03-19 06:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2021-06-21 19:47 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2021-06-21 19:47 - 2019-12-03 20:30 - 000000000 ____D C:\Users\Max\AppData\Local\Packages 2021-06-21 17:47 - 2020-11-05 23:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2021-06-21 10:38 - 2020-01-17 16:23 - 000000000 ____D C:\Users\Max\AppData\Local\PlaceholderTileLogoFolder 2021-06-21 10:20 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2021-06-21 10:18 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2021-06-21 10:16 - 2020-11-05 23:06 - 000439016 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2021-06-21 10:14 - 2019-12-07 16:49 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection 2021-06-21 10:14 - 2019-12-07 16:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB 2021-06-21 10:14 - 2019-12-07 16:45 - 000000000 ____D C:\WINDOWS\en-GB 2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog 2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV 2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE 2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV 2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE 2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism 2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2021-06-21 10:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2021-06-21 10:11 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2021-06-21 10:04 - 2019-12-03 21:26 - 000414020 __RSH C:\bootmgr 2021-06-21 09:52 - 2020-01-17 20:40 - 000000000 ____D C:\Program Files\Microsoft Office 2021-06-21 09:51 - 2020-12-09 14:02 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2021-06-21 09:50 - 2020-02-01 17:34 - 000002143 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2021-06-21 09:48 - 2020-06-21 00:47 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2021-06-21 09:45 - 2020-01-17 19:55 - 000000000 ____D C:\Program Files (x86)\Dropbox 2021-06-20 11:30 - 2020-11-05 23:15 - 000003384 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2427878849-3710110941-1615752764-1001 2021-06-20 11:30 - 2020-11-05 23:08 - 000002412 _____ C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2021-06-09 16:34 - 2020-02-29 14:36 - 000000000 ____D C:\WINDOWS\TempInst 2021-06-09 14:09 - 2020-01-17 18:01 - 000000000 ____D C:\WINDOWS\system32\MRT 2021-06-09 14:05 - 2020-01-17 18:00 - 132447432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2021-06-08 12:57 - 2020-09-14 09:33 - 000000000 ____D C:\Users\Max\Documents\Zoom 2021-06-06 15:08 - 2021-02-05 17:13 - 000000000 ____D C:\Users\Max\AppData\Roaming\Signal 2021-06-04 11:53 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2021-06-03 20:02 - 2019-11-27 23:32 - 000000000 ____D C:\ProgramData\Lenovo 2021-06-03 18:06 - 2020-11-05 23:15 - 000000000 ____D C:\WINDOWS\system32\Tasks\TVT 2021-06-03 18:06 - 2020-01-25 14:24 - 000002640 _____ C:\WINDOWS\SysWOW64\InstallUtil.InstallLog 2021-06-03 18:06 - 2019-11-27 23:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo ==================== SigCheck ============================ (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) ==================== Ende von FRST.txt ======================== Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-06-2021 durchgeführt von Max (21-06-2021 23:21:03) Gestartet von C:\Users\Max\Downloads Windows 10 Pro Version 2004 19041.1052 (X64) (2020-11-05 21:15:36) Start-Modus: Normal ========================================================== ==================== Konten: ============================= Administrator (S-1-5-21-2427878849-3710110941-1615752764-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2427878849-3710110941-1615752764-503 - Limited - Disabled) Max (S-1-5-21-2427878849-3710110941-1615752764-1001 - Administrator - Enabled) => C:\Users\Max Guest (S-1-5-21-2427878849-3710110941-1615752764-501 - Limited - Disabled) SophosSAUDESKTOP-4Q0 (S-1-5-21-2427878849-3710110941-1615752764-1005 - Limited - Enabled) SophosSAUDESKTOP-4Q1 (S-1-5-21-2427878849-3710110941-1615752764-1010 - Limited - Enabled) WDAGUtilityAccount (S-1-5-21-2427878849-3710110941-1615752764-504 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Sophos Anti-Virus (Enabled - Up to date) {8E0623B8-CF1C-DFFE-CEA3-AA41BDA4B8EE} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) 64 Bit HP CIO Components Installer (HKLM\...\{FF21C3E6-97FD-474F-9518-8DCBE94C2854}) (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.005.20048 - Adobe Systems Incorporated) Beamdog Client (HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\...\beamdogClient) (Version: 2.1.11 - Beamdog) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.9.05042 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{EA407530-0BF1-47CA-B953-1C395BBDBB63}) (Version: 4.9.05042 - Cisco Systems, Inc.) Hidden Cisco Webex Meetings (HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\...\ActiveTouchMeetingClient) (Version: 41.1.3 - Cisco Webex LLC) Citavi 6 (HKLM-x32\...\{6A331045-8FF4-4BC9-9C56-E593ACAE28C2}) (Version: 6.8.0.0 - Swiss Academic Software) Deutsch - Custom (HKLM\...