| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: WIN 10 Anhang geöffnet: Telekom Rechnung…pdf.htm - [TEIL 1 - Farbar Untersuchungsergebnis]Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
18.02.2023, 16:29
| #16 |
 | ![WIN 10 Anhang geöffnet: Telekom Rechnung…pdf.htm - [TEIL 1 - Farbar Untersuchungsergebnis] - Standard](images/icons/icon1.gif){kind=icon} WIN 10 Anhang geöffnet: Telekom Rechnung…pdf.htm - [TEIL 1 - Farbar Untersuchungsergebnis]Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 16-02-2023
durchgeführt von Ganz (Administrator) auf HP-ARBEITSZ (HP HP ProBook 450 G4) (18-02-2023 15:59:57)
Gestartet von C:\Users\Ganz\Desktop
Geladene Profile: Ganz
Plattform: Microsoft Windows 10 Pro Version 22H2 19045.2604 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(C:\Program Files (x86)\Citrix\ICA Client\concentr.exe ->) (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe ->) (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe
(C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfService.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.46\msedgewebview2.exe <7>
(C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe ->) (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\SelfService.exe
(C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe ->) (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\AnalyticsSrv.exe
(Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe
(DigitalPersona, Inc. -> Crossmatch, Inc.) C:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpCardEngine.exe
(DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\HotKeyServiceUWP.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\HPHotkeyNotification.exe
(DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxCUIService.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxEM.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Windows -> ) C:\Windows\System32\EoAExperiences.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <10>
(PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe
(services.exe ->) (Digital Wave Ltd -> Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(services.exe ->) (geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>
(services.exe ->) (Hewlett Packard Enterprise Company -> Hewlett Packard Enterprise Company) C:\Program Files (x86)\HP\HP Device Access Manager\HPE.DeviceAccessManager.ServiceHost.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\HotKeyServiceUWP.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\LanWlanWwanSwitchingServiceUWP.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> ) C:\Windows\System32\fpCSEvtSvc.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(services.exe ->) (Sony) [Datei ist nicht signiert] C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\AuthManager\AuthManSvr.exe
(svchost.exe ->) (Citrix Systems, Inc. -> Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(svchost.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Users\Ganz\Desktop\adwcleaner.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22122.94.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Synaptics Incorporated -> Conexant) C:\Windows\System32\MicTray64.exe
(svchost.exe ->) (Synaptics Incorporated) [Datei ist nicht signiert] C:\Windows\System32\SynaMonApp.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-06-30] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [366960 2022-09-01] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [592608 2022-07-13] (geek software GmbH -> geek software GmbH)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Opera Browser Assistant] => C:\Program Files\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [AnalyticsSrv] => C:\Program Files (x86)\Citrix\ICA Client\Receiver\AnalyticsSrv.exe [2634344 2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [2971608 2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [572376 2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [InstallHelper] => C:\Program Files (x86)\Citrix\Citrix WorkSpace 2210\InstallHelper.exe [408496 2022-10-06] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.46\Installer\setup.exe [4082120 2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\Run: [AudialsNotifier] => C:\Program Files (x86)\Audials\Audials 2018\AudialsNotifier.exe [4293016 2017-11-17] (Audials AG -> )
HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [38966072 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\Run: [XperiaCompanionAgent] => C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanionAgent.exe [1690704 2020-06-17] (Sony Mobile Communications AB -> Sony)
HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\Run: [MicrosoftEdgeAutoLaunch_33AB6AD30668417CC16079428DBD5A47] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4243408 2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\Run: [] => [X]
HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\Policies\system: [shell] explorer.exe <==== ACHTUNG
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe [2023-02-16] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{60f15951-e7ef-11ea-b28e-c4b301b9ed33}] -> C:\Program Files (x86)\Citrix\ICA Client\CitrixEnterpriseBrowser\105.1.1.27\Installer\chrmstp.exe [2022-10-20] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP JumpStart Launch.lnk [2016-09-25]
ShortcutTarget: HP JumpStart Launch.lnk -> c:\Windows\Installer\{0F5EBB0D-DF6D-4DBE-9789-57BF05B3B0FD}\HPlogo_blue.ico () [Datei ist nicht signiert]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Universal Media Server.lnk [2021-01-15]
ShortcutTarget: Universal Media Server.lnk -> C:\Program Files (x86)\Universal Media Server\UMS.exe (Universal Media Server) [Datei ist nicht signiert]
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy-Firefox: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {15CA46FB-959D-4B51-BFE9-A0A7736FC8E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe /DeviceScanR6 (Keine Datei)
Task: {328CD258-5CE7-424F-861F-4D12D9A9A5A7} - \Opera scheduled assistant Autoupdate 1581001615 -> Keine Datei <==== ACHTUNG
Task: {38910CEB-2644-4815-AD6B-21305847359D} - System32\Tasks\HP\HP Hotkey Support\Start QLBController Process => C:\Program Files (x86)\HP\HP Hotkey Support\QLBController.exe (Keine Datei)
Task: {3B6A539A-7259-4838-AC79-4E00939768F0} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
Task: {45BBC3E4-79A9-43C4-A2A7-78FECF002708} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [847392 2023-01-10] (HP Inc. -> HP Inc.)
Task: {4A5E2EF2-7F49-40E5-BEB8-8CB7EC24DFC3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /f (Keine Datei)
Task: {6354BAD4-1C76-4EE2-9870-9503CFA7B03C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1149464 2023-01-10] (HP Inc. -> HP Inc.)
Task: {63841390-62C1-40C2-B2D7-484C3D5DA839} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [710560 2023-02-03] (Mozilla Corporation -> Mozilla Foundation)
Task: {651235E9-621E-4DF1-993D-F3DD7613F7F0} - System32\Tasks\Microsoft\Windows\Conexant\SynaMonApp => C:\Windows\System32\SynaMonApp.exe [170496 2018-10-30] (Synaptics Incorporated) [Datei ist nicht signiert]
Task: {74EF12D0-5FE7-41D0-8DDC-50E3FA325845} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-749038088-1968257971-3176724149-1002 => C:\Program Files (x86)\Real\RealDownloader\RealUpgrade.exe /scheduledcheck (Keine Datei)
Task: {7C693021-6500-4EBA-B005-0241B83C6A85} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe /scheduler (Keine Datei)
Task: {7D84682E-39A2-4B17-ACF7-35D5D5236A62} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-749038088-1968257971-3176724149-1002 => C:\Program Files (x86)\Real\RealDownloader\recordingmanager.exe /bgrecordaliveevent (Keine Datei)
Task: {82F2910F-7336-4652-8D05-44D0D8BB5714} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-13] (Google Inc -> Google Inc.)
Task: {87E56F64-2579-4AC4-B49E-5EED09AFAB66} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {882410F5-1EBC-401A-BD8B-405F6F14FF22} - System32\Tasks\Opera scheduled Autoupdate 1512162865 => C:\Program Files\Opera\launcher.exe [2635208 2023-02-15] (Opera Norway AS -> Opera Software)
Task: {89726209-BECC-403E-8E42-457CC030FFC9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-10-13] (Google Inc -> Google Inc.)
Task: {8CFFD35B-91A3-4FCB-8E0D-C3917ACA0D4B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {A47605CC-7DCF-4E5A-8933-31BFDB9895DB} - System32\Tasks\CCleanerSkipUAC - Ganz => C:\Program Files\CCleaner\CCleaner.exe [32631096 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {A4C71144-A91C-4AF2-89AA-EEA8E4E876D0} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2023-02-08] (Piriform Software Ltd -> Piriform)
Task: {AED56712-B61D-4FDB-A990-F8B7E5A80ED1} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703544 2023-02-08] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --configpath "C:\Program Files\CCleaner\Setup" --guid "fad68a5b-a574-4065-95a6-e3cdaa5a95b9" --version "6.09.10300" --silent
Task: {B9A4DEEB-E7D6-416C-B0EA-3FFE820F2971} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2023-01-10] (HP Inc. -> HP Inc.)
Task: {D534D46F-5D40-498D-BD51-458945DCA8D3} - System32\Tasks\Microsoft\Windows\Conexant\MicTray => C:\Windows\System32\MicTray64.exe [5009512 2020-06-13] (Synaptics Incorporated -> Conexant)
Task: {F700ECBF-D13C-4A58-8998-B5CC5273A503} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-749038088-1968257971-3176724149-1002 => C:\Program Files (x86)\Real\RealDownloader\RealUpgrade.exe /logoncheck (Keine Datei)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{4aed77b6-c98c-4c8d-933f-4e428e37811f}: [DhcpNameServer] 172.18.1.1
Tcpip\..\Interfaces\{8474238d-b387-42a4-bfee-24a6197d0101}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{a2900742-64c8-4bba-b955-4d097f46677e}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{d04cd47e-9a8a-4710-86a0-74aee1f8bafa}: [DhcpNameServer] 192.168.178.1
Edge:
=======
DownloadDir: C:\Users\Ganz\Downloads
Edge HomeButtonPage: HKU\S-1-5-21-749038088-1968257971-3176724149-1005 -> about:tabs
Edge Notifications: HKU\S-1-5-21-749038088-1968257971-3176724149-1005 -> hxxps://www.hagebau.de
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\Ganz\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-13]
Edge Notifications: Default -> hxxps://www.hagebau.de
Edge HomePage: Default -> edge://newtab/
Edge Extension: (Avira Safe Shopping) - C:\Users\Ganz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2023-02-12]
Edge Extension: (Avira Password Manager) - C:\Users\Ganz\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle [2023-02-12]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
FireFox:
========
FF DefaultProfile: 27pb13jo.default-1579725056422
FF ProfilePath: C:\Users\Ganz\AppData\Roaming\Mozilla\Firefox\Profiles\27pb13jo.default-1579725056422 [2023-02-18]
FF Notifications: Mozilla\Firefox\Profiles\27pb13jo.default-1579725056422 -> hxxps://www.tui.com
FF Extension: (HTTPS Everywhere) - C:\Users\Ganz\AppData\Roaming\Mozilla\Firefox\Profiles\27pb13jo.default-1579725056422\Extensions\https-everywhere@eff.org.xpi [2021-07-14]
FF Extension: (Privacy Badger) - C:\Users\Ganz\AppData\Roaming\Mozilla\Firefox\Profiles\27pb13jo.default-1579725056422\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2023-02-03]
FF Extension: (Startpage.com — Datenschutz-Suchmaschine) - C:\Users\Ganz\AppData\Roaming\Mozilla\Firefox\Profiles\27pb13jo.default-1579725056422\Extensions\{20fc2e06-e3e4-4b2b-812b-ab431220cada}.xpi [2020-09-30]
FF Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\Ganz\AppData\Roaming\Mozilla\Firefox\Profiles\27pb13jo.default-1579725056422\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2020-02-28] [UpdateUrl:hxxps://tools.google.com/service/update2/ff?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%]
FF Extension: (Video DownloadHelper) - C:\Users\Ganz\AppData\Roaming\Mozilla\Firefox\Profiles\27pb13jo.default-1579725056422\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2022-12-08]
FF Extension: (DownThemAll!) - C:\Users\Ganz\AppData\Roaming\Mozilla\Firefox\Profiles\27pb13jo.default-1579725056422\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2023-01-31]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - c:\Program Files (x86)\HP\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome => nicht gefunden
FF Plugin: @Citrix.com/npagee64,version=11.0.63.16 -> C:\Program Files\Citrix\Secure Access Client\npagee64.dll [2015-10-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2017-03-06] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2017-03-06] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN)
FF Plugin-x32: @Citrix.com/npagee,version=11.0.63.16 -> C:\Program Files\Citrix\Secure Access Client\npagee.dll [2015-10-04] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-03-06] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2017-03-06] (Tracker Software Products (Canada) Ltd -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei]
FF Plugin HKU\S-1-5-21-749038088-1968257971-3176724149-1005: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [Keine Datei]
FF Plugin ProgramFiles/Appdata: C:\Users\Ganz\AppData\Roaming\mozilla\plugins\npagee.dll [2017-10-02]
FF Plugin ProgramFiles/Appdata: C:\Users\Ganz\AppData\Roaming\mozilla\plugins\npagee64.dll [2017-10-02]
Chrome:
=======
CHR Profile: C:\Users\Ganz\AppData\Local\Google\Chrome\User Data\Default [2023-02-10]
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&pc=COS2&ptag=D040721-N0640A74DCDF78DC&form=CONBDF&conlogo=CT3335043
CHR DefaultSearchKeyword: Default -> bing®
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab?pc=COS2&ptag=D040721-N0630A74DCDF78DC&form=CONMHP&conlogo=CT3335043
CHR DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query={searchTerms}
CHR Extension: (PriceTiger) - C:\Users\Ganz\AppData\Local\Google\Chrome\User Data\Default\Extensions\bolplfmefepdhhakjbdggjmocjdkjkgb [2021-12-20]
CHR Extension: (Cookie Raccoon) - C:\Users\Ganz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cipiciigpkfkldonnnjdjkldkfpmpack [2021-04-07]
CHR Extension: (Google Docs Offline) - C:\Users\Ganz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Ganz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-03-24]
CHR Profile: C:\Users\Ganz\AppData\Local\Google\Chrome\User Data\System Profile [2022-03-22]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Opera:
=======
OPR Profile: C:\Users\Ganz\AppData\Roaming\Opera Software\Opera Stable [2023-02-08]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\Ganz\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2022-11-10]
OPR Extension: (Opera Wallet) - C:\Users\Ganz\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-01-16]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Ganz\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-09-23]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103280 2022-09-01] (Apple Inc. -> Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 CWAUpdaterService; C:\Program Files (x86)\Citrix\ICA Client\Receiver\UpdaterService.exe [63408 2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
R2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2017-03-22] (Digital Wave Ltd -> Digital Wave Ltd.)
