Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Avira Fund HEUR/AGEN.1124272

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Thema geschlossen
Alt 03.12.2021, 07:38   #1
Klopfer60
 
Avira Fund HEUR/AGEN.1124272 - Standard

Avira Fund HEUR/AGEN.1124272



Avira hat gestern mitten unter der Arbeit einen Fund gemeldet und auch nach der Analyse bestätigt, die Datei REBUILD.EXE wurde als HEUR/AGEN.1124272 bezeichnet, die war in einem alten Programm (BMD), das ich sowieso nicht mehr benötige. Bei virustotal haben sonst alle anderen die Datei als ungefährlich eingestuft und Malwarebytes hat bei einem Scan keine Bedrohung gefunden. Da ich das Programm sowieso nicht mehr benutze, habe ich es gelöscht (was nicht ganz einfach war, immer wieder Fehlermeldungen wegen Administratorberechtigungen beim Löschen, aber jetzt ist es wohl weg). Avira und auch Malwarebytes und adwcleaner melden nach einem Scan keinen Fund mehr. Ist das damit erledigt oder ist noch etwas zu tun?

Danke für Hilfe! P.S.: Ich bin neu und hoffe, ich mach alles richtig
und jetzt die Scans
FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 01-12-2021
durchgeführt von Hold (Administrator) auf HOLD-PC (Micro-Star International Co., Ltd MS-7B86) (03-12-2021 07:07:52)
Gestartet von C:\Users\Hold\Downloads
Geladene Profile: Hold
Plattform: Microsoft Windows 10 Home Version 20H2 19042.1348 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0360470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdlogsr.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <16>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe <3>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd. -> Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1084704 2020-05-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [331040 2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1713432 2021-09-17] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Hold\AppData\Local\Microsoft\Teams\Update.exe [2453720 2021-03-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2542440 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31176112 2021-08-24] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [Opera Browser Assistant] => C:\Users\Hold\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4105424 2021-10-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [] => [X]
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\MountPoints2: {42dc64ac-fa67-11eb-8155-001a7dda7115} - "H:\HiSuiteDownLoader.exe" 
HKLM\...\Windows x64\Print Processors\Canon MG6800 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCR.DLL [30208 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon TS5300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDFO.DLL [529408 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5300 series: C:\WINDOWS\system32\CNMLMAT.DLL [385024 2012-03-14] (CANON INC.) [Datei ist nicht signiert]
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6800 series: C:\WINDOWS\system32\CNMLMCR.DLL [406528 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP550 series: C:\WINDOWS\system32\CNMLM9Z.DLL [336896 2010-04-24] (CANON INC.) [Datei ist nicht signiert]
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS5300 series: C:\WINDOWS\system32\CNMLMFO.DLL [959488 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [355840 2011-02-01] (CANON INC.) [Datei ist nicht signiert]
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\WINDOWS\system32\cpwmon64.dll [87600 2013-10-23] (Acro Software Inc. -> )
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\96.0.4664.45\Installer\chrmstp.exe [2021-11-19] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
Startup: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2020-04-22]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Avira.lnk [2019-11-08]
ShortcutTarget: Avira.lnk -> C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Keine Datei)
Startup: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2020-10-05]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Hold\AppData\Local\Facebook\Games\FacebookGameroom.exe (Keine Datei)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {0076A310-FB48-4BF7-9078-9E2A6A62A216} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {03B9CAC4-B6A0-41EC-9259-B6323B494193} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> Keine Datei <==== ACHTUNG
Task: {040B7342-0024-4CE1-B35C-331AC4EC4C09} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2648424 2021-10-29] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {074F0BCF-D262-4943-8B7D-346CC4E1ACF7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {0B41A108-D84C-4E91-A5FF-DCC5274AFE3F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {13607C5B-F632-4BAA-B11A-6DC858AF1B99} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1627648 2020-05-20] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
Task: {153FA499-D799-4D21-B7FE-C757EFBEBF0A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {163777C8-1A69-4710-B2C8-2AC9C4FEE2B1} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {20605C4F-50AE-49B2-904E-E23F419A53B0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> Keine Datei <==== ACHTUNG
Task: {243E93C6-C42A-4012-A369-0B1BBC0BB437} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [237216 2021-11-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {243FF020-E062-4857-8BBC-5A610B8A1453} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {297F6368-E760-4DB7-98E3-B6F98B0502CE} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {38DD5971-D9C3-4221-A7BA-CDDD115BAE7A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-16] (Google LLC -> Google LLC)
Task: {398DA360-A0FF-4B1D-B8AF-4D5D88A34FDB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> Keine Datei <==== ACHTUNG
Task: {42EF6F11-9B4A-428C-BA1D-8D21660C1E2F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {44760C04-E7BC-406F-BA3E-86509300AE8B} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4E538AD1-3A04-4BAF-A971-53D32373A51F} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {4E907AD4-84BC-4307-ACF6-9E82E0968B41} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {54808A73-314E-416C-A626-0B1D66759CAD} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1673272 2021-11-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5B437BC4-0C71-4F84-9B8B-F9BB02100075} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {68F79554-6A20-4695-B959-5EA6F4876363} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [7192192 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {6A9788E1-BC0B-4511-ACD7-61277207944D} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [40880 2021-08-24] (Garmin International, Inc. -> )
Task: {6F1364A9-39BA-4297-B4BF-3387E9D12CBB} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {72C76ACE-D546-4502-B01F-DF8F77365753} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [7651984 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {78DE7A41-9A86-4C94-9A4E-655AF7FC411F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {85C24524-293C-4CA8-923A-8E47BD41A160} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {8857F712-A579-4203-A3C8-E4F6669A366D} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [28678840 2020-06-08] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {8E7662FE-F650-40A5-84DA-358C28F1CA02} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
Task: {8FD0D2E1-998E-439A-B2B0-A3DD161FFCE4} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [31904 2019-03-05] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {92580229-DF6B-4155-B490-BBC7DE267238} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1627648 2020-05-20] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
Task: {932C01F8-5455-43DD-9A8B-71BCB3E95678} - System32\Tasks\Avira_Security_Update => C:\WINDOWS\system32\net.exe [59904 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {A132A6C4-4B7C-4EFD-82D7-4A355229C854} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {A57441ED-A016-4CA4-95D0-05D7984B45E6} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B" <==== ACHTUNG
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B287C656-9F60-433E-9487-61424FD0371D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4F2D410-343C-4E0D-996E-A6DAF7B649C1} - \Microsoft\Windows\Setup\gwx\rundetector -> Keine Datei <==== ACHTUNG
Task: {BA7D26AF-140A-4C9C-916E-E701D87654F8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NoUACCheck
Task: {BECD3DD0-6BFE-4A75-BCD4-8F1D2C5D6192} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {BF263775-1C92-4E44-BEBD-15E514C1C2D6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {C0BD2686-AB02-42F9-A5BA-AE5C01C73A8D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-03-16] (Google LLC -> Google LLC)
Task: {C7D56C5D-C965-4033-A227-055219D5C869} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [6944304 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
Task: {C9D8392F-B479-4957-90E4-529F794676EE} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1627648 2020-05-20] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
Task: {CFB4AFBA-A286-4142-B3D5-CACC8F86AEB6} - System32\Tasks\Opera scheduled assistant Autoupdate 1588331751 => C:\Users\Hold\AppData\Local\Programs\Opera\launcher.exe [1753808 2021-11-23] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Hold\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {D28B5C2B-4E20-44B9-A480-318A6C13A086} - System32\Tasks\{7EBD5F35-2CFB-441A-B155-F53E9B47C259} => C:\Windows\system32\pcalua.exe -a "G:\Acrobat 8\APRO23_Win_ESD1_WWEFG.exe" -d "G:\Acrobat 8"
Task: {D6AF8F74-916F-4951-A04F-AC1283E9FF36} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4072312 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D70A2725-2B77-4914-8279-CE2CBE8C4954} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {E02B9FF8-94B0-4452-8924-73F27C5025B2} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {E8D504A5-BB36-463D-811A-2A40A7E6CF74} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {F28DD7AA-7C78-4487-98D3-8B61F83E9F2C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: {F51824DB-2BC8-43B9-BBB8-5E59A1F78240} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {F848D2AA-7194-4797-80BE-D03650521791} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2179792 2013-05-13] (Microsoft Corporation -> Microsoft)
Task: {FB25598E-F0C1-4E50-AC6A-B9AB78D93879} - System32\Tasks\Opera scheduled Autoupdate 1586608251 => C:\Users\Hold\AppData\Local\Programs\Opera\launcher.exe [1753808 2021-11-23] (Opera Software AS -> Opera Software)
Task: {FC47EB4B-6416-49E5-A588-4D42A398CD4B} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {FD2CB703-7BB6-4F61-8097-ED6ADB61E916} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138
Tcpip\..\Interfaces\{117921c0-aa1a-4711-8fc7-afe9d4de684b}: [DhcpNameServer] 10.0.0.138 10.0.0.138
Tcpip\..\Interfaces\{71ed5fbf-68cc-4197-8727-c3b123ec4794}: [DhcpNameServer] 10.0.0.138 10.0.0.138

Edge: 
=======
DownloadDir: C:\Users\Hold\Downloads
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Hold\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-26]
Edge DownloadDir: Default -> C:\Users\Hold\Downloads
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Hold\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-24]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