\{594EB8AC-D64C-46A6-BCAA-463695961609}) (Version: 1.0.3.40 - Max) Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.6.5.1 - Dolby Laboratories Inc) Dropbox (HKLM-x32\...\Dropbox) (Version: 124.4.4912 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.459.1 - Dropbox, Inc.) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 91.0.4472.106 - Google LLC) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.5126 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel(R) Corporation) Hidden Intel® PROSet/Wireless Software (HKLM-x32\...\{a2caa706-dce2-4c91-8d46-b52a3c260b20}) (Version: 21.10.1 - Intel Corporation) Lenovo Diagnostics Tool (HKLM\...\{01ADF966-E3BA-40DC-9037-E90BBA9ED50E}) (Version: 4.31.1 - Lenovo) Lenovo System Update (HKLM-x32\...\TVSU_is1) (Version: 5.07.0124 - Lenovo) Malwarebytes version 4.4.0.117 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.0.117 - Malwarebytes) Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.14131.20162 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 91.0.864.54 - Microsoft Corporation) Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 91.0.864.54 - Microsoft Corporation) Microsoft Keyboard Layout Creator 1.4 (HKLM-x32\...\{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}) (Version: 1.4.6000 - Microsoft Corp.) Microsoft OneDrive (HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\...\OneDriveSetup.exe) (Version: 21.114.0606.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{A0E1B43D-5F4A-46AF-9925-ABA3423325DC}) (Version: 2.77.0.0 - Microsoft Corporation) Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation) Mozilla Firefox 89.0.1 (x64 en-GB) (HKLM\...\Mozilla Firefox 89.0.1 (x64 en-GB)) (Version: 89.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 72.0.1 - Mozilla) OBS Studio (HKLM-x32\...\OBS Studio) (Version: 25.0.4 - OBS Project) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20162 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14131.20162 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.14131.20012 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenAL 1.1 Core PC SDK (ver 3.05) (HKLM-x32\...\InstallShield_{1C10D0D6-AF1A-48B8-9BF7-52A2BB014E0C}) (Version: 3.05 - Creative Labs) PDF24 Creator 10.0.11 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 10.0.11 - PDF24.org) Photosmart and Deskjet Drivers 14.0 Rel. A (HKLM\...\{F58E1340-3FD5-40B8-A07C-4893CFC29749}) (Version: 14.0 - HP) Realtek PC Camera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10252 - Realtek Semiconductor Corp.) RoomSketcher (HKLM-x32\...\RoomSketcher 1.0) (Version: 1.0 - RoomSketcher) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP) Sierra Wireless EM7345 4G LTE Software (HKLM-x32\...\SWIIntelDrvInstaller) (Version: 2.36.10970.4674 - Sierra Wireless) Signal 5.3.0 (HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 5.3.0 - Open Whisper Systems) Sophos Anti-Virus (HKLM-x32\...\{84748F71-7BF1-4F73-9340-D0785F4B0197}) (Version: 10.8.11.22 - Sophos Limited) Sophos AutoUpdate (HKLM-x32\...\{644ADF05-0B2E-452C-B720-3CF1580A9368}) (Version: 5.17.243.0 - Sophos Limited) Sophos Endpoint Defense (HKLM\...\Sophos Endpoint Defense) (Version: 2.2.6.8672 - Sophos Limited) Sophos Network Threat Protection (HKLM\...\{4B1F9009-CD85-43C0-BCBD-D491908D5A52}) (Version: 1.9.2235.0 - Sophos Limited) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.142 - Synaptics Incorporated) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.2.0.34161 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 3.0.11 - VideoLAN) Zoom (HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\...\ZoomUMX) (Version: 5.6.1 (617) - Zoom Video Communications, Inc.) Packages: ========= Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-01-17] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-01-17] (Microsoft Corporation) [MS Ad] ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-2427878849-3710110941-1615752764-1001_Classes\CLSID\{04271989-C4D2-E6BA-4D30-28289A6D0EA8} -> [OneDrive - Bucerius Law School gGmbH] => C:\Users\Max\OneDrive - Bucerius Law School gGmbH [2020-01-17 20:02] CustomCLSID: HKU\S-1-5-21-2427878849-3710110941-1615752764-1001_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\Max\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC) CustomCLSID: HKU\S-1-5-21-2427878849-3710110941-1615752764-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Max\Dropbox [2020-01-21 12:07] ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers1: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2021-04-27] (Sophos Ltd -> Sophos Limited) ContextMenuHandlers2: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2021-04-27] (Sophos Ltd -> Sophos Limited) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-21] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers4: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2021-04-27] (Sophos Ltd -> Sophos Limited) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll [2021-05-11] (Dropbox, Inc -> Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2021-06-21] (Malwarebytes Corporation -> Malwarebytes) ContextMenuHandlers6: [SavShellExt] -> {A3A1D8A1-006D-4B93-BA27-6F6B4C9C4F1D} => C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavShellExtX64.dll [2021-04-27] (Sophos Ltd -> Sophos Limited) ==================== Codecs (Nicht auf der Ausnahmeliste) ==================== ==================== Verknüpfungen & WMI ======================== ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============= 2020-02-09 14:44 - 2020-02-09 14:44 - 000007680 _____ (Max) [Datei ist nicht signiert] C:\WINDOWS\system32\Layout01.dll 2012-09-15 06:08 - 2012-09-15 06:08 - 000015360 _____ (Hewlett-Packard Co.) [Datei ist nicht signiert] C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc 2011-04-29 19:08 - 2011-04-29 19:08 - 000048128 _____ (Hewlett-Packard Co.) [Datei ist nicht signiert] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc 2010-08-06 11:15 - 2010-08-06 11:15 - 000071680 _____ (Hewlett-Packard) [Datei ist nicht signiert] c:\windows\system32\hpzinw12.dll 2010-08-06 11:15 - 2010-08-06 11:15 - 000089600 _____ (Hewlett-Packard) [Datei ist nicht signiert] c:\windows\system32\hpzipm12.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ======== ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SntpService => ""="service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ================= ==================== Internet Explorer (Nicht auf der Ausnahmeliste) ========== BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-05-05] (Microsoft Corporation -> Microsoft Corporation) BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\x64\SwissAcademic.Citavi.IEPicker.DLL [2021-01-11] (Swiss Academic Software -> Swiss Academic Software) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-05-05] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\SwissAcademic.Citavi.IEPicker.DLL [2021-01-11] (Swiss Academic Software -> Swiss Academic Software) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-06-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-06-09] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-06-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-06-09] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-06-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-06-09] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-06-09] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-06-09] (Microsoft Corporation -> Microsoft Corporation) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE trusted site: HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\...\sharepoint.com -> hxxps://lawschoolde-files.sharepoint.com ==================== Hosts Inhalt: ========================= (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Andere Bereiche =========================== (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\Control Panel\Desktop\\Wallpaper -> c:\users\Max\appdata\roaming\mozilla\firefox\desktop-hintergrund.bmp DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) HKLM\...\StartupApproved\Run32: => "HP Software Update" HKU\S-1-5-21-2427878849-3710110941-1615752764-1001\...\StartupApproved\Run: => "CiscoMeetingDaemon" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{74714A56-EFCC-4336-B4A2-4AC212CD1B70}] => (Allow) C:\Users\Max\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{D08A6276-C0E8-41A5-B981-25745326B852}] => (Allow) C:\Users\Max\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{D8D91721-9FE5-4919-8517-57FCB870A388}] => (Allow) C:\Users\Max\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{32A6B63C-6088-400A-8C0A-1E26EFC99627}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (Intel Corporation -> ) FirewallRules: [UDP Query User{EA7E2975-0250-41DB-A127-4D7A4FF6F0DF}C:\users\Max\appdata\local\beamdogclient\app-2.1.11\beamdog client.exe] => (Block) C:\users\Max\appdata\local\beamdogclient\app-2.1.11\beamdog client.exe (Beamdog -> Beamdog) FirewallRules: [TCP Query User{A29C9CD2-8A05-4BA2-9B29-ED4EB53122CA}C:\users\Max\appdata\local\beamdogclient\app-2.1.11\beamdog client.exe] => (Block) C:\users\Max\appdata\local\beamdogclient\app-2.1.11\beamdog client.exe (Beamdog -> Beamdog) FirewallRules: [{37E5A92B-25CE-4EB9-BA9C-D488A3412469}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei FirewallRules: [{FD31248D-DBB0-4B11-A497-926FD7EE061B}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei FirewallRules: [{7CE423D4-FB42-4A7C-989A-C302ADE11696}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei FirewallRules: [{72749B85-B7BD-4F4F-99F6-ADB4239A11E4}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{AC432C7D-55BA-4925-AFFE-3F7A02BCEAC2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{40FA0B9E-F71F-4694-8C96-767B87A5FC7C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{60464225-1D31-4C1E-8A02-08930F855A08}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{04CE9B25-FF85-40BD-8B09-9AE2BBE865C6}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{9CB86E01-AD09-413D-8881-F1CDEC1B4BFB}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{CD17641E-DA5F-408A-824E-9300B8A76A28}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{7177A62E-5F16-45F2-8DFE-B91486123EC0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{3848EA9F-0655-48EE-B717-E0874AFAB06C}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> ) FirewallRules: [{1735B123-8DC1-44D0-BF35-3AA271BEC522}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe (Lenovo -> ) FirewallRules: [{4C1A6493-4409-4667-86D4-B54EFC675F56}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{E7A2B54F-FA14-4DAE-B891-F5007741F0F2}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.) FirewallRules: [{CF89C3BC-DEC3-4433-8381-F2E5485D8B25}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\91.0.864.54\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{084708B0-D040-4301-9CF7-10DECBDE29B8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{1706BBB9-6B71-4BA1-A6FA-E83EE428041E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{0D91B542-9F1B-41A2-A35B-FB00EB5DD853}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{112EFF68-1792-4743-A319-96C90226D0EB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{8DE9C5D9-F1A5-45EC-83D0-B6826191ACF3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.72.94.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) ==================== Wiederherstellungspunkte ========================= 04-06-2021 08:18:35 Geplanter Prüfpunkt 09-06-2021 14:20:51 Windows Modules Installer 20-06-2021 11:28:26 Windows Modules Installer ==================== Fehlerhafte Geräte im Gerätemanager ============ Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ======================== Applikationsfehler: ================== Error: (06/21/2021 11:10:27 PM) (Source: NfcwEventProvider) (EventID: 259) (User: ) Description: Event-ID 259 Error: (06/21/2021 09:45:01 AM) (Source: DbxSvc) (EventID: 281) (User: ) Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden. Error: (06/21/2021 09:45:01 AM) (Source: DbxSvc) (EventID: 281) (User: ) Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden. Error: (06/21/2021 09:43:31 AM) (Source: DbxSvc) (EventID: 281) (User: ) Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden. Error: (06/21/2021 09:43:31 AM) (Source: DbxSvc) (EventID: 281) (User: ) Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden. Error: (06/21/2021 09:41:03 AM) (Source: DbxSvc) (EventID: 281) (User: ) Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden. Error: (06/21/2021 09:41:03 AM) (Source: DbxSvc) (EventID: 281) (User: ) Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden. Error: (06/21/2021 09:39:06 AM) (Source: DbxSvc) (EventID: 281) (User: ) Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden. Systemfehler: ============= Error: (06/21/2021 10:54:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll Error: (06/21/2021 10:54:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll Error: (06/21/2021 10:54:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT) Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet. Modulpfad: C:\WINDOWS\System32\IWMSSvc.dll Error: (06/21/2021 10:39:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel Bluetooth Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/21/2021 10:39:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Sophos Anti-Virus Statusreporter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 500 Millisekunden durchgeführt: Neustart des Diensts. Error: (06/21/2021 10:39:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "BiometricSensorDataSynchronization" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/21/2021 10:39:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) PROSet/Wireless Event Log" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/21/2021 10:39:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Sophos Network Threat Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. CodeIntegrity: =============== Date: 2021-06-21 22:57:05 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Sophos\Sophos Anti-Virus\WSCClient.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2021-06-21 22:54:56 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\Layout01.dll that did not meet the Windows signing level requirements. ==================== Speicherinformationen =========================== BIOS: LENOVO GRET63WW (1.40 ) 03/27/2020 Hauptplatine: LENOVO 20A8S04800 Prozessor: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz Prozentuale Nutzung des RAM: 66% Installierter physikalischer RAM: 7879.66 MB Verfügbarer physikalischer RAM: 2640.8 MB Summe virtueller Speicher: 11207.66 MB Verfügbarer virtueller Speicher: 4989.86 MB ==================== Laufwerke ================================ Drive c: (Windows) (Fixed) (Total:475.75 GB) (Free:389.8 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)] Drive d: (System) (Fixed) (Total:0.54 GB) (Free:0.52 GB) NTFS \\?\Volume{3a864045-0000-0000-0000-501277000000}\ () (Fixed) (Total:0.65 GB) (Free:0.08 GB) NTFS ==================== MBR & Partitionstabelle ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: 3A864045) Partition 1: (Not Active) - (Size=550 MB) - (Type=07 NTFS) Partition 2: (Active) - (Size=475.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=667 MB) - (Type=27) ==================== Ende von Addition.txt ======================= Code:
ATTFilter Untersuchungsergebnis der Verknüpfungen des Benutzers (x64) Version: 20-06-2021 durchgeführt von Max (21-06-2021 23:22:19) Gestartet von C:\Users\Max\Downloads Start-Modus: Normal ==================== Verknüpfungen ============================= (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Company) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard Layout Creator 1.4.lnk -> C:\Program Files (x86)\Microsoft Keyboard Layout Creator 1.4\MSKLC.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk -> C:\Program Files\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoomSketcher.lnk -> C:\Program Files (x86)\Roomsketcher\RoomSketcher.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk -> C:\Program Files\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Endpoint Security and Control\Sophos Endpoint Security and Control.lnk -> C:\Windows\Installer\{84748F71-7BF1-4F73-9340-D0785F4B0197}\MainGUIShortcut1.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos\Sophos Endpoint Security and Control\www.sophos.de.lnk -> C:\Windows\Installer\{84748F71-7BF1-4F73-9340-D0785F4B0197}\InternetShortcut.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek\Realtek HD Audio Manager.lnk -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24\PDF24.lnk -> C:\Program Files\PDF24\pdf24-Toolbox.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Tools\Win64\EFX10ShowWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\EFX10ShowWin64.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Tools\Win32\EFX10ShowWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\EFX10ShowWin32.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\ReadMe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\readme.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\CaptureWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\CaptureWin64.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\EFXEnumerateWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\EFXEnumerateWin64.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\EFXFilterWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\EFXFilterWin64.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\EFXReverbWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\EFXReverbWin64.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\EnumerateWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\EnumerateWin64.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\PlayMultiChannelWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\PlayMultiChannelWin64.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\PlayStaticWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\PlayStaticWin64.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\PlayStreamWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\PlayStreamWin64.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\RendererWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\RendererWin64.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win64\XRamDemoWin64.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\win64\XRAMDemoWin64.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\CaptureWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\CaptureWin32.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\EFXEnumerateWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\EFXEnumerateWin32.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\EFXFilterWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\EFXFilterWin32.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\EFXReverbWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\EFXReverbWin32.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\EnumerateWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\EnumerateWin32.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\PlayMultiChannelWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\PlayMultiChannelWin32.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\PlayOggVorbisWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\PlayOggVorbisWin32.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\PlayStaticWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\PlayStaticWin32.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\PlayStreamWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\PlayStreamWin32.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\RendererWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\RendererWin32.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Examples\Win32\XRamDemoWin32.exe.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\samples\bin\Win32\XRAMDemoWin32.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Docs\Effects Extension Guide.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\docs\Effects Extension Guide.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Docs\OpenAL 1.1 Specification.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\docs\OpenAL 1.1 Specification.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Docs\OpenAL Deployment Guide.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\docs\OpenAL Deployment Guide.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAL 1.1 SDK\Docs\OpenAL Programmer's Guide.lnk -> C:\Program Files (x86)\OpenAL 1.1 SDK\docs\OpenAL Programmer's Guide.