S2 DpHost; c:\Program Files\HP\HP ProtectTools Security Manager\Bin\DpHostW.exe [527296 2016-07-19] (DigitalPersona, Inc. -> Crossmatch, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [567888 2016-08-11] (Hewlett Packard Enterprise Company -> Hewlett-Packard Company)
R2 fpCsEvtSvc; C:\WINDOWS\System32\fpCSEvtSvc.exe [22424 2019-05-05] (Microsoft Windows Hardware Compatibility Publisher -> )
R2 HotKeyServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\HotKeyServiceUWP.exe [1561032 2022-10-12] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe [797640 2023-01-10] (HP Inc. -> HP Inc.)
R2 HpDamServiceHost; c:\Program Files (x86)\HP\HP Device Access Manager\HPE.DeviceAccessManager.ServiceHost.exe [20376 2016-08-09] (Hewlett Packard Enterprise Company -> Hewlett Packard Enterprise Company)
R2 HPDiagsCap; C:\Program Files\HP\HP Enabling Services\DiagsCap.exe [796616 2023-01-10] (HP Inc. -> HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [459800 2016-06-02] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Program Files\HP\HP Enabling Services\NetworkCap.exe [793000 2023-01-10] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe [796584 2023-01-10] (HP Inc. -> HP Inc.)
R2 LanWlanWwanSwitchingServiceUWP; C:\WINDOWS\System32\DriverStore\FileRepository\hpqkbsoftwarecompnent.inf_amd64_5c0b90ae6269072a\LanWlanWwanSwitchingServiceUWP.exe [606664 2022-10-12] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8967840 2023-02-16] (Malwarebytes Inc. -> Malwarebytes)
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [592608 2022-07-13] (geek software GmbH -> geek software GmbH)
S2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [35104 2017-03-02] (RealNetworks, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 valWBFPolicyService; C:\WINDOWS\System32\valWBFPolicyService.exe [91032 2019-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2301.6-0\NisSrv.exe [3191256 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2301.6-0\MsMpEng.exe [133576 2023-02-15] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2575360 2020-06-17] (Sony) [Datei ist nicht signiert]
S3 CitrixEnterpriseBrowserElevationService; "C:\Program Files (x86)\Citrix\ICA Client\CitrixEnterpriseBrowser\105.1.1.27\elevation_service.exe" [X]
S2 HP Comm Recover; "C:\Program Files\HPCommRecovery\HPCommRecovery.exe" [X]
S2 HPSupportSolutionsFrameworkService; "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe" [X]
S2 HPTouchpointAnalyticsService; "C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 ctxusbm; C:\WINDOWS\system32\DRIVERS\ctxusbmon.sys [136680 2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
S3 DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv64.sys [76432 2016-08-11] (Hewlett Packard Enterprise Company -> Hewlett-Packard Enterpise Company)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2023-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2018-04-20] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223176 2023-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-02-16] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [198080 2023-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [77736 2023-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-02-16] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [181816 2023-02-16] (Malwarebytes Inc. -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [23040 2017-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R1 RrNetCapFilterDriver; C:\WINDOWS\system32\DRIVERS\RrNetCapFilterDriver.sys [34608 2017-11-17] (Audials AG -> Audials AG)
S3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [1063520 2017-02-23] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 tbhsd; C:\WINDOWS\system32\drivers\tbhsd.sys [57648 2017-11-17] (Audials AG -> RapidSolution Software AG)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2017-10-11] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49576 2023-02-15] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [473336 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99576 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2023-02-18 15:54 - 2023-02-18 15:54 - 000000000 ____D C:\Users\Ganz\Desktop\FRST-OlderVersion
2023-02-16 22:43 - 2023-02-16 22:48 - 000000310 _____ C:\Users\Ganz\Desktop\Search.txt
2023-02-16 22:34 - 2023-02-18 15:58 - 000122555 _____ C:\Users\Ganz\Desktop\FRST-04-1.txt
2023-02-16 18:54 - 2023-02-16 18:54 - 000181816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2023-02-16 18:48 - 2023-02-16 18:48 - 000007368 _____ C:\Users\Ganz\Desktop\AdwCleaner[C00].txt
2023-02-16 18:47 - 2023-02-16 18:47 - 000001419 _____ C:\Users\Ganz\Desktop\MBAM.TXT-02.txt
2023-02-16 18:26 - 2023-02-16 18:26 - 000004776 _____ C:\Users\Ganz\Documents\Malwarebytes 4.5.22.txt
2023-02-16 14:32 - 2023-02-16 18:28 - 000000000 ____D C:\AdwCleaner
2023-02-16 14:31 - 2023-02-16 14:31 - 008791352 _____ (Malwarebytes) C:\Users\Ganz\Desktop\adwcleaner.exe
2023-02-16 11:18 - 2023-02-16 11:18 - 000004957 _____ C:\Users\Ganz\Desktop\Malwarebytes.txt
2023-02-16 10:50 - 2023-02-16 10:50 - 000000000 ____D C:\Users\Ganz\AppData\Local\mbam
2023-02-16 10:46 - 2023-02-16 10:46 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-02-16 10:46 - 2023-02-16 10:46 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-02-16 10:44 - 2023-02-16 10:44 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-02-16 10:44 - 2023-02-16 10:44 - 000000000 ____D C:\Program Files\Malwarebytes
2023-02-16 10:38 - 2023-02-16 10:38 - 002555248 _____ (Malwarebytes) C:\Users\Ganz\Desktop\MBSetup.exe
2023-02-15 13:34 - 2023-02-15 13:34 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2023-02-15 10:29 - 2023-02-15 10:29 - 000000000 ___HD C:\$WinREAgent
2023-02-12 17:37 - 2023-02-12 17:37 - 000000000 ____D C:\Users\Ganz\Downloads\FRST03
2023-02-12 17:27 - 2023-02-16 22:05 - 000000000 ____D C:\Users\Ganz\Downloads\FRST 02
2023-02-10 13:58 - 2023-02-10 13:58 - 000000000 ____D C:\Users\Ganz\AppData\Local\AviraWebView2Cache
2023-02-10 13:19 - 2023-02-16 22:11 - 000073685 _____ C:\Users\Ganz\Desktop\Addition.txt
2023-02-10 13:19 - 2023-02-10 13:19 - 000000000 ___HD C:\$AV_ASW
2023-02-10 13:15 - 2023-02-18 16:00 - 000036312 _____ C:\Users\Ganz\Desktop\FRST.txt
2023-02-10 13:12 - 2023-02-18 16:00 - 000000000 ____D C:\FRST
2023-02-10 13:12 - 2023-02-12 17:32 - 000000000 ____D C:\Users\Ganz\Downloads\FRST02
2023-02-10 13:10 - 2023-02-13 16:24 - 000000000 ____D C:\Users\Ganz\AppData\Roaming\SEO
2023-02-10 13:10 - 2023-02-10 13:10 - 003480536 _____ C:\Users\Ganz\Downloads\FRST02.zip
2023-02-10 13:10 - 2023-02-10 13:10 - 000001712 _____ C:\Users\Ganz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SearchEngineOptimizer.lnk
2023-02-10 13:00 - 2023-02-10 13:00 - 000000000 ____D C:\Users\Public\Security Sessions
2023-02-10 12:58 - 2023-02-10 13:00 - 000000000 ____D C:\Users\Ganz\AppData\Local\Avira
2023-02-10 12:58 - 2023-02-10 12:58 - 000000000 ____D C:\WINDOWS\SysWOW64\statReporter
2023-02-10 12:57 - 2023-02-15 13:39 - 000000000 ____D C:\Program Files (x86)\Avira
2023-02-10 12:57 - 2023-02-15 13:36 - 000000000 ____D C:\ProgramData\Avira
2023-02-03 18:25 - 2023-02-18 15:54 - 002378240 _____ (Farbar) C:\Users\Ganz\Desktop\FRST64.exe
2023-02-03 00:08 - 2023-02-10 12:58 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-02-03 00:08 - 2023-02-03 00:08 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-01-20 14:30 - 2023-01-20 19:07 - 000271360 _____ C:\Users\Ganz\Desktop\Outlook.pst
2023-01-20 14:29 - 2023-01-20 14:29 - 000000000 ____D C:\Users\Ganz\Documents\Outlook-Dateien
2023-01-20 14:28 - 2023-01-20 14:28 - 000002423 _____ C:\Users\Public\Desktop\Windows-Migrationsassistent.lnk
2023-01-20 14:27 - 2023-01-20 14:27 - 059884472 _____ (Apple Inc.) C:\Users\Ganz\Desktop\WindowsMigrationAssistantSetup.exe
2023-01-19 14:36 - 2023-01-19 14:36 - 000000000 ____D C:\Users\Ganz\Downloads\Flüchtling
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2023-02-18 15:50 - 2017-10-13 15:05 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-18 15:48 - 2020-12-14 20:34 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-18 15:48 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-18 11:37 - 2017-04-26 10:04 - 000000000 ____D C:\Users\Ganz\AppData\LocalLow\Mozilla
2023-02-18 11:32 - 2017-03-10 22:44 - 000000000 ____D C:\Program Files\CCleaner
2023-02-18 11:31 - 2022-02-11 12:09 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-18 11:30 - 2023-01-17 11:21 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-02-18 11:30 - 2020-03-14 04:13 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-18 11:30 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-18 11:30 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-17 15:11 - 2021-10-16 03:00 - 000001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2023-02-17 15:11 - 2020-12-14 20:44 - 000003972 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1512162865
2023-02-17 15:11 - 2017-12-01 22:14 - 000000000 ____D C:\Program Files\Opera
2023-02-17 11:58 - 2018-07-06 10:17 - 000000000 ____D C:\Users\Ganz\AppData\Local\D3DSCache
2023-02-16 22:27 - 2016-08-22 02:59 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2023-02-16 22:11 - 2017-10-13 15:06 - 000002300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-02-16 22:04 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-02-16 19:01 - 2020-12-14 20:41 - 001883140 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-02-16 19:01 - 2019-12-07 15:51 - 000804906 _____ C:\WINDOWS\system32\perfh007.dat
2023-02-16 19:01 - 2019-12-07 15:51 - 000175844 _____ C:\WINDOWS\system32\perfc007.dat
2023-02-16 19:01 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2023-02-16 18:54 - 2017-04-25 17:35 - 000000000 __SHD C:\Users\Ganz\IntelGraphicsProfiles
2023-02-16 18:53 - 2020-12-14 20:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-02-16 18:53 - 2020-12-14 20:34 - 000008192 ___SH C:\DumpStack.log.tmp
2023-02-16 18:53 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-02-16 18:53 - 2017-06-19 09:07 - 000000000 ____D C:\ProgramData\Synaptics