FireFox:
========
FF DefaultProfile: ddgha12u.default-1458347090774-1576507469294
FF ProfilePath: C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294 [2021-12-03]
FF Homepage: Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294 -> www.orf.at
FF Notifications: Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294 -> hxxps://www.youtube.com
FF Extension: (Facebook Container) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\@contain-facebook.xpi [2021-08-03]
FF Extension: (AdBlocker Ultimate) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\adblockultimate@adblockultimate.net.xpi [2021-10-07]
FF Extension: (HTTPS Everywhere) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\https-everywhere@eff.org.xpi [2021-07-15]
FF Extension: (Watermelon Surge) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{0ad3f4fd-59cf-4a55-9ded-68261e219d6c}.xpi [2021-09-10]
FF Extension: (Microsoft Office - Dark Gray) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{1c41d9fb-f904-4d38-850f-074312f06e64}.xpi [2021-10-05]
FF Extension: (Photon Colors) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{2c6c94f3-c656-41e9-aa4b-1edba5be9c21}.xpi [2021-10-05]
FF Extension: (Three Wolf Moon Shirt) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{50193c98-9eee-4b67-9244-95ced154911d}.xpi [2021-10-05]
FF Extension: (Minimalist Blue) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{623e2c8d-8986-4f2d-af27-e60982948572}.xpi [2021-10-05]
FF Extension: (ANIMATED CAT LICKING YOUR SCREEN) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{6a21e28f-b023-41bb-aad9-7db3a398599f}.xpi [2021-10-05]
FF Extension: (NoScript) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2021-07-29]
FF Extension: (Download Statusbar) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{76faaba6-3aa1-47a4-bf40-90aa2505e79c}.xpi [2019-12-17]
FF Extension: (Matte Black (Red)) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{a7589411-c5f6-41cf-8bdc-f66527d9d930}.xpi [2021-10-06]
FF Extension: (SciFi) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{a7f8e0cd-f3f4-41bb-9043-d3fc0e9e0b92}.xpi [2021-10-05]
FF Extension: (puits bleu d'infini) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{b3994f5b-c557-4b30-b0e1-1db9098f690e}.xpi [2021-09-10]
FF Extension: (Dark Fox) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{e7fe4ffe-f256-4f85-906d-072fdd698585}.xpi [2021-10-05]
FF Extension: (Kurgzsekseta) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{e8f3b919-d290-4270-b66f-29f3fdbb1986}.xpi [2021-10-05]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.13 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2019-06-11] (VideoLAN -> VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-10-05] (Adobe Inc. -> Adobe Systems Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default [2021-09-29]
CHR Extension: (Präsentationen) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-16]
CHR Extension: (Docs) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-16]
CHR Extension: (Google Drive) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-03]
CHR Extension: (YouTube) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-16]
CHR Extension: (Avira Password Manager) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-07-29]
CHR Extension: (Avira Safe Shopping) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2021-07-29]
CHR Extension: (Tabellen) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-16]
CHR Extension: (Avira Browserschutz) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2021-07-29]
CHR Extension: (Google Docs Offline) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-29]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-29]
CHR Extension: (Google Mail) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-03]
CHR Extension: (Chrome Media Router) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-29]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera: 
=======
OPR Profile: C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable [2021-10-14]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.at/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Avira Safe Shopping) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo [2021-07-28]
OPR Extension: (Rich Hints Agent) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-07-28]
OPR Extension: (Avira Password Manager) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngohaaocccbohaffogpbgfpmpgbcgccg [2021-07-29]
OPR Extension: (Free Avira Phantom VPN – Entsperrt Webseiten) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\pcgkmkjdikhiodinhloioejnpjgmfigd [2020-11-05]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1206648 2021-07-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [538000 2021-07-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [485048 2021-07-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [485048 2021-07-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [574672 2021-07-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [275320 2021-11-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [273536 2021-11-26] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncHelper.exe [3279232 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-12-02] (Malwarebytes Inc -> Malwarebytes)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\21.220.1024.0005\OneDriveUpdaterService.exe [3736424 2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
S3 ss_conn_launcher_service; C:\WINDOWS\System32\Samsung\EasySetup\ss_conn_launcher.exe [182128 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12912936 2021-11-16] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2018-05-30] (Reason Software Company Inc. -> Reason Software Company Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 acsock; C:\WINDOWS\system32\DRIVERS\acsock64.sys [300456 2021-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Cisco Systems, Inc.)
R1 AsrAppCharger; C:\WINDOWS\System32\DRIVERS\AsrAppCharger.sys [17192 2011-05-10] (ASROCK Incorporation -> Windows (R) Win 7 DDK provider)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22848 2021-07-18] (Microsoft Windows Early Launch Anti-Malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [209088 2021-10-29] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199312 2021-07-12] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [159864 2021-06-29] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-12-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-10-29] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-06-27] (Malwarebytes Inc -> Malwarebytes)
R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2020-03-18] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [221824 2016-04-24] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [43376 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R1 UimBus; C:\WINDOWS\System32\drivers\uimbus.sys [109504 2018-11-27] (Paragon Software GmbH -> Paragon Software GmbH)
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uimdevim.sys [46016 2018-11-27] (Paragon Software GmbH -> Paragon Software GmbH)
R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [701232 2015-08-26] (Paragon Software GmbH -> )
R1 Uim_VIM; C:\WINDOWS\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon Software GmbH -> Paragon)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [Datei ist nicht signiert]
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74064 2021-09-17] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; kein ImagePath
S3 NTIOLib_DVDSetup; \??\E:\NTIOLib_X64.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-12-03 07:07 - 2021-12-03 07:08 - 000040403 _____ C:\Users\Hold\Downloads\FRST.txt
2021-12-03 07:07 - 2021-12-03 07:08 - 000000000 ____D C:\FRST
2021-12-03 07:06 - 2021-12-03 07:06 - 002311680 _____ (Farbar) C:\Users\Hold\Downloads\FRST64.exe
2021-12-02 19:34 - 2021-12-02 19:34 - 008540344 _____ (Malwarebytes) C:\Users\Hold\Desktop\adwcleaner.exe
2021-12-02 17:27 - 2021-12-02 17:27 - 000003428 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Service_SCM_Watchdog
2021-12-02 07:11 - 2021-12-02 09:40 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-12-01 16:04 - 2021-12-01 16:04 - 000106593 _____ C:\Users\Hold\Downloads\00977833-Umsatzliste-20211201-1638371043528-AT751200010012802871.pdf
2021-11-23 17:33 - 2021-11-23 21:50 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-11-19 17:28 - 2021-11-20 11:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2021-11-16 17:20 - 2021-11-16 17:20 - 000000000 ____D C:\Users\Hold\AppData\LocalLow\Synamedia
2021-11-16 17:19 - 2021-12-01 23:10 - 000000000 ____D C:\Users\Hold\AppData\Roaming\Sky Q
2021-11-16 17:19 - 2021-11-16 17:20 - 000001027 _____ C:\Users\Hold\Desktop\Sky X.lnk
2021-11-16 17:19 - 2021-11-16 17:20 - 000000000 ____D C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky
2021-11-16 17:19 - 2021-11-16 17:19 - 000000000 ____D C:\Users\Hold\AppData\Roaming\Sky
2021-11-16 17:18 - 2021-11-16 17:18 - 056046615 _____ C:\Users\Hold\Downloads\SkyXInstallerWindows.zip
2021-11-16 17:18 - 2021-11-16 17:18 - 000000000 ____D C:\Users\Hold\Downloads\SkyXInstallerWindows
2021-11-11 15:37 - 2021-11-11 15:37 - 000127856 _____ C:\Users\Hold\Downloads\COVID-19-Impfzertifikat-Hold-20211028 (1).pdf
2021-11-11 15:30 - 2021-11-11 15:30 - 000127548 _____ C:\Users\Hold\Downloads\COVID-19-Impfzertifikat-Hold-20211111 (1).pdf
2021-11-11 15:24 - 2021-11-11 15:24 - 000127548 _____ C:\Users\Hold\Downloads\COVID-19-Impfzertifikat-Hold-20211111.pdf
2021-11-10 16:29 - 2021-11-10 16:29 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-10 16:29 - 2021-11-10 16:29 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-10 16:29 - 2021-11-10 16:29 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-10 16:28 - 2021-11-10 16:28 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-10 16:19 - 2021-11-10 16:19 - 000000000 ___HD C:\$WinREAgent
2021-11-08 18:40 - 2021-11-08 18:40 - 000002223 _____ C:\Users\Public\Desktop\Canon Easy-PhotoPrint Editor.lnk
2021-11-08 18:38 - 2021-11-08 18:38 - 112544672 _____ C:\Users\Hold\Downloads\epd_-win-1_6_1-ea20_4.exe