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\OBS Studio (64bit).lnk -> C:\Program Files\obs-studio\bin\64bit\obs64.exe (OBS) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio\Uninstall.lnk -> C:\Program Files\obs-studio\uninstall.exe (obsproject.com) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Aufzeichnungs-Manager von Skype for Business.lnk -> C:\Program Files\Microsoft Office\root\Office16\OcPubMgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Office-Spracheinstellungen.lnk -> C:\Program Files\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetriedashboard für Office.lnk -> C:\Program Files\Microsoft Office\root\Office16\msotd.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Telemetrieprotokoll für Office.lnk -> C:\Program Files\Microsoft Office\root\Office16\msoev.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo\System Update.lnk -> C:\Program Files (x86)\Lenovo\System Update\tvsu.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lenovo\Lenovo Diagnostics Tool\Lenovo Diagnostics Tool .lnk -> C:\Windows\Installer\{01ADF966-E3BA-40DC-9037-E90BBA9ED50E}\Start_E8CE4F44D9194AE9875368E466D56847.exe (Flexera) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Solution Center.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\Hpqdirec.exe (Hewlett-Packard Company) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Update.lnk -> C:\Program Files (x86)\HP\HP Software Update\hpwucli.exe (Hewlett-Packard) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Shop for HP Supplies.lnk -> C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe (Hewlett-Packard Development Company L.P.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\PhotoProduct.exe (Visan / RocketLife) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Photo Creations\Uninstall HP Photo Creations.lnk -> C:\Program Files (x86)\HP Photo Creations\uninst.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Deskjet D2300 series\Help.lnk -> C:\Program Files (x86)\HP\Digital Imaging\help\djprinter24.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Deskjet D2300 series\Product Support Website.lnk -> C:\Program Files (x86)\HP\Digital Imaging\HP Deskjet D2300 series\help\HP Product Support Website.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Deskjet D2300 series\Readme.lnk -> C:\Program Files (x86)\HP\Digital Imaging\help\SF_CDA_readme\readme.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby\Dolby Digital Plus.lnk -> C:\Program Files\Dolby Digital Plus\ddpe.exe (Dolby Laboratories Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 6\Citavi 6.lnk -> C:\Program Files (x86)\Citavi 6\bin\Citavi.exe (Swiss Academic Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco\Cisco AnyConnect Secure Mobility Client\Cisco AnyConnect Secure Mobility Client.lnk -> C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Game Booster.lnk -> C:\Program Files (x86)\Avira\Game Booster\Avira.GameBooster.UI.Application.exe (Avira Operations GmbH & Co. KG) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\Users\Default\Pictures\USB Drive (E) - Shortcut.lnk -> E:\ (Keine Datei) Shortcut: C:\Users\Default\Links\Desktop.lnk -> C:\Users\Max\Desktop () Shortcut: C:\Users\Default\Links\Downloads.lnk -> C:\Users\Max\Downloads () Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Max\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30 Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) Shortcut: C:\Users\Max\Pictures\USB Drive (E) - Shortcut.lnk -> E:\ (Keine Datei) Shortcut: C:\Users\Max\Links\Desktop.lnk -> C:\Users\Max\Desktop () Shortcut: C:\Users\Max\Links\Downloads.lnk -> C:\Users\Max\Downloads () Shortcut: C:\Users\Max\Desktop\Signal.lnk -> C:\Users\Max\AppData\Local\Programs\signal-desktop\Signal.exe (Open Whisper Systems) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Max\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Signal.lnk -> C:\Users\Max\AppData\Local\Programs\signal-desktop\Signal.exe (Open Whisper Systems) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Zoom.lnk -> C:\Users\Max\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc.) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30 Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cisco Webex Meetings Desktop-App\Cisco Webex Meetings.lnk -> C:\Users\Max\AppData\Local\WebEx\WebEx\Applications\ptoneclk.exe (Cisco Webex LLC) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Citavi 6.lnk -> C:\Program Files (x86)\Citavi 6\bin\Citavi.exe (Swiss Academic Software) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (2).lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Max\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word.lnk -> C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc () Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) Shortcut: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\Citavi 6.lnk -> C:\Program Files (x86)\Citavi 6\bin\Citavi.exe (Swiss Academic Software) Shortcut: C:\Users\Public\Desktop\Lenovo Diagnostics Tool .lnk -> C:\Windows\Installer\{01ADF966-E3BA-40DC-9037-E90BBA9ED50E}\Desktop_121ABE8FAE2B4955AAE9649259581E8F.exe (Flexera) Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes) Shortcut: C:\Users\Public\Desktop\PDF24.lnk -> C:\Program Files\PDF24\pdf24-Toolbox.exe () ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mouse Properties (Touchpad Clickpad Trackpad TrackPoint Mouse Pointer Pointing Pad).lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> mouse ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Database Compare.lnk -> C:\Program Files\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools\Spreadsheet Compare.lnk -> C:\Program Files\Microsoft Office\root\Client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Office16\DCF\SPREADSHEETCOMPARE.EXE" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Deskjet D2300 series\Add A Device.lnk -> C:\Program Files (x86)\HP\Digital Imaging\{F58E1340-3FD5-40B8-A07C-4893CFC29749}\hpzstub.exe (Hewlett-Packard) -> -addadevice ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Deskjet D2300 series\Product Registration.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe (Hewlett-Packard Company) -> "HP Deskjet D2300 series" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Deskjet D2300 series\Uninstall.lnk -> C:\Program Files (x86)\HP\Digital Imaging\{F58E1340-3FD5-40B8-A07C-4893CFC29749}\setup\hpzscr40.exe (Hewlett-Packard) -> -datfile hppscr20.dat -onestop ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) -> /home ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\Users\Max\Desktop\Beamdog Client.lnk -> C:\Users\Max\AppData\Local\beamdogClient\Update.exe (GitHub) -> --processStart "Beamdog Client.exe" ShortcutWithArgument: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom\Uninstall Zoom.lnk -> C:\Users\Max\AppData\Roaming\Zoom\uninstall\Installer.exe (Zoom Video Communications, Inc.) -> /uninstall ShortcutWithArgument: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools ShortcutWithArgument: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Beamdog\Beamdog Client.lnk -> C:\Users\Max\AppData\Local\beamdogClient\Update.exe (GitHub) -> --processStart "Beamdog Client.exe" ShortcutWithArgument: C:\Users\Max\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0} ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1} ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0 ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257} ShortcutWithArgument: C:\Users\Max\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL -> InternetURL: C:\Users\Default\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142 InternetURL: C:\Users\Max\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142 ==================== Ende vom Shortcut.txt ============================= Code:
ATTFilter # ------------------------------- # Malwarebytes AdwCleaner 8.2.0.0 # ------------------------------- # Build: 03-22-2021 # Database: 2021-05-17.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 06-21-2021 # Duration: 00:00:02 # OS: Windows 10 Pro # Cleaned: 2 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** No malicious folders cleaned. ***** [ Files ] ***** Deleted C:\Users\Max\Desktop\..\Downloads\VLC MEDIA PLAYER 64 BIT - CHIP-INSTALLER.EXE ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\craccoon.ch ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [2332 octets] - [21/06/2021 22:34:39] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## |
22.06.2021, 00:24 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | CRaccoon auf PC Hi,
__________________bitte das MBAM-Log posten.
__________________ |
22.06.2021, 07:19 | #3 |
| CRaccoon auf PC Hier ist es:
__________________MBAM Code:
ATTFilter Malwarebytes www.malwarebytes.com -Protokolldetails- Scan-Datum: 21.06.21 Scan-Zeit: 23:02 Protokolldatei: 08d4668c-d2d4-11eb-84f2-54ee75148588.json -Softwaredaten- Version: 4.4.0.117 Komponentenversion: 1.0.1344 Version des Aktualisierungspakets: 1.0.42053 Lizenz: Testversion -Systemdaten- Betriebssystem: Windows 10 (Build 19041.1052) CPU: x64 Dateisystem: NTFS Benutzer: DESKTOP-4Q6LNSQ\Max -Scan-Übersicht- Scan-Typ: Bedrohungs-Scan Scan gestartet von: Manuell Ergebnis: Abgeschlossen Gescannte Objekte: 330070 Erkannte Bedrohungen: 1 In die Quarantäne verschobene Bedrohungen: 1 Abgelaufene Zeit: 6 Min., 59 Sek. -Scan-Optionen- Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Erkennung PUM: Erkennung -Scan-Details- Prozess: 0 (keine bösartigen Elemente erkannt) Modul: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswert: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Daten-Stream: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Datei: 1 PUP.Optional.ChipDe, C:\$RECYCLE.BIN\S-1-5-21-2427878849-3710110941-1615752764-1001\$R8FSEHL.EXE, In Quarantäne, 630, 562568, 1.0.42053, , ame, , 35DD594663195FB1BFAD020E610133EF, A095FFF966DE98691CE679A7D3336E1CEF9A2ED217B4C7C53446A474CEA94602 Physischer Sektor: 0 (keine bösartigen Elemente erkannt) WMI: 0 (keine bösartigen Elemente erkannt) (end) |
22.06.2021, 21:06 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | CRaccoon auf PC Chip.de - noch nie davon gehört, dass dir ihre Leute verarschen? Ist/war das der einzige Funde?
__________________ Logfiles bitte immer in CODE-Tags posten |
22.06.2021, 21:39 | #5 |
| CRaccoon auf PC Ja, das war der einzige Fund. Leider war mir das bis zum Forumsbesuch hier noch so nicht bewusst. Für die Zukunft ist es mir eine Lehre… |
22.06.2021, 22:08 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | CRaccoon auf PC Störende, veraltete oder unnötige Programme deinstallieren Bitte über Programme und Features (appwiz.cpl) deinstallieren: 64 Bit HP CIO Components Installer Adobe Acrobat Reader DC - Deutsch Deutsch - Custom Google Chrome HP Customer Participation Program 14.0 HP Imaging Device Functions 14.0 HP Photo Creations HP Solution Center 14.0 HP Update Shop for HP Supplies Sophos Anti-Virus Sophos AutoUpdate Sophos Endpoint Defense Sophos Network Threat Protection VLC media player 3.0.11
__________________ --> CRaccoon auf PC |
23.06.2021, 08:19 | #7 |
| CRaccoon auf PC Danke, ist runter! |
23.06.2021, 08:23 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | CRaccoon auf PC Kontrollscans mit MBAM und RK Wir sind fast fertig. Jetzt ist es an der Zeit für Kontrollscans mit Poste nach Abschluss der beiden Scans die Logs in CODE-Tags.
__________________ Logfiles bitte immer in CODE-Tags posten |
23.06.2021, 09:01 | #9 |
| CRaccoon auf PC Hier sind sie: MBAM Code:
ATTFilter Malwarebytes www.malwarebytes.com -Protokolldetails- Scan-Datum: 23.06.21 Scan-Zeit: 09:23 Protokolldatei: e8d3ffd4-d3f3-11eb-954a-54ee75148588.json -Softwaredaten- Version: 4.4.0.117 Komponentenversion: 1.0.1344 Version des Aktualisierungspakets: 1.0.42123 Lizenz: Testversion -Systemdaten- Betriebssystem: Windows 10 (Build 19043.1052) CPU: x64 Dateisystem: NTFS Benutzer: DESKTOP-4Q6LNSQ\Max -Scan-Übersicht- Scan-Typ: Bedrohungs-Scan Scan gestartet von: Manuell Ergebnis: Abgeschlossen Gescannte Objekte: 327889 Erkannte Bedrohungen: 0 In die Quarantäne verschobene Bedrohungen: 0 Abgelaufene Zeit: 6 Min., 29 Sek. -Scan-Optionen- Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Heuristik: Aktiviert PUP: Erkennung PUM: Erkennung -Scan-Details- Prozess: 0 (keine bösartigen Elemente erkannt) Modul: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswert: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Daten-Stream: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Datei: 0 (keine bösartigen Elemente erkannt) Physischer Sektor: 0 (keine bösartigen Elemente erkannt) WMI: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter RogueKiller Anti-Malware V15.0.3.0 (x64) [Jun 15 2021] (Premium) von Adlice Software Mail : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Betriebssystem : Windows 10 (10.0.19043) 64 bits Gestartet in : Normaler Modus Benutzer : Max [Administrator] Gestartet von : C:\Program Files\RogueKiller\RogueKiller64.exe Signaturen : 20210622_084611, Treiber : Geladen Modus : Standard-Scan, Löschen -- Datum : 2021/06/23 09:58:33 (Dauer : 00:21:17) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Löschen ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ [PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\S-1-5-21-2427878849-3710110941-1615752764-1001\Software\OCS -- -> Gelöscht |
23.06.2021, 09:38 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | CRaccoon auf PCZitat:
Dann wären wir durch! Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Abschließend bitte noch einen Cleanup mit unserem TB-Cleanup-Script durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt:
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu CRaccoon auf PC |
adobe, avira, cpu, defender, entfernen, failed, firefox, google, home, iexplore.exe, internet, internet explorer, monitor, mozilla, performance, prozesse, realtek, registry, scan, security, software, svchost.exe, udp, updates, windows |