2023-02-16 18:53 - 2016-09-25 04:40 - 000000000 ____D C:\Intel
2023-02-16 18:31 - 2018-05-22 16:02 - 000000000 ____D C:\Users\Ganz\AppData\Roaming\Hewlett-Packard
2023-02-16 18:31 - 2017-06-19 09:07 - 000000000 ____D C:\Program Files (x86)\HP
2023-02-16 18:31 - 2016-09-25 04:45 - 000000000 ____D C:\ProgramData\HP
2023-02-16 18:31 - 2016-09-25 04:45 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2023-02-16 18:31 - 2016-08-22 03:00 - 000000000 ____D C:\Program Files (x86)\HP Inc
2023-02-16 18:31 - 2016-08-19 02:31 - 000000000 _RSHD C:\hp
2023-02-16 18:28 - 2017-12-01 22:13 - 000000000 ____D C:\Users\Ganz\AppData\Local\Downloaded Installations
2023-02-16 18:28 - 2016-08-22 03:00 - 000000000 ____D C:\Program Files\HP
2023-02-16 18:24 - 2021-12-20 13:09 - 000000000 ____D C:\Users\Ganz\AppData\Roaming\PriceWatch
2023-02-16 10:45 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-02-15 15:46 - 2020-02-27 00:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2023-02-15 14:45 - 2020-03-20 10:10 - 000000000 ___RD C:\Users\Ganz\Documents\alles
2023-02-15 14:45 - 2017-04-25 17:35 - 000000000 ___RD C:\Users\Ganz\OneDrive
2023-02-15 13:57 - 2018-02-26 22:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-02-15 13:47 - 2017-03-03 15:48 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2023-02-15 13:46 - 2018-09-16 14:17 - 000000000 ____D C:\Users\Ganz\AppData\Local\AVAST Software
2023-02-15 13:46 - 2018-09-16 14:16 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2023-02-15 13:46 - 2018-09-16 14:15 - 000000000 ____D C:\ProgramData\AVAST Software
2023-02-15 13:44 - 2021-07-29 18:30 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2023-02-15 13:39 - 2022-09-22 10:37 - 000000760 _____ C:\WINDOWS\Tasks\CCleanerCrashReporting.job
2023-02-15 13:39 - 2020-12-14 20:34 - 000705360 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-02-15 13:37 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-02-15 13:37 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-02-15 13:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-02-15 13:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-02-15 13:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-02-15 13:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-02-15 13:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-02-15 13:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-02-15 13:37 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-02-15 10:44 - 2022-09-22 10:37 - 000003474 _____ C:\WINDOWS\system32\Tasks\CCleanerCrashReporting
2023-02-15 10:44 - 2020-12-14 20:44 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2023-02-15 10:38 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-02-15 10:35 - 2020-12-14 20:35 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-02-15 10:28 - 2017-03-03 15:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-02-15 10:23 - 2017-03-03 15:47 - 149955784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-02-10 14:18 - 2018-09-23 15:06 - 000000000 ____D C:\Users\Ganz\AppData\Local\CrashDumps
2023-02-09 22:48 - 2021-12-13 16:48 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-749038088-1968257971-3176724149-1005
2023-02-09 22:48 - 2021-08-25 13:54 - 000002250 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC - Ganz
2023-02-09 22:48 - 2020-12-14 20:44 - 000003684 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-09 22:48 - 2020-12-14 20:44 - 000003560 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2023-02-09 22:48 - 2020-12-14 20:44 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-09 22:48 - 2020-12-14 20:44 - 000003336 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2023-02-09 22:48 - 2020-12-14 20:44 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-749038088-1968257971-3176724149-1005
2023-02-07 17:14 - 2016-09-25 05:12 - 000000000 ____D C:\ProgramData\HPQLOG
2023-02-04 11:29 - 2017-03-04 06:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-03 00:08 - 2017-03-04 06:51 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-02-02 11:19 - 2020-12-14 20:37 - 000002399 _____ C:\Users\Ganz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-01-27 09:39 - 2020-10-02 12:17 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-01-20 14:28 - 2022-07-19 11:24 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows-Migrationsassistent.lnk
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2017-12-05 15:02 - 2017-12-05 15:02 - 039301064 _____ (Flash-Integro LLC ) C:\Program Files (x86)\video_editor_x32.exe
2017-12-05 15:02 - 2017-12-05 15:02 - 044416504 _____ (Flash-Integro LLC ) C:\Program Files (x86)\video_editor_x64.exe
2023-01-18 16:01 - 2023-01-18 16:01 - 000004096 ____H () C:\Users\Ganz\AppData\Local\keyfile3.drm
2017-12-08 21:59 - 2017-12-08 21:59 - 000002787 _____ () C:\Users\Ganz\AppData\Local\recently-used.xbel
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 16-02-2023
durchgeführt von Ganz (18-02-2023 16:01:02)
Gestartet von C:\Users\Ganz\Desktop
Microsoft Windows 10 Pro Version 22H2 19045.2604 (X64) (2020-12-14 19:45:00)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-749038088-1968257971-3176724149-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-749038088-1968257971-3176724149-503 - Limited - Disabled)
Ganz (S-1-5-21-749038088-1968257971-3176724149-1005 - Administrator - Enabled) => C:\Users\Ganz
Gast (S-1-5-21-749038088-1968257971-3176724149-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-749038088-1968257971-3176724149-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
4uKey for Android (HKLM-x32\...\{4uKeyforAndroid}_is1) (Version: 2.5.3.2 - Tenorshare, Inc.)
7-Zip 22.00 (HKLM-x32\...\{23170F69-40C1-2701-2200-000001000000}) (Version: 22.00.00.0 - Igor Pavlov)
7-Zip 22.01 (x64 edition) (HKLM\...\{23170F69-40C1-2702-2201-000001000000}) (Version: 22.01.00.0 - Igor Pavlov)
Apple Application Support (64-Bit) (HKLM\...\{8B127943-89E7-4691-A7A4-D05807920A84}) (Version: 8.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{065D0CC8-C382-48AF-8A88-0DD3366EB26C}) (Version: 16.0.0.25 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Audials (HKLM-x32\...\{3C3F830F-50AF-41ED-A96A-1C8D6B7F7517}) (Version: 18.1.29300.0 - Audials AG)
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
BCR Plug-in (HKLM-x32\...\{0C079D73-40B6-4A29-93F3-30617AAA335A}) (Version: 22.10.0.15 - Citrix Systems, Inc.) Hidden
BlueJ (HKLM\...\{AF0BEA9E-1AB2-4613-A6B5-4ECC105A8A23}) (Version: 5.1.0 - BlueJ Team)
BlueJ (HKLM-x32\...\{92FD2477-5855-4863-B4C1-405C7853FD9F}) (Version: 4.1.2 - BlueJ Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite MFC-5490CN (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 2.0.0.0 - Brother Industries, Ltd.)
Brother MFL-Pro Suite MFC-L2720DW series (HKLM-x32\...\{F8ECC2FD-CE2B-4ED4-BDCC-90D0D34206FD}) (Version: 1.0.3.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 6.09 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.7.6521 - CDBurnerXP)
Citrix Authentication Manager (HKLM-x32\...\{0C490C5C-246A-4281-993E-831319A7655F}) (Version: 22.10.0.2 - Citrix Systems, Inc.) Hidden
Citrix Web Helper (HKLM-x32\...\{D958DC9B-9ED1-46AE-A84B-4679E5592538}) (Version: 22.10.0.13 - Citrix Systems, Inc.) Hidden
Citrix Workspace (DV) (HKLM-x32\...\{E2271D30-A77C-448D-AD6D-38ECBEBC2C26}) (Version: 22.10.0.15 - Citrix Systems, Inc.) Hidden
Citrix Workspace (USB) (HKLM-x32\...\{9E24A88B-54AE-44E7-A2BD-BA5139E45ECD}) (Version: 22.10.0.15 - Citrix Systems, Inc.) Hidden
Citrix Workspace 2210 (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 22.10.0.21 - Citrix Systems, Inc.)
Citrix Workspace Inside (HKLM-x32\...\{19C8F1A9-2F50-49A6-9B81-2C4CE9845521}) (Version: 22.10.0.13 - Citrix Systems, Inc.) Hidden
Conexant ISST Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 9.0.239.70 - Conexant)
CutOut 6.0 (HKLM\...\CutOut 6_is1) (Version: 6.0 - Franzis.de)
Discover HP Touchpoint Manager (HKLM-x32\...\{480FA137-DB2E-4C1A-89EF-476E69E175ED}) (Version: 1.0.19.1 - HP)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Free HTML5 Video Player and Converter (HKLM-x32\...\Free HTML5 Video Player and Converter_is1) (Version: 5.0.99.823 - Digital Wave Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 110.0.5481.104 - Google LLC)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
HP Battery Recall Utility (HKLM-x32\...\{26ACF49F-254F-491C-B08E-AAA0D5C982CF}) (Version: 1.3.0.5 - Hewlett-Packard) Hidden
HP Battery Recall Utility (HKLM-x32\...\{40770191-b457-4e92-9e2e-386a15408136}) (Version: 1.3.0.5 - HP Inc.)
HP Client Security Manager (HKLM\...\{B4A0B76D-EAE6-4717-AEB3-58C1BCD7B9E8}) (Version: 9.0.0.2116 - HP Inc.) Hidden
HP Client Security Manager (HKLM\...\HPProtectTools) (Version: 9.0.0.2116 - HP Inc.)
HP Device Access Manager (HKLM\...\{766ED263-4CA0-4D2F-9FA8-717827F718D6}) (Version: 8.3.16.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM\...\{872897C1-CDCD-4466-82AA-5483BCCF09C7}) (Version: 5.1.20088 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{B0D5BCD0-8DFB-48A3-9BDF-4E183159E420}) (Version: 5.1.20088 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{C0407127-4831-47CD-8A7A-E5ED7A2D398B}) (Version: 5.1.20088 - HP Inc.) Hidden
HP ePrint SW (HKLM\...\{FC292FE3-B7B0-492C-BC2E-C0DFCA30FC92}) (Version: 5.1.20088 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{39404020-C431-4331-9241-62956555DA49}) (Version: 5.1.20088 - HP Inc.) Hidden
HP ePrint SW (HKLM-x32\...\{3efaef38-ee9e-4421-bea3-e0a4d835d3f4}) (Version: 5.1.20088 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{C5AD7A64-6DDF-482A-8E7D-FA1DED0A201A}) (Version: 5.1.20088 - HP Inc.) Hidden
HP ESU for Microsoft Windows 10 (HKLM-x32\...\{94D0EB60-8B2F-4A80-BA74-3D312434415F}) (Version: 11.2.2 - HP)
HP JumpStart Bridge (HKLM-x32\...\{6B4A5299-4837-485A-B71D-7F1CE6F8F018}) (Version: 1.0.0.143 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{0F5EBB0D-DF6D-4DBE-9789-57BF05B3B0FD}) (Version: 1.0.145.0 - HP Inc.)
HP Recovery Manager (HKLM-x32\...\{64BAA990-F1FC-4145-A7B1-E41FBBC9DA47}) (Version: 1.2.1510 - HP) Hidden
HP SoftPaq Download Manager (HKLM-x32\...\{92db00b4-c4ee-4893-bc4e-8be6548b2742}) (Version: 4.3.4.0 - HP)
HP Software Setup (HKLM-x32\...\{C968E860-054F-490F-95C6-C9A29601459E}) (Version: 9.2.2 - HP)
HP System Default Settings (HKLM-x32\...\{E570B9C2-9A83-4938-BBD5-0A8C068083C1}) (Version: 1.2.3.1 - HP INC)
HP Universal Camera Driver (HKLM-x32\...\{8B204728-0D90-48BE-97C0-BBEDDFDFA83C}) (Version: 3.5.8.11 - SunplusIT)
icofx 3.3 (HKLM-x32\...\icofx 3_is1) (Version: 3.3 - IcoFX Software S.R.L.)
Incomedia WebSite X5 v14 - Free (HKLM\...\{07FE2BFD-5423-4FB4-95C0-28634BEB0961}_is1) (Version: 14.0.2.1 - Incomedia s.r.l.)
Intel(R) Chipset Device Software (HKLM\...\{3AE6FD56-D431-4B53-94F0-95E844206ADF}) (Version: 10.1.1.32 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (HKLM-x32\...\{aaa7f0fb-02dc-4576-beef-7d24842c5fbe}) (Version: 10.1.1.32 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{00176A23-1A4E-4429-817E-44B40D9EF692}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{0854C811-6DAD-441D-AB36-2F73631A04A1}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1914.12.0.1255 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{650FF4FD-69E7-4AA4-9F46-6B7DFC8489F7}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{1535E647-D354-4775-9EE8-FD9E8ED0701A}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.2.1044 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{AD29B896-0901-4B3E-9C2A-BD59B38A9568}) (Version: 15.0.2.1044 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{c6de84fd-ece7-4c2a-9f06-8cabe7ab79a0}) (Version: 1.52.230.1 - Intel Corporation) Hidden
Intel(R) Wireless Bluetooth(R) (HKLM-x32\...\{3920BCB0-23AA-4D0D-93E5-404692DAF9D2}) (Version: 19.00.1621.3340 - Intel Corporation)
Intel(R) Wireless Manageability Driver (HKLM\...\{28C2C4DE-AAF6-424D-B018-5142729E1C67}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Wireless Manageability Driver Extension (HKLM\...\{03C415A8-0861-4BB7-8857-27089E6C298A}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel® PROSet/Wireless Software (HKLM-x32\...\{ed4a5da7-ac62-4aa5-9502-7b4de55e8cb5}) (Version: 20.20.2 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
iTunes (HKLM\...\{8402150E-474C-45D1-908F-E5989C71DDE9}) (Version: 12.12.5.8 - Apple Inc.)
LibreOffice 7.4.1.2 (HKLM\...\{2382F0CD-B06A-49B7-912F-A8BB1C7FD511}) (Version: 7.4.1.2 - The Document Foundation)
Malwarebytes version 4.5.22.236 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.22.236 - Malwarebytes)
Meine CEWE FOTOWELT (HKLM-x32\...\Meine CEWE FOTOWELT) (Version: 6.3.1 - CEWE Stiftung u Co. KGaA)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 110.0.1587.49 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.46 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (HKLM-x32\...\{90140000-0015-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (HKLM-x32\...\{90140000-0016-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (HKLM-x32\...\{90140000-00BA-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (HKLM-x32\...\{90140000-0044-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (HKLM\...\{90140000-002A-0000-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (HKLM-x32\...\{90140000-002C-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (HKLM-x32\...\{90140000-0019-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (HKLM\...\{90140000-002A-0407-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (HKLM-x32\...\{90140000-001B-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\OneDriveSetup.exe) (Version: 23.007.0109.0004 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{2FAF2A80-5906-467E-8AD2-B83C94383600}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{F85F7FF0-5DFF-4BC0-9045-C9573D1BC11F}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31823 (HKLM-x32\...\{ac8ae441-cfc2-41f2-bbca-7b6668740f8d}) (Version: 14.34.31823.3 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31823 (HKLM-x32\...\{485c6580-376a-450b-9a80-43c390b968a3}) (Version: 14.34.31823.3 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31823 (HKLM\...\{79DB9AFA-0B61-46EE-97F7-29D2A9C93702}) (Version: 14.34.31823 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31823 (HKLM\...\{91974FA7-D8C0-4EBB-A37F-4E538C9C0B8B}) (Version: 14.34.31823 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31823 (HKLM-x32\...\{EB6DFC76-FC58-4F00-811A-09FC83EDB02B}) (Version: 14.34.31823 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31823 (HKLM-x32\...\{54AAF010-4412-441C-AFDF-5566370458AA}) (Version: 14.34.31823 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 109.0.1 (x64 de)) (Version: 109.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 109.0.1.8427 - Mozilla)
Mozilla Thunderbird (x86 de) (HKLM-x32\...\Mozilla Thunderbird 102.6.1 (x86 de)) (Version: 102.6.1 - Mozilla)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.9.0 - F.J. Wechselberger)
MZD-AIO-TI 2.8.4-1 (HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\34093d1a-b79c-5bd0-8c69-6049d0980230) (Version: 2.8.4-1 - Trevelopment)
NetScaler Gateway Endpoint Analysis (HKLM\...\{58267A97-11B6-4182-A02E-54CF86F91807}) (Version: 11.0.63.16 - Citrix Systems, Inc.)
Online Plug-in (HKLM-x32\...\{29FB4818-23DC-4740-8F7E-AE2F59527F69}) (Version: 22.10.0.15 - Citrix Systems, Inc.) Hidden
Opera Stable 95.0.4635.46 (HKLM-x32\...\Opera 95.0.4635.46) (Version: 95.0.4635.46 - Opera Software)
PDF24 Creator 11.3.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.3.0 - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.321.0 - Tracker Software Products Ltd)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
PriceWatch (HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\PriceWatch) (Version: - PriceWatch)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.131 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.9.422.2016 - Realtek)
RealUpgrade 1.1 (HKLM-x32\...\{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}) (Version: 1.1.0 - RealNetworks, Inc.) Hidden
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version: - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio 3 (HKLM-x32\...\{C4A4722E-79F9-417C-BD72-8D359A090C97}) (Version: 3.2.2.80601 - Samsung Electronics Co., Ltd.)
Saturn Fotoservice (HKLM-x32\...\Saturn Fotoservice) (Version: 6.4.1 - CEWE Stiftung u Co. KGaA)
Self-Service Plug-in (HKLM-x32\...\{CE1601F3-E1A8-43F3-9330-0411F6EB6D5B}) (Version: 22.10.0.13 - Citrix Systems, Inc.) Hidden
SEO (HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\SEO) (Version: 2.41 - Business Convers Track S.R.L.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{6B42CFAF-AA3D-478E-9B2F-A03225709EE3}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{6B42CFAF-AA3D-478E-9B2F-A03225709EE3}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{6B42CFAF-AA3D-478E-9B2F-A03225709EE3}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{6B42CFAF-AA3D-478E-9B2F-A03225709EE3}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{6B42CFAF-AA3D-478E-9B2F-A03225709EE3}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{6B42CFAF-AA3D-478E-9B2F-A03225709EE3}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{8925227F-C7B5-4C95-AB58-4FCF2433DAEE}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{09A9DF49-DA06-4093-A2FD-F339211E39EA}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{ECC1D579-DC17-4B90-929C-B4A0BB35F7B3}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{97099817-53F1-4CA1-ACEA-DA6D74371689}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E4D76E88-C65F-4003-9C71-EC4306679D17}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{3B0FF7FF-0E85-4907-A511-3F8C27349FA4}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{996096F8-956B-41C9-A7E3-9BA1E801014F}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{6B42CFAF-AA3D-478E-9B2F-A03225709EE3}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{D505EC85-885F-4BE3-8A89-3EFE4F855692}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{6B42CFAF-AA3D-478E-9B2F-A03225709EE3}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{6B42CFAF-AA3D-478E-9B2F-A03225709EE3}) (Version: - Microsoft) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.8.32 - Synaptics Incorporated)
Synaptics WBF Fingerprint Reader (HKLM\...\{FE645EDA-C5B2-4CF3-B9E7-AFABD5710EEF}) (Version: 4.5.335.0 - Synaptics)
TIPP10 Version 2.1.0 (HKLM-x32\...\TIPP10_is1) (Version: - (c) 2006-2011, Tom Thielicke IT Solutions)
Universal Media Server (HKLM-x32\...\Universal Media Server) (Version: 11.5.0 - Universal Media Server)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C22F49B1-0F67-47DC-A490-E8B4B6558EA9}) (Version: 8.91.0.0 - Microsoft Corporation)
UpdateService (HKLM-x32\...\{E3AE96D6-E196-45B4-AF62-2B41998B9E37}) (Version: 1.0.0 - RealNetworks, Inc.) Hidden
VdhCoApp 1.4.0 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN)
vs2015_redist x86 (HKLM-x32\...\{BD46163A-0331-4A61-B65A-7B66D7C93F8E}) (Version: 1.0.0.0 - Realnetworks) Hidden
VSDC Free Video Editor Version 7.1.13.433 (HKLM\...\VSDC Free Video Editor_is1) (Version: 7.1.13.433 - Flash-Integro LLC)
Windows-Migrationsassistent (HKLM-x32\...\{B2C74A62-5D4F-41AF-96EB-1189AE4E9936}) (Version: 2.4.2.0 - Apple Inc.)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/27/2012 7.0.0000.00004) (HKLM\...\BE156A27AFEAEA39D6A7C9D25CFA8DAFAF91756B) (Version: 08/27/2012 7.0.0000.00004 - Google, Inc.)
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd. (dg_ssudbus) USB (12/02/2015 2.12.1.0) (HKLM\...\85A33267F12961AF9ED9AE799DEDA5E62BEA236F) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd. (ssudmdm) Modem (12/02/2015 2.12.1.0) (HKLM\...\88ED314360B98E6E82E7CC3201FAEB4A9FD291B4) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
Windows-Treiberpaket - SAMSUNG Electronics Co., Ltd. (WinUSB) AndroidUsbDeviceClass (12/02/2015 2.12.1.0) (HKLM\...\701281E8283E9E3681220099A9DA5013A5A437AF) (Version: 12/02/2015 2.12.1.0 - SAMSUNG Electronics Co., Ltd. )
WunderBAR (HKLM\...\WunderBAR) (Version: 1.0 - WunderBAR)
Xperia Companion (HKLM-x32\...\{4C89779F-A2CD-4EF7-83F3-B84F9CB79422}) (Version: 2.10.2.0 - Sony) Hidden
Xperia Companion (HKLM-x32\...\{cc171adc-ddf5-4459-9a2c-61b09746b2ff}) (Version: 2.10.2.0 - Sony)
Xperia Companion Service (HKLM\...\{170F2831-C087-4536-B3A5-3CF872F6BC0F}) (Version: 2.10.2.0 - Sony) Hidden
Packages:
=========
Discover HP Touchpoint Manager -> C:\Program Files\WindowsApps\AD2F1837.DiscoverHPTouchpointManager_1.0.15.1_x86__v10z8vjag6ke6 [2017-06-13] (HP Inc.)
HP JumpStart -> C:\Program Files\WindowsApps\AD2F1837.HPJumpStart_1.2.228.0_x64__v10z8vjag6ke6 [2023-01-20] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.23.20.0_x64__v10z8vjag6ke6 [2023-01-19] (HP Inc.)
HP System Information -> C:\Program Files\WindowsApps\AD2F1837.HPSystemInformation_8.10.29.0_x64__v10z8vjag6ke6 [2022-03-29] (HP Inc.)
Kluge Archive -> C:\Program Files\WindowsApps\49825WiseWidget.Wise2017_1.1.0.0_x86__z0nrqz0z5ajrj [2018-01-23] (Wise Widget)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_7.1.0.0_x86__h6adky7gbf63m [2023-02-03] (Gameloft SE)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-07-10] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2021-06-26] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2021-06-26] (Microsoft Corporation) [MS Ad]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-16] (Netflix, Inc.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2023-01-20] (Microsoft Studios) [MS Ad]
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-13] (Twitter Inc.)
Windows Package Manager Source (winget) -> C:\Program Files\WindowsApps\Microsoft.Winget.Source_2022.1020.2155.506_neutral__8wekyb3d8bbwe [2022-10-20] (Microsoft Corporation)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52 [2023-01-20] (New Work SE)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6671064 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4171480 2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Ganz\Downloads\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers1-x32: [MyPhoneExplorer] -> {A372C6DF-7A85-41B1-B3B0-D1E24073DCBF} => C:\Program Files (x86)\MyPhoneExplorer\DLL\ShellMgr.dll [2010-03-30] (F.J. Wechselberger) [Datei ist nicht signiert]
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-16] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Ganz\Downloads\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_e6daaea9afe1e6f6\igfxDTCM.dll [2020-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Users\Ganz\Downloads\7-Zip\7-zip.dll [2022-07-15] (Igor Pavlov) [Datei ist nicht signiert]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-16] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Drivers32: [msacm.voxacm160] => C:\WINDOWS\system32\vct3216.acm [82944 2003-05-21] (Voxware, Inc.) [Datei ist nicht signiert]
HKLM\...\Drivers32: [msacm.scg726] => C:\WINDOWS\system32\scg726.acm [13239 2000-03-14] (SHARP Corporation) [Datei ist nicht signiert]
HKLM\...\Drivers32: [msacm.alf2cd] => C:\WINDOWS\system32\alf2cd.acm [38912 2003-05-21] (NCT Company) [Datei ist nicht signiert]
HKLM\...\Drivers32: [msacm.ac3acm] => C:\WINDOWS\system32\AC3ACM.acm [81920 2004-02-04] (fccHandler) [Datei ist nicht signiert]
HKLM\...\Drivers32: [msacm.lame] => C:\WINDOWS\system32\lame.ax [245760 2005-08-01] () [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.dvsd] => C:\WINDOWS\system32\mcdvd_32.dll [261632 2003-05-21] (MainConcept) [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.mpg4] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.mp42] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.mp43] => C:\WINDOWS\system32\mpg4c32.dll [413760 2002-08-19] (Microsoft Corporation) [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.xvid] => C:\WINDOWS\system32\xvidvfw.dll [139264 2004-07-03] () [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.DIVX] => C:\WINDOWS\system32\DivX.dll [638976 2003-05-22] (DivXNetworks, Inc.) [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.VP60] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.VP61] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.VP62] => C:\WINDOWS\system32\vp6vfw.dll [438272 2004-12-10] (On2.com) [Datei ist nicht signiert]
HKLM\...\Drivers32: [vidc.LAGS] => C:\WINDOWS\system32\lagarith.dll [216064 2011-12-07] () [Datei ist nicht signiert]
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2017-07-12 19:55 - 2009-02-27 15:38 - 000139264 ____R () [Datei ist nicht signiert] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2023-02-16 17:20 - 2023-02-16 17:20 - 000122368 _____ () [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BRIDGECommon\d21de71c6b23dca8cde6b4ef0c0cfee0\BRIDGECommon.ni.dll
2023-02-16 17:20 - 2023-02-16 17:20 - 000113152 _____ () [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BridgeExtension\6f6f48149a6aeb8f3bb750891bd1f77b\BridgeExtension.ni.dll
2018-05-03 12:49 - 2005-04-22 12:36 - 000143360 _____ () [Datei ist nicht signiert] C:\WINDOWS\system32\BrSNMP64.dll
2022-04-25 14:15 - 2014-06-16 14:45 - 000137728 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcAssoc.dll
2022-04-25 14:15 - 2014-06-16 15:03 - 000083968 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcDlgRc.dll
2022-04-25 14:15 - 2014-06-16 15:03 - 017955328 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcGrImg.dll
2022-04-25 14:15 - 2014-06-16 15:03 - 000088064 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\ControlCenter4\BrCcLGer.dll
2017-07-12 19:55 - 2013-03-08 07:44 - 000087040 _____ (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\WINDOWS\system32\BrNetSti.dll
2022-10-03 06:16 - 2022-10-03 06:16 - 000512000 _____ (Citrix Systems, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\Citrix\ICA Client\SelfServicePlugin\Shims.dll
2021-10-01 01:19 - 2021-10-01 01:19 - 002548736 _____ (Citrix Systems, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\Citrix\ICA Client\sslsdk_b.dll
2016-07-19 11:00 - 2016-07-19 11:00 - 000384512 _____ (Crossmatch, Inc.) [Datei ist nicht signiert] c:\Program Files\HP\HP ProtectTools Security Manager\Bin\DPCPFelica.dll
2022-07-15 18:00 - 2022-07-15 18:00 - 000094720 _____ (Igor Pavlov) [Datei ist nicht signiert] C:\Users\Ganz\Downloads\7-Zip\7-zip.dll
2016-07-19 10:13 - 2016-07-19 10:13 - 000220160 _____ (RFIDeas) [Datei ist nicht signiert] c:\Program Files\HP\HP ProtectTools Security Manager\Bin\pcProxAPI.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation -> Microsoft Corporation)
Toolbar: HKLM - WunderBAR - {5EB1C9F4-44B6-4DE1-9C4D-CCEB6AFC6CF0} - C:\Users\Ganz\AppData\Roaming\WunderBAR\WunderBAR.dll [2021-12-20] (CHIP Communications GmbH -> )
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll [2022-10-03] (Citrix Systems, Inc. -> Citrix Systems, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\localhost -> localhost
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2015-10-30 08:24 - 2019-01-04 13:02 - 000000938 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-12-19 21:04 - 2022-08-03 20:32 - 000000506 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-749038088-1968257971-3176724149-1005\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
ist aktiviert.
Network Binding:
=============
WLAN: RadioRip Filter Driver -> RrNetCapFilterDriver (enabled)
Ethernet: RadioRip Filter Driver -> RrNetCapFilterDriver (enabled)
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\StartupFolder: => "Universal Media Server.lnk"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "BrMfcWnd"
HKLM\...\StartupApproved\Run32: => "BrStsMon00"
HKLM\...\StartupApproved\Run32: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "Opera Browser Assistant"
HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\StartupApproved\Run: => "AudialsNotifier"
HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\StartupApproved\Run: => "XperiaCompanionAgent"
HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_33AB6AD30668417CC16079428DBD5A47"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{8E00D7E5-0BB0-4177-95BE-01B3B185C0CA}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe (Sony Mobile Communications AB -> Sony)
FirewallRules: [{8A47E056-BFAF-42E3-9097-4BA7536B5FA5}] => (Allow) LPort=31931
FirewallRules: [{C1410BC5-E31A-4DA9-8EBD-091877247672}] => (Allow) LPort=14714
FirewallRules: [{42289722-13D8-4294-977F-C5D411A46239}] => (Allow) LPort=12972
FirewallRules: [{C5A768B6-7282-4B35-9D88-2BC2B97486AF}] => (Allow) C:\Program Files (x86)\Audials\Audials 2018\Audials.exe (Audials AG -> Audials AG)
FirewallRules: [UDP Query User{213CC204-02CC-44BA-8D02-373B383A7B23}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{337225E1-CBB2-4C63-9970-49C6FB7A8567}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{FD2DDB22-4B43-4794-864A-7140111999E2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{8C35D5D5-D7EE-4A9E-9E40-4B5216B3CDEA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E40F5325-480D-4578-A907-F8A2DD1C7661}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{C8D45BF8-D9DE-4DC2-BE8E-A0410B04D3DB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{0C00F326-B355-4381-B838-77AADE53A538}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{BBF76483-2E81-4138-9704-D6B88CA6148A}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{8091CB17-40DC-4C11-82CE-B7D85F42BAE3}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{D73AF4A9-F386-4883-AB9C-AA76B8E0595D}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{3D3766D6-52D6-42F4-8366-6BEDB25D6113}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{4A8622E2-E9B2-4360-9CCA-2C68B012B6EC}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{96649238-ED31-46E8-9E34-140DE9A2049E}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{0CA547AD-CEB4-4426-96E2-4561392B7478}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{95BA13F9-BF24-4A39-8F79-733F73E9D7B7}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{5F3444C3-7244-4191-AA81-D6581E68EBEE}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{62872BD2-D582-4F40-8581-3679A347B212}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{1EA54552-7FAE-42E7-B722-6F9BDA63B080}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{C566B9FE-698B-47B5-BD7D-4C9892711EB1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A2456256-9F42-41F1-99DE-9F5039C2BE41}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{D89971EB-81D7-4406-BF02-620E2881264C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{288A7309-33F8-4BC7-B7A2-B3BBEE107389}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{A270345C-1234-49FE-90DB-4070135F2C7B}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{AD1C5FE3-D113-4A25-9275-6CEE93B2BAEF}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{7BE38158-9D47-4C8F-A105-3277680B7B5E}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{01CA72C1-71CC-4063-9C2A-6598BD50770D}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{6A6BB7A6-2036-4F7D-9A09-18B54C3CBC15}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{A9C12040-623C-4FC2-9765-BD1D440073EF}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{2865F3C7-BAAD-4747-B054-BA87C7F2D4EB}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{69C5226B-F423-4E28-8A69-6E0CE808DDDA}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{623DD88E-621D-4F62-9448-E33F4593CE6D}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{E4435320-EF2B-4AD0-B695-18DF95BF9EA2}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{49168388-14CE-4DDA-86DA-94616718FC76}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{1DF8B103-846A-4D2A-BFFA-4D004850BC58}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{CD426E35-4D56-4D7F-B400-8B71E24FC73A}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{BD8789DF-501B-427E-971E-BD2135B49FD1}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{A88D6C54-E21A-44FD-8406-BBB96B94BA05}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{C8391E8D-5C11-4A4A-B060-4C54713BEC4F}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{6A9396D8-D90C-4724-A937-5A59E918EF46}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{CA58FFF0-E451-4BE7-BC45-4D2A2C00B4E2}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{EDACBB0A-79DB-487F-9FC2-C45438C41A4D}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{2AFB5B5F-BC98-42F3-B24E-6959DB0D80E6}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{07DB5E97-CE1A-4576-A0CF-8D9DDC5B9A98}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{38021E55-8D63-4826-B7F6-768EDF6305D1}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{CBA54C41-9931-4047-8DC2-2EEA5AA739CA}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{5EEAADAE-BE94-4FAD-A164-BC8CEB4687A3}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{CC69F2BB-2E5A-402C-8C18-78F4CD9DB6FA}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{6CCA7C8D-3BA1-4DD5-A52E-16AE188CBCF5}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{6AEE9EA7-E9C3-4896-8109-6F634206D0FE}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{C3E56817-8484-46C9-AAFC-96E2C966C883}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{157A6EA5-A100-4B9C-A16E-E6FEA2C230EE}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{F9AC027C-CA45-4025-B190-E45DAF2E66EB}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{2B3A7B0D-FC2E-4E8E-BCF7-A92830C337FC}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{A54A5162-3FDF-45C5-A594-4BDFDCA3308F}] => (Allow) C:\Program Files\Citrix\Secure Access Client\nsepa.exe (Citrix Systems, Inc. -> Citrix Systems, Inc)
FirewallRules: [{78986FF5-F01B-4A6C-B5F2-7BFA3B798F09}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [{11F48B42-807C-47CD-BDCC-E184DB003408}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe (Piriform Software Ltd -> Piriform)
FirewallRules: [TCP Query User{82FCC592-1A91-4DA0-B744-AEC92CCBC4F3}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [UDP Query User{6E63B20A-4553-459A-A885-682BF590AFF0}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{531A2086-3D70-40B5-BA5B-E72F257C60D1}C:\program files\avast software\avast\avastui.exe] => (Block) C:\program files\avast software\avast\avastui.exe => Keine Datei
FirewallRules: [UDP Query User{F71C7B97-D3BA-4719-9D6D-36FC6ADE3C2F}C:\program files\avast software\avast\avastui.exe] => (Block) C:\program files\avast software\avast\avastui.exe => Keine Datei
FirewallRules: [TCP Query User{FA235490-E84C-4427-8CED-4E4EFCBD9970}C:\program files\opera\opera.exe] => (Block) C:\program files\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{DA957823-4A51-402E-AD3B-4ACA66C12A24}C:\program files\opera\opera.exe] => (Block) C:\program files\opera\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{993B8542-D461-40EA-A3A9-209C7861E3FE}] => (Allow) C:\Program Files (x86)\Brother\Brmfl14d\FAXRX.EXE (Brother Industries, Ltd.) [Datei ist nicht signiert]
FirewallRules: [{6BD3370E-D2A3-4986-9701-822C4084CDDD}] => (Allow) LPort=54925
FirewallRules: [{37793D2D-3F22-4303-9C4C-07AD4322081D}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{ED4389CA-7F94-4502-969E-209DD7BF1BC4}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Windows Migration Assistant\MigrationAssistant.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4EB6CE50-8F3D-45C2-81EA-EFE1ABA5EE5D}] => (Allow) C:\Program Files (x86)\Citrix\ICA Client\CitrixEnterpriseBrowser\CitrixEnterpriseBrowser.exe (Citrix Systems, Inc. -> Citrix Systems, Inc.)
FirewallRules: [{DAB23AE4-0432-4270-A32E-43F14F11FE17}] => (Allow) C:\Program Files (x86)\Universal Media Server\jre17\bin\java.exe
FirewallRules: [{09BAAD46-CE6A-4979-A734-486664855A3D}] => (Allow) C:\Program Files (x86)\Universal Media Server\jre17\bin\javaw.exe
FirewallRules: [{7C7AD387-2459-4968-BDA6-296FE3AD2888}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AF68D1A6-D3AF-4D40-AF55-E728F693DD0C}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (FLASH-INTEGRO LLC -> Flash-Integro LLC)
FirewallRules: [{81498BA0-C148-4F4A-ACC0-A2A391B7E5CB}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\VideoEditor.exe (FLASH-INTEGRO LLC -> Flash-Integro LLC)
FirewallRules: [{68DF2471-568F-40C3-9302-C25E45F640EB}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (FLASH-INTEGRO LLC -> Flash-Integro LLC)
FirewallRules: [{250F0D65-EB85-4D15-8413-828259527AD7}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Activation.exe (FLASH-INTEGRO LLC -> Flash-Integro LLC)
FirewallRules: [{8C8A0FAE-31FE-46DA-83BF-BC6C44BA5A3C}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (FLASH-INTEGRO LLC -> Flash-Integro LLC)
FirewallRules: [{931F82D7-62B5-41F5-95C9-991B7F944B76}] => (Allow) C:\Program Files\FlashIntegro\VideoEditor\Updater.exe (FLASH-INTEGRO LLC -> Flash-Integro LLC)
FirewallRules: [{D27F5456-B6E4-440E-BE60-6069C26BA36D}] => (Allow) C:\Program Files\Opera\95.0.4635.37\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [{2860ADB5-C664-42DD-9D98-8A0FA0A91D1C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{8E4C8527-A70A-444B-A65F-01EB88E1B4F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{05FD0C27-6F9D-4C0E-856D-8832A9D5F1E7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1527D3AE-1967-4DBB-B524-DA3E96AABD5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3495573C-510C-4625-87AE-ABBFA8AC62E3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{2DCB76CC-67E4-435C-9022-7E1AF9983CBF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.46\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{143BF50C-72CF-4530-A2B2-8F0518D9D9E6}] => (Allow) C:\Program Files\Opera\95.0.4635.46\opera.exe (Opera Norway AS -> Opera Software)
==================== Wiederherstellungspunkte =========================
30-01-2023 18:32:17 Geplanter Prüfpunkt
04-02-2023 11:27:06 Windows Modules Installer
13-02-2023 17:32:02 Geplanter Prüfpunkt
15-02-2023 10:28:23 Windows Modules Installer
16-02-2023 18:28:18 AdwCleaner_BeforeCleaning_16/02/2023_18:28:18
16-02-2023 18:52:59 AdwCleaner_BeforeCleaning_16/02/2023_18:52:58
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (02/18/2023 11:44:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname hp-ArbeitsZ.local already in use; will try hp-ArbeitsZ-2.local instead
Error: (02/18/2023 11:44:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 hp-ArbeitsZ.local. Addr 192.168.178.21
Error: (02/18/2023 11:44:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.21:5353 16 hp-ArbeitsZ.local. AAAA FD52:02F7:B2D4:4D9F:9B46:9119:25FA:3B96
Error: (02/18/2023 11:44:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 hp-ArbeitsZ.local. AAAA FE80:0000:0000:0000:475A:C5B6:B63F:03DD
Error: (02/18/2023 11:44:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.21:5353 16 hp-ArbeitsZ.local. AAAA FD52:02F7:B2D4:4D9F:9B46:9119:25FA:3B96
Error: (02/18/2023 11:44:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 hp-ArbeitsZ.local. AAAA 2A00:6020:B0B3:7A00:692C:3D7F:EB7A:81A5
Error: (02/18/2023 11:44:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.21:5353 16 hp-ArbeitsZ.local. AAAA FD52:02F7:B2D4:4D9F:9B46:9119:25FA:3B96
Error: (02/18/2023 11:44:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Resetting to Probing: 16 hp-ArbeitsZ.local. AAAA 2A00:6020:B0B3:7A00:F61C:4C79:F4BC:4E34
Systemfehler:
=============
Error: (02/16/2023 07:24:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "RealPlayer Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/16/2023 06:56:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Touchpoint Analytics" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (02/16/2023 06:56:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Support Solutions Framework Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (02/16/2023 06:56:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "HP Comm Recovery" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (02/16/2023 06:54:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DigitalPersona Authentifizierungsdienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/16/2023 06:54:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (60000 ms) wurde beim Verbindungsversuch mit dem Dienst Intel(R) TPM Provisioning Service erreicht.
Error: (02/16/2023 06:53:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Citrix Workspace Updater Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (02/16/2023 06:53:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP System Info HSA Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Windows Defender:
================
Date: 2023-02-15 15:46:07
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Lodi&threatid=240849&enterprise=0
Name: Misleading:Win32/Lodi
Schweregrad: Hoch
Kategorie: Adware
Pfad: file:_C:\Program Files (x86)\DVDVideoSoft\Free HTML5 Video Player and Converter\FreeHTML5VideoPlayerAndConverter.exe; file:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free HTML5 Video Player and Converter.lnk; startup:_C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free HTML5 Video Player and Converter.lnk
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
Sicherheitsversion: AV: 1.383.19.0, AS: 1.383.19.0, NIS: 1.383.19.0
Modulversion: AM: 1.1.20000.2, NIS: 1.1.20000.2
Date: 2023-02-15 15:45:39
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Misleading:Win32/Lodi&threatid=240849&enterprise=0
Name: Misleading:Win32/Lodi
Schweregrad: Hoch
Kategorie: Adware
Pfad: file:_C:\Program Files (x86)\DVDVideoSoft\Free HTML5 Video Player and Converter\FreeHTML5VideoPlayerAndConverter.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
Sicherheitsversion: AV: 1.383.19.0, AS: 1.383.19.0, NIS: 1.383.19.0
Modulversion: AM: 1.1.20000.2, NIS: 1.1.20000.2
Date: 2023-02-15 15:01:06
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {CCEC71EC-637E-4180-8852-67D72D93D2FF}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2023-02-15 14:22:13
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {FB586A29-D19E-44FF-B15C-3FD45E843C76}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
CodeIntegrity:
===============
Date: 2023-02-16 10:50:56
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
Date: 2023-02-15 14:20:59
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-02-15 13:45:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2023-02-15 13:41:24
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Windows signing level requirements.
Date: 2023-02-15 13:40:37
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\AVAST Software\Avast\aswAMSI.dll that did not meet the Microsoft signing level requirements.
==================== Speicherinformationen ===========================
BIOS: HP P85 Ver. 01.23 07/18/2018
Hauptplatine: HP 8231
Prozessor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 57%
Installierter physikalischer RAM: 8087.75 MB
Verfügbarer physikalischer RAM: 3401.25 MB
Summe virtueller Speicher: 12183.75 MB
Verfügbarer virtueller Speicher: 6928.5 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:217.92 GB) (Free:47.55 GB) (Model: SanDisk SD8SNAT-256G-1006) NTFS
Drive d: (Recovery Image) (Fixed) (Total:17.11 GB) (Free:2.18 GB) (Model: SanDisk SD8SNAT-256G-1006) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.99 GB) (Model: SanDisk SD8SNAT-256G-1006) FAT32
\\?\Volume{874a37b2-6db1-4ec8-a06c-233c67c77a06}\ () (Fixed) (Total:0.96 GB) (Free:0.16 GB) NTFS
\\?\Volume{19c3a624-b5ce-4ac2-8c4f-aa680a2739fa}\ (SYSTEM) (Fixed) (Total:0.35 GB) (Free:0.25 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 86F4951B)
Partition: GPT.
==================== Ende von Addition.txt =======================
Ich hatte die Abfrage vom Handy abgelesen...dabei haben sich Fehler eingeschlichen. Das kam jetzt beim 2. mal dabei raus: (s.o.) Allerdings alls 2 Dateien: FIRST und Addition . SEARCH txt wurde aber so nicht angezeigt... |
|
18.02.2023, 22:06
| #17 | |
| /// TB-Ausbilder   | WIN 10 Anhang geöffnet: Telekom Rechnung…pdf.htm - [TEIL 1 - Farbar Untersuchungsergebnis]Zitat:
Diese Logdateien hast du mir ja schon geschickt. Für die Spezialsuche musst du aber auf "Datei-Suche" klicken.  |
|
20.02.2023, 22:24
| #18 |
| | WIN 10 Anhang geöffnet: Telekom Rechnung…pdf.htm - [TEIL 1 - Farbar Untersuchungsergebnis]Code:
ATTFilter Farbar Recovery Scan Tool (x64) Version: 16-02-2023
durchgeführt von Ganz (19-02-2023 01:39:42)
Gestartet von C:\Users\Ganz\Desktop
Start-Modus: Normal
================== Datei-Suche: "SearchAll: WunderBAR;PRICEWATCH;CRaccoon;Web Companion;WebCompanion" =============
Datei:
========
C:\Windows\Prefetch\WEBCOMPANIONINSTALLER.EXE-CD8F98A4.pf
[2023-02-15 13:55][2023-02-15 13:55] 000041831 _____ () 30552B7935ABCC33C707C5E53DA8A79C [Datei ist nicht signiert]
C:\Users\Ganz\AppData\Roaming\WunderBAR\WunderBAR Search.exe
[2021-12-20 13:08][2021-12-20 13:08] 001561808 _____ () E9025CF99258D6E40E74E8E8E9AA9D8B [Datei ist digital signiert]
C:\Users\Ganz\AppData\Roaming\WunderBAR\WunderBAR.dll
[2021-12-20 13:08][2021-12-20 13:08] 006587088 _____ () 17E20CA838C0D94D29DA8B8B558E813C [Datei ist digital signiert]
C:\Users\Ganz\AppData\Roaming\WunderBAR\WunderBAR.ini
[2021-12-20 13:08][2021-12-20 13:08] 000000171 _____ () 6761C173DF15481DCF12FAF2ADB316EA [Datei ist nicht signiert]
C:\Users\Ganz\AppData\Roaming\PriceWatch\PriceWatch.bat
[2021-12-20 13:09][2021-12-20 13:09] 000000424 _____ () 94AD401C4FF4D734858F7E7BF0C459F8 [Datei ist nicht signiert]
C:\Users\Ganz\AppData\Roaming\inststub\pricewatch.exe
[2021-12-20 13:08][2021-12-20 13:08] 010005808 _____ () CB48BCF988922C59640F3F47CE3FB363 [Datei ist digital signiert]
C:\Users\Ganz\AppData\Roaming\inststub\pricewatch.exe.res
[2021-12-20 13:09][2021-12-20 13:09] 000000005 _____ () 144FDD8BE8005AB7206DEAAEDC515E71 [Datei ist nicht signiert]
C:\Users\Ganz\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\125\http___webcompanion_com_faq
[2023-02-13 16:38][2023-02-13 16:38] 000037014 _____ () 949DD0F5804127D1C34BA36F7DE7FE92 [Datei ist nicht signiert]
C:\AdwCleaner\Quarantine\v1\20230216.182831\24\Web Companion\Logs\Webcompanion\webcompanion.log#BB97EE6A0C723DA2
[2021-04-07 13:11][2021-04-18 03:25] 000088795 _____ () B3EE6F859F75B67D782749C3F76C3664 [Datei ist nicht signiert]
Ordner:
========
2021-12-20 13:09 - 2023-02-16 18:24 _____ C:\Users\Ganz\AppData\Roaming\PriceWatch
2021-12-20 13:08 - 2021-12-20 13:08 _____ C:\Users\Ganz\AppData\Roaming\WunderBAR
2021-04-07 13:10 - 2023-02-16 18:28 _____ C:\AdwCleaner\Quarantine\v1\20230216.182831\9\CRaccoon
2021-04-07 13:11 - 2021-04-07 13:11 _____ C:\AdwCleaner\Quarantine\v1\20230216.182831\24\Web Companion
2021-04-07 13:11 - 2023-02-16 18:31 _____ C:\AdwCleaner\Quarantine\v1\20230216.182831\24\Web Companion\Logs\Webcompanion
Registry:
========
===================== Suchergebnis für "WunderBAR" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EB1C9F4-44B6-4DE1-9C4D-CCEB6AFC6CF0}]
""="WunderBAR"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EB1C9F4-44B6-4DE1-9C4D-CCEB6AFC6CF0}\InprocServer32]
""="C:\Users\Ganz\AppData\Roaming\WunderBAR\WunderBAR.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WunderBAR]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WunderBAR]
"DisplayName"="WunderBAR"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WunderBAR]
"Publisher"="WunderBAR"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WunderBAR]
"DisplayIcon"="C:\Users\Ganz\AppData\Roaming\WunderBAR\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WunderBAR]
"UninstallString"="C:\Users\Ganz\AppData\Roaming\WunderBAR\uninstall.exe"
===================== Suchergebnis für "PRICEWATCH" ==========
[HKEY_USERS\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceWatch]
[HKEY_USERS\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceWatch]
"UninstallString"="C:\Users\Ganz\AppData\Roaming\PriceWatch\PriceWatch.bat"
[HKEY_USERS\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceWatch]
"DisplayName"="PriceWatch"
[HKEY_USERS\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceWatch]
"DisplayIcon"="C:\Users\Ganz\AppData\Roaming\PriceWatch\lupe.ico"
[HKEY_USERS\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceWatch]
"InstallLocation"="C:\Users\Ganz\AppData\Roaming\PriceWatch"
[HKEY_USERS\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceWatch]
"Publisher"="PriceWatch"
===================== Suchergebnis für "CRaccoon" ==========
[HKEY_USERS\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder]
"CRaccoon.lnk"="0x020000000000000000000000"
===================== Suchergebnis für "Web Companion" ==========
[HKEY_USERS\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe"="0x5341435001000000000000000700000028000000E8B3050037EB050001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000073550000000000000100000001000000"
===================== Suchergebnis für "WebCompanion" ==========
[HKEY_USERS\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe"="0x5341435001000000000000000700000028000000E8B3050037EB050001000000000000000000000A0021000050BB64EDDDACD5010000000000000000020000002800000000000000000000400000000000000000000000000000000073550000000000000100000001000000"
====== Ende von Suche ======
|
|
20.02.2023, 23:28
| #19 |
| /// TB-Ausbilder | WIN 10 Anhang geöffnet: Telekom Rechnung…pdf.htm - [TEIL 1 - Farbar Untersuchungsergebnis] Gut gemacht.   Wir entfernen den Rest mit FRST und kontrollieren mit Emsisoft Abschließend noch eine Kontrolle mit SecurityCheck. Schritt 1 WARNUNG AN ALLE MITLESER !!! Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System verwendet werden!
Schritt 2 Führe Emsisoft Emergency Kit (EEK) gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Schritt 3 Führe SecurityCheck gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Bitte poste mit deiner nächsten Antwort:
|
|
21.02.2023, 14:59
| #20 |
| | WIN 10 Anhang geöffnet: Telekom Rechnung…pdf.htm - [TEIL 1 - Farbar Untersuchungsergebnis]Code:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 20-02-2023
durchgeführt von Ganz (21-02-2023 13:08:31) Run:1
Gestartet von C:\Users\Ganz\Desktop
Geladene Profile: Ganz
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
VirusTotal: C:\Users\Ganz\AppData\Roaming\WunderBAR\WunderBAR Search.exe;C:\Users\Ganz\AppData\Roaming\WunderBAR\WunderBAR.dll;C:\Users\Ganz\AppData\Roaming\WunderBAR\WunderBAR.ini
VirusTotal: C:\Users\Ganz\AppData\Roaming\PriceWatch\PriceWatch.bat;C:\Users\Ganz\AppData\Roaming\inststub\pricewatch.exe;C:\Users\Ganz\AppData\Roaming\inststub\pricewatch.exe.res
C:\Users\Ganz\AppData\Roaming\PriceWatch
C:\Users\Ganz\AppData\Roaming\WunderBAR
C:\Users\Ganz\AppData\Roaming\inststub
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EB1C9F4-44B6-4DE1-9C4D-CCEB6AFC6CF0}
CMD: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WunderBAR" /S
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WunderBAR
CMD: reg query "HKEY_USERS\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceWatch" /S
DeleteKey: HKEY_USERS\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceWatch
DeleteValue: HKEY_USERS\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder|CRaccoon.lnk
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
C:\Program Files (x86)\Lavasoft
C:\ProgramData\Application Data\Lavasoft
C:\ProgramData\Lavasoft
C:\Users\AllUserName\AppData\Local\Lavasoft
C:\Users\AllUserName\AppData\Roaming\Lavasoft
DeleteKey: HKCU\Software\Lavasoft
DeleteKey: HKLM\Software\Wow6432Node\Lavasoft
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (Keine Datei)
HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\Run: [MicrosoftEdgeAutoLaunch_33AB6AD30668417CC16079428DBD5A47] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4243360 2023-02-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\Run: [] => [X]
HKU\S-1-5-21-749038088-1968257971-3176724149-1005\...\Policies\system: [shell] explorer.exe <==== ACHTUNG
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy-Firefox: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
Task: {328CD258-5CE7-424F-861F-4D12D9A9A5A7} - \Opera scheduled assistant Autoupdate 1581001615 -> Keine Datei <==== ACHTUNG
Task: {3B6A539A-7259-4838-AC79-4E00939768F0} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
Task: {7C693021-6500-4EBA-B005-0241B83C6A85} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\Real\RealDownloader\downloader2.exe /scheduler (Keine Datei)
C:\Program Files (x86)\Real
Task: {7D84682E-39A2-4B17-ACF7-35D5D5236A62} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-749038088-1968257971-3176724149-1002 => C:\Program Files (x86)\Real\RealDownloader\recordingmanager.exe /bgrecordaliveevent (Keine Datei)
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?q={searchTerms}&pc=COS2&ptag=D040721-N0640A74DCDF78DC&form=CONBDF&conlogo=CT3335043
CHR DefaultSearchKeyword: Default -> bing®
CHR DefaultNewTabURL: Default -> hxxps://www.bing.com/chrome/newtab?pc=COS2&ptag=D040721-N0630A74DCDF78DC&form=CONMHP&conlogo=CT3335043
CHR DefaultSuggestURL: Default -> hxxp://api.bing.com/osjson.aspx?query={searchTerms}
S3 CitrixEnterpriseBrowserElevationService; "C:\Program Files (x86)\Citrix\ICA Client\CitrixEnterpriseBrowser\105.1.1.27\elevation_service.exe" [X]
2023-02-10 13:58 - 2023-02-10 13:58 - 000000000 ____D C:\Users\Ganz\AppData\Local\AviraWebView2Cache
2023-02-10 13:10 - 2023-02-10 13:10 - 000001712 _____ C:\Users\Ganz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SearchEngineOptimizer.lnk
2023-02-10 13:08 - 2023-02-10 13:08 - 005331520 _____ (CHIP Digital GmbH) C:\Users\Ganz\Downloads\Farbar Recovery Scan Tool (HijackThis Alternative) - CHIP Installer _4SHHx.exe
2023-02-10 12:58 - 2023-02-10 13:00 - 000000000 ____D C:\Users\Ganz\AppData\Local\Avira
2023-02-10 12:57 - 2023-02-15 13:39 - 000000000 ____D C:\Program Files (x86)\Avira
2023-02-10 12:57 - 2023-02-15 13:36 - 000000000 ____D C:\ProgramData\Avira
2023-02-15 13:46 - 2018-09-16 14:17 - 000000000 ____D C:\Users\Ganz\AppData\Local\AVAST Software
2023-02-15 13:46 - 2018-09-16 14:16 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2023-02-15 13:46 - 2018-09-16 14:15 - 000000000 ____D C:\ProgramData\AVAST Software
2023-02-15 13:44 - 2021-07-29 18:30 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2017-12-05 15:02 - 2017-12-05 15:02 - 039301064 _____ (Flash-Integro LLC ) C:\Program Files (x86)\video_editor_x32.exe
2017-12-05 15:02 - 2017-12-05 15:02 - 044416504 _____ (Flash-Integro LLC ) C:\Program Files (x86)\video_editor_x64.exe
2023-01-18 16:01 - 2023-01-18 16:01 - 000004096 ____H () C:\Users\Ganz\AppData\Local\keyfile3.drm
startpowershell:
Function Remove-all-windefend-excludes {
$Paths=(Get-MpPreference).ExclusionPath
$Extensions=(Get-MpPreference).ExclusionExtension
$Processes=(Get-MpPreference).ExclusionProcess
foreach ($Path in $Paths) { Remove-MpPreference -ExclusionPath $Path -force}
foreach ($Extension in $Extensions) { Remove-MpPreference -ExclusionExtension $Extension -force}
foreach ($Process in $Processes) { Remove-MpPreference -ExclusionProcess $Process -force}
}
Set-MpPreference -DisableAutoExclusions $true -Force
Remove-all-windefend-excludes
endpowershell:
CMD: netsh winsock reset
CMD: netsh int ip reset
CMD: ipconfig /flushdns
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh winhttp reset proxy
CMD: Bitsadmin /Reset /Allusers
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: cscript /nologo %systemroot%\System32\slmgr.vbs /dlv
Hosts:
RemoveProxy:
EmptyTemp:
End::
*****************
SystemRestore: On => abgeschlossen
Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozesse erfolgreich geschlossen.
VirusTotal: C:\Users\Ganz\AppData\Roaming\WunderBAR\WunderBAR Search.exe => https://www.virustotal.com/gui/file/55725812c32b259ba22bb9405ef6c552ae56ff1c6675fbd400cd046c2b30f47e/detection/f-55725812c32b259ba22bb9405ef6c552ae56ff1c6675fbd400cd046c2b30f47e-1665325557
VirusTotal: C:\Users\Ganz\AppData\Roaming\WunderBAR\WunderBAR.dll => https://www.virustotal.com/gui/file/6e0ba90a74a1fc4225ac8399d95e54d7ec112cc5f2517933fa7268239bec8be5/detection/f-6e0ba90a74a1fc4225ac8399d95e54d7ec112cc5f2517933fa7268239bec8be5-1664374321
VirusTotal: C:\Users\Ganz\AppData\Roaming\WunderBAR\WunderBAR.ini => https://www.virustotal.com/gui/file/feaaaa7ea69cfbc08134305e810e0f9f80e02616a8032633a7e4ba5007c25c84/detection/f-feaaaa7ea69cfbc08134305e810e0f9f80e02616a8032633a7e4ba5007c25c84-1676981327
VirusTotal: C:\Users\Ganz\AppData\Roaming\PriceWatch\PriceWatch.bat => https://www.virustotal.com/gui/file/4c06d31070fa6f69a77a6dfffe4357c70bb39bef1b0e171b59c20f51b86768be/detection/f-4c06d31070fa6f69a77a6dfffe4357c70bb39bef1b0e171b59c20f51b86768be-1676981327
VirusTotal: C:\Users\Ganz\AppData\Roaming\inststub\pricewatch.exe => https://www.virustotal.com/gui/file/bbe616ca88cfea5eadfbb770564f6b52d5304eccfb17547cf12d67d41910f9a4/detection/f-bbe616ca88cfea5eadfbb770564f6b52d5304eccfb17547cf12d67d41910f9a4-1676981360
VirusTotal: C:\Users\Ganz\AppData\Roaming\inststub\pricewatch.exe.res => https://www.virustotal.com/gui/file/47b25095a0fe135a688b20614771dbb445ad5e27e9cd4f2c2089c5af216e305b/detection/f-47b25095a0fe135a688b20614771dbb445ad5e27e9cd4f2c2089c5af216e305b-1574549024
C:\Users\Ganz\AppData\Roaming\PriceWatch => erfolgreich verschoben
C:\Users\Ganz\AppData\Roaming\WunderBAR => erfolgreich verschoben
C:\Users\Ganz\AppData\Roaming\inststub => erfolgreich verschoben
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5EB1C9F4-44B6-4DE1-9C4D-CCEB6AFC6CF0} => erfolgreich entfernt
========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WunderBAR" /S =========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WunderBAR
DisplayName REG_SZ WunderBAR
DisplayVersion REG_SZ 1.0
Publisher REG_SZ WunderBAR
InstallDate REG_BINARY C19AB587D1C0E540
DisplayIcon REG_SZ C:\Users\Ganz\AppData\Roaming\WunderBAR\uninstall.exe
UninstallString REG_SZ C:\Users\Ganz\AppData\Roaming\WunderBAR\uninstall.exe
========= Ende von CMD: =========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WunderBAR => erfolgreich entfernt
========= reg query "HKEY_USERS\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceWatch" /S =========
HKEY_USERS\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceWatch
UninstallString REG_SZ C:\Users\Ganz\AppData\Roaming\PriceWatch\PriceWatch.bat
DisplayName REG_SZ PriceWatch
DisplayIcon REG_SZ C:\Users\Ganz\AppData\Roaming\PriceWatch\lupe.ico
DisplayVersion REG_SZ
InstallDate REG_SZ 20211220
InstallLocation REG_SZ C:\Users\Ganz\AppData\Roaming\PriceWatch
Publisher REG_SZ PriceWatch
========= Ende von CMD: =========
HKEY_USERS\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceWatch => erfolgreich entfernt
"HKEY_USERS\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\StartupFolder\\CRaccoon.lnk" => erfolgreich entfernt
"AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}" => erfolgreich entfernt
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => erfolgreich entfernt
"C:\Program Files (x86)\Lavasoft" => nicht gefunden
C:\ProgramData\Application Data\Lavasoft => erfolgreich verschoben
"C:\ProgramData\Lavasoft" => nicht gefunden
"C:\Users\ProgramData\AppData\Local\Lavasoft" => nicht gefunden
"C:\Users\Default\AppData\Local\Lavasoft" => nicht gefunden
"C:\Users\Ganz\AppData\Local\Lavasoft" => nicht gefunden
"C:\Users\Public\AppData\Local\Lavasoft" => nicht gefunden
"C:\Users\ProgramData\AppData\Roaming\Lavasoft" => nicht gefunden
"C:\Users\Default\AppData\Roaming\Lavasoft" => nicht gefunden
"C:\Users\Ganz\AppData\Roaming\Lavasoft" => nicht gefunden
"C:\Users\Public\AppData\Roaming\Lavasoft" => nicht gefunden
HKCU\Software\Lavasoft => erfolgreich entfernt
HKLM\Software\Wow6432Node\Lavasoft => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => erfolgreich entfernt
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => erfolgreich entfernt
"HKU\S-1-5-21-749038088-1968257971-3176724149-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => nicht gefunden
"HKU\S-1-5-21-749038088-1968257971-3176724149-1005\Software\Microsoft\Windows\CurrentVersion\Run\\MicrosoftEdgeAutoLaunch_33AB6AD30668417CC16079428DBD5A47" => erfolgreich entfernt
"HKU\S-1-5-21-749038088-1968257971-3176724149-1005\Software\Microsoft\Windows\CurrentVersion\Run\\" => erfolgreich entfernt
"HKU\S-1-5-21-749038088-1968257971-3176724149-1005\Software\Microsoft\Windows\CurrentVersion\Policies\system\\shell" => erfolgreich entfernt
HKLM\System\CurrentControlSet\Control\Session Manager\\"BootExecute"="autocheck autochk *" => Wert erfolgreich wiederhergestellt
C:\Program Files\Mozilla Firefox\distribution\policies.json => erfolgreich verschoben
HKLM\SOFTWARE\Policies\Mozilla => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Google => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{328CD258-5CE7-424F-861F-4D12D9A9A5A7}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{328CD258-5CE7-424F-861F-4D12D9A9A5A7}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled assistant Autoupdate 1581001615" => nicht gefunden
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B6A539A-7259-4838-AC79-4E00939768F0}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B6A539A-7259-4838-AC79-4E00939768F0}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => nicht gefunden
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C693021-6500-4EBA-B005-0241B83C6A85}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C693021-6500-4EBA-B005-0241B83C6A85}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\RealDownloader Update Check => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloader Update Check" => erfolgreich entfernt
C:\Program Files (x86)\Real => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D84682E-39A2-4B17-ACF7-35D5D5236A62}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D84682E-39A2-4B17-ACF7-35D5D5236A62}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-749038088-1968257971-3176724149-1002 => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealDownloaderDownloaderScheduledTaskS-1-5-21-749038088-1968257971-3176724149-1002" => erfolgreich entfernt
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => erfolgreich entfernt
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => erfolgreich entfernt
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => erfolgreich entfernt
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => erfolgreich entfernt
"Chrome DefaultSearchURL" => erfolgreich entfernt
"Chrome DefaultSearchKeyword" => erfolgreich entfernt
"Chrome DefaultNewTabURL" => erfolgreich entfernt
"Chrome DefaultSuggestURL" => erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\CitrixEnterpriseBrowserElevationService => erfolgreich entfernt
CitrixEnterpriseBrowserElevationService => Dienst erfolgreich entfernt
C:\Users\Ganz\AppData\Local\AviraWebView2Cache => erfolgreich verschoben
C:\Users\Ganz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SearchEngineOptimizer.lnk => erfolgreich verschoben
"C:\Users\Ganz\Downloads\Farbar Recovery Scan Tool (HijackThis Alternative) - CHIP Installer _4SHHx.exe" => nicht gefunden
C:\Users\Ganz\AppData\Local\Avira => erfolgreich verschoben
C:\Program Files (x86)\Avira => erfolgreich verschoben
C:\ProgramData\Avira => erfolgreich verschoben
C:\Users\Ganz\AppData\Local\AVAST Software => erfolgreich verschoben
C:\Program Files\Common Files\AVAST Software => erfolgreich verschoben
C:\ProgramData\AVAST Software => erfolgreich verschoben
C:\Program Files (x86)\AVAST Software => erfolgreich verschoben
C:\Program Files (x86)\video_editor_x32.exe => erfolgreich verschoben
C:\Program Files (x86)\video_editor_x64.exe => erfolgreich verschoben
C:\Users\Ganz\AppData\Local\keyfile3.drm => erfolgreich verschoben
========= Powershell: =========
Set-MpPreference : Fehler beim Vorgang: 0x800106ba. Vorgang: Set-MpPreference. Ziel: DisableAutoExclusions.
In C:\FRST\tmp000.ps1:9 Zeichen:1
+ Set-MpPreference -DisableAutoExclusions $true -Force
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpPreference:root\Microsoft\...FT_MpPreference) [Set-MpPreference],
CimException
+ FullyQualifiedErrorId : HRESULT 0x800106ba,Set-MpPreference
========= Ende von Powershell: =========
========= netsh winsock reset =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
========= netsh int ip reset =========
Depotweiterleitung wird zurckgesetzt... OK
Depot wird zurckgesetzt... OK
Steuerungsprotokoll wird zurckgesetzt... OK
Echosequenzanforderung wird zurckgesetzt... OK
Global wird zurckgesetzt... OK
Schnittstelle wird zurckgesetzt... OK
Anycastadresse wird zurckgesetzt... OK
Multicastadresse wird zurckgesetzt... OK
Unicastadresse wird zurckgesetzt... OK
Nachbar wird zurckgesetzt... OK
Pfad wird zurckgesetzt... OK
Potentiell wird zurckgesetzt... OK
Pr„fixrichtlinie wird zurckgesetzt... OK
Proxynachbar wird zurckgesetzt... OK
Route wird zurckgesetzt... OK
Standordpr„fix wird zurckgesetzt... OK
Unterschnittstelle wird zurckgesetzt... OK
Reaktivierungsmuster wird zurckgesetzt... OK
Nachbar aufl”sen wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... Fehler
Zugriff verweigert
wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... OK
wird zurckgesetzt... OK
Starten Sie den Computer neu, um die Aktion abzuschlieáen.
========= Ende von CMD: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
========= Ende von CMD: =========
========= netsh advfirewall reset =========
OK.
========= Ende von CMD: =========
========= netsh advfirewall set allprofiles state ON =========
OK.
========= Ende von CMD: =========
========= netsh winhttp reset proxy =========
Aktuelle WinHTTP-Proxyeinstellungen:
DirectAccess (kein Proxyserver).
========= Ende von CMD: =========
========= Bitsadmin /Reset /Allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
0 out of 0 jobs canceled.
========= Ende von CMD: =========
========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========
Fehler: Die Leistungsindikatoreinstellung konnte nicht aus dem Systemsicherungsspeicher neu erstellt werden. Fehlercode: 2.
========= Ende von CMD: =========
========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========
========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========
========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========
========= cscript /nologo %systemroot%\System32\slmgr.vbs /dlv =========
Softwarelizenzierungsdienst-Version: 10.0.19041.2604
Name: Windows(R), