| |
| |||||||
Log-Analyse und Auswertung: Avira hat CRaccoon in Quarantäne geschobenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
08.11.2022, 20:46
| #1 |
 |  Avira hat CRaccoon in Quarantäne geschoben Hallo Community, mein Antiviren-Programm Avira hat angezeigt, dass es "Craccoon" in Quarantäne geschoben hat. Nachdem ich kurz recherchiert habe, bin ich der Meinung, dass dies Malware ist, und man diese so schnell es geht löschen sollte. Ich hoffe, ich habe das richtig verstanden. Avira selbst scheint keine Logs zur Verfügung zu stellen, soweit ich auch das kurz recherchiert habe. Deshalb habe ich einen Screenshot der Meldungen erzeugt, als Anhang. Ich bitte um Hilfe um die Malware loszuwerden. Vielen Dank. corneliusk Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 06-11-2022
durchgeführt von Cornelius (Administrator) auf DESKTOP-2BR8MEO (LENOVO 81TD) (08-11-2022 14:35:04)
Gestartet von C:\Users\Cornelius\Desktop
Geladene Profile: Cornelius & Becca
Plattform: Microsoft Windows 11 Home Version 22H2 22621.674 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe <2>
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe <2>
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe <2>
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <4>
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoBoostAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoBoostSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(MultimediaAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe <2>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe <2>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe <2>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <5>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe <2>
(C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\SentryEye.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe <2>
(C:\Program Files\WindowsApps\MicrosoftTeams_22273.905.1632.1008_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.35\msedgewebview2.exe <12>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxCUIService.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxEM.exe <2>
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(explorer.exe ->) (HP Inc. -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe <3>
(explorer.exe ->) (Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe <2>
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe <2>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <16>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(services.exe ->) (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe
(services.exe ->) (Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <3>
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(services.exe ->) (Geek Software GmbH -> Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe <3>
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1e59f5ec7049260a\aesm_service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a9a2dde7124f013f\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_93d11e2397cac3a9\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_93d11e2397cac3a9\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_f222132bfa8270de\RstMwService.exe
(services.exe ->) (Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\SocketHeciServer.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_646d24c9b7c85542\Intel_PIE_Service.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\YMC.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <3>
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(services.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_4690d097c38be4a9\WTabletServiceISD.exe <2>
(sihost.exe ->) (INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(sihost.exe ->) (LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.3.20.0_x64__5grkq8ppsgwt4\LaunchUtility\utility.exe <2>
(svchost.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe <2>
(svchost.exe ->) (HP Inc. -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe
(svchost.exe ->) (INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe <2>
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22082.119.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.765.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe <2>
(svchost.exe ->) 0 C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) 0 C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(winlogon.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LogonUI.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1084720 2020-05-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3476184 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [483976 2020-08-13] (Geek Software GmbH -> Geek Software GmbH)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1068512 2022-09-30] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3486368 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [7222736 2022-10-16] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\Run: [] => [X]
HKLM\...\Print\Monitors\HP 7112 Status Monitor: C:\WINDOWS\system32\hpinksts7112LM.dll [328704 2013-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8610): C:\WINDOWS\system32\HPDiscoPM7112.dll [763040 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\WINDOWS\system32\pxcpmL.dll [2575744 2021-11-23] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2022-04-20]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HiDrive.lnk [2022-10-17]
ShortcutTarget: HiDrive.lnk -> C:\Program Files (x86)\STRATO\HiDrive\HiDrive.App.exe (Keine Datei)
Startup: C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8610.lnk [2022-08-20]
ShortcutAndArgument: Tintenwarnungen überwachen - HP Officejet Pro 8610.lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Officejet Pro 8610\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN48UD30KP;CONNECTION=USB;MONITOR=1;
Startup: C:\Users\Cornelius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2022-07-18]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Cornelius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HiDrive.lnk [2022-10-17]
ShortcutTarget: HiDrive.lnk -> C:\Program Files (x86)\STRATO\HiDrive\HiDrive.App.exe (Keine Datei)
GroupPolicy: Beschränkung ? <==== ACHTUNG
GroupPolicy-Firefox: Beschränkung <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {06FEF118-1E47-4CD0-8CA1-3F23A5249FEF} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1070191195-3368900776-1784378574-500 => C:\Users\Cornelius\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Keine Datei)
Task: {08BD09F4-BBD5-4759-9418-2A6680D41823} - System32\Tasks\Microsoft\Windows\PI\SecureBootEncodeUEFI => C:\WINDOWS\system32\SecureBootEncodeUEFI.exe [49152 2022-05-07] (Microsoft Windows -> )
Task: {0FF06527-B88F-4DAB-B47B-9B133514DA4F} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {1E9063C8-0F63-4EF3-AB9C-CEA671398153} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {20EBF894-FBE6-47F0-B3CE-4D626EF08850} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\77142629-2913-49dc-911b-9712bfaeb074 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
"C:\Windows\System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask" konnte nicht entsperrt werden. <==== ACHTUNG
Task: {27CE9D59-9D48-4D29-99BC-64657AEBA494} - System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask
Task: {28AF4916-D487-4792-8DE6-1F3F006A67E0} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {35489BF3-52B0-4A8E-B836-E633FF016736} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [258304 2022-10-27] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {3727129A-25DC-45CE-A991-C01DEBC852A6} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [31903104 2022-08-31] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
Task: {441AB107-44CD-4829-8AF0-FD82DAB69884} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {458BB732-21EF-4C5F-8AE0-06610CED1943} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [333760 2022-08-30] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
Task: {4748CC6A-110C-46D1-AEE0-4FBEBD4C1CBF} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC ReadyToReboot (Keine Datei)
Task: {56BD730D-2157-4A6D-89AB-C77E8B786FB7} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {66977CF0-1E6C-4497-B6E2-B21CC2C45AD9} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {73B6D149-F5D8-46A4-B1D3-F2D453BA9D8F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [375232 2022-07-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {7C9AD4B5-E743-4D8F-83BB-EABF4C764371} - System32\Tasks\Avira_Security_Update => C:\WINDOWS\system32\net.exe [81920 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
Task: {80F541A5-C9A0-4EEB-B1CB-5B2333AE6F3E} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry
Task: {80F541A5-C9A0-4EEB-B1CB-5B2333AE6F3E} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog
Task: {80F541A5-C9A0-4EEB-B1CB-5B2333AE6F3E} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector
Task: {81D7C8DB-BF46-4C9A-912C-ED2819B52D0F} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {82B170B1-3B07-4280-9A60-4B607CC1E1AD} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\51fb7155-76eb-4b65-b419-bd090a255026 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {8BD661D3-91BD-4626-AFAF-B364710A49D1} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {8F55F0DB-EFD8-4F30-96BA-3FF286835A47} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery ReadyToReboot (Keine Datei)
Task: {96631209-1C40-4CCB-85AD-AA83AB26C08C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {A1619365-7B6D-4077-9ADB-0BC539DDD853} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [89408 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
Task: {B95A7A6A-4B60-4247-A1CF-79175E52E4AE} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [149280 2022-09-23] (Lenovo -> Lenovo Group Ltd.)
Task: {BA732E5A-97AD-4446-801B-3DDDF9FE9BEB} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {BAB3BB18-1860-4211-8184-497596CF1B2D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [375232 2022-07-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB8118F4-75EB-4371-A2E7-715290F2DFEB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {BDD773D1-E95B-4E84-838B-5CF8FE83C8CD} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {C012B180-4A05-4E1C-B01C-7F2C72548D82} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [184656 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
Task: {C088E47B-A94D-4971-8C3B-9245F2A942E9} - System32\Tasks\Opera scheduled Autoupdate 1614982957 => C:\Users\Becca\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Keine Datei)
Task: {C48A4498-DF8A-4FB0-9A96-9A412B455C53} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Keine Datei)
Task: {D3FB6DBE-746D-4668-BE8D-40B790906B80} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\df70d3c0-0826-4e14-9dfe-aae856dab5a9 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {D42AF06E-5917-4B49-90E0-8154D77F2C9D} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\fbb18cca-0c64-4aa0-a9d8-c5bb60e07a6a => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {D5B20400-63A2-4E55-AE5C-6FF62FE45391} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {D7EEC4B4-E36F-4A82-AF26-0E3831094AC9} - \Opera scheduled assistant Autoupdate 1614982961 -> Keine Datei <==== ACHTUNG
Task: {DC6E6278-6153-4682-B894-B9603E6882FB} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3476184 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (Keine Datei)
Task: {E1A03A74-3CAB-4DC3-AF58-01B3FE550851} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {E7AA8978-795E-44E7-A289-C14F957F0CA3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\81c4e8f1-7b72-4bb7-8812-6dc5a59d36bc => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {EAFE110F-AEDB-49BF-9381-0857413B7C28} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1660640 2022-10-27] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {FBA6B093-B79F-4644-B88E-52C91BFCDCFC} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4b730a19-1edc-495e-8cbb-54399f6a4154}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ae31ffd9-227d-433d-9dd0-5dd18f6b90ee}: [DhcpNameServer] 150.206.1.3
Edge:
=======
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge Profile: C:\Users\Cornelius\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-01]
FireFox:
========
FF DefaultProfile: pm20j0fn.default
FF ProfilePath: C:\Users\Cornelius\AppData\Roaming\Mozilla\Firefox\Profiles\pm20j0fn.default [2021-05-03]
FF Homepage: Mozilla\Firefox\Profiles\pm20j0fn.default -> hxxp://www.mozilla.org
FF ProfilePath: C:\Users\Cornelius\AppData\Roaming\Mozilla\Firefox\Profiles\9w0qkrwx.default-release [2022-11-08]
FF Session Restore: Mozilla\Firefox\Profiles\9w0qkrwx.default-release -> ist aktiviert.
FF Extension: (Startpage.com — Datenschutz-Suchmaschine) - C:\Users\Cornelius\AppData\Roaming\Mozilla\Firefox\Profiles\9w0qkrwx.default-release\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2020-06-10]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2022-05-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2021-11-23] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2022-09-30] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2021-11-23] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2022-09-30] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [923616 2022-09-30] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3863256 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3701464 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [3004688 2022-07-22] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [386864 2022-03-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [265424 2022-10-27] (Avira Operations GmbH -> Avira Operations GmbH)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [292912 2022-10-27] (Avira Operations GmbH -> Avira Operations GmbH)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3054520 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
S3 dcsvc; C:\WINDOWS\system32\dcsvc.dll [802816 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1646536 2019-06-16] (Dolby Laboratories, Inc. -> )
R2 EndpointProtectionService; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [8762080 2022-11-01] (Avira Operations GmbH -> Avira Operations GmbH)
S3 EndpointProtectionService2; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [8762080 2022-11-01] (Avira Operations GmbH -> Avira Operations GmbH)
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [360320 2019-09-05] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [2357936 2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [228848 2022-11-01] (HP Inc. -> HP Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.)
S3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2022-10-17] (Microsoft Windows -> Microsoft Corporation)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe [31072 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1643688 2019-05-06] (Lenovo -> Lenovo(beijing) Limited)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [483976 2020-08-13] (Geek Software GmbH -> Geek Software GmbH)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2022-10-17] (Microsoft Windows -> Microsoft Corporation)
R2 UDCService; C:\WINDOWS\System32\drivers\Lenovo\udc\Service\UDClientService.exe [71504 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [2909208 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [128376 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137544 2022-10-17] (Microsoft Windows -> Microsoft Corporation)
R2 YMC; C:\WINDOWS\System32\YMC.exe [856960 2019-05-26] (Lenovo -> Lenovo Group Ltd.)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 BdSentry; C:\WINDOWS\System32\DRIVERS\BdSentry.sys [230520 2022-09-28] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2022-10-17] (Microsoft Windows -> Microsoft Corporation)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [69024 2019-05-29] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com)
S3 GeneStor; C:\WINDOWS\system32\DRIVERS\GeneStor.sys [115704 2015-07-15] (GENESYS LOGIC, INC. -> GenesysLogic)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R1 netprotection_network_filter; C:\WINDOWS\System32\drivers\netprotection_network_filter.sys [112184 2022-11-01] (Avira Operations GmbH -> Avira Operations GmbH)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
S0 rtp_elam; C:\WINDOWS\System32\DRIVERS\rtp_elam.sys [26624 2022-10-14] (Microsoft Windows Early Launch Anti-Malware Publisher -> Avira Operations GmbH)
R2 rtp_filesystem_filter; C:\WINDOWS\System32\DRIVERS\rtp_filesystem_filter.sys [223848 2022-10-14] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_process_monitor; C:\WINDOWS\system32\DRIVERS\rtp_process_monitor.sys [217552 2022-10-14] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_traverse; C:\WINDOWS\system32\DRIVERS\rtp_traverse.sys [61376 2022-10-14] (Avira Operations GmbH -> Avira Operations GmbH)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [48536 2022-05-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [438544 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [90384 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2022-10-17] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-11-08 14:35 - 2022-11-08 14:37 - 000000000 ____D C:\Users\Cornelius\Desktop\Trojaner
2022-11-08 14:35 - 2022-11-08 14:36 - 000041153 _____ C:\Users\Cornelius\Desktop\FRST.txt
2022-11-08 14:34 - 2022-11-08 14:35 - 000000000 ____D C:\FRST
2022-11-08 14:34 - 2022-11-08 14:34 - 002374656 _____ (Farbar) C:\Users\Cornelius\Desktop\FRST64.exe
2022-11-08 14:14 - 2022-11-08 14:15 - 000000393 _____ C:\Users\Cornelius\Desktop\Textdokument (neu).txt
2022-11-07 18:10 - 2022-11-07 18:10 - 000001148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Rush.lnk
2022-11-07 18:00 - 2022-11-07 18:00 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2023.lnk
2022-11-07 17:57 - 2022-11-07 18:10 - 000000000 ____D C:\Users\Public\Documents\Adobe
2022-11-07 17:57 - 2022-11-07 17:57 - 000001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2023.lnk
2022-11-06 13:44 - 2022-11-07 18:22 - 000000000 ____D C:\Users\Becca\Desktop\Neuer Ordner (6)
2022-11-06 12:21 - 2022-11-06 12:21 - 000761564 _____ C:\WINDOWS\system32\perfh007.dat
2022-11-06 12:21 - 2022-11-06 12:21 - 000157732 _____ C:\WINDOWS\system32\perfc007.dat
2022-11-05 13:51 - 2022-11-05 13:51 - 000003792 _____ C:\WINDOWS\system32\Tasks\AviraSystemSpeedupVerify
2022-11-05 13:48 - 2022-11-05 13:48 - 000003888 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Maintenance
2022-11-05 13:48 - 2022-11-05 13:48 - 000003428 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Service_SCM_Watchdog
2022-11-05 13:48 - 2022-11-05 13:48 - 000002818 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Systray
2022-11-03 15:44 - 2022-11-03 16:58 - 000000000 ____D C:\Users\Becca\Desktop\Neuer Ordner (5)
2022-11-02 21:51 - 2022-11-06 12:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2022-11-02 20:09 - 2022-11-02 20:09 - 000000218 _____ C:\Users\Cornelius\AppData\Local\recently-used.xbel
2022-10-29 18:50 - 2022-10-29 18:50 - 000001096 _____ C:\Users\Cornelius\Desktop\Adobe Lightroom Classic.lnk
2022-10-29 18:50 - 2022-10-29 18:50 - 000001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic.lnk
2022-10-27 16:56 - 2022-10-27 16:56 - 000000000 ____D C:\ProgramData\Scan2PDF light
2022-10-27 16:55 - 2022-10-27 16:55 - 000000000 ____D C:\Users\Becca\Downloads\LScan2Pdf
2022-10-27 16:54 - 2022-10-27 16:54 - 010217236 _____ C:\Users\Becca\Downloads\LScan2Pdf.zip
2022-10-27 16:46 - 2022-10-27 16:49 - 000000000 ___RD C:\Users\Cornelius\Documents\Scanned Documents
2022-10-27 16:46 - 2022-10-27 16:46 - 000000000 ____D C:\Users\Cornelius\Documents\Fax
2022-10-22 20:11 - 2022-10-22 20:11 - 000001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign 2023.lnk
2022-10-22 19:58 - 2022-10-22 19:58 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2022.lnk
2022-10-22 19:49 - 2022-10-22 19:49 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2023.lnk
2022-10-22 19:44 - 2022-10-22 19:44 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2023.lnk
2022-10-22 15:58 - 2022-10-22 16:36 - 000000000 ____D C:\Users\Becca\Desktop\Neuer Ordner (4)
2022-10-19 09:55 - 2022-10-19 10:07 - 000000000 ____D C:\Users\Becca\Desktop\Neuer Ordner (3)
2022-10-17 20:34 - 2022-10-17 20:34 - 000000000 ___RD C:\Users\Becca\Documents\Microsoft.SecHealthUI_8wekyb3d8bbwe!SecHealthUI
2022-10-17 20:25 - 2022-10-17 20:25 - 000327680 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 002575632 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 002088728 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 000296448 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 000062800 _____ C:\WINDOWS\system32\AppInstallerBackgroundUpdate.exe
2022-10-17 20:24 - 2022-10-17 20:24 - 000055144 _____ C:\WINDOWS\system32\SFAPE.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 000046888 _____ C:\WINDOWS\system32\wow64base.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 000016565 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-17 20:23 - 2022-10-17 20:23 - 000000000 ___HD C:\$WinREAgent
2022-10-14 22:12 - 2022-10-14 22:12 - 000000020 ___SH C:\Users\Cornelius\ntuser.ini
2022-10-13 10:26 - 2022-10-13 10:27 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-10-13 10:24 - 2022-10-13 10:25 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-10-13 10:24 - 2022-10-13 10:24 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-10-13 10:21 - 2022-10-13 10:21 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-10-13 10:21 - 2022-10-13 10:21 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-10-13 10:21 - 2022-10-13 10:21 - 000192512 _____ C:\WINDOWS\system32\CloudExperienceHostRedirection.dll
2022-10-13 10:21 - 2022-10-13 10:21 - 000180224 _____ C:\WINDOWS\system32\stordiag.exe
2022-10-13 10:21 - 2022-10-13 10:21 - 000133120 _____ C:\WINDOWS\SysWOW64\stordiag.exe
2022-10-13 10:21 - 2022-10-13 10:21 - 000098304 _____ C:\WINDOWS\system32\dplcsp.dll
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\WINDOWS\addins
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\Program Files\MSBuild
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-10-13 10:16 - 2022-10-13 10:16 - 000000000 ____D C:\WINDOWS\system32\Intel
2022-10-13 10:16 - 2022-10-13 10:16 - 000000000 ____D C:\WINDOWS\system32\cAVS
2022-10-13 10:15 - 2022-10-13 10:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2022-10-13 10:15 - 2022-10-13 10:15 - 000000000 ____D C:\WINDOWS\Lenovo
2022-10-13 09:44 - 2022-10-13 09:44 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-10-13 09:42 - 2022-11-06 12:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-13 09:42 - 2022-11-05 13:48 - 000003474 _____ C:\WINDOWS\system32\Tasks\Avira_Security_Update
2022-10-13 09:42 - 2022-11-01 13:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2022-10-13 09:42 - 2022-10-23 15:34 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-10-13 09:42 - 2022-10-15 20:51 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-10-13 09:42 - 2022-10-15 20:51 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-10-13 09:42 - 2022-10-13 09:42 - 000004030 _____ C:\WINDOWS\system32\Tasks\LenovoUtility Startup
2022-10-13 09:42 - 2022-10-13 09:42 - 000003626 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1614982957
2022-10-13 09:42 - 2022-10-13 09:42 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1070191195-3368900776-1784378574-500
2022-10-13 09:42 - 2022-10-13 09:42 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2022-10-13 09:42 - 2022-10-13 09:42 - 000000020 ___SH C:\Users\Becca\ntuser.ini
2022-10-13 09:42 - 2022-10-13 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-10-13 09:42 - 2022-10-13 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2022-10-13 09:42 - 2022-10-13 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Ivanti
2022-10-13 09:42 - 2022-10-13 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2022-10-13 09:42 - 2022-10-13 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2022-10-13 09:42 - 2022-10-13 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-10-13 09:42 - 2020-03-26 16:07 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2473705718-4163329733-1527017515-500
2022-10-13 09:42 - 2019-10-17 05:12 - 000003388 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3354727278-81800435-1074778100-500
2022-10-13 09:40 - 2022-10-13 09:42 - 000017148 _____ C:\WINDOWS\diagwrn.xml
2022-10-13 09:40 - 2022-10-13 09:42 - 000017148 _____ C:\WINDOWS\diagerr.xml
2022-10-13 09:38 - 2022-11-06 12:21 - 001754660 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-13 09:29 - 2022-11-02 22:16 - 000000000 ____D C:\Users\Becca
2022-10-13 09:29 - 2022-10-14 22:12 - 000000000 ____D C:\Users\Cornelius
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Vorlagen
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Startmenü
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Netzwerkumgebung
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Lokale Einstellungen
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Eigene Dateien
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Druckumgebung
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Documents\Eigene Videos
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Documents\Eigene Musik
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Documents\Eigene Bilder
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\AppData\Local\Verlauf
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\AppData\Local\Anwendungsdaten
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Anwendungsdaten
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Vorlagen
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Startmenü
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Netzwerkumgebung
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Lokale Einstellungen
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Eigene Dateien
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Druckumgebung
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Documents\Eigene Videos
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Documents\Eigene Musik
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Documents\Eigene Bilder
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\AppData\Local\Verlauf
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\AppData\Local\Anwendungsdaten
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Anwendungsdaten
2022-10-13 09:29 - 2022-05-07 06:19 - 000001281 _____ C:\Users\Cornelius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-10-13 09:29 - 2022-05-07 06:19 - 000001281 _____ C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-10-13 09:29 - 2022-05-07 06:19 - 000000407 _____ C:\Users\Cornelius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-10-13 09:29 - 2022-05-07 06:19 - 000000407 _____ C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-10-13 09:28 - 2022-11-07 19:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-13 09:28 - 2022-10-18 19:01 - 000482448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-13 09:28 - 2022-10-13 09:28 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2022-10-12 18:56 - 2022-10-23 15:34 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2022-10-12 18:56 - 2022-10-23 15:34 - 000002072 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2022-10-12 18:49 - 2022-10-14 11:59 - 000000000 ____D C:\Users\Becca\Desktop\Neuer Ordner (2)
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-11-08 14:33 - 2022-04-27 20:25 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-11-08 14:32 - 2020-06-10 19:13 - 000000000 ____D C:\Users\Cornelius\AppData\LocalLow\Mozilla
2022-11-08 14:30 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-08 14:21 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-11-08 14:20 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-08 14:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-08 14:16 - 2022-04-02 21:24 - 000000000 ____D C:\Users\Cornelius\AppData\Local\CrashDumps
2022-11-08 14:16 - 2020-06-10 18:45 - 000000000 __SHD C:\Users\Cornelius\IntelGraphicsProfiles
2022-11-08 14:15 - 2020-06-13 20:30 - 000000000 ____D C:\Users\Becca\AppData\LocalLow\Mozilla
2022-11-08 14:14 - 2021-03-25 15:00 - 000000000 ___RD C:\Users\Becca\Creative Cloud Files
2022-11-08 14:13 - 2020-06-13 19:07 - 000000000 __SHD C:\Users\Becca\IntelGraphicsProfiles
2022-11-07 20:05 - 2021-03-06 15:13 - 000000000 ____D C:\Users\Becca\AppData\Local\D3DSCache
2022-11-07 20:05 - 2020-06-13 19:07 - 000000000 ____D C:\Users\Becca\AppData\Local\Packages
2022-11-07 18:20 - 2021-03-25 14:56 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-11-07 18:18 - 2020-06-13 19:07 - 000000000 ____D C:\Users\Becca\AppData\Roaming\Adobe
2022-11-07 18:15 - 2021-04-01 19:52 - 000000000 ____D C:\Users\Becca\Documents\Adobe
2022-11-07 18:10 - 2021-08-27 14:19 - 000000000 ___HD C:\adobeTemp
2022-11-07 18:10 - 2021-03-25 14:55 - 000000000 ____D C:\Program Files\Adobe
2022-11-07 17:59 - 2021-03-25 14:55 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-11-06 19:44 - 2021-04-22 19:22 - 000000000 ____D C:\temp
2022-11-06 13:44 - 2022-04-01 20:30 - 000000000 ____D C:\Users\Becca\AppData\Local\CrashDumps
2022-11-06 12:21 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2022-11-06 12:13 - 2022-09-30 20:28 - 008042832 _____ C:\WINDOWS\system32\rtp.db
2022-11-06 12:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2022-11-06 12:13 - 2022-05-07 06:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-11-06 12:13 - 2021-03-14 21:54 - 000012288 ___SH C:\DumpStack.log.tmp
2022-11-06 12:13 - 2020-06-09 19:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-11-06 12:13 - 2020-03-26 16:23 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2022-11-06 12:13 - 2020-03-26 16:22 - 000000000 ___HD C:\Intel
2022-11-06 11:48 - 2021-06-28 20:00 - 000000000 ____D C:\Users\Cornelius\AppData\Local\Greenshot
2022-11-05 13:48 - 2021-04-16 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2022-11-05 13:48 - 2020-07-21 09:20 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-04 17:23 - 2020-06-13 17:25 - 000000000 ____D C:\Users\Cornelius\Documents\Alles
2022-11-01 14:57 - 2022-06-22 17:38 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2022-11-01 13:17 - 2022-09-30 21:49 - 000112184 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\netprotection_network_filter.sys
2022-10-26 17:49 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-26 17:48 - 2022-10-08 21:35 - 000000000 ___DC C:\WINDOWS\Panther
2022-10-22 19:45 - 2020-06-10 22:53 - 000000000 ____D C:\ProgramData\Adobe
2022-10-18 19:51 - 2020-06-09 18:02 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-10-18 19:02 - 2021-09-17 23:33 - 000000306 __RSH C:\ProgramData\ntuser.pol
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\System
2022-10-18 12:45 - 2020-06-13 20:29 - 000000000 ____D C:\Users\Becca\AppData\Roaming\PersBackup6
2022-10-18 02:52 - 2021-09-11 17:57 - 000000000 ____D C:\Users\Cornelius\AppData\Roaming\hidrive.ui
2022-10-17 20:41 - 2022-05-07 06:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-17 20:41 - 2022-05-07 06:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-17 20:36 - 2021-09-07 12:39 - 000000000 ____D C:\Users\Becca\AppData\Roaming\hidrive.ui
2022-10-17 20:22 - 2020-06-14 20:02 - 000000000 ___RD C:\Users\Becca\HiDrive
2022-10-17 20:22 - 2020-06-10 21:31 - 000000000 ___RD C:\Users\Cornelius\HiDrive
2022-10-15 20:53 - 2020-06-10 18:45 - 000000000 ____D C:\Users\Cornelius\AppData\Local\Packages
2022-10-15 20:53 - 2020-06-09 17:36 - 000000000 ____D C:\ProgramData\Packages
2022-10-14 22:13 - 2019-10-17 05:10 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-10-14 12:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\appcompat
2022-10-14 12:04 - 2022-09-30 21:48 - 000223848 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_filesystem_filter.sys
2022-10-14 12:04 - 2022-09-30 21:48 - 000217552 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_process_monitor.sys
2022-10-14 12:04 - 2022-09-30 21:48 - 000061376 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_traverse.sys
2022-10-14 12:04 - 2022-09-30 20:27 - 000026624 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_elam.sys
2022-10-14 12:04 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-10-13 10:27 - 2022-05-07 06:28 - 000000000 ____D C:\WINDOWS\Setup
2022-10-13 10:27 - 2022-05-07 06:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 __RHD C:\Users\Public\Libraries
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\spool
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2022-10-13 10:27 - 2022-04-01 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2022-10-13 10:27 - 2022-03-16 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuCash
2022-10-13 10:27 - 2022-02-23 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2022
2022-10-13 10:27 - 2022-02-16 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tracker Software
2022-10-13 10:27 - 2021-11-07 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEWE Fotowelt
2022-10-13 10:27 - 2021-10-13 14:25 - 000000000 ____D C:\WINDOWS\SysWOW64\statReporter
2022-10-13 10:27 - 2021-09-17 22:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minimal ADB and Fastboot
2022-10-13 10:27 - 2021-09-17 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2022-10-13 10:27 - 2021-09-17 12:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\ClockworkMod
2022-10-13 10:27 - 2021-06-28 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
2022-10-13 10:27 - 2021-06-19 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2022-10-13 10:27 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-10-13 10:27 - 2021-01-03 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2022-10-13 10:27 - 2020-12-27 13:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2022-10-13 10:27 - 2020-12-07 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2021
2022-10-13 10:27 - 2020-11-15 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-10-13 10:27 - 2020-11-15 11:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\digiCamControl
2022-10-13 10:27 - 2020-08-17 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2022-10-13 10:27 - 2020-08-01 18:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2022-10-13 10:27 - 2020-07-05 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2022-10-13 10:27 - 2020-06-14 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2022-10-13 10:27 - 2020-06-10 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-10-13 10:27 - 2020-06-10 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2022-10-13 10:27 - 2020-06-10 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2022-10-13 10:27 - 2020-06-09 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup 6
2022-10-13 10:27 - 2020-06-09 20:58 - 000000000 ____D C:\Program Files\UNP
2022-10-13 10:27 - 2020-06-09 20:42 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-13 10:27 - 2020-06-09 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
2022-10-13 10:27 - 2020-06-09 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2022-10-13 10:27 - 2020-06-09 18:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2022-10-13 10:27 - 2020-03-26 16:20 - 000000000 ____D C:\Program Files\Intel
2022-10-13 10:27 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-10-13 10:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-10-13 10:23 - 2022-05-07 06:25 - 000076800 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2022-10-13 10:23 - 2022-05-07 06:24 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll
2022-10-13 10:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\OCR
2022-10-13 10:19 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2022-10-13 10:19 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\MUI
2022-10-13 10:18 - 2022-05-07 11:39 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-10-13 10:18 - 2022-05-07 11:39 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\winrm
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\slmgr
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\dsc
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows Defender
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-10-13 10:18 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\servicing
2022-10-13 09:42 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows NT
2022-10-13 09:32 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-10-13 09:32 - 2022-02-13 16:52 - 000000000 ____D C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-10-13 09:32 - 2020-06-13 21:08 - 000000000 ____D C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 15 Plus
2022-10-13 09:29 - 2022-09-30 20:58 - 000000000 ____D C:\WINDOWS\system32\dolbyaposvc
2022-10-12 19:36 - 2020-06-09 20:42 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-10-11 10:03 - 2022-03-04 22:15 - 000000000 ____D C:\Users\Becca\AppData\Roaming\com.adobe.dunamis
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2021-05-03 06:36 - 2021-05-03 06:36 - 000000000 _____ () C:\Users\Cornelius\AppData\Local\oobelibMkey.log
2022-04-01 20:21 - 2022-04-01 20:22 - 000000128 _____ () C:\Users\Cornelius\AppData\Local\PUTTY.RND
2022-11-02 20:09 - 2022-11-02 20:09 - 000000218 _____ () C:\Users\Cornelius\AppData\Local\recently-used.xbel
==================== FLock ==============================
2022-04-01 20:38 C:\Users\Becca\AppData\Roaming\FileZilla
2022-04-01 20:37 C:\Users\Becca\AppData\Local\FileZilla
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 06-11-2022
durchgeführt von Cornelius (08-11-2022 14:40:22)
Gestartet von C:\Users\Cornelius\Desktop
Microsoft Windows 11 Home Version 22H2 22621.674 (X64) (2022-10-13 08:42:41)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-1070191195-3368900776-1784378574-500 - Administrator - Disabled)
Becca (S-1-5-21-1070191195-3368900776-1784378574-1003 - Administrator - Enabled) => C:\Users\Becca
Cornelius (S-1-5-21-1070191195-3368900776-1784378574-1002 - Administrator - Enabled) => C:\Users\Cornelius
DefaultAccount (S-1-5-21-1070191195-3368900776-1784378574-503 - Limited - Disabled)
Gast (S-1-5-21-1070191195-3368900776-1784378574-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1070191195-3368900776-1784378574-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {8A154ED8-4428-DB2D-0E3F-BD82C448FD94}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Security (Enabled - Up to date) {76C0BF9F-9FD3-D249-DE2F-7A33A59B9258}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 19.00 (x64) (HKLM\...\7-Zip) (Version: 19.00 - Igor Pavlov)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 22.003.20263 - Adobe)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.9.0.372 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.0.0.11 - Adobe Inc.)
Adobe Illustrator 2023 (HKLM-x32\...\ILST_27_0) (Version: 27.0 - Adobe Inc.)
Adobe InDesign 2021 (HKLM-x32\...\IDSN_16_4_3) (Version: 16.4.3 - Adobe Inc.)
Adobe InDesign 2022 (HKLM-x32\...\IDSN_17_4) (Version: 17.4 - Adobe Inc.)
Adobe InDesign 2023 (HKLM-x32\...\IDSN_18_0) (Version: 18.0 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_12_0_1) (Version: 12.0.1 - Adobe Inc.)
Adobe Media Encoder 2023 (HKLM-x32\...\AME_23_0) (Version: 23.0 - Adobe Inc.)
Adobe Photoshop 2022 (HKLM-x32\...\PHSP_23_5_2) (Version: 23.5.2.751 - Adobe Inc.)
Adobe Photoshop 2023 (HKLM-x32\...\PHSP_24_0) (Version: 24.0.0.59 - Adobe Inc.)
Adobe Premiere Pro 2023 (HKLM-x32\...\PPRO_23_0) (Version: 23.0 - Adobe Inc.)
Adobe Premiere Rush (HKLM-x32\...\RUSH_2_5) (Version: 2.5 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.13 - Arduino LLC)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.41.1.25731 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.77.4 - Avira Operations GmbH) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH & Co. KG;)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.20.0.11426 - Avira Operations GmbH & Co. KG) Hidden
CEWE Fotowelt (HKLM\...\CEWE Fotowelt) (Version: 7.2.1 - CEWE Stiftung u Co. KGaA)
digiCamControl (HKLM-x32\...\{19D12628-7654-4354-A305-9AB0B33A1677}) (Version: 2.1.2.0 - Duka Istvan)
digiCamControl (HKLM-x32\...\{2dd048a1-b9fb-4e4f-a8f3-1eceafce538c}) (Version: 2.1.2.0 - ) Hidden
Endpoint Protection SDK (HKLM\...\{68E1CCB4-4965-4713-BDEB-77F6D6C9BF9D}_is1) (Version: 1.0.2209.3324 - Avira Operations GmbH & Co. KG) Hidden
Exact Audio Copy 1.5 (HKLM-x32\...\Exact Audio Copy) (Version: 1.5 - Andre Wiethoff)
FileZilla Client 3.58.0 (HKLM-x32\...\FileZilla Client) (Version: 3.58.0 - Tim Kosse)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.1.1.37576 - Foxit Software Inc.)
GIMP 2.10.22 (HKLM\...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team)
GnuCash 4.9 (HKLM-x32\...\GnuCash_is1) (Version: 4.9 - GnuCash Development Team)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
HP Officejet Pro 8610 - Grundlegende Software für das Gerät (HKLM\...\{901960C4-A157-4D06-A538-9D5319F72182}) (Version: 32.4.116.94128 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Hilfe (HKLM-x32\...\{2466D8D5-4856-4492-BDEF-48A640F58866}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Chipset Device Software (HKLM\...\{351A0D24-F6F1-4105-AA50-5D2CCC71E0DD}) (Version: 10.1.18019.8144 - Intel Corporation) Hidden
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
IrfanView 4.54 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.54 - Irfan Skiljan)
Kodi (HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\Kodi) (Version: 19.1.0.0 - XBMC Foundation)
Lenovo Pen Settings Service (HKLM\...\ISD Tablet Driver) (Version: 7.6.1.41 - Wacom Technology Corp.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.14.0 - Lenovo Group Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.35 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.35 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.5493.1000 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\Teams) (Version: 1.4.00.32771 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{7C0242A3-8B66-35D1-9FE0-13B426ACB609}) (Version: 10.0.60729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.60724 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4 (HKLM-x32\...\{C5564379-582D-457A-9E68-A9E7C1F1C4EC}_is1) (Version: 1.4 - Sam Rodberg)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 99.0.1 (x64 de)) (Version: 99.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 99.0.1 - Mozilla)
Mozilla Thunderbird (x86 de) (HKLM-x32\...\Mozilla Thunderbird 102.4.1 (x86 de)) (Version: 102.4.1 - Mozilla)
Mp3tag v3.01 (HKLM-x32\...\Mp3tag) (Version: 3.01 - Florian Heidenreich)
Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-1000-0000000FF1CE}) (Version: 15.0.5493.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-1000-0000000FF1CE}) (Version: 15.0.5493.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0407-1000-0000000FF1CE}) (Version: 15.0.5493.1000 - Microsoft Corporation) Hidden
PDF24 Creator 9.2.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 9.2.0 - PDF24.org)
PDF-XChange Editor (HKLM\...\{3BF936CE-B4E6-4BFF-B9BD-51052D19C419}) (Version: 9.2.359.0 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (HKLM-x32\...\{21177007-de9c-4f5b-84c9-151f690f72a0}) (Version: 9.2.359.0 - Tracker Software Products (Canada) Ltd.)
Personal Backup 6.1.11.0 (64-bit) (HKLM\...\Personal Backup 6_is1) (Version: 6.1.11.0 - Dr. J. Rathlev)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
Skype Version 8.75 (HKLM-x32\...\Skype_is1) (Version: 8.75 - Skype Technologies S.A.)
tiptoi® Manager 4.3 (HKLM\...\{833392BB-E8C0-4066-9408-3A30FA43972F}_is1) (Version: 4.3 - Ravensburger AG)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
UFRaw 0.19.2 (HKLM-x32\...\UFRaw_is1) (Version: - Udi Fuchs)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WISO Steuer-Sparbuch 2021 (HKLM-x32\...\{AF1FE075-A0FE-4085-B96E-C48D8EE07D44}) (Version: 28.00.1410 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2022 (HKLM-x32\...\{A5BFDB2E-2988-488A-BE2C-E2AFDFF88169}) (Version: 29.03.2730 - Buhl Data Service GmbH)
Zoom (HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\ZoomUMX) (Version: 5.9.3 (3169) - Zoom Video Communications, Inc.)
Packages:
=========
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.1.0_neutral__yxz26nhyzhsrt [2022-10-15] (Microsoft Corp.)
Dolby Atmos Speaker System -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosSpeakerSystem_3.20402.409.0_x64__rz1tebttyb220 [2020-03-26] (Dolby Laboratories)
Dolby Vision -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionHDR_2.1.5965.0_x64__rz1tebttyb220 [2022-08-05] (Dolby Laboratories)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_140.1.307.0_x64__v10z8vjag6ke6 [2022-11-06] (HP Inc.)
Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-04-27] (INTEL CORP) [Startup Task]
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.3.20.0_x64__5grkq8ppsgwt4 [2022-10-14] (LENOVO INC) [Startup Task]
Lenovo Pen Settings -> C:\Program Files\WindowsApps\WacomTechnologyCorp.157535B83C264_7.7.61.0_neutral__ss941bf8mfs8a [2022-10-15] (Wacom Technology Corp.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2209.2.0_x64__k1h2ywk1493x8 [2022-10-15] (LENOVO INC.)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.1.28.0_x64__8wekyb3d8bbwe [2022-10-15] (Microsoft Corp.)
MPEG-2-Videoerweiterung -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-03] (Microsoft Corporation)
ms-resource:APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.9.0_x64__8wekyb3d8bbwe [2022-10-15] (Microsoft Corp.)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.32061.0_x64__8wekyb3d8bbwe [2022-10-15] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2022-10-15] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.11.217.0_x64__dt26b99r8h8gj [2020-06-21] (Realtek Semiconductor Corp)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2022-10-18] (Microsoft Windows)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Cornelius\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Cornelius\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Cornelius\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1003_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-48C235FE7774} -> [Creative Cloud Files] => C:\Users\Becca\Creative Cloud Files [2021-03-25 15:00]
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1003_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Becca\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21264.3\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1003_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Becca\AppData\Local\Microsoft\OneDrive\19.002.0107.0005\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1003_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1003_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Becca\AppData\Local\Microsoft\OneDrive\19.002.0107.0005\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1003_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Becca\AppData\Local\Microsoft\OneDrive\19.002.0107.0005\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1003_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> )
ContextMenuHandlers1: [PDFXChange Editor Context menu] -> {2ACD35AB-F74A-4C20-AA9B-2DE80081626D} => C:\Program Files\Tracker Software\Shell Extensions\XCShellMenu.x64.dll [2021-11-23] (TRACKER SOFTWARE PRODUCTS (CANADA) LIMITED -> Tracker Software Products (Canada) Ltd.)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2022-08-30] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2022-10-27] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2022-10-27] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2022-08-30] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2022-08-30] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2019-02-21] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> )
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2020-07-05 20:50 - 2019-02-21 17:00 - 000078336 _____ (Igor Pavlov) [Datei ist nicht signiert] C:\Program Files\7-Zip\7-zip.dll
2022-04-25 12:02 - 2022-04-25 12:02 - 042859520 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\IGCC.dll
2022-11-05 13:51 - 2022-11-05 13:51 - 003091456 _____ (Newtonsoft) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\ac58f792366fdaa39d9ace26f0583f53\Newtonsoft.Json.ni.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKU\S-1-5-21-1070191195-3368900776-1784378574-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002 -> DefaultScope {78C81D5A-6DC8-4757-A9E5-4BD91DAB1ECF} URL =
SearchScopes: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002 -> {78C81D5A-6DC8-4757-A9E5-4BD91DAB1ECF} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-06-09 21:16 - 2020-06-09 21:16 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1070191195-3368900776-1784378574-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Becca\Desktop\Rezepte\Blog\Rezepte\Crepes\DSC_0125neu1.JPG
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\StartupApproved\StartupFolder: => "HiDrive.lnk"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{BBA0011E-1AA3-4C6D-8292-9C719847F119}] => (Allow) C:\Users\Becca\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{3AEA1BB6-6038-4155-AA6C-63FD845642BC}C:\users\becca\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\becca\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7CD7D34C-DBCD-4BA0-86D2-9B6E59CED39B}C:\users\becca\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\becca\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{2A2B6193-AECF-4B9D-96D5-C182C8547D98}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{2B75DDE5-BE41-411D-8BED-E31DD8CB83AE}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{D3463351-8DFB-459F-A858-041DFC78D351}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{186F20E1-4B7E-4FED-BDF1-025F51772525}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9EC56E67-D076-4822-A19E-76E7C3CC6A33}] => (Allow) C:\Program Files (x86)\Mp3tag\Mp3tag.exe (Florian Heidenreich -> Florian Heidenreich)
FirewallRules: [{ECAF7C7E-6C6C-49EF-AC04-218C5DCDBD33}] => (Allow) C:\Program Files (x86)\Mp3tag\Mp3tag.exe (Florian Heidenreich -> Florian Heidenreich)
FirewallRules: [{41D00A09-741B-4CBB-97BD-295B84DDC32C}] => (Allow) C:\Program Files (x86)\Mp3tag\Mp3tag.exe (Florian Heidenreich -> Florian Heidenreich)
FirewallRules: [{D251A1FD-7250-4C36-B21A-7F3CC6B95B87}] => (Allow) C:\Program Files (x86)\Mp3tag\Mp3tag.exe (Florian Heidenreich -> Florian Heidenreich)
FirewallRules: [{25D3AC15-51AF-4B99-9974-053BAE853BD8}] => (Allow) C:\Program Files\tiptoi® Manager\tiptoi® Manager.exe (Ravensburger AG -> )
FirewallRules: [{14701DD4-7203-4413-8CC4-83586700D71D}] => (Allow) C:\Program Files\tiptoi® Manager\tiptoi® Manager.exe (Ravensburger AG -> )
FirewallRules: [{8E25D2CE-CC31-48FD-AF0E-30F72FA187FD}] => (Allow) C:\Program Files\tiptoi® Manager\tiptoi® Manager.exe (Ravensburger AG -> )
FirewallRules: [{FB86FF1C-E6C2-4F5F-93C3-3F1E9F0D284F}] => (Allow) C:\Program Files\tiptoi® Manager\tiptoi® Manager.exe (Ravensburger AG -> )
FirewallRules: [{5B8B5729-634F-455D-89AE-DFF801FF872E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0F1327D9-ACAD-464D-A19D-B2D924D1CBE0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{96ECBA74-B900-4380-8142-B8C9AA7FD8C1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B146688A-C425-4A4A-A12C-93951B61A15A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{45EDF6FD-0BA9-4759-8BC8-6C15A6230325}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{139A3C18-E76A-425F-A0F6-948C34D0E33F}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{66BD6054-7371-41B9-ADF5-1DB69ECD0485}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [Datei ist nicht signiert]
FirewallRules: [{0DC29716-8A7F-401A-9F53-01DD3B5A0B6B}] => (Allow) C:\Users\Becca\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E76FC87C-3D27-4FCD-B1DD-73826839057B}] => (Allow) C:\Users\Becca\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6059E92D-EB2B-4518-AD9B-D2D6F550BECD}] => (Allow) C:\Users\Becca\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{38BDE18C-C535-48C0-A69A-929C2DD47707}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D7C0C0C2-8638-4B5B-B87A-550EDCA2B01A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CAE2A7CD-6DC4-42FB-861A-2769031D291D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{98564E46-23A1-46D9-9C78-F09C0FB2740A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{B67B11F2-051D-48F2-81EF-20D2231A7A85}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{BC675D63-E07A-4D18-BD31-8B0EA97F15EC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{8096D4E3-D908-47F5-B4F1-AE5E7B666A2F}] => (Allow) LPort=5357
FirewallRules: [{401CD75C-E84D-4D2D-86DD-146893615A2C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{B907840C-99C9-4C08-81FC-C1DC1DE8FD1A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{26076964-3270-4A66-ADCB-8EE77CDB3BD9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EDE8F249-3DAD-49D7-A422-94B5729B5759}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1F277A1E-287D-43BE-A559-734C27D2357F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CEFE7715-0808-4919-85E6-BFF8670756AC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22273.905.1632.1008_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{57729BFD-6239-4B51-A8D6-11AE8EFEBB05}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22273.905.1632.1008_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F5F1674D-4E09-4833-934C-672B78E0A1AD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.26\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2A06E4BC-7450-46B4-B47E-D3C7F8CFAF85}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.35\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
26-10-2022 17:49:19 Windows Modules Installer
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (11/08/2022 02:16:32 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-2BR8MEO)
Description: Name der fehlerhaften Anwendung: IGCCTray.exe, Version: 1.100.3408.0, Zeitstempel: 0x62341a86
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.22621.608, Zeitstempel: 0x4769d08d
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000008fb0c
ID des fehlerhaften Prozesses: 0x0x42bc
Startzeit der fehlerhaften Anwendung: 0x0x1d8f37451a57e09
Pfad der fehlerhaften Anwendung: C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: d15065f8-84b1-4143-bed7-18cdb54753a8
Vollständiger Name des fehlerhaften Pakets: AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (11/08/2022 02:16:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IGCCTray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.UnauthorizedAccessException
bei System.IO.__Error.WinIOError(Int32, System.String)
bei System.IO.Pipes.NamedPipeServerStream.Create(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeAccessRights, SECURITY_ATTRIBUTES)
bei System.IO.Pipes.NamedPipeServerStream..ctor(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeSecurity, System.IO.HandleInheritability, System.IO.Pipes.PipeAccessRights)
bei System.IO.Pipes.NamedPipeServerStream..ctor(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeSecurity)
bei GCP.ML.BackgroundSysTray.SingleInstanceApp.NamedPipeServerCreateServer()
bei GCP.ML.BackgroundSysTray.SingleInstanceApp.Initialize()
bei GCP.ML.BackgroundSysTray.Program.Main()
Error: (11/07/2022 10:29:46 AM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Name der fehlerhaften Anwendung: SecurityHealthService.exe, Version: 10.0.22621.608, Zeitstempel: 0x45a7fb3f
Name des fehlerhaften Moduls: ucrtbase.dll, Version: 10.0.22621.608, Zeitstempel: 0xf5fc15a3
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000007f61e
ID des fehlerhaften Prozesses: 0x0x11d4
Startzeit der fehlerhaften Anwendung: 0x0x1d8f20fceaec9e7
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\SecurityHealthService.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ucrtbase.dll
Berichtskennung: 6609d64d-fc8f-4f3a-bfe4-5778d7d10049
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/06/2022 07:43:29 PM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Name der fehlerhaften Anwendung: SecurityHealthService.exe, Version: 10.0.22621.608, Zeitstempel: 0x45a7fb3f
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.22621.608, Zeitstempel: 0xf2e8a5ab
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000000000010c1c9
ID des fehlerhaften Prozesses: 0x0x1a98
Startzeit der fehlerhaften Anwendung: 0x0x1d8f1d0e4916429
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\SecurityHealthService.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 61430bb4-5ffd-4415-8456-254390b96a1c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/06/2022 07:42:36 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).
Error: (11/06/2022 02:00:01 PM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Das Programm outlook.exe Version 15.0.5479.1000 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.
Error: (11/06/2022 01:44:26 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-2BR8MEO)
Description: Name der fehlerhaften Anwendung: IGCCTray.exe, Version: 1.100.3408.0, Zeitstempel: 0x62341a86
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.22621.608, Zeitstempel: 0x4769d08d
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000008fb0c
ID des fehlerhaften Prozesses: 0x0x3990
Startzeit der fehlerhaften Anwendung: 0x0x1d8f1dd80e49d89
Pfad der fehlerhaften Anwendung: C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 1fa37181-9d64-4e36-8e79-85f63746a54a
Vollständiger Name des fehlerhaften Pakets: AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (11/06/2022 01:44:26 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IGCCTray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.UnauthorizedAccessException
bei System.IO.__Error.WinIOError(Int32, System.String)
bei System.IO.Pipes.NamedPipeServerStream.Create(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeAccessRights, SECURITY_ATTRIBUTES)
bei System.IO.Pipes.NamedPipeServerStream..ctor(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeSecurity, System.IO.HandleInheritability, System.IO.Pipes.PipeAccessRights)
bei System.IO.Pipes.NamedPipeServerStream..ctor(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeSecurity)
bei GCP.ML.BackgroundSysTray.SingleInstanceApp.NamedPipeServerCreateServer()
bei GCP.ML.BackgroundSysTray.SingleInstanceApp.Initialize()
bei GCP.ML.BackgroundSysTray.Program.Main()
Systemfehler:
=============
Error: (11/08/2022 02:13:42 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Für den Miniport "Microsoft Wi-Fi Direct Virtual Adapter #2, {ba2eca9e-9b18-4177-b9ce-50be4f2c33eb}" ist das Ereignis "74" aufgetreten.
Error: (11/07/2022 09:25:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2BR8MEO)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/07/2022 09:25:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2BR8MEO)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/07/2022 09:25:20 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2BR8MEO)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/07/2022 09:25:19 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2BR8MEO)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/07/2022 09:25:19 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-2BR8MEO)
Description: Der Server "{94E2D96B-B937-4AED-99CC-199D15CD6CE6}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (11/07/2022 08:41:03 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: )
Description: Für den Miniport "Microsoft Wi-Fi Direct Virtual Adapter #2, {ba2eca9e-9b18-4177-b9ce-50be4f2c33eb}" ist das Ereignis "74" aufgetreten.
Error: (11/07/2022 08:05:56 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070490 fehlgeschlagen: 9P1J8S7CCWWT-Clipchamp.Clipchamp
CodeIntegrity:
===============
Date: 2022-11-08 14:20:10
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Avira\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
BIOS: LENOVO BNCN44WW 01/27/2022
Hauptplatine: LENOVO LNVNB161216
Prozessor: Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 50%
Installierter physikalischer RAM: 16180.49 MB
Verfügbarer physikalischer RAM: 7939.46 MB
Summe virtueller Speicher: 17204.49 MB
Verfügbarer virtueller Speicher: 7064.77 MB
==================== Laufwerke ================================
Drive c: (Windows-SSD) (Fixed) (Total:952.62 GB) (Free:337.61 GB) (Model: SAMSUNG MZVLB1T0HBLR-000L2) (Protected) NTFS
\\?\Volume{1bc0db13-7e18-4ae6-b763-ac1125df1471}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.16 GB) NTFS
\\?\Volume{df614430-b0e7-4381-8cd3-8402093814e3}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 1E7D9B4E)
Partition: GPT.
==================== Ende von Addition.txt =======================
|
|
08.11.2022, 21:11
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avira hat CRaccoon in Quarantäne geschoben DownloadquellenLade keine Software von Chip.de, Softonic.de, sourceforge.net, openoffice.de, VLC.de, audacity.de, gimp24.de oder updatestar.com. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software (Potentially unwanted programs, kurz PUP) oder Adware installiert. Auf manchen Seiten wird direkt PUP / Adware zum Download angeboten. Für Windows gibt es seit einiger Zeit einen brauchbaren Paketmanager, der mit einfachen Befehlen es erlaubt, automatisiert Software herunterzuladen und zu installieren. Das erspart eine Menge Arbeit, denn ohne einen Paketmanager muss man jedes Programm selbst prüfen und separat manuell updaten, vorher manuell noch runterladen etc. pp. - siehe auch --> chocolatey Paketmanager für Windows Wir empfehlen dringend, alle Programme, sofern verfügbar, über chocolatey zu installieren. Falls du schon mit Linux zu tun hattest, wird dir die Syntax sehr vertraut sein. Die FAQs zu choco findest du da --> Chocolatey: Häufig gestellte Fragen (englisch) Selbstverständlich darfst du auch Fragen zu chocolatey im o.g. Thread zu chocolatey stellen. Für den seltenen Fall, dass du das benötigte Programm nicht im repository von chocolatey findest: Lade diese Software immer direkt beim jeweiligen Hersteller / Entwickler. Zitat:
__________________ |
|
08.11.2022, 21:29
| #3 | |
| | Avira hat CRaccoon in Quarantäne geschobenZitat:
 Vielen Dank für die Infos bez. Softwarebezug. Habe ich nun gelernt. |
|
08.11.2022, 21:38
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira hat CRaccoon in Quarantäne geschoben Störende, veraltete oder unnötige Programme deinstallieren Bitte über Programme und Features (appwiz.cpl) deinstallieren:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.11.2022, 21:51
| #5 |
| | Avira hat CRaccoon in Quarantäne geschoben ok, erledigt Geändert von cosinus (08.11.2022 um 21:56 Uhr) Grund: FQ entfernt |
|
08.11.2022, 21:55
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira hat CRaccoon in Quarantäne geschoben adwCleaner Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags. adwcleaner zwecks Kontrolle bitte wiederholen, falls es Funde gab.
__________________ --> Avira hat CRaccoon in Quarantäne geschoben |
|
08.11.2022, 22:02
| #7 |
| | Avira hat CRaccoon in Quarantäne geschoben hier das Log-File vom Durchlauf mit AdwCleaner Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-08-2022
# Duration: 00:00:02
# OS: Windows 11 (Build 22621.674)
# Cleaned: 11
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted C:\Users\Becca\AppData\Roaming\GIMP Updater
Deleted C:\Users\Becca\AppData\Roaming\IObit\Advanced SystemCare
***** [ Files ] *****
Deleted C:\Users\Becca\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Qweb Symbol.lnk
Deleted C:\Users\Becca\AppData\Roaming\Mozilla\Firefox\Profiles\ylbkdc8c.default-release-1592598886407\searchplugins\My Firefox Search.xml
Deleted C:\Users\Becca\Desktop\..\Downloads\IRFANVIEW 32 BIT - CHIP-INSTALLER.EXE
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\Software\Wow6432Node\Lavasoft\Web Companion
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
Deleted My Firefox Search
Deleted My Firefox Search
Deleted https://myfiresearch.com/homepage?hp=1&bitmask=9996&pId=CH180901FF&iDate=2021-03-05 10:22:02&bName=
Deleted https://myfiresearch.com/homepage?hp=1&bitmask=9996&pId=CH180901FF&iDate=2021-03-05 10:22:02&bName=
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [3180 octets] - [08/11/2022 21:58:34]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
|
|
08.11.2022, 22:39
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira hat CRaccoon in Quarantäne geschoben Was sollst du tun, wenn es Funde gab?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.11.2022, 22:47
| #9 |
| | Avira hat CRaccoon in Quarantäne geschobenCode:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 11-08-2022
# Duration: 00:00:03
# OS: Windows 11 (Build 22621.674)
# Cleaned: 8
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.HPSupportAssistant Folder C:\Users\Becca\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Users\Becca\AppData\Local\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Users\Cornelius\AppData\Local\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [3180 octets] - [08/11/2022 21:58:34]
AdwCleaner[C00].txt - [2393 octets] - [08/11/2022 21:59:55]
AdwCleaner[S01].txt - [2312 octets] - [08/11/2022 22:00:53]
AdwCleaner[S02].txt - [2373 octets] - [08/11/2022 22:45:49]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
|
|
08.11.2022, 22:48
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira hat CRaccoon in Quarantäne geschoben Genau das. Nun bitte neue FRST-Logs.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.11.2022, 22:57
| #11 |
| | Avira hat CRaccoon in Quarantäne geschobenCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 06-11-2022
durchgeführt von Cornelius (Administrator) auf DESKTOP-2BR8MEO (LENOVO 81TD) (08-11-2022 22:49:23)
Gestartet von C:\Users\Cornelius\Desktop
Geladene Profile: Cornelius
Plattform: Microsoft Windows 11 Home Version 22H2 22621.674 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <10>
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1e59f5ec7049260a\aesm_service.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\NisSrv.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1084720 2020-05-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3476184 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1068512 2022-09-30] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3486368 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [7222736 2022-10-16] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\Run: [] => [X]
HKLM\...\Print\Monitors\HP 7112 Status Monitor: C:\WINDOWS\system32\hpinksts7112LM.dll [328704 2013-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8610): C:\WINDOWS\system32\HPDiscoPM7112.dll [763040 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2022-04-20]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HiDrive.lnk [2022-10-17]
ShortcutTarget: HiDrive.lnk -> C:\Program Files (x86)\STRATO\HiDrive\HiDrive.App.exe (Keine Datei)
Startup: C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8610.lnk [2022-08-20]
ShortcutAndArgument: Tintenwarnungen überwachen - HP Officejet Pro 8610.lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Officejet Pro 8610\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN48UD30KP;CONNECTION=USB;MONITOR=1;
Startup: C:\Users\Cornelius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2022-07-18]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Cornelius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HiDrive.lnk [2022-10-17]
ShortcutTarget: HiDrive.lnk -> C:\Program Files (x86)\STRATO\HiDrive\HiDrive.App.exe (Keine Datei)
GroupPolicy: Beschränkung ? <==== ACHTUNG
GroupPolicy-Firefox: Beschränkung <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {06FEF118-1E47-4CD0-8CA1-3F23A5249FEF} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1070191195-3368900776-1784378574-500 => C:\Users\Cornelius\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Keine Datei)
Task: {08BD09F4-BBD5-4759-9418-2A6680D41823} - System32\Tasks\Microsoft\Windows\PI\SecureBootEncodeUEFI => C:\WINDOWS\system32\SecureBootEncodeUEFI.exe [49152 2022-05-07] (Microsoft Windows -> )
Task: {0FF06527-B88F-4DAB-B47B-9B133514DA4F} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {13C9E564-6517-4464-B5FC-8545585509A3} - \Lenovo\ImController\TimeBasedEvents\55258dae-8955-4786-8825-2e6124dd7302 -> Keine Datei <==== ACHTUNG
Task: {1E9063C8-0F63-4EF3-AB9C-CEA671398153} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {27CD9C0A-C561-4318-846F-B4BCB33133DC} - \Lenovo\ImController\TimeBasedEvents\d3a2e3d5-781d-4947-b335-259031115fa7 -> Keine Datei <==== ACHTUNG
"C:\Windows\System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask" konnte nicht entsperrt werden. <==== ACHTUNG
Task: {27CE9D59-9D48-4D29-99BC-64657AEBA494} - System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask
Task: {28AF4916-D487-4792-8DE6-1F3F006A67E0} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {2955D32F-A087-4F16-819D-5633BF8F0836} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MpCmdRun.exe [1567360 2022-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {441AB107-44CD-4829-8AF0-FD82DAB69884} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {4748CC6A-110C-46D1-AEE0-4FBEBD4C1CBF} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC ReadyToReboot (Keine Datei)
Task: {56BD730D-2157-4A6D-89AB-C77E8B786FB7} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {62F05AE4-89C1-468A-9E51-B10DF1E67A3F} - \Lenovo\ImController\TimeBasedEvents\d2e4d5e1-df21-4188-b23e-cfe97a042b67 -> Keine Datei <==== ACHTUNG
Task: {66977CF0-1E6C-4497-B6E2-B21CC2C45AD9} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {73B6D149-F5D8-46A4-B1D3-F2D453BA9D8F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [375232 2022-07-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {81D7C8DB-BF46-4C9A-912C-ED2819B52D0F} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {89C246FB-92DF-462B-976C-917EE0736E3E} - System32\Tasks\AviraSystemSpeedupRemoval => %comspec% [Argument = /C rmdir "C:\Program Files (x86)\Avira\System Speedup" /S /Q & schtasks /Delete /F /TN AviraSystemSpeedupRemoval]
Task: {8BD661D3-91BD-4626-AFAF-B364710A49D1} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {8F55F0DB-EFD8-4F30-96BA-3FF286835A47} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery ReadyToReboot (Keine Datei)
Task: {96631209-1C40-4CCB-85AD-AA83AB26C08C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {97C8EF02-DB16-4300-8796-5D0F027BB61A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MpCmdRun.exe [1567360 2022-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A1619365-7B6D-4077-9ADB-0BC539DDD853} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [89408 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
Task: {B95A7A6A-4B60-4247-A1CF-79175E52E4AE} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe (Keine Datei)
Task: {BA732E5A-97AD-4446-801B-3DDDF9FE9BEB} - \Lenovo\ImController\Lenovo iM Controller Monitor -> Keine Datei <==== ACHTUNG
Task: {BAB3BB18-1860-4211-8184-497596CF1B2D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [375232 2022-07-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB8118F4-75EB-4371-A2E7-715290F2DFEB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {BD117D0E-16B6-45C5-8118-2E858909DE10} - \Lenovo\ImController\TimeBasedEvents\576b479d-6c88-41d5-9eed-8cc66d8da42d -> Keine Datei <==== ACHTUNG
Task: {BDD773D1-E95B-4E84-838B-5CF8FE83C8CD} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {C012B180-4A05-4E1C-B01C-7F2C72548D82} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [184656 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
Task: {C088E47B-A94D-4971-8C3B-9245F2A942E9} - System32\Tasks\Opera scheduled Autoupdate 1614982957 => C:\Users\Becca\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Keine Datei)
Task: {C48A4498-DF8A-4FB0-9A96-9A412B455C53} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Keine Datei)
Task: {CD8BC9BA-1EDC-4D33-8C04-054B2FF87364} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MpCmdRun.exe [1567360 2022-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D5B20400-63A2-4E55-AE5C-6FF62FE45391} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {D7EEC4B4-E36F-4A82-AF26-0E3831094AC9} - \Opera scheduled assistant Autoupdate 1614982961 -> Keine Datei <==== ACHTUNG
Task: {DC6E6278-6153-4682-B894-B9603E6882FB} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3476184 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (Keine Datei)
Task: {E1A03A74-3CAB-4DC3-AF58-01B3FE550851} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> Keine Datei <==== ACHTUNG
Task: {E3B106A0-9CA7-48A3-A10D-601E044D7CC7} - \Lenovo\ImController\TimeBasedEvents\061779b1-85d0-48c2-8845-214a91995bd5 -> Keine Datei <==== ACHTUNG
Task: {E786E414-3A44-465F-A4D6-BA6F2CF5B378} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MpCmdRun.exe [1567360 2022-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FBA6B093-B79F-4644-B88E-52C91BFCDCFC} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4b730a19-1edc-495e-8cbb-54399f6a4154}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ae31ffd9-227d-433d-9dd0-5dd18f6b90ee}: [DhcpNameServer] 150.206.1.3
Edge:
=======
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge Profile: C:\Users\Cornelius\AppData\Local\Microsoft\Edge\User Data\Default [2022-04-01]
FireFox:
========
FF DefaultProfile: pm20j0fn.default
FF ProfilePath: C:\Users\Cornelius\AppData\Roaming\Mozilla\Firefox\Profiles\pm20j0fn.default [2021-05-03]
FF Homepage: Mozilla\Firefox\Profiles\pm20j0fn.default -> hxxp://www.mozilla.org
FF ProfilePath: C:\Users\Cornelius\AppData\Roaming\Mozilla\Firefox\Profiles\9w0qkrwx.default-release [2022-11-08]
FF Session Restore: Mozilla\Firefox\Profiles\9w0qkrwx.default-release -> ist aktiviert.
FF Extension: (Startpage.com — Datenschutz-Suchmaschine) - C:\Users\Cornelius\AppData\Roaming\Mozilla\Firefox\Profiles\9w0qkrwx.default-release\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2020-06-10]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2022-05-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2022-09-30] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2022-09-30] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [923616 2022-09-30] (Adobe Inc. -> Adobe Inc.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3863256 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3701464 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3054520 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
S3 dcsvc; C:\WINDOWS\system32\dcsvc.dll [802816 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1646536 2019-06-16] (Dolby Laboratories, Inc. -> )
S2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [360320 2019-09-05] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [228848 2022-11-01] (HP Inc. -> HP Inc.)
S3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2022-10-17] (Microsoft Windows -> Microsoft Corporation)
S2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe [31072 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
S2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1643688 2019-05-06] (Lenovo -> Lenovo(beijing) Limited)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2022-10-17] (Microsoft Windows -> Microsoft Corporation)
R2 UDCService; C:\WINDOWS\System32\drivers\Lenovo\udc\Service\UDClientService.exe [71504 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\NisSrv.exe [3191224 2022-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MsMpEng.exe [133560 2022-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137544 2022-10-17] (Microsoft Windows -> Microsoft Corporation)
S2 YMC; C:\WINDOWS\System32\YMC.exe [856960 2019-05-26] (Lenovo -> Lenovo Group Ltd.)
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2022-10-17] (Microsoft Windows -> Microsoft Corporation)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [69024 2019-05-29] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com)
S3 GeneStor; C:\WINDOWS\system32\DRIVERS\GeneStor.sys [115704 2015-07-15] (GENESYS LOGIC, INC. -> GenesysLogic)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 MpKsl6fa85e42; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BC3AA64C-4BD1-4CC7-8D89-028B2418069B}\MpKslDrv.sys [214280 2022-11-08] (Microsoft Windows -> Microsoft Corporation)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49584 2022-11-08] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [469248 2022-11-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95528 2022-11-08] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2022-10-17] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-11-08 22:49 - 2022-11-08 22:50 - 000026168 _____ C:\Users\Cornelius\Desktop\FRST.txt
2022-11-08 21:58 - 2022-11-08 21:59 - 000000000 ____D C:\AdwCleaner
2022-11-08 21:57 - 2022-11-08 21:57 - 008791352 _____ (Malwarebytes) C:\Users\Cornelius\Downloads\adwcleaner.exe
2022-11-08 21:54 - 2022-11-08 21:54 - 000761564 _____ C:\WINDOWS\system32\perfh007.dat
2022-11-08 21:54 - 2022-11-08 21:54 - 000157732 _____ C:\WINDOWS\system32\perfc007.dat
2022-11-08 21:43 - 2022-11-08 21:43 - 000003462 _____ C:\WINDOWS\system32\Tasks\AviraSystemSpeedupRemoval
2022-11-08 21:41 - 2016-09-23 12:16 - 000000109 _____ C:\Users\Cornelius\Desktop\Online PDF Tools.url
2022-11-08 14:35 - 2022-11-08 15:38 - 000000000 ____D C:\Users\Cornelius\Desktop\Trojaner
2022-11-08 14:34 - 2022-11-08 22:49 - 000000000 ____D C:\FRST
2022-11-08 14:34 - 2022-11-08 14:34 - 002374656 _____ (Farbar) C:\Users\Cornelius\Desktop\FRST64.exe
2022-11-08 14:14 - 2022-11-08 14:15 - 000000393 _____ C:\Users\Cornelius\Desktop\Textdokument (neu).txt
2022-11-07 18:10 - 2022-11-07 18:10 - 000001148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Rush.lnk
2022-11-07 18:00 - 2022-11-07 18:00 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2023.lnk
2022-11-07 17:57 - 2022-11-07 18:10 - 000000000 ____D C:\Users\Public\Documents\Adobe
2022-11-07 17:57 - 2022-11-07 17:57 - 000001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2023.lnk
2022-11-06 13:44 - 2022-11-07 18:22 - 000000000 ____D C:\Users\Becca\Desktop\Neuer Ordner (6)
2022-11-03 15:44 - 2022-11-03 16:58 - 000000000 ____D C:\Users\Becca\Desktop\Neuer Ordner (5)
2022-11-02 21:51 - 2022-11-06 12:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2022-11-02 20:09 - 2022-11-02 20:09 - 000000218 _____ C:\Users\Cornelius\AppData\Local\recently-used.xbel
2022-10-29 18:50 - 2022-10-29 18:50 - 000001096 _____ C:\Users\Cornelius\Desktop\Adobe Lightroom Classic.lnk
2022-10-29 18:50 - 2022-10-29 18:50 - 000001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic.lnk
2022-10-27 16:56 - 2022-10-27 16:56 - 000000000 ____D C:\ProgramData\Scan2PDF light
2022-10-27 16:55 - 2022-10-27 16:55 - 000000000 ____D C:\Users\Becca\Downloads\LScan2Pdf
2022-10-27 16:54 - 2022-10-27 16:54 - 010217236 _____ C:\Users\Becca\Downloads\LScan2Pdf.zip
2022-10-27 16:46 - 2022-10-27 16:49 - 000000000 ___RD C:\Users\Cornelius\Documents\Scanned Documents
2022-10-27 16:46 - 2022-10-27 16:46 - 000000000 ____D C:\Users\Cornelius\Documents\Fax
2022-10-22 20:11 - 2022-10-22 20:11 - 000001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign 2023.lnk
2022-10-22 19:58 - 2022-10-22 19:58 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2022.lnk
2022-10-22 19:49 - 2022-10-22 19:49 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2023.lnk
2022-10-22 19:44 - 2022-10-22 19:44 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2023.lnk
2022-10-22 15:58 - 2022-10-22 16:36 - 000000000 ____D C:\Users\Becca\Desktop\Neuer Ordner (4)
2022-10-19 09:55 - 2022-10-19 10:07 - 000000000 ____D C:\Users\Becca\Desktop\Neuer Ordner (3)
2022-10-17 20:34 - 2022-10-17 20:34 - 000000000 ___RD C:\Users\Becca\Documents\Microsoft.SecHealthUI_8wekyb3d8bbwe!SecHealthUI
2022-10-17 20:25 - 2022-10-17 20:25 - 000327680 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 002575632 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 002088728 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 000296448 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 000062800 _____ C:\WINDOWS\system32\AppInstallerBackgroundUpdate.exe
2022-10-17 20:24 - 2022-10-17 20:24 - 000055144 _____ C:\WINDOWS\system32\SFAPE.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 000046888 _____ C:\WINDOWS\system32\wow64base.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 000016565 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-17 20:23 - 2022-10-17 20:23 - 000000000 ___HD C:\$WinREAgent
2022-10-14 22:12 - 2022-10-14 22:12 - 000000020 ___SH C:\Users\Cornelius\ntuser.ini
2022-10-13 10:26 - 2022-10-13 10:27 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-10-13 10:24 - 2022-10-13 10:25 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-10-13 10:24 - 2022-10-13 10:24 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-10-13 10:21 - 2022-10-13 10:21 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-10-13 10:21 - 2022-10-13 10:21 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-10-13 10:21 - 2022-10-13 10:21 - 000192512 _____ C:\WINDOWS\system32\CloudExperienceHostRedirection.dll
2022-10-13 10:21 - 2022-10-13 10:21 - 000180224 _____ C:\WINDOWS\system32\stordiag.exe
2022-10-13 10:21 - 2022-10-13 10:21 - 000133120 _____ C:\WINDOWS\SysWOW64\stordiag.exe
2022-10-13 10:21 - 2022-10-13 10:21 - 000098304 _____ C:\WINDOWS\system32\dplcsp.dll
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\WINDOWS\addins
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\Program Files\MSBuild
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-10-13 10:16 - 2022-10-13 10:16 - 000000000 ____D C:\WINDOWS\system32\Intel
2022-10-13 10:16 - 2022-10-13 10:16 - 000000000 ____D C:\WINDOWS\system32\cAVS
2022-10-13 10:15 - 2022-11-08 22:46 - 000000000 ____D C:\WINDOWS\Lenovo
2022-10-13 10:15 - 2022-10-13 10:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2022-10-13 09:44 - 2022-10-13 09:44 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-10-13 09:42 - 2022-11-08 22:46 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2022-10-13 09:42 - 2022-11-08 21:50 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-13 09:42 - 2022-11-01 13:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2022-10-13 09:42 - 2022-10-23 15:34 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-10-13 09:42 - 2022-10-15 20:51 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-10-13 09:42 - 2022-10-15 20:51 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-10-13 09:42 - 2022-10-13 09:42 - 000004030 _____ C:\WINDOWS\system32\Tasks\LenovoUtility Startup
2022-10-13 09:42 - 2022-10-13 09:42 - 000003626 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1614982957
2022-10-13 09:42 - 2022-10-13 09:42 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1070191195-3368900776-1784378574-500
2022-10-13 09:42 - 2022-10-13 09:42 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2022-10-13 09:42 - 2022-10-13 09:42 - 000000020 ___SH C:\Users\Becca\ntuser.ini
2022-10-13 09:42 - 2022-10-13 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-10-13 09:42 - 2022-10-13 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Ivanti
2022-10-13 09:42 - 2022-10-13 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2022-10-13 09:42 - 2022-10-13 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2022-10-13 09:42 - 2022-10-13 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-10-13 09:42 - 2020-03-26 16:07 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2473705718-4163329733-1527017515-500
2022-10-13 09:42 - 2019-10-17 05:12 - 000003388 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3354727278-81800435-1074778100-500
2022-10-13 09:40 - 2022-10-13 09:42 - 000017148 _____ C:\WINDOWS\diagwrn.xml
2022-10-13 09:40 - 2022-10-13 09:42 - 000017148 _____ C:\WINDOWS\diagerr.xml
2022-10-13 09:38 - 2022-11-08 21:54 - 001754660 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-13 09:29 - 2022-11-02 22:16 - 000000000 ____D C:\Users\Becca
2022-10-13 09:29 - 2022-10-14 22:12 - 000000000 ____D C:\Users\Cornelius
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Vorlagen
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Startmenü
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Netzwerkumgebung
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Lokale Einstellungen
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Eigene Dateien
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Druckumgebung
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Documents\Eigene Videos
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Documents\Eigene Musik
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Documents\Eigene Bilder
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\AppData\Local\Verlauf
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\AppData\Local\Anwendungsdaten
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Anwendungsdaten
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Vorlagen
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Startmenü
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Netzwerkumgebung
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Lokale Einstellungen
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Eigene Dateien
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Druckumgebung
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Documents\Eigene Videos
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Documents\Eigene Musik
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Documents\Eigene Bilder
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\AppData\Local\Verlauf
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\AppData\Local\Anwendungsdaten
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Anwendungsdaten
2022-10-13 09:29 - 2022-05-07 06:19 - 000001281 _____ C:\Users\Cornelius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-10-13 09:29 - 2022-05-07 06:19 - 000001281 _____ C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-10-13 09:29 - 2022-05-07 06:19 - 000000407 _____ C:\Users\Cornelius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-10-13 09:29 - 2022-05-07 06:19 - 000000407 _____ C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-10-13 09:28 - 2022-11-08 22:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-13 09:28 - 2022-10-18 19:01 - 000482448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-13 09:28 - 2022-10-13 09:28 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2022-10-12 18:56 - 2022-10-23 15:34 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2022-10-12 18:56 - 2022-10-23 15:34 - 000002072 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2022-10-12 18:49 - 2022-10-14 11:59 - 000000000 ____D C:\Users\Becca\Desktop\Neuer Ordner (2)
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-11-08 22:47 - 2022-04-27 20:25 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-11-08 22:46 - 2022-06-22 17:42 - 000000000 ____D C:\Users\Becca\AppData\Roaming\Hewlett-Packard
2022-11-08 22:46 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-08 22:46 - 2020-06-13 19:12 - 000000000 ____D C:\Users\Becca\AppData\Local\Lenovo
2022-11-08 22:46 - 2020-06-10 19:13 - 000000000 ____D C:\Users\Cornelius\AppData\LocalLow\Mozilla
2022-11-08 22:46 - 2020-06-10 18:48 - 000000000 ____D C:\Users\Cornelius\AppData\Local\Lenovo
2022-11-08 22:46 - 2020-06-09 18:19 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2022-11-08 22:46 - 2020-03-26 16:12 - 000000000 ____D C:\ProgramData\Lenovo
2022-11-08 22:01 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-11-08 22:01 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows Defender
2022-11-08 22:01 - 2019-10-17 05:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-11-08 21:59 - 2020-06-13 21:03 - 000000000 ____D C:\Users\Becca\AppData\Roaming\IObit
2022-11-08 21:54 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2022-11-08 21:50 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2022-11-08 21:50 - 2022-05-07 06:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-11-08 21:50 - 2021-03-14 21:54 - 000012288 ___SH C:\DumpStack.log.tmp
2022-11-08 21:50 - 2020-06-10 18:45 - 000000000 __SHD C:\Users\Cornelius\IntelGraphicsProfiles
2022-11-08 21:50 - 2020-06-09 21:46 - 000000000 ____D C:\Program Files (x86)\Avira
2022-11-08 21:50 - 2020-03-26 16:23 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2022-11-08 21:50 - 2020-03-26 16:22 - 000000000 ___HD C:\Intel
2022-11-08 21:49 - 2021-04-16 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2022-11-08 21:49 - 2020-06-09 21:46 - 000000000 ____D C:\ProgramData\Avira
2022-11-08 21:45 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-11-08 21:43 - 2022-09-30 20:26 - 000000000 ____D C:\Program Files\Avira
2022-11-08 21:43 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-11-08 21:42 - 2020-03-26 16:20 - 000000000 ____D C:\ProgramData\Package Cache
2022-11-08 21:41 - 2021-03-29 19:36 - 000000000 ____D C:\Users\Cornelius\AppData\Local\D3DSCache
2022-11-08 21:40 - 2020-06-13 16:27 - 000000000 ____D C:\Users\Cornelius\AppData\Roaming\IrfanView
2022-11-08 21:40 - 2020-06-10 22:50 - 000000000 ____D C:\Users\Cornelius\AppData\Roaming\Foxit Software
2022-11-08 21:40 - 2020-06-10 22:50 - 000000000 ____D C:\ProgramData\Foxit Software
2022-11-08 20:48 - 2021-03-25 14:56 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-11-08 14:20 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-08 14:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-08 14:16 - 2022-04-02 21:24 - 000000000 ____D C:\Users\Cornelius\AppData\Local\CrashDumps
2022-11-08 14:15 - 2020-06-13 20:30 - 000000000 ____D C:\Users\Becca\AppData\LocalLow\Mozilla
2022-11-08 14:14 - 2021-03-25 15:00 - 000000000 ___RD C:\Users\Becca\Creative Cloud Files
2022-11-08 14:13 - 2020-06-13 19:07 - 000000000 __SHD C:\Users\Becca\IntelGraphicsProfiles
2022-11-07 20:05 - 2021-03-06 15:13 - 000000000 ____D C:\Users\Becca\AppData\Local\D3DSCache
2022-11-07 20:05 - 2020-06-13 19:07 - 000000000 ____D C:\Users\Becca\AppData\Local\Packages
2022-11-07 18:18 - 2020-06-13 19:07 - 000000000 ____D C:\Users\Becca\AppData\Roaming\Adobe
2022-11-07 18:15 - 2021-04-01 19:52 - 000000000 ____D C:\Users\Becca\Documents\Adobe
2022-11-07 18:10 - 2021-08-27 14:19 - 000000000 ___HD C:\adobeTemp
2022-11-07 18:10 - 2021-03-25 14:55 - 000000000 ____D C:\Program Files\Adobe
2022-11-07 17:59 - 2021-03-25 14:55 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-11-06 19:44 - 2021-04-22 19:22 - 000000000 ____D C:\temp
2022-11-06 13:44 - 2022-04-01 20:30 - 000000000 ____D C:\Users\Becca\AppData\Local\CrashDumps
2022-11-06 12:13 - 2022-09-30 20:28 - 008042832 _____ C:\WINDOWS\system32\rtp.db
2022-11-06 12:13 - 2020-06-09 19:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-11-06 11:48 - 2021-06-28 20:00 - 000000000 ____D C:\Users\Cornelius\AppData\Local\Greenshot
2022-11-05 13:48 - 2020-07-21 09:20 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-04 17:23 - 2020-06-13 17:25 - 000000000 ____D C:\Users\Cornelius\Documents\Alles
2022-11-01 14:57 - 2022-06-22 17:38 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2022-10-26 17:49 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-26 17:48 - 2022-10-08 21:35 - 000000000 ___DC C:\WINDOWS\Panther
2022-10-22 19:45 - 2020-06-10 22:53 - 000000000 ____D C:\ProgramData\Adobe
2022-10-18 19:51 - 2020-06-09 18:02 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-10-18 19:02 - 2021-09-17 23:33 - 000000306 __RSH C:\ProgramData\ntuser.pol
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\System
2022-10-18 12:45 - 2020-06-13 20:29 - 000000000 ____D C:\Users\Becca\AppData\Roaming\PersBackup6
2022-10-18 02:52 - 2021-09-11 17:57 - 000000000 ____D C:\Users\Cornelius\AppData\Roaming\hidrive.ui
2022-10-17 20:41 - 2022-05-07 06:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-17 20:41 - 2022-05-07 06:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-17 20:36 - 2021-09-07 12:39 - 000000000 ____D C:\Users\Becca\AppData\Roaming\hidrive.ui
2022-10-17 20:22 - 2020-06-14 20:02 - 000000000 ___RD C:\Users\Becca\HiDrive
2022-10-17 20:22 - 2020-06-10 21:31 - 000000000 ___RD C:\Users\Cornelius\HiDrive
2022-10-15 20:53 - 2020-06-10 18:45 - 000000000 ____D C:\Users\Cornelius\AppData\Local\Packages
2022-10-15 20:53 - 2020-06-09 17:36 - 000000000 ____D C:\ProgramData\Packages
2022-10-14 22:13 - 2019-10-17 05:10 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-10-14 12:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\appcompat
2022-10-13 10:27 - 2022-05-07 06:28 - 000000000 ____D C:\WINDOWS\Setup
2022-10-13 10:27 - 2022-05-07 06:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 __RHD C:\Users\Public\Libraries
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\spool
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2022-10-13 10:27 - 2022-04-01 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2022-10-13 10:27 - 2022-03-16 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuCash
2022-10-13 10:27 - 2022-02-23 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2022
2022-10-13 10:27 - 2021-11-07 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEWE Fotowelt
2022-10-13 10:27 - 2021-10-13 14:25 - 000000000 ____D C:\WINDOWS\SysWOW64\statReporter
2022-10-13 10:27 - 2021-09-17 22:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minimal ADB and Fastboot
2022-10-13 10:27 - 2021-09-17 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2022-10-13 10:27 - 2021-09-17 12:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\ClockworkMod
2022-10-13 10:27 - 2021-06-28 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
2022-10-13 10:27 - 2021-06-19 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2022-10-13 10:27 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-10-13 10:27 - 2021-01-03 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2022-10-13 10:27 - 2020-12-07 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2021
2022-10-13 10:27 - 2020-11-15 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-10-13 10:27 - 2020-11-15 11:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\digiCamControl
2022-10-13 10:27 - 2020-06-14 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2022-10-13 10:27 - 2020-06-10 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-10-13 10:27 - 2020-06-10 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2022-10-13 10:27 - 2020-06-10 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2022-10-13 10:27 - 2020-06-09 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup 6
2022-10-13 10:27 - 2020-06-09 20:58 - 000000000 ____D C:\Program Files\UNP
2022-10-13 10:27 - 2020-06-09 20:42 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-13 10:27 - 2020-06-09 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
2022-10-13 10:27 - 2020-06-09 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2022-10-13 10:27 - 2020-06-09 18:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2022-10-13 10:27 - 2020-03-26 16:20 - 000000000 ____D C:\Program Files\Intel
2022-10-13 10:27 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-10-13 10:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-10-13 10:23 - 2022-05-07 06:25 - 000076800 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2022-10-13 10:23 - 2022-05-07 06:24 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll
2022-10-13 10:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\OCR
2022-10-13 10:19 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2022-10-13 10:19 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\MUI
2022-10-13 10:18 - 2022-05-07 11:39 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-10-13 10:18 - 2022-05-07 11:39 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\winrm
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\slmgr
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\dsc
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-10-13 10:18 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\servicing
2022-10-13 09:42 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows NT
2022-10-13 09:32 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-10-13 09:32 - 2022-02-13 16:52 - 000000000 ____D C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-10-13 09:32 - 2020-06-13 21:08 - 000000000 ____D C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 15 Plus
2022-10-13 09:29 - 2022-09-30 20:58 - 000000000 ____D C:\WINDOWS\system32\dolbyaposvc
2022-10-12 19:36 - 2020-06-09 20:42 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-10-11 10:03 - 2022-03-04 22:15 - 000000000 ____D C:\Users\Becca\AppData\Roaming\com.adobe.dunamis
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2021-05-03 06:36 - 2021-05-03 06:36 - 000000000 _____ () C:\Users\Cornelius\AppData\Local\oobelibMkey.log
2022-04-01 20:21 - 2022-04-01 20:22 - 000000128 _____ () C:\Users\Cornelius\AppData\Local\PUTTY.RND
2022-11-02 20:09 - 2022-11-02 20:09 - 000000218 _____ () C:\Users\Cornelius\AppData\Local\recently-used.xbel
==================== FLock ==============================
2022-04-01 20:38 C:\Users\Becca\AppData\Roaming\FileZilla
2022-04-01 20:37 C:\Users\Becca\AppData\Local\FileZilla
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 06-11-2022
durchgeführt von Cornelius (08-11-2022 22:53:59)
Gestartet von C:\Users\Cornelius\Desktop
Microsoft Windows 11 Home Version 22H2 22621.674 (X64) (2022-10-13 08:42:41)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-1070191195-3368900776-1784378574-500 - Administrator - Disabled)
Becca (S-1-5-21-1070191195-3368900776-1784378574-1003 - Administrator - Enabled) => C:\Users\Becca
Cornelius (S-1-5-21-1070191195-3368900776-1784378574-1002 - Administrator - Enabled) => C:\Users\Cornelius
DefaultAccount (S-1-5-21-1070191195-3368900776-1784378574-503 - Limited - Disabled)
Gast (S-1-5-21-1070191195-3368900776-1784378574-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1070191195-3368900776-1784378574-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {8A154ED8-4428-DB2D-0E3F-BD82C448FD94}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 22.003.20263 - Adobe)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.9.0.372 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.0.0.11 - Adobe Inc.)
Adobe Illustrator 2023 (HKLM-x32\...\ILST_27_0) (Version: 27.0 - Adobe Inc.)
Adobe InDesign 2021 (HKLM-x32\...\IDSN_16_4_3) (Version: 16.4.3 - Adobe Inc.)
Adobe InDesign 2022 (HKLM-x32\...\IDSN_17_4) (Version: 17.4 - Adobe Inc.)
Adobe InDesign 2023 (HKLM-x32\...\IDSN_18_0) (Version: 18.0 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_12_0_1) (Version: 12.0.1 - Adobe Inc.)
Adobe Media Encoder 2023 (HKLM-x32\...\AME_23_0) (Version: 23.0 - Adobe Inc.)
Adobe Photoshop 2022 (HKLM-x32\...\PHSP_23_5_2) (Version: 23.5.2.751 - Adobe Inc.)
Adobe Photoshop 2023 (HKLM-x32\...\PHSP_24_0) (Version: 24.0.0.59 - Adobe Inc.)
Adobe Premiere Pro 2023 (HKLM-x32\...\PPRO_23_0) (Version: 23.0 - Adobe Inc.)
Adobe Premiere Rush (HKLM-x32\...\RUSH_2_5) (Version: 2.5 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.13 - Arduino LLC)
CEWE Fotowelt (HKLM\...\CEWE Fotowelt) (Version: 7.2.1 - CEWE Stiftung u Co. KGaA)
digiCamControl (HKLM-x32\...\{19D12628-7654-4354-A305-9AB0B33A1677}) (Version: 2.1.2.0 - Duka Istvan)
digiCamControl (HKLM-x32\...\{2dd048a1-b9fb-4e4f-a8f3-1eceafce538c}) (Version: 2.1.2.0 - ) Hidden
Exact Audio Copy 1.5 (HKLM-x32\...\Exact Audio Copy) (Version: 1.5 - Andre Wiethoff)
FileZilla Client 3.58.0 (HKLM-x32\...\FileZilla Client) (Version: 3.58.0 - Tim Kosse)
GIMP 2.10.22 (HKLM\...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team)
GnuCash 4.9 (HKLM-x32\...\GnuCash_is1) (Version: 4.9 - GnuCash Development Team)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
HP Officejet Pro 8610 - Grundlegende Software für das Gerät (HKLM\...\{901960C4-A157-4D06-A538-9D5319F72182}) (Version: 32.4.116.94128 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Hilfe (HKLM-x32\...\{2466D8D5-4856-4492-BDEF-48A640F58866}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Chipset Device Software (HKLM\...\{351A0D24-F6F1-4105-AA50-5D2CCC71E0DD}) (Version: 10.1.18019.8144 - Intel Corporation) Hidden
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
Kodi (HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\Kodi) (Version: 19.1.0.0 - XBMC Foundation)
Lenovo Pen Settings Service (HKLM\...\ISD Tablet Driver) (Version: 7.6.1.41 - Wacom Technology Corp.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.14.0 - Lenovo Group Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.35 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.35 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.5493.1000 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\Teams) (Version: 1.4.00.32771 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{7C0242A3-8B66-35D1-9FE0-13B426ACB609}) (Version: 10.0.60729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.60724 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4 (HKLM-x32\...\{C5564379-582D-457A-9E68-A9E7C1F1C4EC}_is1) (Version: 1.4 - Sam Rodberg)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 99.0.1 (x64 de)) (Version: 99.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 99.0.1 - Mozilla)
Mozilla Thunderbird (x86 de) (HKLM-x32\...\Mozilla Thunderbird 102.4.1 (x86 de)) (Version: 102.4.1 - Mozilla)
Mp3tag v3.01 (HKLM-x32\...\Mp3tag) (Version: 3.01 - Florian Heidenreich)
Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-1000-0000000FF1CE}) (Version: 15.0.5493.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-1000-0000000FF1CE}) (Version: 15.0.5493.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0407-1000-0000000FF1CE}) (Version: 15.0.5493.1000 - Microsoft Corporation) Hidden
Personal Backup 6.1.11.0 (64-bit) (HKLM\...\Personal Backup 6_is1) (Version: 6.1.11.0 - Dr. J. Rathlev)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
Skype Version 8.75 (HKLM-x32\...\Skype_is1) (Version: 8.75 - Skype Technologies S.A.)
tiptoi® Manager 4.3 (HKLM\...\{833392BB-E8C0-4066-9408-3A30FA43972F}_is1) (Version: 4.3 - Ravensburger AG)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
UFRaw 0.19.2 (HKLM-x32\...\UFRaw_is1) (Version: - Udi Fuchs)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WISO Steuer-Sparbuch 2021 (HKLM-x32\...\{AF1FE075-A0FE-4085-B96E-C48D8EE07D44}) (Version: 28.00.1410 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2022 (HKLM-x32\...\{A5BFDB2E-2988-488A-BE2C-E2AFDFF88169}) (Version: 29.03.2730 - Buhl Data Service GmbH)
Zoom (HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\ZoomUMX) (Version: 5.9.3 (3169) - Zoom Video Communications, Inc.)
Packages:
=========
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.1.0_neutral__yxz26nhyzhsrt [2022-10-15] (Microsoft Corp.)
Dolby Atmos Speaker System -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosSpeakerSystem_3.20402.409.0_x64__rz1tebttyb220 [2020-03-26] (Dolby Laboratories)
Dolby Vision -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionHDR_2.1.5965.0_x64__rz1tebttyb220 [2022-08-05] (Dolby Laboratories)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_140.1.307.0_x64__v10z8vjag6ke6 [2022-11-06] (HP Inc.)
Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-04-27] (INTEL CORP) [Startup Task]
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.3.20.0_x64__5grkq8ppsgwt4 [2022-10-14] (LENOVO INC) [Startup Task]
Lenovo Pen Settings -> C:\Program Files\WindowsApps\WacomTechnologyCorp.157535B83C264_7.7.61.0_neutral__ss941bf8mfs8a [2022-10-15] (Wacom Technology Corp.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2209.2.0_x64__k1h2ywk1493x8 [2022-10-15] (LENOVO INC.)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.1.28.0_x64__8wekyb3d8bbwe [2022-10-15] (Microsoft Corp.)
MPEG-2-Videoerweiterung -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-03] (Microsoft Corporation)
ms-resource:APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.9.0_x64__8wekyb3d8bbwe [2022-10-15] (Microsoft Corp.)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.32061.0_x64__8wekyb3d8bbwe [2022-10-15] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2022-10-15] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.11.217.0_x64__dt26b99r8h8gj [2020-06-21] (Realtek Semiconductor Corp)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2022-10-18] (Microsoft Windows)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Cornelius\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Cornelius\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Cornelius\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => Keine Datei
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> )
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> )
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKU\S-1-5-21-1070191195-3368900776-1784378574-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002 -> DefaultScope {78C81D5A-6DC8-4757-A9E5-4BD91DAB1ECF} URL =
SearchScopes: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002 -> {78C81D5A-6DC8-4757-A9E5-4BD91DAB1ECF} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-06-09 21:16 - 2020-06-09 21:16 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1070191195-3368900776-1784378574-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Becca\Desktop\Rezepte\Blog\Rezepte\Crepes\DSC_0125neu1.JPG
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\StartupApproved\StartupFolder: => "HiDrive.lnk"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{BBA0011E-1AA3-4C6D-8292-9C719847F119}] => (Allow) C:\Users\Becca\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{3AEA1BB6-6038-4155-AA6C-63FD845642BC}C:\users\becca\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\becca\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7CD7D34C-DBCD-4BA0-86D2-9B6E59CED39B}C:\users\becca\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\becca\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{2A2B6193-AECF-4B9D-96D5-C182C8547D98}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{2B75DDE5-BE41-411D-8BED-E31DD8CB83AE}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{D3463351-8DFB-459F-A858-041DFC78D351}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{186F20E1-4B7E-4FED-BDF1-025F51772525}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9EC56E67-D076-4822-A19E-76E7C3CC6A33}] => (Allow) C:\Program Files (x86)\Mp3tag\Mp3tag.exe (Florian Heidenreich -> Florian Heidenreich)
FirewallRules: [{ECAF7C7E-6C6C-49EF-AC04-218C5DCDBD33}] => (Allow) C:\Program Files (x86)\Mp3tag\Mp3tag.exe (Florian Heidenreich -> Florian Heidenreich)
FirewallRules: [{41D00A09-741B-4CBB-97BD-295B84DDC32C}] => (Allow) C:\Program Files (x86)\Mp3tag\Mp3tag.exe (Florian Heidenreich -> Florian Heidenreich)
FirewallRules: [{D251A1FD-7250-4C36-B21A-7F3CC6B95B87}] => (Allow) C:\Program Files (x86)\Mp3tag\Mp3tag.exe (Florian Heidenreich -> Florian Heidenreich)
FirewallRules: [{25D3AC15-51AF-4B99-9974-053BAE853BD8}] => (Allow) C:\Program Files\tiptoi® Manager\tiptoi® Manager.exe (Ravensburger AG -> )
FirewallRules: [{14701DD4-7203-4413-8CC4-83586700D71D}] => (Allow) C:\Program Files\tiptoi® Manager\tiptoi® Manager.exe (Ravensburger AG -> )
FirewallRules: [{8E25D2CE-CC31-48FD-AF0E-30F72FA187FD}] => (Allow) C:\Program Files\tiptoi® Manager\tiptoi® Manager.exe (Ravensburger AG -> )
FirewallRules: [{FB86FF1C-E6C2-4F5F-93C3-3F1E9F0D284F}] => (Allow) C:\Program Files\tiptoi® Manager\tiptoi® Manager.exe (Ravensburger AG -> )
FirewallRules: [{5B8B5729-634F-455D-89AE-DFF801FF872E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0F1327D9-ACAD-464D-A19D-B2D924D1CBE0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{96ECBA74-B900-4380-8142-B8C9AA7FD8C1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B146688A-C425-4A4A-A12C-93951B61A15A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{45EDF6FD-0BA9-4759-8BC8-6C15A6230325}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{139A3C18-E76A-425F-A0F6-948C34D0E33F}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{66BD6054-7371-41B9-ADF5-1DB69ECD0485}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [Datei ist nicht signiert]
FirewallRules: [{0DC29716-8A7F-401A-9F53-01DD3B5A0B6B}] => (Allow) C:\Users\Becca\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E76FC87C-3D27-4FCD-B1DD-73826839057B}] => (Allow) C:\Users\Becca\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6059E92D-EB2B-4518-AD9B-D2D6F550BECD}] => (Allow) C:\Users\Becca\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{38BDE18C-C535-48C0-A69A-929C2DD47707}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D7C0C0C2-8638-4B5B-B87A-550EDCA2B01A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CAE2A7CD-6DC4-42FB-861A-2769031D291D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{98564E46-23A1-46D9-9C78-F09C0FB2740A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{B67B11F2-051D-48F2-81EF-20D2231A7A85}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{BC675D63-E07A-4D18-BD31-8B0EA97F15EC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{8096D4E3-D908-47F5-B4F1-AE5E7B666A2F}] => (Allow) LPort=5357
FirewallRules: [{401CD75C-E84D-4D2D-86DD-146893615A2C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{B907840C-99C9-4C08-81FC-C1DC1DE8FD1A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{26076964-3270-4A66-ADCB-8EE77CDB3BD9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EDE8F249-3DAD-49D7-A422-94B5729B5759}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1F277A1E-287D-43BE-A559-734C27D2357F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CEFE7715-0808-4919-85E6-BFF8670756AC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22273.905.1632.1008_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{57729BFD-6239-4B51-A8D6-11AE8EFEBB05}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22273.905.1632.1008_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F5F1674D-4E09-4833-934C-672B78E0A1AD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.26\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2A06E4BC-7450-46B4-B47E-D3C7F8CFAF85}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.35\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
26-10-2022 17:49:19 Windows Modules Installer
08-11-2022 21:42:05 PDF-XChange Editor
08-11-2022 22:46:07 AdwCleaner_BeforeCleaning_08/11/2022_22:46:07
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (11/08/2022 02:16:32 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-2BR8MEO)
Description: Name der fehlerhaften Anwendung: IGCCTray.exe, Version: 1.100.3408.0, Zeitstempel: 0x62341a86
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.22621.608, Zeitstempel: 0x4769d08d
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000008fb0c
ID des fehlerhaften Prozesses: 0x0x42bc
Startzeit der fehlerhaften Anwendung: 0x0x1d8f37451a57e09
Pfad der fehlerhaften Anwendung: C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: d15065f8-84b1-4143-bed7-18cdb54753a8
Vollständiger Name des fehlerhaften Pakets: AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (11/08/2022 02:16:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IGCCTray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.UnauthorizedAccessException
bei System.IO.__Error.WinIOError(Int32, System.String)
bei System.IO.Pipes.NamedPipeServerStream.Create(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeAccessRights, SECURITY_ATTRIBUTES)
bei System.IO.Pipes.NamedPipeServerStream..ctor(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeSecurity, System.IO.HandleInheritability, System.IO.Pipes.PipeAccessRights)
bei System.IO.Pipes.NamedPipeServerStream..ctor(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeSecurity)
bei GCP.ML.BackgroundSysTray.SingleInstanceApp.NamedPipeServerCreateServer()
bei GCP.ML.BackgroundSysTray.SingleInstanceApp.Initialize()
bei GCP.ML.BackgroundSysTray.Program.Main()
Error: (11/07/2022 10:29:46 AM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Name der fehlerhaften Anwendung: SecurityHealthService.exe, Version: 10.0.22621.608, Zeitstempel: 0x45a7fb3f
Name des fehlerhaften Moduls: ucrtbase.dll, Version: 10.0.22621.608, Zeitstempel: 0xf5fc15a3
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000007f61e
ID des fehlerhaften Prozesses: 0x0x11d4
Startzeit der fehlerhaften Anwendung: 0x0x1d8f20fceaec9e7
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\SecurityHealthService.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ucrtbase.dll
Berichtskennung: 6609d64d-fc8f-4f3a-bfe4-5778d7d10049
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/06/2022 07:43:29 PM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Name der fehlerhaften Anwendung: SecurityHealthService.exe, Version: 10.0.22621.608, Zeitstempel: 0x45a7fb3f
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.22621.608, Zeitstempel: 0xf2e8a5ab
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000000000010c1c9
ID des fehlerhaften Prozesses: 0x0x1a98
Startzeit der fehlerhaften Anwendung: 0x0x1d8f1d0e4916429
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\SecurityHealthService.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 61430bb4-5ffd-4415-8456-254390b96a1c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/06/2022 07:42:36 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).
Error: (11/06/2022 02:00:01 PM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Das Programm outlook.exe Version 15.0.5479.1000 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.
Error: (11/06/2022 01:44:26 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-2BR8MEO)
Description: Name der fehlerhaften Anwendung: IGCCTray.exe, Version: 1.100.3408.0, Zeitstempel: 0x62341a86
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.22621.608, Zeitstempel: 0x4769d08d
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000008fb0c
ID des fehlerhaften Prozesses: 0x0x3990
Startzeit der fehlerhaften Anwendung: 0x0x1d8f1dd80e49d89
Pfad der fehlerhaften Anwendung: C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 1fa37181-9d64-4e36-8e79-85f63746a54a
Vollständiger Name des fehlerhaften Pakets: AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (11/06/2022 01:44:26 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IGCCTray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.UnauthorizedAccessException
bei System.IO.__Error.WinIOError(Int32, System.String)
bei System.IO.Pipes.NamedPipeServerStream.Create(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeAccessRights, SECURITY_ATTRIBUTES)
bei System.IO.Pipes.NamedPipeServerStream..ctor(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeSecurity, System.IO.HandleInheritability, System.IO.Pipes.PipeAccessRights)
bei System.IO.Pipes.NamedPipeServerStream..ctor(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeSecurity)
bei GCP.ML.BackgroundSysTray.SingleInstanceApp.NamedPipeServerCreateServer()
bei GCP.ML.BackgroundSysTray.SingleInstanceApp.Initialize()
bei GCP.ML.BackgroundSysTray.Program.Main()
Systemfehler:
=============
Error: (11/08/2022 10:46:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Universal Device Client Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/08/2022 10:46:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/08/2022 10:46:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Print Scan Doctor Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/08/2022 10:46:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Dynamic Tuning service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/08/2022 10:46:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "SAMSUNG Mobile Connectivity Service V2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/08/2022 10:46:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Realtek Audio Universal Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/08/2022 09:59:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SAMSUNG Mobile Connectivity Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/08/2022 09:59:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Storage Middleware Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===============
Date: 2022-11-08 22:01:52
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_93d11e2397cac3a9\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-11-08 21:53:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_93d11e2397cac3a9\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-11-08 21:43:19
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CorePrivacySettingsStore.dll because the set of per-page image hashes could not be found on the system.
Date: 2022-11-08 21:36:43
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Avira\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
BIOS: LENOVO BNCN44WW 01/27/2022
Hauptplatine: LENOVO LNVNB161216
Prozessor: Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 16180.49 MB
Verfügbarer physikalischer RAM: 11145.38 MB
Summe virtueller Speicher: 17204.49 MB
Verfügbarer virtueller Speicher: 12456.32 MB
==================== Laufwerke ================================
Drive c: (Windows-SSD) (Fixed) (Total:952.62 GB) (Free:339.16 GB) (Model: SAMSUNG MZVLB1T0HBLR-000L2) (Protected) NTFS
\\?\Volume{1bc0db13-7e18-4ae6-b763-ac1125df1471}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.16 GB) NTFS
\\?\Volume{df614430-b0e7-4381-8cd3-8402093814e3}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 1E7D9B4E)
Partition: GPT.
==================== Ende von Addition.txt =======================
|
|
08.11.2022, 23:04
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira hat CRaccoon in Quarantäne geschoben Scripting/Repair mit FRST64 WARNUNG AN ALLE MITLESER !!! Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.11.2022, 23:12
| #13 |
| | Avira hat CRaccoon in Quarantäne geschobenCode:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 06-11-2022
durchgeführt von Cornelius (08-11-2022 23:09:46) Run:1
Gestartet von C:\Users\Cornelius\Desktop
Geladene Profile: Cornelius & Becca
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
Start::
CloseProcesses:
AV: Avira Antivirus (Enabled - Up to date) {8A154ED8-4428-DB2D-0E3F-BD82C448FD94}
GroupPolicy: Beschränkung ? <==== ACHTUNG
GroupPolicy-Firefox: Beschränkung <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
Task: {13C9E564-6517-4464-B5FC-8545585509A3} - \Lenovo\ImController\TimeBasedEvents\55258dae-8955-4786-8825-2e6124dd7302 -> Keine Datei <==== ACHTUNG
Task: {27CD9C0A-C561-4318-846F-B4BCB33133DC} - \Lenovo\ImController\TimeBasedEvents\d3a2e3d5-781d-4947-b335-259031115fa7 -> Keine Datei <==== ACHTUNG
"C:\Windows\System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask" konnte nicht entsperrt werden. <==== ACHTUNG
Task: {62F05AE4-89C1-468A-9E51-B10DF1E67A3F} - \Lenovo\ImController\TimeBasedEvents\d2e4d5e1-df21-4188-b23e-cfe97a042b67 -> Keine Datei <==== ACHTUNG
Task: {BA732E5A-97AD-4446-801B-3DDDF9FE9BEB} - \Lenovo\ImController\Lenovo iM Controller Monitor -> Keine Datei <==== ACHTUNG
Task: {BD117D0E-16B6-45C5-8118-2E858909DE10} - \Lenovo\ImController\TimeBasedEvents\576b479d-6c88-41d5-9eed-8cc66d8da42d -> Keine Datei <==== ACHTUNG
Task: {D7EEC4B4-E36F-4A82-AF26-0E3831094AC9} - \Opera scheduled assistant Autoupdate 1614982961 -> Keine Datei <==== ACHTUNG
Task: {E1A03A74-3CAB-4DC3-AF58-01B3FE550851} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> Keine Datei <==== ACHTUNG
Task: {E3B106A0-9CA7-48A3-A10D-601E044D7CC7} - \Lenovo\ImController\TimeBasedEvents\061779b1-85d0-48c2-8845-214a91995bd5 -> Keine Datei <==== ACHTUNG
Task: {FBA6B093-B79F-4644-B88E-52C91BFCDCFC} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> Keine Datei <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNGcmd: reg query "HKCU\Environment"
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\Run: [] => [X]
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
C:\WINDOWS\system32\Tasks\Avira
C:\Users\Becca\AppData\Roaming\IObit
C:\Program Files (x86)\Avira
C:\Program Files\Avira
C:\ProgramData\Avira
emptytemp:
End::
*****************
Prozesse erfolgreich geschlossen.
"AV: Avira Antivirus (Enabled - Up to date) {8A154ED8-4428-DB2D-0E3F-BD82C448FD94}" => erfolgreich entfernt
C:\WINDOWS\system32\GroupPolicy\Machine => erfolgreich verschoben
C:\WINDOWS\system32\GroupPolicy\GPT.ini => erfolgreich verschoben
C:\Program Files\Mozilla Firefox\distribution\policies.json => erfolgreich verschoben
C:\ProgramData\NTUSER.pol => erfolgreich verschoben
HKLM\SOFTWARE\Policies\Mozilla => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13C9E564-6517-4464-B5FC-8545585509A3}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13C9E564-6517-4464-B5FC-8545585509A3}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\55258dae-8955-4786-8825-2e6124dd7302" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27CD9C0A-C561-4318-846F-B4BCB33133DC}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27CD9C0A-C561-4318-846F-B4BCB33133DC}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\d3a2e3d5-781d-4947-b335-259031115fa7" => erfolgreich entfernt
"C:\Windows\System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask" konnte nicht entsperrt werden. <==== ACHTUNG" => nicht gefunden
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62F05AE4-89C1-468A-9E51-B10DF1E67A3F}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62F05AE4-89C1-468A-9E51-B10DF1E67A3F}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\d2e4d5e1-df21-4188-b23e-cfe97a042b67" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BA732E5A-97AD-4446-801B-3DDDF9FE9BEB}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA732E5A-97AD-4446-801B-3DDDF9FE9BEB}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Monitor" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD117D0E-16B6-45C5-8118-2E858909DE10}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD117D0E-16B6-45C5-8118-2E858909DE10}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\576b479d-6c88-41d5-9eed-8cc66d8da42d" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7EEC4B4-E36F-4A82-AF26-0E3831094AC9}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7EEC4B4-E36F-4A82-AF26-0E3831094AC9}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled assistant Autoupdate 1614982961" => nicht gefunden
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E1A03A74-3CAB-4DC3-AF58-01B3FE550851}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1A03A74-3CAB-4DC3-AF58-01B3FE550851}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3B106A0-9CA7-48A3-A10D-601E044D7CC7}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3B106A0-9CA7-48A3-A10D-601E044D7CC7}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\TimeBasedEvents\061779b1-85d0-48c2-8845-214a91995bd5" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FBA6B093-B79F-4644-B88E-52C91BFCDCFC}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBA6B093-B79F-4644-B88E-52C91BFCDCFC}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask" => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => erfolgreich entfernt
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => erfolgreich entfernt
"HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\Software\Microsoft\Windows\CurrentVersion\Run\\" => erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{C885AA15-1764-4293-B82A-0586ADD46B35} => erfolgreich entfernt
C:\WINDOWS\system32\Tasks\Avira => erfolgreich verschoben
C:\Users\Becca\AppData\Roaming\IObit => erfolgreich verschoben
C:\Program Files (x86)\Avira => erfolgreich verschoben
C:\Program Files\Avira => erfolgreich verschoben
C:\ProgramData\Avira => erfolgreich verschoben
=========== EmptyTemp: ==========
FlushDNS => abgeschlossen
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15959724 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 461165220 B
Edge => 1433262 B
Firefox => 699294265 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 2560 B
ProgramData => 2560 B
Public => 2560 B
systemprofile => 2560 B
systemprofile32 => 2560 B
LocalService => 39132 B
NetworkService => 44088 B
Cornelius => 406929425 B
Becca => 565790688 B
RecycleBin => 21264205453 B
EmptyTemp: => 21.8 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 23:10:24 ====
|
|
08.11.2022, 23:14
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira hat CRaccoon in Quarantäne geschoben Und nochmal neue FRST-Logs
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.11.2022, 23:18
| #15 |
| | Avira hat CRaccoon in Quarantäne geschobenCode:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 06-11-2022
durchgeführt von Cornelius (Administrator) auf DESKTOP-2BR8MEO (LENOVO 81TD) (08-11-2022 23:15:20)
Gestartet von C:\Users\Cornelius\Desktop\Trojaner
Geladene Profile: Cornelius
Plattform: Microsoft Windows 11 Home Version 22H2 22621.674 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud Helper.exe <2>
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(IdeaNotebookAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <3>
(C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_22273.905.1632.1008_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.35\msedgewebview2.exe <6>
(DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxCUIService.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxEM.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe <3>
(explorer.exe ->) (Open Source Developer, Robin Krom -> Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <10>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(services.exe ->) (Dolby Laboratories, Inc. -> ) C:\Windows\System32\dolbyaposvc\DAX3API.exe <2>
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_1e59f5ec7049260a\aesm_service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_0b214be229a13e84\jhi_service.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_0d8dab4470c5524b\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a9a2dde7124f013f\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_93d11e2397cac3a9\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_93d11e2397cac3a9\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_f222132bfa8270de\RstMwService.exe
(services.exe ->) (Intel(R) Trust Services -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\SocketHeciServer.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_646d24c9b7c85542\Intel_PIE_Service.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\YMC.exe
(services.exe ->) (Lenovo -> Lenovo(beijing) Limited) C:\Windows\System32\LNBITSSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia) C:\Windows\System32\FMService64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\NisSrv.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(services.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Windows\System32\DriverStore\FileRepository\wtabletserviceisd.inf_amd64_4690d097c38be4a9\WTabletServiceISD.exe <2>
(sihost.exe ->) (INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(sihost.exe ->) (LENOVO INC) C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.3.20.0_x64__5grkq8ppsgwt4\LaunchUtility\utility.exe
(svchost.exe ->) (INTEL CORP) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22082.119.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.765.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1084720 2020-05-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3476184 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [527792 2017-08-09] (Open Source Developer, Robin Krom -> Greenshot)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1068512 2022-09-30] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1070191195-3368900776-1784378574-1002\...\Run: [MicrosoftEdgeAutoLaunch_3F74224329E39C9A7D3043E6C82552DD] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3891624 2022-11-03] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\Run: [HP Officejet Pro 8610 (NET)] => C:\Program Files\HP\HP Officejet Pro 8610\Bin\ScanToPCActivationApp.exe [3486368 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [7222736 2022-10-16] (Adobe Inc. -> Adobe Systems Incorporated)
HKLM\...\Print\Monitors\HP 7112 Status Monitor: C:\WINDOWS\system32\hpinksts7112LM.dll [328704 2013-08-10] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8610): C:\WINDOWS\system32\HPDiscoPM7112.dll [763040 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)
Startup: C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2022-04-20]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HiDrive.lnk [2022-10-17]
ShortcutTarget: HiDrive.lnk -> C:\Program Files (x86)\STRATO\HiDrive\HiDrive.App.exe (Keine Datei)
Startup: C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8610.lnk [2022-08-20]
ShortcutAndArgument: Tintenwarnungen überwachen - HP Officejet Pro 8610.lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Officejet Pro 8610\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN48UD30KP;CONNECTION=USB;MONITOR=1;
Startup: C:\Users\Cornelius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2022-07-18]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Cornelius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HiDrive.lnk [2022-10-17]
ShortcutTarget: HiDrive.lnk -> C:\Program Files (x86)\STRATO\HiDrive\HiDrive.App.exe (Keine Datei)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {06FEF118-1E47-4CD0-8CA1-3F23A5249FEF} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1070191195-3368900776-1784378574-500 => C:\Users\Cornelius\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Keine Datei)
Task: {08BD09F4-BBD5-4759-9418-2A6680D41823} - System32\Tasks\Microsoft\Windows\PI\SecureBootEncodeUEFI => C:\WINDOWS\system32\SecureBootEncodeUEFI.exe [49152 2022-05-07] (Microsoft Windows -> )
Task: {0FF06527-B88F-4DAB-B47B-9B133514DA4F} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {1E9063C8-0F63-4EF3-AB9C-CEA671398153} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {24F00218-07AE-4204-93DB-0B2388E9B214} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
"C:\Windows\System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask" konnte nicht entsperrt werden. <==== ACHTUNG
Task: {27CE9D59-9D48-4D29-99BC-64657AEBA494} - System32\Tasks\Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask
Task: {28AF4916-D487-4792-8DE6-1F3F006A67E0} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {2955D32F-A087-4F16-819D-5633BF8F0836} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MpCmdRun.exe [1567360 2022-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {441AB107-44CD-4829-8AF0-FD82DAB69884} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {4748CC6A-110C-46D1-AEE0-4FBEBD4C1CBF} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC ReadyToReboot (Keine Datei)
Task: {56BD730D-2157-4A6D-89AB-C77E8B786FB7} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {66977CF0-1E6C-4497-B6E2-B21CC2C45AD9} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {73B6D149-F5D8-46A4-B1D3-F2D453BA9D8F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [375232 2022-07-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {81D7C8DB-BF46-4C9A-912C-ED2819B52D0F} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {8BD661D3-91BD-4626-AFAF-B364710A49D1} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {8F55F0DB-EFD8-4F30-96BA-3FF286835A47} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery ReadyToReboot (Keine Datei)
Task: {96631209-1C40-4CCB-85AD-AA83AB26C08C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {97C8EF02-DB16-4300-8796-5D0F027BB61A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MpCmdRun.exe [1567360 2022-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A1619365-7B6D-4077-9ADB-0BC539DDD853} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [89408 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
Task: {B95A7A6A-4B60-4247-A1CF-79175E52E4AE} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe (Keine Datei)
Task: {BAB3BB18-1860-4211-8184-497596CF1B2D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [375232 2022-07-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {BB8118F4-75EB-4371-A2E7-715290F2DFEB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [973744 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
Task: {BDD773D1-E95B-4E84-838B-5CF8FE83C8CD} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe [27480 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
Task: {C012B180-4A05-4E1C-B01C-7F2C72548D82} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [184656 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
Task: {C088E47B-A94D-4971-8C3B-9245F2A942E9} - System32\Tasks\Opera scheduled Autoupdate 1614982957 => C:\Users\Becca\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Keine Datei)
Task: {C48A4498-DF8A-4FB0-9A96-9A412B455C53} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Keine Datei)
Task: {CD8BC9BA-1EDC-4D33-8C04-054B2FF87364} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MpCmdRun.exe [1567360 2022-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {D5B20400-63A2-4E55-AE5C-6FF62FE45391} - System32\Tasks\LenovoUtility Startup => C:\Windows\explorer.exe lenovo-utility://
Task: {DC6E6278-6153-4682-B894-B9603E6882FB} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3476184 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (Keine Datei)
Task: {E786E414-3A44-465F-A4D6-BA6F2CF5B378} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MpCmdRun.exe [1567360 2022-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4b730a19-1edc-495e-8cbb-54399f6a4154}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{ae31ffd9-227d-433d-9dd0-5dd18f6b90ee}: [DhcpNameServer] 150.206.1.3
Edge:
=======
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge Profile: C:\Users\Cornelius\AppData\Local\Microsoft\Edge\User Data\Default [2022-11-08]
FireFox:
========
FF DefaultProfile: pm20j0fn.default
FF ProfilePath: C:\Users\Cornelius\AppData\Roaming\Mozilla\Firefox\Profiles\pm20j0fn.default [2022-11-08]
FF Homepage: Mozilla\Firefox\Profiles\pm20j0fn.default -> hxxp://www.mozilla.org
FF ProfilePath: C:\Users\Cornelius\AppData\Roaming\Mozilla\Firefox\Profiles\9w0qkrwx.default-release [2022-11-08]
FF Session Restore: Mozilla\Firefox\Profiles\9w0qkrwx.default-release -> ist aktiviert.
FF Extension: (Startpage.com — Datenschutz-Suchmaschine) - C:\Users\Cornelius\AppData\Roaming\Mozilla\Firefox\Profiles\9w0qkrwx.default-release\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2020-06-10]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2022-05-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-10-16] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2022-09-30] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2020-06-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2022-09-30] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [923616 2022-09-30] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3863256 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3701464 2022-07-27] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3054520 2022-04-28] (Microsoft Corporation -> Microsoft Corporation)
S3 dcsvc; C:\WINDOWS\system32\dcsvc.dll [802816 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\system32\dolbyaposvc\DAX3API.exe [1646536 2019-06-16] (Dolby Laboratories, Inc. -> )
R2 FMAPOService; C:\WINDOWS\System32\FMService64.exe [360320 2019-09-05] (Microsoft Windows Hardware Compatibility Publisher -> Fortemedia)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [228848 2022-11-01] (HP Inc. -> HP Inc.)
S3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2022-10-17] (Microsoft Windows -> Microsoft Corporation)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\LenovoVantageService.exe [31072 2022-05-24] (Lenovo -> Lenovo Group Ltd.)
R2 LITSSVC; C:\WINDOWS\System32\LNBITSSvc.exe [1643688 2019-05-06] (Lenovo -> Lenovo(beijing) Limited)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-11-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [919992 2020-11-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2022-10-17] (Microsoft Windows -> Microsoft Corporation)
R2 UDCService; C:\WINDOWS\System32\drivers\Lenovo\udc\Service\UDClientService.exe [71504 2022-05-23] (Lenovo -> Lenovo Group Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\NisSrv.exe [3191224 2022-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MsMpEng.exe [133560 2022-11-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137544 2022-10-17] (Microsoft Windows -> Microsoft Corporation)
R2 YMC; C:\WINDOWS\System32\YMC.exe [856960 2019-05-26] (Lenovo -> Lenovo Group Ltd.)
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2022-10-17] (Microsoft Windows -> Microsoft Corporation)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [69024 2019-05-29] (Microsoft Windows Hardware Compatibility Publisher -> www.winchiphead.com)
S3 GeneStor; C:\WINDOWS\system32\DRIVERS\GeneStor.sys [115704 2015-07-15] (GENESYS LOGIC, INC. -> GenesysLogic)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 MpKslae76c2e2; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BC3AA64C-4BD1-4CC7-8D89-028B2418069B}\MpKslDrv.sys [214280 2022-11-08] (Microsoft Windows -> Microsoft Corporation)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49584 2022-11-08] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [469248 2022-11-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95528 2022-11-08] (Microsoft Windows -> Microsoft Corporation)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2022-10-17] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
NETSVC: DcSvc -> C:\Windows\system32\dcsvc.dll (Microsoft Corporation)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-11-08 23:11 - 2022-11-08 23:11 - 000000008 __RSH C:\ProgramData\ntuser.pol
2022-11-08 21:58 - 2022-11-08 21:59 - 000000000 ____D C:\AdwCleaner
2022-11-08 21:54 - 2022-11-08 21:54 - 000761564 _____ C:\WINDOWS\system32\perfh007.dat
2022-11-08 21:54 - 2022-11-08 21:54 - 000157732 _____ C:\WINDOWS\system32\perfc007.dat
2022-11-08 21:41 - 2016-09-23 12:16 - 000000109 _____ C:\Users\Cornelius\Desktop\Online PDF Tools.url
2022-11-08 14:35 - 2022-11-08 23:12 - 000000000 ____D C:\Users\Cornelius\Desktop\Trojaner
2022-11-08 14:34 - 2022-11-08 23:15 - 000000000 ____D C:\FRST
2022-11-07 18:10 - 2022-11-07 18:10 - 000001148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Rush.lnk
2022-11-07 18:00 - 2022-11-07 18:00 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder 2023.lnk
2022-11-07 17:57 - 2022-11-07 18:10 - 000000000 ____D C:\Users\Public\Documents\Adobe
2022-11-07 17:57 - 2022-11-07 17:57 - 000001141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro 2023.lnk
2022-11-06 13:44 - 2022-11-07 18:22 - 000000000 ____D C:\Users\Becca\Desktop\Neuer Ordner (6)
2022-11-03 15:44 - 2022-11-03 16:58 - 000000000 ____D C:\Users\Becca\Desktop\Neuer Ordner (5)
2022-11-02 21:51 - 2022-11-06 12:13 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2022-11-02 20:09 - 2022-11-02 20:09 - 000000218 _____ C:\Users\Cornelius\AppData\Local\recently-used.xbel
2022-10-29 18:50 - 2022-10-29 18:50 - 000001096 _____ C:\Users\Cornelius\Desktop\Adobe Lightroom Classic.lnk
2022-10-29 18:50 - 2022-10-29 18:50 - 000001096 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic.lnk
2022-10-27 16:56 - 2022-10-27 16:56 - 000000000 ____D C:\ProgramData\Scan2PDF light
2022-10-27 16:55 - 2022-10-27 16:55 - 000000000 ____D C:\Users\Becca\Downloads\LScan2Pdf
2022-10-27 16:54 - 2022-10-27 16:54 - 010217236 _____ C:\Users\Becca\Downloads\LScan2Pdf.zip
2022-10-27 16:46 - 2022-10-27 16:49 - 000000000 ___RD C:\Users\Cornelius\Documents\Scanned Documents
2022-10-27 16:46 - 2022-10-27 16:46 - 000000000 ____D C:\Users\Cornelius\Documents\Fax
2022-10-22 20:11 - 2022-10-22 20:11 - 000001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign 2023.lnk
2022-10-22 19:58 - 2022-10-22 19:58 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2022.lnk
2022-10-22 19:49 - 2022-10-22 19:49 - 000002504 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator 2023.lnk
2022-10-22 19:44 - 2022-10-22 19:44 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2023.lnk
2022-10-22 15:58 - 2022-10-22 16:36 - 000000000 ____D C:\Users\Becca\Desktop\Neuer Ordner (4)
2022-10-19 09:55 - 2022-10-19 10:07 - 000000000 ____D C:\Users\Becca\Desktop\Neuer Ordner (3)
2022-10-17 20:34 - 2022-10-17 20:34 - 000000000 ___RD C:\Users\Becca\Documents\Microsoft.SecHealthUI_8wekyb3d8bbwe!SecHealthUI
2022-10-17 20:25 - 2022-10-17 20:25 - 000327680 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 002575632 _____ (The ICU Project) C:\WINDOWS\system32\icu.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 002088728 _____ (The ICU Project) C:\WINDOWS\SysWOW64\icu.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 000296448 _____ C:\WINDOWS\system32\CloudIdWxhExtension.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 000062800 _____ C:\WINDOWS\system32\AppInstallerBackgroundUpdate.exe
2022-10-17 20:24 - 2022-10-17 20:24 - 000055144 _____ C:\WINDOWS\system32\SFAPE.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 000046888 _____ C:\WINDOWS\system32\wow64base.dll
2022-10-17 20:24 - 2022-10-17 20:24 - 000016565 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-17 20:23 - 2022-10-17 20:23 - 000000000 ___HD C:\$WinREAgent
2022-10-14 22:12 - 2022-10-14 22:12 - 000000020 ___SH C:\Users\Cornelius\ntuser.ini
2022-10-13 10:26 - 2022-10-13 10:27 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-10-13 10:24 - 2022-10-13 10:25 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-10-13 10:24 - 2022-10-13 10:24 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-10-13 10:21 - 2022-10-13 10:21 - 000530944 _____ (curl, hxxps://curl.se/) C:\WINDOWS\system32\curl.exe
2022-10-13 10:21 - 2022-10-13 10:21 - 000470528 _____ (curl, hxxps://curl.se/) C:\WINDOWS\SysWOW64\curl.exe
2022-10-13 10:21 - 2022-10-13 10:21 - 000192512 _____ C:\WINDOWS\system32\CloudExperienceHostRedirection.dll
2022-10-13 10:21 - 2022-10-13 10:21 - 000180224 _____ C:\WINDOWS\system32\stordiag.exe
2022-10-13 10:21 - 2022-10-13 10:21 - 000133120 _____ C:\WINDOWS\SysWOW64\stordiag.exe
2022-10-13 10:21 - 2022-10-13 10:21 - 000098304 _____ C:\WINDOWS\system32\dplcsp.dll
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\WINDOWS\addins
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\Program Files\MSBuild
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-10-13 10:19 - 2022-10-13 10:19 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-10-13 10:16 - 2022-10-13 10:16 - 000000000 ____D C:\WINDOWS\system32\Intel
2022-10-13 10:16 - 2022-10-13 10:16 - 000000000 ____D C:\WINDOWS\system32\cAVS
2022-10-13 10:15 - 2022-11-08 22:46 - 000000000 ____D C:\WINDOWS\Lenovo
2022-10-13 10:15 - 2022-10-13 10:15 - 000000000 ____D C:\WINDOWS\system32\Drivers\Lenovo
2022-10-13 09:44 - 2022-10-13 09:44 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-10-13 09:42 - 2022-11-08 23:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-13 09:42 - 2022-11-08 23:11 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-10-13 09:42 - 2022-11-08 22:46 - 000000000 ____D C:\WINDOWS\system32\Tasks\Lenovo
2022-10-13 09:42 - 2022-11-01 13:39 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2022-10-13 09:42 - 2022-10-23 15:34 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2022-10-13 09:42 - 2022-10-15 20:51 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-10-13 09:42 - 2022-10-15 20:51 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-10-13 09:42 - 2022-10-13 09:42 - 000004030 _____ C:\WINDOWS\system32\Tasks\LenovoUtility Startup
2022-10-13 09:42 - 2022-10-13 09:42 - 000003626 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1614982957
2022-10-13 09:42 - 2022-10-13 09:42 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1070191195-3368900776-1784378574-500
2022-10-13 09:42 - 2022-10-13 09:42 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2022-10-13 09:42 - 2022-10-13 09:42 - 000000020 ___SH C:\Users\Becca\ntuser.ini
2022-10-13 09:42 - 2022-10-13 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Ivanti
2022-10-13 09:42 - 2022-10-13 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Hewlett-Packard
2022-10-13 09:42 - 2022-10-13 09:42 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-10-13 09:42 - 2020-03-26 16:07 - 000002856 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2473705718-4163329733-1527017515-500
2022-10-13 09:42 - 2019-10-17 05:12 - 000003388 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3354727278-81800435-1074778100-500
2022-10-13 09:40 - 2022-10-13 09:42 - 000017148 _____ C:\WINDOWS\diagwrn.xml
2022-10-13 09:40 - 2022-10-13 09:42 - 000017148 _____ C:\WINDOWS\diagerr.xml
2022-10-13 09:38 - 2022-11-08 21:54 - 001754660 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-13 09:29 - 2022-11-02 22:16 - 000000000 ____D C:\Users\Becca
2022-10-13 09:29 - 2022-10-14 22:12 - 000000000 ____D C:\Users\Cornelius
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Vorlagen
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Startmenü
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Netzwerkumgebung
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Lokale Einstellungen
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Eigene Dateien
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Druckumgebung
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Documents\Eigene Videos
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Documents\Eigene Musik
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Documents\Eigene Bilder
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\AppData\Local\Verlauf
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\AppData\Local\Anwendungsdaten
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Cornelius\Anwendungsdaten
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Vorlagen
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Startmenü
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Netzwerkumgebung
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Lokale Einstellungen
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Eigene Dateien
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Druckumgebung
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Documents\Eigene Videos
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Documents\Eigene Musik
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Documents\Eigene Bilder
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\AppData\Local\Verlauf
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\AppData\Local\Anwendungsdaten
2022-10-13 09:29 - 2022-10-13 09:29 - 000000000 _SHDL C:\Users\Becca\Anwendungsdaten
2022-10-13 09:29 - 2022-05-07 06:19 - 000001281 _____ C:\Users\Cornelius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-10-13 09:29 - 2022-05-07 06:19 - 000001281 _____ C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk
2022-10-13 09:29 - 2022-05-07 06:19 - 000000407 _____ C:\Users\Cornelius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-10-13 09:29 - 2022-05-07 06:19 - 000000407 _____ C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Explorer.lnk
2022-10-13 09:28 - 2022-11-08 22:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-13 09:28 - 2022-10-18 19:01 - 000482448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-13 09:28 - 2022-10-13 09:28 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2022-10-12 18:56 - 2022-10-23 15:34 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2022-10-12 18:56 - 2022-10-23 15:34 - 000002072 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2022-10-12 18:49 - 2022-10-14 11:59 - 000000000 ____D C:\Users\Becca\Desktop\Neuer Ordner (2)
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-11-08 23:16 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2022-11-08 23:13 - 2022-04-27 20:25 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-11-08 23:12 - 2020-06-10 19:13 - 000000000 ____D C:\Users\Cornelius\AppData\LocalLow\Mozilla
2022-11-08 23:11 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2022-11-08 23:11 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-11-08 23:11 - 2020-07-11 22:18 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-11-08 23:11 - 2020-06-10 18:45 - 000000000 __SHD C:\Users\Cornelius\IntelGraphicsProfiles
2022-11-08 23:11 - 2020-03-26 16:23 - 000000134 _____ C:\WINDOWS\system32\regtest.txt
2022-11-08 23:11 - 2020-03-26 16:22 - 000000000 ___HD C:\Intel
2022-11-08 23:10 - 2022-05-07 06:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2022-11-08 23:10 - 2021-03-14 21:54 - 000012288 ___SH C:\DumpStack.log.tmp
2022-11-08 23:10 - 2020-06-26 14:03 - 000000000 ____D C:\Users\Becca\AppData\LocalLow\Temp
2022-11-08 23:09 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2022-11-08 23:01 - 2020-06-10 18:48 - 000000000 ____D C:\Users\Cornelius\AppData\Local\Lenovo
2022-11-08 22:46 - 2022-06-22 17:42 - 000000000 ____D C:\Users\Becca\AppData\Roaming\Hewlett-Packard
2022-11-08 22:46 - 2020-06-13 19:12 - 000000000 ____D C:\Users\Becca\AppData\Local\Lenovo
2022-11-08 22:46 - 2020-06-09 18:19 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2022-11-08 22:46 - 2020-03-26 16:12 - 000000000 ____D C:\ProgramData\Lenovo
2022-11-08 22:01 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows Defender
2022-11-08 22:01 - 2019-10-17 05:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-11-08 21:54 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2022-11-08 21:49 - 2021-04-16 20:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2022-11-08 21:45 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-11-08 21:43 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-11-08 21:42 - 2020-03-26 16:20 - 000000000 ____D C:\ProgramData\Package Cache
2022-11-08 21:41 - 2021-03-29 19:36 - 000000000 ____D C:\Users\Cornelius\AppData\Local\D3DSCache
2022-11-08 21:40 - 2020-06-13 16:27 - 000000000 ____D C:\Users\Cornelius\AppData\Roaming\IrfanView
2022-11-08 21:40 - 2020-06-10 22:50 - 000000000 ____D C:\Users\Cornelius\AppData\Roaming\Foxit Software
2022-11-08 21:40 - 2020-06-10 22:50 - 000000000 ____D C:\ProgramData\Foxit Software
2022-11-08 20:48 - 2021-03-25 14:56 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2022-11-08 14:20 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2022-11-08 14:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-11-08 14:16 - 2022-04-02 21:24 - 000000000 ____D C:\Users\Cornelius\AppData\Local\CrashDumps
2022-11-08 14:15 - 2020-06-13 20:30 - 000000000 ____D C:\Users\Becca\AppData\LocalLow\Mozilla
2022-11-08 14:14 - 2021-03-25 15:00 - 000000000 ___RD C:\Users\Becca\Creative Cloud Files
2022-11-08 14:13 - 2020-06-13 19:07 - 000000000 __SHD C:\Users\Becca\IntelGraphicsProfiles
2022-11-07 20:05 - 2021-03-06 15:13 - 000000000 ____D C:\Users\Becca\AppData\Local\D3DSCache
2022-11-07 20:05 - 2020-06-13 19:07 - 000000000 ____D C:\Users\Becca\AppData\Local\Packages
2022-11-07 18:18 - 2020-06-13 19:07 - 000000000 ____D C:\Users\Becca\AppData\Roaming\Adobe
2022-11-07 18:15 - 2021-04-01 19:52 - 000000000 ____D C:\Users\Becca\Documents\Adobe
2022-11-07 18:10 - 2021-08-27 14:19 - 000000000 ___HD C:\adobeTemp
2022-11-07 18:10 - 2021-03-25 14:55 - 000000000 ____D C:\Program Files\Adobe
2022-11-07 17:59 - 2021-03-25 14:55 - 000000000 ____D C:\Program Files\Common Files\Adobe
2022-11-06 19:44 - 2021-04-22 19:22 - 000000000 ____D C:\temp
2022-11-06 13:44 - 2022-04-01 20:30 - 000000000 ____D C:\Users\Becca\AppData\Local\CrashDumps
2022-11-06 12:13 - 2022-09-30 20:28 - 008042832 _____ C:\WINDOWS\system32\rtp.db
2022-11-06 12:13 - 2020-06-09 19:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-11-06 11:48 - 2021-06-28 20:00 - 000000000 ____D C:\Users\Cornelius\AppData\Local\Greenshot
2022-11-05 13:48 - 2020-07-21 09:20 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-11-04 17:23 - 2020-06-13 17:25 - 000000000 ____D C:\Users\Cornelius\Documents\Alles
2022-11-01 14:57 - 2022-06-22 17:38 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2022-10-26 17:49 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-26 17:48 - 2022-10-08 21:35 - 000000000 ___DC C:\WINDOWS\Panther
2022-10-22 19:45 - 2020-06-10 22:53 - 000000000 ____D C:\ProgramData\Adobe
2022-10-18 19:51 - 2020-06-09 18:02 - 000000000 ____D C:\Program Files\Microsoft Office 15
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-18 19:00 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-18 18:59 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\System
2022-10-18 12:45 - 2020-06-13 20:29 - 000000000 ____D C:\Users\Becca\AppData\Roaming\PersBackup6
2022-10-18 02:52 - 2021-09-11 17:57 - 000000000 ____D C:\Users\Cornelius\AppData\Roaming\hidrive.ui
2022-10-17 20:41 - 2022-05-07 06:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-17 20:41 - 2022-05-07 06:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-17 20:36 - 2021-09-07 12:39 - 000000000 ____D C:\Users\Becca\AppData\Roaming\hidrive.ui
2022-10-17 20:22 - 2020-06-14 20:02 - 000000000 ___RD C:\Users\Becca\HiDrive
2022-10-17 20:22 - 2020-06-10 21:31 - 000000000 ___RD C:\Users\Cornelius\HiDrive
2022-10-15 20:53 - 2020-06-10 18:45 - 000000000 ____D C:\Users\Cornelius\AppData\Local\Packages
2022-10-15 20:53 - 2020-06-09 17:36 - 000000000 ____D C:\ProgramData\Packages
2022-10-14 22:13 - 2019-10-17 05:10 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-10-14 12:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\appcompat
2022-10-13 10:27 - 2022-05-07 06:28 - 000000000 ____D C:\WINDOWS\Setup
2022-10-13 10:27 - 2022-05-07 06:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 __RHD C:\Users\Public\Libraries
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\spool
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-10-13 10:27 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2022-10-13 10:27 - 2022-04-01 20:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2022-10-13 10:27 - 2022-03-16 13:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GnuCash
2022-10-13 10:27 - 2022-02-23 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2022
2022-10-13 10:27 - 2021-11-07 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEWE Fotowelt
2022-10-13 10:27 - 2021-10-13 14:25 - 000000000 ____D C:\WINDOWS\SysWOW64\statReporter
2022-10-13 10:27 - 2021-09-17 22:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minimal ADB and Fastboot
2022-10-13 10:27 - 2021-09-17 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2022-10-13 10:27 - 2021-09-17 12:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\ClockworkMod
2022-10-13 10:27 - 2021-06-28 20:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Greenshot
2022-10-13 10:27 - 2021-06-19 17:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodi
2022-10-13 10:27 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-10-13 10:27 - 2021-01-03 14:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2022-10-13 10:27 - 2020-12-07 20:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WISO Steuer-Sparbuch 2021
2022-10-13 10:27 - 2020-11-15 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2022-10-13 10:27 - 2020-11-15 11:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\digiCamControl
2022-10-13 10:27 - 2020-06-14 21:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander
2022-10-13 10:27 - 2020-06-10 22:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-10-13 10:27 - 2020-06-10 21:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2022-10-13 10:27 - 2020-06-10 21:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2022-10-13 10:27 - 2020-06-09 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup 6
2022-10-13 10:27 - 2020-06-09 20:58 - 000000000 ____D C:\Program Files\UNP
2022-10-13 10:27 - 2020-06-09 20:42 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-13 10:27 - 2020-06-09 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
2022-10-13 10:27 - 2020-06-09 18:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2022-10-13 10:27 - 2020-06-09 18:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2022-10-13 10:27 - 2020-03-26 16:20 - 000000000 ____D C:\Program Files\Intel
2022-10-13 10:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-10-13 10:23 - 2022-05-07 06:25 - 000076800 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2022-10-13 10:23 - 2022-05-07 06:24 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll
2022-10-13 10:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\OCR
2022-10-13 10:19 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2022-10-13 10:19 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\MUI
2022-10-13 10:18 - 2022-05-07 11:39 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2022-10-13 10:18 - 2022-05-07 11:39 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\winrm
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\WCN
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\slmgr
2022-10-13 10:18 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\dsc
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-10-13 10:18 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2022-10-13 10:18 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\servicing
2022-10-13 09:42 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows NT
2022-10-13 09:32 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-10-13 09:32 - 2022-02-13 16:52 - 000000000 ____D C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2022-10-13 09:32 - 2020-06-13 21:08 - 000000000 ____D C:\Users\Becca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movavi Video Editor 15 Plus
2022-10-13 09:29 - 2022-09-30 20:58 - 000000000 ____D C:\WINDOWS\system32\dolbyaposvc
2022-10-12 19:36 - 2020-06-09 20:42 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-10-11 10:03 - 2022-03-04 22:15 - 000000000 ____D C:\Users\Becca\AppData\Roaming\com.adobe.dunamis
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2021-05-03 06:36 - 2021-05-03 06:36 - 000000000 _____ () C:\Users\Cornelius\AppData\Local\oobelibMkey.log
2022-04-01 20:21 - 2022-04-01 20:22 - 000000128 _____ () C:\Users\Cornelius\AppData\Local\PUTTY.RND
2022-11-02 20:09 - 2022-11-02 20:09 - 000000218 _____ () C:\Users\Cornelius\AppData\Local\recently-used.xbel
==================== FLock ==============================
2022-04-01 20:38 C:\Users\Becca\AppData\Roaming\FileZilla
2022-04-01 20:37 C:\Users\Becca\AppData\Local\FileZilla
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 06-11-2022
durchgeführt von Cornelius (08-11-2022 23:16:59)
Gestartet von C:\Users\Cornelius\Desktop\Trojaner
Microsoft Windows 11 Home Version 22H2 22621.674 (X64) (2022-10-13 08:42:41)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-1070191195-3368900776-1784378574-500 - Administrator - Disabled)
Becca (S-1-5-21-1070191195-3368900776-1784378574-1003 - Administrator - Enabled) => C:\Users\Becca
Cornelius (S-1-5-21-1070191195-3368900776-1784378574-1002 - Administrator - Enabled) => C:\Users\Cornelius
DefaultAccount (S-1-5-21-1070191195-3368900776-1784378574-503 - Limited - Disabled)
Gast (S-1-5-21-1070191195-3368900776-1784378574-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-1070191195-3368900776-1784378574-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 22.003.20263 - Adobe)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 5.9.0.372 - Adobe Inc.)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 8.0.0.11 - Adobe Inc.)
Adobe Illustrator 2023 (HKLM-x32\...\ILST_27_0) (Version: 27.0 - Adobe Inc.)
Adobe InDesign 2021 (HKLM-x32\...\IDSN_16_4_3) (Version: 16.4.3 - Adobe Inc.)
Adobe InDesign 2022 (HKLM-x32\...\IDSN_17_4) (Version: 17.4 - Adobe Inc.)
Adobe InDesign 2023 (HKLM-x32\...\IDSN_18_0) (Version: 18.0 - Adobe Inc.)
Adobe Lightroom Classic (HKLM-x32\...\LTRM_12_0_1) (Version: 12.0.1 - Adobe Inc.)
Adobe Media Encoder 2023 (HKLM-x32\...\AME_23_0) (Version: 23.0 - Adobe Inc.)
Adobe Photoshop 2022 (HKLM-x32\...\PHSP_23_5_2) (Version: 23.5.2.751 - Adobe Inc.)
Adobe Photoshop 2023 (HKLM-x32\...\PHSP_24_0) (Version: 24.0.0.59 - Adobe Inc.)
Adobe Premiere Pro 2023 (HKLM-x32\...\PPRO_23_0) (Version: 23.0 - Adobe Inc.)
Adobe Premiere Rush (HKLM-x32\...\RUSH_2_5) (Version: 2.5 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601032}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Arduino (HKLM-x32\...\Arduino) (Version: 1.8.13 - Arduino LLC)
CEWE Fotowelt (HKLM\...\CEWE Fotowelt) (Version: 7.2.1 - CEWE Stiftung u Co. KGaA)
digiCamControl (HKLM-x32\...\{19D12628-7654-4354-A305-9AB0B33A1677}) (Version: 2.1.2.0 - Duka Istvan)
digiCamControl (HKLM-x32\...\{2dd048a1-b9fb-4e4f-a8f3-1eceafce538c}) (Version: 2.1.2.0 - ) Hidden
Exact Audio Copy 1.5 (HKLM-x32\...\Exact Audio Copy) (Version: 1.5 - Andre Wiethoff)
FileZilla Client 3.58.0 (HKLM-x32\...\FileZilla Client) (Version: 3.58.0 - Tim Kosse)
GIMP 2.10.22 (HKLM\...\GIMP-2_is1) (Version: 2.10.22 - The GIMP Team)
GnuCash 4.9 (HKLM-x32\...\GnuCash_is1) (Version: 4.9 - GnuCash Development Team)
Greenshot 1.2.10.6 (HKLM\...\Greenshot_is1) (Version: 1.2.10.6 - Greenshot)
HP Officejet Pro 8610 - Grundlegende Software für das Gerät (HKLM\...\{901960C4-A157-4D06-A538-9D5319F72182}) (Version: 32.4.116.94128 - Hewlett-Packard Co.)
HP Officejet Pro 8610 Hilfe (HKLM-x32\...\{2466D8D5-4856-4492-BDEF-48A640F58866}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Chipset Device Software (HKLM\...\{351A0D24-F6F1-4105-AA50-5D2CCC71E0DD}) (Version: 10.1.18019.8144 - Intel Corporation) Hidden
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
Kodi (HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\Kodi) (Version: 19.1.0.0 - XBMC Foundation)
Lenovo Pen Settings Service (HKLM\...\ISD Tablet Driver) (Version: 7.6.1.41 - Wacom Technology Corp.)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.14.0 - Lenovo Group Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 107.0.1418.35 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 107.0.1418.35 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.5493.1000 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\Teams) (Version: 1.4.00.32771 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{6A2A8076-135F-4F55-BB02-DED67C8C6934}) (Version: 4.67.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{7C0242A3-8B66-35D1-9FE0-13B426ACB609}) (Version: 10.0.60729 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.60724 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.60724 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4 (HKLM-x32\...\{C5564379-582D-457A-9E68-A9E7C1F1C4EC}_is1) (Version: 1.4 - Sam Rodberg)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 99.0.1 (x64 de)) (Version: 99.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 99.0.1 - Mozilla)
Mozilla Thunderbird (x86 de) (HKLM-x32\...\Mozilla Thunderbird 102.4.1 (x86 de)) (Version: 102.4.1 - Mozilla)
Mp3tag v3.01 (HKLM-x32\...\Mp3tag) (Version: 3.01 - Florian Heidenreich)
Office 15 Click-to-Run Extensibility Component (HKLM\...\{90150000-008C-0000-1000-0000000FF1CE}) (Version: 15.0.5493.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (HKLM\...\{90150000-007E-0000-1000-0000000FF1CE}) (Version: 15.0.5493.1000 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (HKLM\...\{90150000-008C-0407-1000-0000000FF1CE}) (Version: 15.0.5493.1000 - Microsoft Corporation) Hidden
Personal Backup 6.1.11.0 (64-bit) (HKLM\...\Personal Backup 6_is1) (Version: 6.1.11.0 - Dr. J. Rathlev)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.43.0 - Samsung Electronics Co., Ltd.)
Skype Version 8.75 (HKLM-x32\...\Skype_is1) (Version: 8.75 - Skype Technologies S.A.)
tiptoi® Manager 4.3 (HKLM\...\{833392BB-E8C0-4066-9408-3A30FA43972F}_is1) (Version: 4.3 - Ravensburger AG)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.51 - Ghisler Software GmbH)
UFRaw 0.19.2 (HKLM-x32\...\UFRaw_is1) (Version: - Udi Fuchs)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
UXP WebView Support (HKLM-x32\...\UXPW_1_1_0) (Version: 1.1.0 - Adobe Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
WISO Steuer-Sparbuch 2021 (HKLM-x32\...\{AF1FE075-A0FE-4085-B96E-C48D8EE07D44}) (Version: 28.00.1410 - Buhl Data Service GmbH)
WISO Steuer-Sparbuch 2022 (HKLM-x32\...\{A5BFDB2E-2988-488A-BE2C-E2AFDFF88169}) (Version: 29.03.2730 - Buhl Data Service GmbH)
Zoom (HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\ZoomUMX) (Version: 5.9.3 (3169) - Zoom Video Communications, Inc.)
Packages:
=========
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.1.0_neutral__yxz26nhyzhsrt [2022-10-15] (Microsoft Corp.)
Dolby Atmos Speaker System -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAtmosSpeakerSystem_3.20402.409.0_x64__rz1tebttyb220 [2020-03-26] (Dolby Laboratories)
Dolby Vision -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionHDR_2.1.5965.0_x64__rz1tebttyb220 [2022-08-05] (Dolby Laboratories)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_140.1.307.0_x64__v10z8vjag6ke6 [2022-11-06] (HP Inc.)
Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-04-27] (INTEL CORP) [Startup Task]
Lenovo Hotkeys -> C:\Program Files\WindowsApps\E0469640.LenovoUtility_4.3.20.0_x64__5grkq8ppsgwt4 [2022-10-14] (LENOVO INC) [Startup Task]
Lenovo Pen Settings -> C:\Program Files\WindowsApps\WacomTechnologyCorp.157535B83C264_7.7.61.0_neutral__ss941bf8mfs8a [2022-10-15] (Wacom Technology Corp.)
Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2209.2.0_x64__k1h2ywk1493x8 [2022-10-15] (LENOVO INC.)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.1.28.0_x64__8wekyb3d8bbwe [2022-10-15] (Microsoft Corp.)
MPEG-2-Videoerweiterung -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-03] (Microsoft Corporation)
ms-resource:APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.9.0_x64__8wekyb3d8bbwe [2022-10-15] (Microsoft Corp.)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.32061.0_x64__8wekyb3d8bbwe [2022-10-15] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2022-10-15] (Microsoft Corporation)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.11.217.0_x64__dt26b99r8h8gj [2020-06-21] (Realtek Semiconductor Corp)
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2022-10-18] (Microsoft Windows)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Cornelius\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.)
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Cornelius\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Cornelius\AppData\Local\Microsoft\OneDrive\20.064.0329.0008\amd64\FileSyncShell64.dll => Keine Datei
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> )
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Keine Datei
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> Keine Datei
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> )
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2022-09-07] (Adobe Inc. -> )
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2022-04-25 12:02 - 2022-04-25 12:02 - 042859520 _____ (Intel Corporation) [Datei ist nicht signiert] C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\IGCC.dll
2022-11-05 13:51 - 2022-11-05 13:51 - 003091456 _____ (Newtonsoft) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\ac58f792366fdaa39d9ace26f0583f53\Newtonsoft.Json.ni.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKU\S-1-5-21-1070191195-3368900776-1784378574-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002 -> DefaultScope {78C81D5A-6DC8-4757-A9E5-4BD91DAB1ECF} URL =
SearchScopes: HKU\S-1-5-21-1070191195-3368900776-1784378574-1002 -> {78C81D5A-6DC8-4757-A9E5-4BD91DAB1ECF} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2021-03-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2022-03-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2020-07-07] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\webcompanion.com -> hxxp://webcompanion.com
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-06-09 21:16 - 2020-06-09 21:16 - 000000375 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1070191195-3368900776-1784378574-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\windows\img0.jpg
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\Becca\Desktop\Rezepte\Blog\Rezepte\Crepes\DSC_0125neu1.JPG
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-1070191195-3368900776-1784378574-1003\...\StartupApproved\StartupFolder: => "HiDrive.lnk"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{BBA0011E-1AA3-4C6D-8292-9C719847F119}] => (Allow) C:\Users\Becca\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{3AEA1BB6-6038-4155-AA6C-63FD845642BC}C:\users\becca\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\becca\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{7CD7D34C-DBCD-4BA0-86D2-9B6E59CED39B}C:\users\becca\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\becca\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{2A2B6193-AECF-4B9D-96D5-C182C8547D98}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [TCP Query User{2B75DDE5-BE41-411D-8BED-E31DD8CB83AE}C:\program files (x86)\arduino\java\bin\javaw.exe] => (Allow) C:\program files (x86)\arduino\java\bin\javaw.exe
FirewallRules: [{D3463351-8DFB-459F-A858-041DFC78D351}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{186F20E1-4B7E-4FED-BDF1-025F51772525}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9EC56E67-D076-4822-A19E-76E7C3CC6A33}] => (Allow) C:\Program Files (x86)\Mp3tag\Mp3tag.exe (Florian Heidenreich -> Florian Heidenreich)
FirewallRules: [{ECAF7C7E-6C6C-49EF-AC04-218C5DCDBD33}] => (Allow) C:\Program Files (x86)\Mp3tag\Mp3tag.exe (Florian Heidenreich -> Florian Heidenreich)
FirewallRules: [{41D00A09-741B-4CBB-97BD-295B84DDC32C}] => (Allow) C:\Program Files (x86)\Mp3tag\Mp3tag.exe (Florian Heidenreich -> Florian Heidenreich)
FirewallRules: [{D251A1FD-7250-4C36-B21A-7F3CC6B95B87}] => (Allow) C:\Program Files (x86)\Mp3tag\Mp3tag.exe (Florian Heidenreich -> Florian Heidenreich)
FirewallRules: [{25D3AC15-51AF-4B99-9974-053BAE853BD8}] => (Allow) C:\Program Files\tiptoi® Manager\tiptoi® Manager.exe (Ravensburger AG -> )
FirewallRules: [{14701DD4-7203-4413-8CC4-83586700D71D}] => (Allow) C:\Program Files\tiptoi® Manager\tiptoi® Manager.exe (Ravensburger AG -> )
FirewallRules: [{8E25D2CE-CC31-48FD-AF0E-30F72FA187FD}] => (Allow) C:\Program Files\tiptoi® Manager\tiptoi® Manager.exe (Ravensburger AG -> )
FirewallRules: [{FB86FF1C-E6C2-4F5F-93C3-3F1E9F0D284F}] => (Allow) C:\Program Files\tiptoi® Manager\tiptoi® Manager.exe (Ravensburger AG -> )
FirewallRules: [{5B8B5729-634F-455D-89AE-DFF801FF872E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0F1327D9-ACAD-464D-A19D-B2D924D1CBE0}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{96ECBA74-B900-4380-8142-B8C9AA7FD8C1}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{B146688A-C425-4A4A-A12C-93951B61A15A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{45EDF6FD-0BA9-4759-8BC8-6C15A6230325}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{139A3C18-E76A-425F-A0F6-948C34D0E33F}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [Datei ist nicht signiert]
FirewallRules: [UDP Query User{66BD6054-7371-41B9-ADF5-1DB69ECD0485}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [Datei ist nicht signiert]
FirewallRules: [{0DC29716-8A7F-401A-9F53-01DD3B5A0B6B}] => (Allow) C:\Users\Becca\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{E76FC87C-3D27-4FCD-B1DD-73826839057B}] => (Allow) C:\Users\Becca\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{6059E92D-EB2B-4518-AD9B-D2D6F550BECD}] => (Allow) C:\Users\Becca\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{38BDE18C-C535-48C0-A69A-929C2DD47707}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D7C0C0C2-8638-4B5B-B87A-550EDCA2B01A}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CAE2A7CD-6DC4-42FB-861A-2769031D291D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\FaxApplications.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{98564E46-23A1-46D9-9C78-F09C0FB2740A}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\DigitalWizards.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{B67B11F2-051D-48F2-81EF-20D2231A7A85}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\bin\SendAFax.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{BC675D63-E07A-4D18-BD31-8B0EA97F15EC}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\DeviceSetup.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{8096D4E3-D908-47F5-B4F1-AE5E7B666A2F}] => (Allow) LPort=5357
FirewallRules: [{401CD75C-E84D-4D2D-86DD-146893615A2C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8610\Bin\HPNetworkCommunicatorCom.exe (HP Inc. -> Hewlett-Packard Development Company, LP)
FirewallRules: [{B907840C-99C9-4C08-81FC-C1DC1DE8FD1A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{26076964-3270-4A66-ADCB-8EE77CDB3BD9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EDE8F249-3DAD-49D7-A422-94B5729B5759}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1F277A1E-287D-43BE-A559-734C27D2357F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{CEFE7715-0808-4919-85E6-BFF8670756AC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22273.905.1632.1008_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{57729BFD-6239-4B51-A8D6-11AE8EFEBB05}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_22273.905.1632.1008_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{F5F1674D-4E09-4833-934C-672B78E0A1AD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.26\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2A06E4BC-7450-46B4-B47E-D3C7F8CFAF85}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\107.0.1418.35\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
26-10-2022 17:49:19 Windows Modules Installer
08-11-2022 21:42:05 PDF-XChange Editor
08-11-2022 22:46:07 AdwCleaner_BeforeCleaning_08/11/2022_22:46:07
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (11/08/2022 02:16:32 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-2BR8MEO)
Description: Name der fehlerhaften Anwendung: IGCCTray.exe, Version: 1.100.3408.0, Zeitstempel: 0x62341a86
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.22621.608, Zeitstempel: 0x4769d08d
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000008fb0c
ID des fehlerhaften Prozesses: 0x0x42bc
Startzeit der fehlerhaften Anwendung: 0x0x1d8f37451a57e09
Pfad der fehlerhaften Anwendung: C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: d15065f8-84b1-4143-bed7-18cdb54753a8
Vollständiger Name des fehlerhaften Pakets: AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (11/08/2022 02:16:32 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IGCCTray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.UnauthorizedAccessException
bei System.IO.__Error.WinIOError(Int32, System.String)
bei System.IO.Pipes.NamedPipeServerStream.Create(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeAccessRights, SECURITY_ATTRIBUTES)
bei System.IO.Pipes.NamedPipeServerStream..ctor(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeSecurity, System.IO.HandleInheritability, System.IO.Pipes.PipeAccessRights)
bei System.IO.Pipes.NamedPipeServerStream..ctor(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeSecurity)
bei GCP.ML.BackgroundSysTray.SingleInstanceApp.NamedPipeServerCreateServer()
bei GCP.ML.BackgroundSysTray.SingleInstanceApp.Initialize()
bei GCP.ML.BackgroundSysTray.Program.Main()
Error: (11/07/2022 10:29:46 AM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Name der fehlerhaften Anwendung: SecurityHealthService.exe, Version: 10.0.22621.608, Zeitstempel: 0x45a7fb3f
Name des fehlerhaften Moduls: ucrtbase.dll, Version: 10.0.22621.608, Zeitstempel: 0xf5fc15a3
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000007f61e
ID des fehlerhaften Prozesses: 0x0x11d4
Startzeit der fehlerhaften Anwendung: 0x0x1d8f20fceaec9e7
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\SecurityHealthService.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ucrtbase.dll
Berichtskennung: 6609d64d-fc8f-4f3a-bfe4-5778d7d10049
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/06/2022 07:43:29 PM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Name der fehlerhaften Anwendung: SecurityHealthService.exe, Version: 10.0.22621.608, Zeitstempel: 0x45a7fb3f
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.22621.608, Zeitstempel: 0xf2e8a5ab
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000000000010c1c9
ID des fehlerhaften Prozesses: 0x0x1a98
Startzeit der fehlerhaften Anwendung: 0x0x1d8f1d0e4916429
Pfad der fehlerhaften Anwendung: C:\WINDOWS\system32\SecurityHealthService.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 61430bb4-5ffd-4415-8456-254390b96a1c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (11/06/2022 07:42:36 PM) (Source: Microsoft-Windows-Perflib) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Windows kann die erweiterbare Leistungsindikator-DLL "C:\WINDOWS\system32\sysmain.dll" nicht laden (Win32-Fehlercode 126).
Error: (11/06/2022 02:00:01 PM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT)
Description: Das Programm outlook.exe Version 15.0.5479.1000 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“.
Error: (11/06/2022 01:44:26 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-2BR8MEO)
Description: Name der fehlerhaften Anwendung: IGCCTray.exe, Version: 1.100.3408.0, Zeitstempel: 0x62341a86
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.22621.608, Zeitstempel: 0x4769d08d
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000000000008fb0c
ID des fehlerhaften Prozesses: 0x0x3990
Startzeit der fehlerhaften Anwendung: 0x0x1d8f1dd80e49d89
Pfad der fehlerhaften Anwendung: C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 1fa37181-9d64-4e36-8e79-85f63746a54a
Vollständiger Name des fehlerhaften Pakets: AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
Error: (11/06/2022 01:44:26 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IGCCTray.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.UnauthorizedAccessException
bei System.IO.__Error.WinIOError(Int32, System.String)
bei System.IO.Pipes.NamedPipeServerStream.Create(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeAccessRights, SECURITY_ATTRIBUTES)
bei System.IO.Pipes.NamedPipeServerStream..ctor(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeSecurity, System.IO.HandleInheritability, System.IO.Pipes.PipeAccessRights)
bei System.IO.Pipes.NamedPipeServerStream..ctor(System.String, System.IO.Pipes.PipeDirection, Int32, System.IO.Pipes.PipeTransmissionMode, System.IO.Pipes.PipeOptions, Int32, Int32, System.IO.Pipes.PipeSecurity)
bei GCP.ML.BackgroundSysTray.SingleInstanceApp.NamedPipeServerCreateServer()
bei GCP.ML.BackgroundSysTray.SingleInstanceApp.Initialize()
bei GCP.ML.BackgroundSysTray.Program.Main()
Systemfehler:
=============
Error: (11/08/2022 11:11:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ImControllerService" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (11/08/2022 11:10:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\WINDOWS\system32\IntelIHVRouter08.dll
Error: (11/08/2022 11:10:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\WINDOWS\system32\IntelIHVRouter08.dll
Error: (11/08/2022 11:09:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Universal Device Client Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (11/08/2022 11:09:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Print Scan Doctor Service" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert.
Error: (11/08/2022 11:09:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Dynamic Tuning service" wurde unerwartet beendet. Dies ist bereits 3 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (11/08/2022 11:09:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LenovoVantageService" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.
Error: (11/08/2022 11:09:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "SAMSUNG Mobile Connectivity Service V2" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 100 Millisekunden durchgeführt: Neustart des Diensts.
CodeIntegrity:
===============
Date: 2022-11-08 23:11:16
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2210.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_93d11e2397cac3a9\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-11-08 21:53:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_93d11e2397cac3a9\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-11-08 21:43:19
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\CorePrivacySettingsStore.dll because the set of per-page image hashes could not be found on the system.
Date: 2022-11-08 21:36:43
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Avira\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
BIOS: LENOVO BNCN44WW 01/27/2022
Hauptplatine: LENOVO LNVNB161216
Prozessor: Intel(R) Core(TM) i7-10510U CPU @ 1.80GHz
Prozentuale Nutzung des RAM: 45%
Installierter physikalischer RAM: 16180.49 MB
Verfügbarer physikalischer RAM: 8834.64 MB
Summe virtueller Speicher: 17204.49 MB
Verfügbarer virtueller Speicher: 9100.09 MB
==================== Laufwerke ================================
Drive c: (Windows-SSD) (Fixed) (Total:952.62 GB) (Free:358.6 GB) (Model: SAMSUNG MZVLB1T0HBLR-000L2) (Protected) NTFS
\\?\Volume{1bc0db13-7e18-4ae6-b763-ac1125df1471}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.16 GB) NTFS
\\?\Volume{df614430-b0e7-4381-8cd3-8402093814e3}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.2 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 953.9 GB) (Disk ID: 1E7D9B4E)
Partition: GPT.
==================== Ende von Addition.txt =======================
|
|
| Themen zu Avira hat CRaccoon in Quarantäne geschoben |
| avira, firefox, ftp, home, homepage, internet, internet explorer, malware, mozilla, mp3, port, problem, prozesse, realtek, registry, rundll, scan, security, services.exe, software, svchost.exe, udp, usb, windows, wiso |
Linear-Darstellung