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2021-12-03 07:06 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-12-03 06:53 - 2014-02-20 12:49 - 000000000 ____D C:\ProgramData\Mozilla
2021-12-03 06:52 - 2016-11-28 17:57 - 000000000 ____D C:\Users\Hold\AppData\LocalLow\Mozilla
2021-12-03 06:48 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-12-03 06:40 - 2020-10-18 16:59 - 000004152 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{AD2B4477-891E-4F60-8EE5-9F132CEC2808}
2021-12-03 06:40 - 2020-10-18 16:43 - 001917508 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-12-03 06:40 - 2019-12-07 15:50 - 000820860 _____ C:\WINDOWS\system32\perfh007.dat
2021-12-03 06:40 - 2019-12-07 15:50 - 000177392 _____ C:\WINDOWS\system32\perfc007.dat
2021-12-03 06:35 - 2020-03-16 14:22 - 000000000 ____D C:\Program Files (x86)\Google
2021-12-03 06:33 - 2021-09-20 16:11 - 000003108 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2021-12-03 06:33 - 2021-03-11 07:34 - 000003094 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2021-12-03 06:33 - 2020-10-18 16:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-12-03 06:33 - 2016-05-14 18:17 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2021-12-03 06:33 - 2014-02-23 13:39 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-12-03 06:32 - 2020-10-18 16:26 - 000008192 ___SH C:\DumpStack.log.tmp
2021-12-02 23:23 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-12-02 19:32 - 2020-10-18 16:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-12-02 18:01 - 2018-05-09 22:09 - 000000000 ____D C:\Users\Hold\AppData\Local\D3DSCache
2021-12-02 17:28 - 2020-08-14 12:00 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-12-02 17:28 - 2020-08-14 12:00 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-12-02 17:28 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-12-02 17:28 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-12-02 17:27 - 2021-04-17 11:09 - 000001078 _____ C:\Users\Public\Desktop\Avira.lnk
2021-12-02 17:27 - 2020-12-03 07:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2021-12-02 17:27 - 2020-10-18 16:59 - 000003632 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update
2021-12-02 17:27 - 2014-02-21 12:23 - 000000000 ____D C:\ProgramData\Avira
2021-12-02 15:04 - 2019-04-10 17:27 - 000000000 ____D C:\Users\Hold\AppData\Roaming\PersBackup6
2021-12-02 12:29 - 2020-12-26 20:35 - 000000000 ____D C:\WINDOWS\system32\AMD
2021-12-02 09:40 - 2020-10-29 23:24 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-12-02 09:40 - 2019-06-29 15:17 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-12-02 09:40 - 2019-06-29 15:17 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-12-02 09:39 - 2018-03-30 09:53 - 000000000 ____D C:\Program Files\Malwarebytes
2021-12-02 09:39 - 2015-11-10 20:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-12-02 08:26 - 2014-02-20 23:49 - 000000000 ____D C:\Users\Hold\Documents\PersBackup
2021-11-30 14:58 - 2020-11-05 09:41 - 001930322 _____ C:\Users\Hold\Desktop\Zeitschriften1.xlsx
2021-11-30 10:12 - 2014-02-20 18:16 - 000000000 ____D C:\Users\Hold\Desktop\Dokumente
2021-11-25 13:25 - 2020-10-18 16:59 - 000004172 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1586608251
2021-11-25 13:25 - 2020-04-11 13:30 - 000001386 _____ C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2021-11-23 21:50 - 2021-10-22 15:11 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2021-11-23 21:50 - 2014-02-20 12:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-23 18:08 - 2021-10-05 17:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-11-23 18:08 - 2014-02-20 12:49 - 000001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-23 17:32 - 2021-10-22 15:11 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2021-11-23 17:32 - 2021-10-22 15:11 - 000002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-22 16:52 - 2017-12-13 16:41 - 000000000 ____D C:\Users\Hold\AppData\Local\Packages
2021-11-22 16:33 - 2018-07-02 20:35 - 000000000 ____D C:\ProgramData\Packages
2021-11-19 17:29 - 2020-03-16 14:23 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-11-19 17:29 - 2020-03-16 14:23 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-11-17 16:09 - 2020-10-18 18:03 - 000003606 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d6a5658a907ddc
2021-11-17 16:09 - 2020-10-18 16:59 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-10 16:35 - 2020-10-18 16:26 - 000494000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-10 16:34 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-10 16:34 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-10 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-10 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-10 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-10 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-10 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-10 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-10 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-10 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-10 16:34 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-10 16:31 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-10 16:14 - 2020-04-22 19:56 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2021-11-10 16:13 - 2014-02-20 14:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-10 16:09 - 2014-02-20 14:48 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-08 18:40 - 2021-07-09 09:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2021-11-08 18:39 - 2014-02-20 14:31 - 000000000 ____D C:\Program Files (x86)\Canon

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2015-11-08 16:47 - 2015-11-08 16:47 - 000003904 _____ () C:\Users\Hold\AppData\Local\recently-used.xbel
2016-05-14 21:18 - 2016-05-14 21:18 - 000000017 _____ () C:\Users\Hold\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================
         
--- --- ---
FRST Additions Logfile:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 01-12-2021
durchgeführt von Hold (03-12-2021 07:10:09)
Gestartet von C:\Users\Hold\Downloads
Microsoft Windows 10 Home Version 20H2 19042.1348 (X64) (2020-10-18 16:00:58)
Start-Modus: Normal
==========================================================


==================== Konten: =============================


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-856262021-2868319075-1551791506-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-856262021-2868319075-1551791506-503 - Limited - Disabled)
Gast (S-1-5-21-856262021-2868319075-1551791506-501 - Limited - Disabled)
Hold (S-1-5-21-856262021-2868319075-1551791506-1000 - Administrator - Enabled) => C:\Users\Hold
WDAGUtilityAccount (S-1-5-21-856262021-2868319075-1551791506-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {8A154ED8-4428-DB2D-0E3F-BD82C448FD94}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {4C1D9672-63FE-5C90-371E-8FDA591C5B75}
AS: Avira Antivirus (Enabled - Up to date) {33CF8AA2-FA06-4AD4-98AB-332D53DD7FFB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
7-Zip 19.00 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1900-000001000000}) (Version: 19.00.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 21.007.20099 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.8 - Adobe Systems Incorporated)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.05.04.352 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.10.20 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{810a2b63-212d-4a59-bfb5-f2d575cd44f0}) (Version: 2.05.04.352 - Advanced Micro Devices, Inc.) Hidden
ANT Drivers Installer x64 (HKLM\...\{C908C165-F564-4420-AFBC-BC9BB5093D89}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version:  - ASRock Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2111.2126 - Avira Operations GmbH & Co. KG) Hidden
Avira Privacy Pal (HKLM-x32\...\{F2BC8305-DFBE-4C02-A906-9BBD8EE299A3}_is1) (Version: 2.4.0.1962 - Avira Operations GmbH & Co. KG)
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.59.25531 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version:  - Avira Operations GmbH & Co. KG;)
Avira Software Updater (HKLM-x32\...\{D72D7C97-7AEC-43E0-A8CF-B23F27422FE0}) (Version: 2.0.6.22870 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.5.0.10950 - Avira Operations GmbH & Co. KG) Hidden
BIPA FotoShop (HKLM-x32\...\BIPA FotoShop) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint Editor (HKLM-x32\...\Canon Easy-PhotoPrint Editor) (Version: 1.6.1 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.30.1.52 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.5.5.3 - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version:  - )
Canon MG6800 series On-screen Manual (HKLM-x32\...\Canon MG6800 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon TS5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS5300_series) (Version: 1.04 - Canon Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.10.03104 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{A4076314-DE10-4FEB-A977-A3AF859B4073}) (Version: 4.10.03104 - Cisco Systems, Inc.) Hidden
Citrix Online Plug-in - Web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
Client (HKLM-x32\...\{BAB4AAD2-93A4-11D4-A165-00508B67A692}) (Version: 5.50.000 - BMD Systemhaus GesmbH)
CoolUtils Mail Viewer (HKLM-x32\...\CoolUtils Mail Viewer_is1) (Version: 2.5 - Softplicity, Inc.)
CrystalDiskInfo 8.9.0a (HKLM\...\CrystalDiskInfo_is1) (Version: 8.9.0a - Crystal Dew World)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
Druckerregistrierung (HKLM-x32\...\Canon EISRegistration) (Version: 1.7.5 - Canon Inc.)
Elevated Installer (HKLM-x32\...\{AA541EFB-3F91-4A7E-A915-CCDD91C2AE11}) (Version: 7.8.1.0 - Garmin Ltd or its subsidiaries) Hidden
Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook)
Garmin Express (HKLM-x32\...\{4CE72891-E662-4E1D-997A-2DB13467F489}) (Version: 7.8.1.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{e0284aaa-26dc-4fb0-b0b6-06e658bdc602}) (Version: 7.8.1.0 - Garmin Ltd or its subsidiaries)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 96.0.4664.45 - Google LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Malwarebytes version 4.4.11.149 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.4.11.149 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 96.0.1054.41 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 96.0.1054.41 - Microsoft Corporation)
Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Teams) (Version: 1.4.00.4167 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{29B15818-E79F-4AB0-8938-9410C807AD76}) (Version: 2.84.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 94.0.2 (x64 de)) (Version: 94.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 78.0 - Mozilla)
Mozilla Thunderbird (x86 de) (HKLM-x32\...\Mozilla Thunderbird 91.3.2 (x86 de)) (Version: 91.3.2 - Mozilla)
MyHarmony (HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
OpenOffice 4.1.11 (HKLM-x32\...\{372A5898-9772-4413-9767-06E9F4580830}) (Version: 4.111.9808 - Apache Software Foundation)
Opera Stable 81.0.4196.60 (HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Opera 81.0.4196.60) (Version: 81.0.4196.60 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Paragon Backup & Recovery™ 17 CE (HKLM\...\{505143F0-48A3-4ABD-A1FE-F77425BFBF66}) (Version: 17.9.3.4927 - Paragon Software) Hidden
Paragon Backup & Recovery™ 17 CE (HKLM-x32\...\{37102375-99b6-4ec1-af7d-ec77bb61cd49}) (Version: 17.9.3.4927 - Paragon Software GmbH)
Paragon UIM (HKLM\...\{49AED3CA-E137-4E65-9555-D05C60281BAC}) (Version: 24.60.0.460 - Paragon Software) Hidden
PerformanceTest v10.0 (HKLM\...\PerformanceTest 10_is1) (Version: 10.0.1010.0 - Passmark Software)
Personal Backup 5.9.4.14 (32-bit) (HKLM-x32\...\Personal Backup 5_is1) (Version: 5.9.4.14 - Dr. J. Rathlev)
Personal Backup 6.0.3.0 (32-bit) (HKLM-x32\...\Personal Backup 6_is1) (Version: 6.0.3.0 - Dr. J. Rathlev)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8960.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.38.1118.2019 - Realtek)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0012-0000-1000-0000000FF1CE}_Office15.STANDARD_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Sky X 21.7.3.0 (HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\com.bskyb.skyxplayer_is1) (Version: 21.7.3.0 - Sky)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.7.64.0 - Safer-Networking Ltd.)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.24.5 - TeamViewer)
twengoo (HKLM-x32\...\{2ADA8DBD-2833-4235-A07E-0CD653A992FF}) (Version: 1.0.0.0 - Twengoo)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.STANDARD_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version:  - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{F814D094-197F-43C8-87FA-3210BB780486}) (Version: 2.53.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.7.1 - VideoLAN)
Windows-PC-Integritätsprüfung (HKLM\...\{63EFBDB5-01B0-4614-BE9F-7F1908E42275}) (Version: 3.1.2109.29003 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Winmail Opener 1.7 (HKLM-x32\...\Winmail Opener) (Version: 1.7 - Eolsoft)

Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m [2021-06-17] (Advanced Micro Devices Inc.) [Startup Task]
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.70.2.0_x86__kgqvnymyfvs32 [2021-12-02] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2150.1.0_x86__kgqvnymyfvs32 [2021-11-12] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.207.400.0_x86__kgqvnymyfvs32 [2021-11-26] (king.com)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa [2021-10-29] (Apple Inc.) [Startup Task]
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-24] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.10.10270.0_x64__8wekyb3d8bbwe [2021-10-31] (Microsoft Studios) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.12.219.0_x64__dt26b99r8h8gj [2020-12-26] (Realtek Semiconductor Corp)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-11] (Twitter Inc.)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2016-05-14] (Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-856262021-2868319075-1551791506-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6} -> [OneDrive - Personal] => {a52bba46-e9e1-435f-b3d9-28daa648c0f6}
CustomCLSID: HKU\S-1-5-21-856262021-2868319075-1551791506-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Hold\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-856262021-2868319075-1551791506-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-856262021-2868319075-1551791506-1000_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Hold\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19350.3\x64\Microsoft.Teams.AddinLoader.dll => Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell64.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell64.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell64.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell64.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell64.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell64.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell64.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell64.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell64.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell64.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell64.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell64.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell64.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell64.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell64.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-07-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell64.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\21.220.1024.0005\FileSyncShell64.dll [2021-11-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> Keine Datei
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-06-05] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [SDECon32] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [SDECon64] -> {44176360-2BBF-4EC1-93CE-384B8681A0BC} => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDECon64.dll [2018-03-23] (Safer-Networking Ltd. -> Safer-Networking Ltd.)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-07-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============

2016-10-15 21:30 - 2010-04-24 04:00 - 000336896 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNMLM9Z.DLL
2016-05-14 18:36 - 2012-03-14 05:00 - 000385024 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNMLMAT.DLL
2014-02-20 14:32 - 2011-02-01 09:23 - 000355840 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNMN6PPM.DLL
2021-10-14 18:14 - 2021-10-14 18:14 - 000913920 _____ (ServiceStack) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ServiceStack.Text\fb21ba318211e2a3a0f38edb00e12ae8\ServiceStack.Text.ni.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
SearchScopes: HKU\S-1-5-21-856262021-2868319075-1551791506-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-856262021-2868319075-1551791506-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-08-19] (Microsoft Corporation -> Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7940 mehr Seiten.

IE trusted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\secunia.com. -> hxxps://secunia.com.
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\123simsen.com -> www.123simsen.com

Da befinden sich 7945 mehr Seiten.


==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2018-04-12 00:38 - 2021-12-03 06:33 - 000003384 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\Control Panel\Desktop\\Wallpaper -> D:\Fotos\Brasilien16\IMG_2909.JPG
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Keine Datei)
 ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "GarminExpress"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [UDP Query User{4CE991B2-B38A-43BC-BAB1-9203556C713F}C:\users\hold\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\hold\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D84E05FD-2312-4DC4-8075-9A1916BD56AF}C:\users\hold\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\hold\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{F73053EF-6862-458C-BC42-D4B98A11B16D}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{BE532A11-CF89-4BBB-90B7-8DDD768F6477}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{FD9B3171-81C7-44F3-B314-5DCD5059D0C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{11F4409C-2B7C-45FA-8E05-B139C11B6B98}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{34E1B575-13A3-4AE6-A311-70E0FFA0746D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{497899E9-744A-4864-9C97-DE2B8CDE2DE7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{67213130-5D65-4419-B5DE-56A61D621311}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{9A510696-5EF3-4BDB-A2D0-B6538A8A3C36}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{A647EC86-C8D9-40AF-8EDC-B4B7F2D227B3}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{9FA8C1C0-2873-4DCB-BCCB-725634382F9F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{144B52A2-03C0-43C9-9000-94FCC46DF928}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8D6E07EA-8B15-470B-AD53-1D65193D9D87}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{61609687-0C7C-415C-B23B-0F923276F75B}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DA2E6B64-A564-4ED5-898C-84AA839A2051}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{7E7BAE3A-47E5-4EA7-B5A6-27A73A77CC4F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{36141544-BC02-40B4-A642-9DEDCB9F416E}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8A4BFD9A-1F48-4D98-B312-A8F2B81901A0}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12122.2.54019.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D711970B-5C3B-44FA-8EE2-B7902E8BE39D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{0B4E24D3-8CB8-4219-9918-9C2EC8A165FB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1FD1649E-350A-45AD-A440-58BE0E84B20F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{E4D9124A-6CCC-474D-BBD7-75E919010A3E}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.78.159.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{C8999AFB-D429-4E01-BBA5-668AC79F67BC}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{09EB353E-0861-4EB0-B105-A3AE46D6D720}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1852BB3B-2964-4F26-9A52-7480F8E5287C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5F848580-FA85-4729-B629-159F0B3554BD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{BF6D40F3-FB75-4658-AB1E-2782344408AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{7642F735-4294-4C45-B0F8-BBEF3B06E6FD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\96.0.1054.41\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Wiederherstellungspunkte =========================

10-11-2021 16:14:36 Windows Modules Installer
18-11-2021 18:39:17 Geplanter Prüfpunkt
27-11-2021 19:29:53 Geplanter Prüfpunkt

==================== Fehlerhafte Geräte im Gerätemanager ============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (12/03/2021 06:36:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 11.6.0.1030, Zeitstempel: 0x5042b0f0
Name des fehlerhaften Moduls: IAStorUtil.ni.dll, Version: 11.6.0.1030, Zeitstempel: 0x5042b0eb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000305e5
ID des fehlerhaften Prozesses: 0x1054
Startzeit der fehlerhaften Anwendung: 0x01d7e807a4ee8c4e
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\c4911bd0015bf76eabe750e62bfb741e\IAStorUtil.ni.dll
Berichtskennung: 245bb05a-ae21-41b8-aafa-da2f25a777ea
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/03/2021 06:35:59 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IAStorDataMgrSvc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
   bei IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   bei IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   bei IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/02/2021 10:22:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 11.6.0.1030, Zeitstempel: 0x5042b0f0
Name des fehlerhaften Moduls: IAStorUtil.ni.dll, Version: 11.6.0.1030, Zeitstempel: 0x5042b0eb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000305e5
ID des fehlerhaften Prozesses: 0x23dc
Startzeit der fehlerhaften Anwendung: 0x01d7e7c2bd6587b5
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\c4911bd0015bf76eabe750e62bfb741e\IAStorUtil.ni.dll
Berichtskennung: c5a24e2f-c5d3-4181-a6e5-ec3f5191e950
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/02/2021 10:22:45 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IAStorDataMgrSvc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
   bei IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   bei IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   bei IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/02/2021 07:38:16 PM) (Source: COM) (EventID: 10035) (User: )
Description: Der COM-Standardmarshaler war nicht in der Lage, einen Konflikt zwischen der vom Server bereitgestellten IID {618736E0-3C3D-11CF-810C-00AA00389B71} und der vom Client angeforderten IID {00020400-0000-0000-C000-000000000046} mit der Handler-CLSID {00EB5084-29B8-7620-6970-03768450EB00} zu beheben. Der Fehlercode war 0x800401fd.

Error: (12/02/2021 05:26:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 11.6.0.1030, Zeitstempel: 0x5042b0f0
Name des fehlerhaften Moduls: IAStorUtil.ni.dll, Version: 11.6.0.1030, Zeitstempel: 0x5042b0eb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000305e5
ID des fehlerhaften Prozesses: 0x2320
Startzeit der fehlerhaften Anwendung: 0x01d7e7996b893bee
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\c4911bd0015bf76eabe750e62bfb741e\IAStorUtil.ni.dll
Berichtskennung: 73b7fbd3-2a1e-41f0-bb09-63564efe88ae
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (12/02/2021 05:26:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IAStorDataMgrSvc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
   bei IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
   bei IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
   bei IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
   bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   bei System.Threading.ThreadPoolWorkQueue.Dispatch()
   bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()

Error: (12/02/2021 11:30:59 AM) (Source: COM) (EventID: 10035) (User: )
Description: Der COM-Standardmarshaler war nicht in der Lage, einen Konflikt zwischen der vom Server bereitgestellten IID {618736E0-3C3D-11CF-810C-00AA00389B71} und der vom Client angeforderten IID {00020400-0000-0000-C000-000000000046} mit der Handler-CLSID {00EB5084-29B8-7662-6970-45768450EB00} zu beheben. Der Fehlercode war 0x800401fd.


Systemfehler:
=============
Error: (12/03/2021 06:36:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/03/2021 06:33:04 AM) (Source: SNMP) (EventID: 1500) (User: )
Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten.

Error: (12/02/2021 10:22:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/02/2021 10:19:50 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten.

Error: (12/02/2021 05:28:05 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80246007 fehlgeschlagen: Canon - Printer - 8/24/2018 12:00:00 AM - 2.90.2.20

Error: (12/02/2021 05:27:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/02/2021 05:23:53 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten.

Error: (12/02/2021 10:57:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


CodeIntegrity:
===============
Date: 2021-12-03 06:33:05
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragent.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-12-02 14:54:46
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen =========================== 

BIOS: American Megatrends Inc. M.70 06/17/2020
Hauptplatine: Micro-Star International Co., Ltd B450-A PRO MAX (MS-7B86)
Prozessor: AMD Ryzen 5 3400G with Radeon Vega Graphics 
Prozentuale Nutzung des RAM: 37%
Installierter physikalischer RAM: 14282.68 MB
Verfügbarer physikalischer RAM: 8885.86 MB
Summe virtueller Speicher: 28618.68 MB
Verfügbarer virtueller Speicher: 22318.96 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:359.24 GB) (Free:133.11 GB) NTFS
Drive d: (Volume) (Fixed) (Total:87.79 GB) (Free:47.77 GB) NTFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive g: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:473.96 GB) NTFS


==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 624A1F8B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=87.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=359.2 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: CED0B5E5)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt =======================
         
--- --- ---

Alt 03.12.2021, 07:39   #2
Klopfer60
 
Avira Fund HEUR/AGEN.1124272 - Standard

und dwer dritte



Code:
ATTFilter
Untersuchungsergebnis der Verknüpfungen des Benutzers (x64) Version: 01-12-2021
durchgeführt von Hold (03-12-2021 07:11:39)
Gestartet von C:\Users\Hold\Downloads
Start-Modus: Normal

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk -> C:\Program Files\CDBurnerXP\cdbxpp.exe (Canneverbe Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk -> C:\Program Files\GIMP 2\bin\gimp-2.8.exe (Spencer Kimball, Peter Mattis and the GIMP Development Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Program Files\Microsoft OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky\Unchecky.lnk -> C:\Program Files (x86)\Unchecky\unchecky.exe (Reason Software Company Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unchecky\Uninstall.lnk -> C:\Program Files (x86)\Unchecky\uninstall.exe (Reason Software Company Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Create System Report.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\File Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Immunization.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Rootkit Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Tray Icon (Live Protection).lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup 6\Dateien wiederherstellen.lnk -> C:\Program Files (x86)\Personal Backup 6\PbRestore.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup 6\Datensicherung unter anderem Konto.lnk -> C:\Program Files (x86)\Personal Backup 6\PbStarter.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup 6\Echtzeitüberwachung für Backups.lnk -> C:\Program Files (x86)\Personal Backup 6\PbMon.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup 6\Personal Backup 6.lnk -> C:\Program Files (x86)\Personal Backup 6\Persbackup.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup 6\Personal Backup entfernen.lnk -> C:\Program Files (x86)\Personal Backup 6\PbUninstall.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup 6\Thunderbird-Datensicherung.lnk -> C:\Program Files (x86)\Personal Backup 6\TbBackup.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup 6\Wechselpläne einrichten.lnk -> C:\Program Files (x86)\Personal Backup 6\PbPlaner.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup\Dateien wiederherstellen.lnk -> C:\Program Files (x86)\Personal Backup 5\PbRestore.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup\Dateien zurückspeichern.lnk -> C:\Program Files (x86)\Personal Backup 5\PbRestore.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup\Datensicherung unter anderem Konto.lnk -> C:\Program Files (x86)\Personal Backup 5\PbStarter.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup\Personal Backup 5.lnk -> C:\Program Files (x86)\Personal Backup 5\Persbackup.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup\Personal Backup entfernen.lnk -> C:\Program Files (x86)\Personal Backup 5\PbUninstall.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup\Thunderbird-Datensicherung.lnk -> C:\Program Files (x86)\Personal Backup 5\TbBackup.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup\Wechselpläne einrichten.lnk -> C:\Program Files (x86)\Personal Backup 5\PbPlaner.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest\PerformanceTest Documentation.lnk -> C:\Program Files\PerformanceTest\HTML\index.html (Keine Datei)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest\PerformanceTest.lnk -> C:\Program Files\PerformanceTest\PerformanceTest64.exe (PassMark Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PerformanceTest\Uninstall PerformanceTest.lnk -> C:\Program Files\PerformanceTest\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.11\OpenOffice Base.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sbase.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.11\OpenOffice Calc.lnk -> C:\Program Files (x86)\OpenOffice 4\program\scalc.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.11\OpenOffice Draw.lnk -> C:\Program Files (x86)\OpenOffice 4\program\sdraw.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.11\OpenOffice Impress.lnk -> C:\Program Files (x86)\OpenOffice 4\program\simpress.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.11\OpenOffice Math.lnk -> C:\Program Files (x86)\OpenOffice 4\program\smath.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.11\OpenOffice Writer.lnk -> C:\Program Files (x86)\OpenOffice 4\program\swriter.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.11\OpenOffice.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus- und Tastatur-Center\Microsoft-Maus- und Tastatur-Center.lnk -> c:\Windows\Installer\{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}\DeviceCenter.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\An OneNote 2013 senden.lnk -> C:\Windows\Installer\{90150000-0012-0000-1000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk -> C:\Windows\Installer\{90150000-0012-0000-1000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk -> C:\Windows\Installer\{90150000-0012-0000-1000-0000000FF1CE}\grv_icons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk -> C:\Windows\Installer\{90150000-0012-0000-1000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk -> C:\Windows\Installer\{90150000-0012-0000-1000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk -> C:\Windows\Installer\{90150000-0012-0000-1000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk -> C:\Windows\Installer\{90150000-0012-0000-1000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk -> C:\Windows\Installer\{90150000-0012-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013-Tools\Office 2013 Upload Center.lnk -> C:\Windows\Installer\{90150000-0012-0000-1000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013-Tools\Office 2013-Spracheinstellungen.lnk -> C:\Windows\Installer\{90150000-0012-0000-1000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013-Tools\Telemetriedashboard für Office 2013.lnk -> C:\Windows\Installer\{90150000-0012-0000-1000-0000000FF1CE}\osmadminicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013-Tools\Telemetrieprotokoll für Office 2013.lnk -> C:\Windows\Installer\{90150000-0012-0000-1000-0000000FF1CE}\osmclienticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Management Engine Components\Intel(R) Management and Security Status.lnk -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\Garmin Express.lnk -> C:\Program Files (x86)\Garmin\Express\express.exe (Garmin Ltd. or its subsidiaries)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF\Try Free CutePDF Editor.lnk -> C:\Program Files (x86)\Acro Software\CutePDF Writer\CuteEdit.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF\PDF Writer\Readme.lnk -> C:\Program Files (x86)\Acro Software\CutePDF Writer\CuteEdit.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoolUtils\CoolUtils Mail Viewer\Mail Viewer.lnk -> C:\Program Files\CoolUtils\CoolUtils Mail Viewer\MailViewer.exe (Softplicity)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco\Cisco AnyConnect Secure Mobility Client\Cisco AnyConnect Secure Mobility Client.lnk -> C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Scan Utility\IJ Scan Utility.lnk -> C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Printer Assistant Tool\IJ Printer Assistant Tool.lnk -> C:\Program Files\Canon\Canon IJ Printer Assistant Tool\cnmpaui.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\Easy-PhotoPrint Editor\Easy-PhotoPrint Editor.lnk -> C:\Program Files (x86)\Canon\Easy-PhotoPrint Editor\cneppeditor.exe (Canon Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series Manual\Deinstallieren.lnk -> C:\Program Files (x86)\Canon\IJ Manual\CANON MG5300 SERIES\uninstall.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BIPA FotoShop\BIPA FotoShop deinstallieren.lnk -> C:\Program Files\BIPA\BIPA FotoShop\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BIPA FotoShop\BIPA FotoShop.lnk -> C:\Program Files\BIPA\BIPA FotoShop\BIPA FotoShop.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BIPA FotoShop\CEWE FOTOSCHAU.lnk -> C:\Program Files\BIPA\BIPA FotoShop\CEWE FOTOSCHAU.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup & Recovery 17 CE\Logs Collector Tool.lnk -> C:\Program Files\Paragon Software\Backup & Recovery 17 CE\program\logsaver.exe (Paragon Software GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup & Recovery 17 CE\Paragon Backup & Recovery™ 17 CE.lnk -> C:\Program Files\Paragon Software\Backup & Recovery 17 CE\program\hdm17.exe (Paragon Software GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Privacy Pal.lnk -> C:\Program Files (x86)\Avira\Privacy Pal\Avira.PrivacyPal.UI.Application.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk -> C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility\AsrAppCharger\App Charger Feature Description.lnk -> C:\Program Files\ASRock Utility\AsrAppCharger\ASRock APP Charger.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility\AsrAppCharger\App Charger Website.lnk -> C:\Program Files\ASRock Utility\AsrAppCharger\ASRock  App Charger.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility\AsrAppCharger\Uninstall ASRock App Charger.lnk -> C:\Program Files\ASRock Utility\AsrAppCharger\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\RecoveryDrive.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Registry Editor.lnk -> C:\Windows\regedit.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\OneDrive - Verknüpfung (2).lnk -> C:\Users\Hold\OneDrive ()
Shortcut: C:\Users\Hold\OneDrive - Verknüpfung.lnk -> C:\Users\Hold\OneDrive ()
Shortcut: C:\Users\Hold\Links\Desktop.lnk -> C:\Users\Hold\Desktop ()
Shortcut: C:\Users\Hold\Links\Downloads.lnk -> C:\Users\Hold\Downloads ()
Shortcut: C:\Users\Hold\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Hold\Desktop\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\Users\Hold\Desktop\Avcenter.lnk -> C:\Program Files (x86)\Avira\Antivirus\avcenter.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\Users\Hold\Desktop\Computer.lnk -> [LFPO :i+00n1SPS0%G`%Computer-Systemordner1SPSjc(=Oe)::{20D04FE0-3AEA-1069-A2D8-08002B30309D}]
Shortcut: C:\Users\Hold\Desktop\CrystalDiskInfo.lnk -> C:\Program Files\CrystalDiskInfo\DiskInfo64.exe (Crystal Dew World)
Shortcut: C:\Users\Hold\Desktop\Excel 2013.lnk -> C:\Windows\Installer\{90150000-0012-0000-1000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\Users\Hold\Desktop\Fotos.lnk -> D:\Fotos ()
Shortcut: C:\Users\Hold\Desktop\IJ Printer Assistant Tool.lnk -> C:\Program Files\Canon\Canon IJ Printer Assistant Tool\cnmpaui.exe (CANON INC.)
Shortcut: C:\Users\Hold\Desktop\IJ Scan Utility.lnk -> C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe (CANON INC.)
Shortcut: C:\Users\Hold\Desktop\Mail Viewer.lnk -> C:\Program Files\CoolUtils\CoolUtils Mail Viewer\MailViewer.exe (Softplicity)
Shortcut: C:\Users\Hold\Desktop\OneDrive.lnk -> C:\Users\Hold\OneDrive ()
Shortcut: C:\Users\Hold\Desktop\Opera-Browser.lnk -> C:\Users\Hold\AppData\Local\Programs\Opera\launcher.exe (Opera Software)
Shortcut: C:\Users\Hold\Desktop\PC Health Check.lnk -> C:\Users\Hold\AppData\Local\PCHealthCheck\PCHealthCheck.exe ()
Shortcut: C:\Users\Hold\Desktop\PerformanceTest.lnk -> C:\Program Files\PerformanceTest\PerformanceTest64.exe (PassMark Software)
Shortcut: C:\Users\Hold\Desktop\Sky X.lnk -> C:\Users\Hold\AppData\Roaming\Sky\Sky X\Sky X.exe (Sky Deutschland AG)
Shortcut: C:\Users\Hold\Desktop\Winmail Opener.lnk -> C:\Program Files (x86)\Winmail Opener\wmopener.exe (Eolsoft)
Shortcut: C:\Users\Hold\Desktop\Word 2013.lnk -> C:\Windows\Installer\{90150000-0012-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\Hold\Desktop\Music\Sample Music.lnk -> C:\Users\Public\Music\Sample Music ()
Shortcut: C:\Users\Hold\Desktop\Dokumente\Trafik\Kassabericht.lnk -> C:\Users\Hold\Desktop\Dokumente\Kassabericht.odt ()
Shortcut: C:\Users\Hold\Desktop\Dokumente\Trafik\WienEnergieVertrag.lnk -> C:\Users\Hold\Desktop\Pictures\MP Navigator EX\2014_10_03\IMG.pdf (Keine Datei)
Shortcut: C:\Users\Hold\Desktop\Dokumente\Hannes\Bipa FotoSchau.lnk -> C:\Program Files\BIPA\BIPA FotoShop\CEWE FOTOSCHAU.exe ()
Shortcut: C:\Users\Hold\Desktop\Dokumente\Hannes\BIPA FotoShop.lnk -> C:\Program Files\BIPA\BIPA FotoShop\BIPA FotoShop.exe ()
Shortcut: C:\Users\Hold\Desktop\Dokumente\Hannes\Canon MG5300 series Online-Handbuch.lnk -> C:\Program Files\Canon\IJ Manual\Easy Guide Viewer\cmview.exe (Keine Datei)
Shortcut: C:\Users\Hold\Desktop\Dokumente\Hannes\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\Desktop\Dokumente\Hannes\Lesezeichen+Mail\Windows Mail.lnk -> [Name;E-Mail-Adresse;Straße (privat);Ort (privat);Postleitzahl (privat);Bundesland (privat);Land/Region (privat);Telefon (privat);Straße (geschäftlich);Ort (geschäftlich);Postleitzahl (geschäftlich);Bundesland (geschäftlich);Land/Region (geschäftlich);Telefon (geschäftlich);Firma;PositionAlfons, Gerti;g.alfons@woehner.at;;;;;;;;;;;;;;Alfred HEINRICH;alfred.heinrich@chello.at;;;;;;;;;;;;;;Atlas, Angelika;angelika.atlas@inode.at;;;;;;;;;;;;;;Atlas;atlas@inode.at;;;;;;;;;;;;;;Bauer, Heidelies;heidelies@gmx.at;;;;;;;;;;;;;;Bauer, Sigrid;sigrid.bauer1@gmx.at;;;;;;;;;;;;;;Bauer, Sigrid;s.bauer@gundacker.info;;;;;;;;;;;;;;Binder Cornelia;bin.cornelia@gmx.at;;;;;;;;;;;;;;Binder, Heinz + Annemarie;binder.heinz@aon.at;;;;;;;;;;;;;;Binder, Heinz u. Annemarie;binder.annemarie@aon.at;;;;;;;;;;;;;;Fehringer, Guenter;guenter.fehringer@erstebank.at;;;;;;;;;;;;;;Fellmann-Pozdena, Renee;fellmann-pozdena@gmx.at;;;;;;;;;;;;;;Fiala, Magda;office@mfbernstein.at;;;;;;;;;;;;;;Formanek, Karl;k.formanek@forvideo.at;;;;;;;;;;;;;;Frankl, Ingrid;franklingrid@gmx.at;;;;;;;;;;;;;;Frauenberger, Gisela Wienstrom;Gisela.Rauch@wienstrom.at;;;;;;;;;;;;;;Gamperl, Markus;markus.gamperl@porsche.co.at;;;;;;;;;;;;;;Geschäft;ga.hold@aon.at;;;;;;;;;;;;;;Grosskopf, Kurt;kurt.grosskopf@aon.at;;;;;;;;;;;;;;Gruber, Mag. Sigrid;s.gruber@gundacker.info;;;;;;;;;;;;;;Gundacker, Stefanie;st.gundacker@gundacker.info;;;;;;;;;;;;;;Götz, Heinrich;heinrich.goetz@unicreditgroup.at;;;;;;;;;;;;;;Harrer, S.;s.harrer@gundacker.info;;;;;;;;;;;;;;Heinrich, Alfred;3xa.h@chello.at;;;;;;;;;;;;;;Heyny, Margot;margot.heyny1@chello.at;;;;;;;;;;;;;;Hold, Felizitas;felizitas.hold@web.de;;;;;;;;;;;;;;Hold, Gabriela;gabriela.hold@aon.at;;;;;;;;;;;;;;Hold, Gabriela;gabriela.hold@drei.at;;;;;;;;;;;;;;Hold, Hannes;johannes.hold@onb.ac.at;;;;;;;;;;;;;;Hold, Hermann;hermann.hold@univie.ac.at;;;;;;;;;;;;;;Hold, Johannes;johannes.hold@aon.at;;;;;;;;;;;;;;Hold, Matthias;mhold@gmx.at;;;;;;;;;;;;;;Hold;;;;;;;;;;;;;;;Holl, Peter;PeterHollNbg@aol.com;;;;;;;;;;;;;;Holubarz, Eduard;eduard.holubarz@chello.at;;;;;;;;;;;;;;Huginsweda, Rudolf Brozek;Rudolf.Brozek@huginsweda.at;;;;;;;;;;;;;;Jamelka, Karin;k.jamelka@ka1.at;;;;;;;;;;;;;;kevinkrumnow@freenet.de;kevinkrumnow@freenet.de;;;;;;;;;;;;;;Koller, Brigitte;brigitte.koller@gmx.at;;;;;;;;;;;;;;Laimer, Axel;a.laimer@gmx.net;;;;;;;;;;;;;;Laimer, Sonya;sossippi@hotmail.com;;;;;;;;;;;;;;Mayer, Sonja;s.mayer@gundacker.info;;;;;;;;;;;;;;Menschik, Christina;ch.menschik@gmx.at;;;;;;;;;;;;;;Menschik, Winfried;w.menschik@aon.at;;;;;;;;;;;;;;Netsch, Sonja;s.netsch@gmx.at;;;;;;;;;;;;;;Pozdena, Horst;hpozdena@gmx.at;;;;;;;;;;;;;;Prager, Renate;renate.prager@tmo.at;;;;;;;;;;;;;;Reichel, Julia;JuliaReichel@gmx.at;;;;;;;;;;;;;;Ruzek, Brigitta;brigitta.ruzek@fsw.at;;;;;;;;;;;;;;Ruzek, Peter;p.ruzek@aon.at;;;;;;;;;;;;;;Schiefer, Andi;Andreas.Schiefer@statistik.gv.at;;;;;;;;;;;;;;Schragner, Christian;chrisschragner@yahoo.com;;;;;;;;;;;;;;Schubert, Karin;karin.schubert@hotmail.com;;;;;;;;;;;;;;Schubert, Karin;karin.schubert@realkanzlei-mayerl.at;;;;;;;;;;;;;;Schubert, Karin;office@realkanzlei-mayerl.at;;;;;;;;;;;;;;Skoumal, Hansi;skoumal@a1.net;;;;;;;;;;;;;;Skoumal, Patricia;Patricia.SKOUMAL@RLB-NOE.raiffeisen.at;;;;;;;;;;;;;;Skoumal, Patrizia;p.skoumal@aon.at;;;;;;;;;;;;;;Stadlmann, Günther;guenther.stadlmann@bkkvb.sozvers.at;;;;;;;;;;;;;;Steindl, Monika Büro;Monika.Steindl@erstebank.at;;;;;;;;;;;;;;Steiner, Gitti Hans;gittisteiner@a1.net;;;;;;;;;;;;;;Steiner, Gitti;b_steiner@sobolak.com;;;;;;;;;;;;;;Stephanie Bürgler;steffi@slam-zine.com;;;;;;;;;;;;;;Taferner, Christina;christina.taferner@gmx.at;;;;;;;;;;;;;;Taferner, Lorenz;lorenz.taferner@aon.at;;;;;;;;;;;;;;Taschner, Gerhard;getasch@aon.at;;;;;;;;;;;;;;Thomas Sulzbacher;thomas@slam-zine.com;;;;;;;;;;;;;;TiS;tispokes@chello.at;;;;;;;;;;;;;;Toriser, Gert;gert@toriser.net;;;;;;;;;;;;;;Zangl, Roman;roman.zangl@generali.at;;;;;;;;;;;;;;Zimmermann, Linda;zimmu@gmx.at;;;;;;;;;;;;;;Zimmermann, Ulrike;zimmermannux@state.gov;;;;;;;;;;;;;;Zimmermann, Walter;Walter.Zimmermann@navteq.com;;;;;;;;;;;;;;]
Shortcut: C:\Users\Hold\Desktop\Dokumente\Gaby\Blutbefunde\Befund_Hold, Gabriela_4300150156_203309979_05032020_1707 - Verknüpfung.lnk -> C:\Users\Hold\Downloads\Befund_Hold, Gabriela_4300150156_203309979_05032020_1707.pdf (Keine Datei)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk -> C:\Users\Hold\AppData\Local\Programs\Opera\launcher.exe (Opera Software)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk -> C:\Users\Hold\AppData\Local\PCHealthCheck\PCHealthCheck.exe ()
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winmail Opener\Winmail Opener website.lnk -> C:\Program Files (x86)\Winmail Opener\Winmail Opener.url ()
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winmail Opener\Winmail Opener.lnk -> C:\Program Files (x86)\Winmail Opener\wmopener.exe (Eolsoft)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Avira.lnk -> C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Keine Datei)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk -> C:\Users\Hold\AppData\Local\Facebook\Games\FacebookGameroom.exe (Keine Datei)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky\Sky X.lnk -> C:\Users\Hold\AppData\Roaming\Sky\Sky X\Sky X.exe (Sky Deutschland AG)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2013.lnk -> C:\Windows\Installer\{90150000-0012-0000-1000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird (2).lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera-Browser.lnk -> C:\Users\Hold\AppData\Local\Programs\Opera\launcher.exe (Opera Software)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sky X.lnk -> C:\Users\Hold\AppData\Roaming\Sky\Sky X\Sky X.exe (Sky Deutschland AG)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk -> C:\Windows\Installer\{90150000-0012-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Local\PCHealthCheck\PC Health Check.lnk -> C:\Users\Hold\AppData\Local\PCHealthCheck\PCHealthCheck.exe ()
Shortcut: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Adobe Digital Editions.lnk -> C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Avira.lnk -> C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\Users\Public\Desktop\Canon Easy-PhotoPrint Editor.lnk -> C:\Program Files (x86)\Canon\Easy-PhotoPrint Editor\cneppeditor.exe (Canon Inc.)
Shortcut: C:\Users\Public\Desktop\CDBurnerXP.lnk -> C:\Program Files\CDBurnerXP\cdbxpp.exe (Canneverbe Limited)
Shortcut: C:\Users\Public\Desktop\Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Garmin Express.lnk -> C:\Program Files (x86)\Garmin\Express\express.exe (Garmin Ltd. or its subsidiaries)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\OpenOffice.lnk -> C:\Program Files (x86)\OpenOffice 4\program\soffice.exe (Apache Software Foundation)
Shortcut: C:\Users\Public\Desktop\Paragon Backup & Recovery™ 17 CE.lnk -> C:\Program Files\Paragon Software\Backup & Recovery 17 CE\program\hdm17.exe (Paragon Software GmbH)
Shortcut: C:\Users\Public\Desktop\Personal Backup 6.lnk -> C:\Program Files (x86)\Personal Backup 6\Persbackup.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Shortcut: C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\Users\Public\Desktop\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH)
Shortcut: C:\Users\Public\Desktop\Thunderbird Backup mail.lnk -> C:\Program Files (x86)\Personal Backup 6\TbBackup.exe (Dr. J. Rathlev, D-24222 Schwentinental)
Shortcut: C:\Users\Public\Desktop\Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\Unchecky.lnk -> C:\Program Files (x86)\Unchecky\unchecky.exe (Reason Software Company Inc.)
Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup 6\Dateien aus Zip-Archiv wiederherstellen.lnk -> C:\Program Files (x86)\Personal Backup 6\PbRestore.exe (Dr. J. Rathlev, D-24222 Schwentinental) -> /zip
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup\Dateien aus Zip-Archiven wiederherstellen.lnk -> C:\Program Files (x86)\Personal Backup 5\PbRestore.exe (Dr. J. Rathlev, D-24222 Schwentinental) -> /zip
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Update Manager\Intel(R) Update Manager.lnk -> C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe (Intel Corporation) -> --showui
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6800 series Manual\Canon MG6800 series On-Screen-Handbuch.lnk -> C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe (CANON INC.) -> "C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON MG6800 SERIES\German\Info.egv"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series Manual\Canon MG5300 series Online-Handbuch.lnk -> C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe (CANON INC.) -> "C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON MG5300 SERIES\German\Info.egv"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology\ASM106x SATA Driver\Uninstall.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {61942EF5-2CD8-47D4-869C-2E9A8BB085F1} 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\DefaultAppPool\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Hold\Desktop\Microsoft Teams.lnk -> C:\Users\Hold\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\Hold\Desktop\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\Users\Hold\Desktop\Dokumente\Hannes\Canon MG6800 series On-Screen-Handbuch.lnk -> C:\Program Files (x86)\Canon\IJ Manual\Easy Guide Viewer\cmview.exe (CANON INC.) -> "C:\PROGRAM FILES (X86)\Canon\IJ Manual\CANON MG6800 SERIES\German\Info.egv"
ShortcutWithArgument: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk -> C:\Users\Hold\AppData\Local\Microsoft\Teams\Update.exe (Microsoft Corporation) -> --processStart "Teams.exe"
ShortcutWithArgument: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Administrative Tools.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.AdministrativeTools
ShortcutWithArgument: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation) -> /tsr
ShortcutWithArgument: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\SendTo\Faxempfänger.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\Users\Hold\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default
ShortcutWithArgument: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Hold\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbuch für Canon TS5300 series\Online-Handbuch.url -> URL: hxxp://rs.ciggws.net/rd.cgi?FNC=MTSU_WM&CHA=MANUAL_MENU&RES=europe&LNG=DE&DEV=TS5300+series&OSV=W&ARA=DE&CNM_SEP=0&OSV=W&DEV=TS5300+series&CTV=1.0&LNG=DE
InternetURL: C:\Users\Hold\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Hold\Favorites\Windows Live\Windows Live Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Hold\Favorites\Windows Live\Windows Live Ideas.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72700
InternetURL: C:\Users\Hold\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72681
InternetURL: C:\Users\Hold\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72682
InternetURL: C:\Users\Hold\Favorites\MSN-Websites\MSN Auto.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72680
InternetURL: C:\Users\Hold\Favorites\MSN-Websites\MSN Fernsehen.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72659
InternetURL: C:\Users\Hold\Favorites\MSN-Websites\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72640
InternetURL: C:\Users\Hold\Favorites\MSN-Websites\MSN Nachrichten.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72636
InternetURL: C:\Users\Hold\Favorites\MSN-Websites\MSN Sport.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72635
InternetURL: C:\Users\Hold\Favorites\MSN-Websites\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72630
InternetURL: C:\Users\Hold\Favorites\Microsoft-Websites\IE-Site auf Microsoft.com.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\Hold\Favorites\Microsoft-Websites\Microsoft Deutschland GmbH.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\Hold\Favorites\Microsoft-Websites\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Hold\Favorites\Microsoft-Websites\Microsoft Windows - Start.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72629
InternetURL: C:\Users\Hold\Favorites\Microsoft-Websites\Microsoft zu Hause.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72406
InternetURL: C:\Users\Hold\Favorites\Microsoft-Websites\Microsoft.com durchsuchen.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=72893
InternetURL: C:\Users\Hold\Favorites\Microsoft-Websites\Site für IE Add-Ons.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Hold\Favorites\Links\Web Slice-Katalog.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logitech\MyHarmony Onlineunterstützung.url -> BASEURL: hxxp://support.myharmony.com/ URL: hxxp://support.myharmony.com/

==================== Ende vom Shortcut.txt =============================
         
__________________


Geändert von cosinus (03.12.2021 um 14:54 Uhr) Grund: code tags

Alt 03.12.2021, 14:55   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira Fund HEUR/AGEN.1124272 - Standard

Avira Fund HEUR/AGEN.1124272



Störende, veraltete oder unnötige Programme deinstallieren

Bitte über Programme und Features (appwiz.cpl) deinstallieren:
  • 7-Zip 18.01 (x64)
  • 7-Zip 19.00 (x64 edition)
  • Adobe Acrobat Reader DC (PDF-Dateien lassen sich wunderbar mit Mozilla Firefox anzeigen)
  • alles von Avira
  • CCleaner
  • Druckerregistrierung
  • Google Chrome (durch Mozilla Firefox ersetzen)
  • OpenOffice (durch LibreOffice ersetzen)
  • Spybot - Search & Destroy
  • VLC media player 3.0.7
__________________
__________________

Alt 03.12.2021, 15:55   #4
Klopfer60
 
Avira Fund HEUR/AGEN.1124272 - Standard

Avira Fund HEUR/AGEN.1124272



Danke einmal fürs allererste.
So, ist alles unten, passt und reicht der Defender? Nur vom CCleaner habe ich nichts finden können und daher auch nicht deinstallieren können (den hatte ich früher einmal)
Wie geht's weiter?

Alt 03.12.2021, 16:03   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira Fund HEUR/AGEN.1124272 - Standard

Avira Fund HEUR/AGEN.1124272



CCleaner und Druckerregistrierung hatte ich noch in meinem Baustein drin und vergessen rauszunehmen

adwCleaner

Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags.

adwcleaner zwecks Kontrolle bitte wiederholen, falls es Funde gab.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.12.2021, 16:14   #6
Klopfer60
 
Avira Fund HEUR/AGEN.1124272 - Standard

Avira Fund HEUR/AGEN.1124272



Alles klar, die Druckerregistrierung war schon da, die habe ich deinstalliert. wie geht das mit den CODE-Tags bitte?

Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build:    11-18-2021
# Database: 2021-12-02.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    12-03-2021
# Duration: 00:00:12
# OS:       Windows 10 Home
# Scanned:  32027
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner[S00].txt - [2540 octets] - [03/12/2018 19:09:36]
AdwCleaner[C00].txt - [2504 octets] - [03/12/2018 19:10:10]
AdwCleaner[S01].txt - [1372 octets] - [11/03/2019 19:51:14]
AdwCleaner[S02].txt - [2189 octets] - [08/11/2019 19:18:16]
AdwCleaner[C02].txt - [2265 octets] - [08/11/2019 19:18:48]
AdwCleaner_Debug.log - [2271 octets] - [08/11/2019 19:22:31]
AdwCleaner[S03].txt - [2184 octets] - [04/04/2020 15:43:19]
AdwCleaner[C03].txt - [2278 octets] - [04/04/2020 15:43:45]
AdwCleaner[S04].txt - [1936 octets] - [16/04/2020 15:35:33]
AdwCleaner[C04].txt - [2106 octets] - [16/04/2020 15:35:50]
AdwCleaner[S05].txt - [3419 octets] - [28/07/2020 14:36:57]
AdwCleaner[C05].txt - [3445 octets] - [28/07/2020 14:37:13]
AdwCleaner[S06].txt - [2139 octets] - [16/08/2020 13:52:32]
AdwCleaner[S07].txt - [2455 octets] - [29/10/2020 23:28:31]
AdwCleaner[C07].txt - [2587 octets] - [29/10/2020 23:28:51]
AdwCleaner[S08].txt - [2322 octets] - [10/11/2020 18:26:06]
AdwCleaner[S09].txt - [2383 octets] - [08/12/2020 18:31:41]
AdwCleaner[S10].txt - [2444 octets] - [05/01/2021 20:35:01]
AdwCleaner[S11].txt - [2504 octets] - [19/02/2021 20:18:00]
AdwCleaner[S12].txt - [2744 octets] - [07/03/2021 19:39:54]
AdwCleaner[C12].txt - [2897 octets] - [07/03/2021 19:40:13]
AdwCleaner[S13].txt - [2687 octets] - [15/03/2021 18:46:41]
AdwCleaner[S14].txt - [2789 octets] - [15/04/2021 12:44:40]
AdwCleaner[C14].txt - [2960 octets] - [15/04/2021 12:50:16]
AdwCleaner[S15].txt - [2871 octets] - [25/05/2021 20:47:20]
AdwCleaner[S16].txt - [2932 octets] - [27/06/2021 19:47:52]
AdwCleaner[S17].txt - [3749 octets] - [13/10/2021 17:36:41]
AdwCleaner[C17].txt - [3829 octets] - [13/10/2021 17:36:55]
AdwCleaner[S18].txt - [3115 octets] - [02/12/2021 19:35:39]
AdwCleaner[S19].txt - [3176 octets] - [02/12/2021 23:14:14]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S20].txt ##########
         

Geändert von cosinus (03.12.2021 um 16:23 Uhr) Grund: code tags

Alt 03.12.2021, 16:24   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira Fund HEUR/AGEN.1124272 - Standard

Avira Fund HEUR/AGEN.1124272



Dann jetzt bitte mit Malwarebytes weitermachen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.12.2021, 16:36   #8
Klopfer60
 
Avira Fund HEUR/AGEN.1124272 - Standard

Avira Fund HEUR/AGEN.1124272



Ich krieg das mit den CODE-Tags nicht hin, sorry!

Geändert von cosinus (03.12.2021 um 17:17 Uhr)

Alt 03.12.2021, 16:41   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira Fund HEUR/AGEN.1124272 - Standard

Avira Fund HEUR/AGEN.1124272



Posten in CODE-Tags

Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.12.2021, 16:47   #10
Klopfer60
 
Avira Fund HEUR/AGEN.1124272 - Standard

Avira Fund HEUR/AGEN.1124272



STRG+A,STRG+C ist klar, dann drücke ich im Editor die #-Taste und es erscheint eine leere Seite mit dem #-Symbol. was mach ich falsch?

Alt 03.12.2021, 16:49   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira Fund HEUR/AGEN.1124272 - Standard

Avira Fund HEUR/AGEN.1124272



Ist das so schwierig sich mal das Bild zu den CODE-Tags richtig anzuschauen??!

OMG Was stellt ihr euch alle mit den CODE Tags so an einfach die beiden Klammerausdrücke schreiben und dazwischen das Log. Meine Güte...
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.12.2021, 16:59   #12
Klopfer60
 
Avira Fund HEUR/AGEN.1124272 - Standard

Avira Fund HEUR/AGEN.1124272



Es tut mir echt leid, ich schaff das nicht

Geändert von cosinus (03.12.2021 um 17:17 Uhr)

Alt 03.12.2021, 17:02   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira Fund HEUR/AGEN.1124272 - Standard

Avira Fund HEUR/AGEN.1124272



Zitat:
Es tut mir echt leid, ich schaff das nicht
SCHAU DIR DAS BILD AN! Steht da ein nur # oder was in Klammern??!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.12.2021, 17:09   #14
Klopfer60
 
Avira Fund HEUR/AGEN.1124272 - Standard

Avira Fund HEUR/AGEN.1124272



#
Code:
ATTFilter
#Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 03.12.21
Scan-Zeit: 16:28
Protokolldatei: a04fa56c-544d-11ec-ac56-00fffaea9793.json

-Softwaredaten-
Version: 4.4.11.149
Komponentenversion: 1.0.1513
Version des Aktualisierungspakets: 1.0.48086
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10 (Build 19042.1348)
CPU: x64
Dateisystem: NTFS
Benutzer: Hold-PC\Hold

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 352315
Erkannte Bedrohungen: 1
In die Quarantäne verschobene Bedrohungen: 1
Abgelaufene Zeit: 3 Min., 37 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 1
PUP.Optional.ChipDe, C:\USERS\HOLD\DOWNLOADS\LIBREOFFICE (64 BIT) - INSTALLER _PT9X.EXE, In Quarantäne, 616, 562568, 1.0.48086, , ame, , 5AD048D2B9ED2908947D90373A8B455C, FF8898D9C10E98FDB7F523E8E0ECFAD29CCC668A753E34D9C06A1A2DC7BE66D8

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)

WMI: 0
(keine bösartigen Elemente erkannt)


(end)
         

Alt 03.12.2021, 17:17   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Avira Fund HEUR/AGEN.1124272 - Standard

Avira Fund HEUR/AGEN.1124272



Geht doch!!


Zitat:
Datei: 1
PUP.Optional.ChipDe,

Downloadquellen

Lade keine Software von Chip.de, Softonic.de, sourceforge.net, openoffice.de, VLC.de, audacity.de, gimp24.de oder updatestar.com.
Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software (Potentially unwanted programs, kurz PUP) oder Adware installiert.
Auf manchen Seiten wird direkt PUP / Adware zum Download angeboten.

Für Windows gibt es seit einiger Zeit einen brauchbaren Paketmanager, der mit einfachen Befehlen es erlaubt, automatisiert Software herunterzuladen und zu installieren. Das erspart eine Menge Arbeit, denn ohne einen Paketmanager muss man jedes Programm selbst prüfen und separat manuell updaten, vorher manuell noch runterladen etc. pp. - siehe auch --> chocolatey Paketmanager für Windows

Wir empfehlen dringend, alle Programme, sofern verfügbar, über chocolatey zu installieren. Falls du schon mit Linux zu tun hattest, wird dir die Syntax sehr vertraut sein.
Die FAQs zu choco findest du da --> Chocolatey: Häufig gestellte Fragen (englisch)
Selbstverständlich darfst du auch Fragen zu chocolatey im o.g. Thread zu chocolatey stellen.


Für den seltenen Fall, dass du das benötigte Programm nicht im repository von chocolatey findest: Lade diese Software immer direkt beim jeweiligen Hersteller / Entwickler.
__________________
Logfiles bitte immer in CODE-Tags posten

Thema geschlossen

Themen zu Avira Fund HEUR/AGEN.1124272
antivirus, avg, avira, bonjour, defender, desktop, firefox, google, home, homepage, internet, mozilla, port, programm, prozesse, realtek, registry, rundll, scan, security, software, system, updates, virus, windows




Ähnliche Themen: Avira Fund HEUR/AGEN.1124272


  1. Windows 7 64Bit mit HEUR/Agen.1032418 infiziert
    Plagegeister aller Art und deren Bekämpfung - 17.06.2019 (11)
  2. HEUR/AGEN.1019625 Meldung von Avira nach normalem Betrieb
    Plagegeister aller Art und deren Bekämpfung - 18.09.2018 (14)
  3. Nach Avira-Fund lässt sich Avira nicht mehr öffnen bzw. installieren
    Log-Analyse und Auswertung - 25.08.2017 (20)
  4. Avira Fund
    Plagegeister aller Art und deren Bekämpfung - 23.04.2016 (12)
  5. Windows 7, Trojaner von Avira geblockt + entfernt, Malwarebytes möglicher Fund aber von Avira geblockt
    Log-Analyse und Auswertung - 13.05.2015 (13)
  6. Windows 7: Avira HEUR/Modified.SystemFile
    Plagegeister aller Art und deren Bekämpfung - 10.07.2014 (9)
  7. Kaspersky Fund HEUR:AdWare.Script.Generic
    Log-Analyse und Auswertung - 19.05.2014 (5)
  8. Kaspersky Internet Security meldet Fund: HEUR:Exploit.Java.CVE-2012-1723.gen
    Log-Analyse und Auswertung - 15.10.2013 (13)
  9. Win7; Avira-Fund:TR/Mevade.A.95 (143 Virenfunde laut Avira)
    Log-Analyse und Auswertung - 06.10.2013 (11)
  10. AVIRA-Fund: ADWARE/YONTOO.GEN2 und ESET-Fund: Win32/StartPage.OPH trojan
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (12)
  11. Avira Fund "js/obfuscated.cf" und gleich darauf ""TR/SPY.KeyLogger.301" fund auf vista
    Plagegeister aller Art und deren Bekämpfung - 26.02.2012 (19)
  12. "HEUR/HTML.Malware"-Fund von AVIRA
    Plagegeister aller Art und deren Bekämpfung - 21.04.2011 (12)
  13. CPU Auslastung 100% + Fund (AV): TR/Kazy+Osram HEUR/Crypted
    Plagegeister aller Art und deren Bekämpfung - 28.01.2011 (18)
  14. Heur/HTML.Maleware warnung hört nicht auf unter Avira
    Plagegeister aller Art und deren Bekämpfung - 12.07.2010 (1)
  15. HEUR/HTML.Malware von Avira AntiVir gefunden
    Plagegeister aller Art und deren Bekämpfung - 08.05.2010 (1)
  16. HEUR/HTML.Malware Meldung von Avira
    Log-Analyse und Auswertung - 22.11.2009 (2)
  17. Avira hat HEUR/HTML.Malware gefunden
    Log-Analyse und Auswertung - 25.08.2009 (6)

Zum Thema Avira Fund HEUR/AGEN.1124272 - Avira hat gestern mitten unter der Arbeit einen Fund gemeldet und auch nach der Analyse bestätigt, die Datei REBUILD.EXE wurde als HEUR/AGEN.1124272 bezeichnet, die war in einem alten Programm (BMD), - Avira Fund HEUR/AGEN.1124272...
Archiv
Du betrachtest: Avira Fund HEUR/AGEN.1124272 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.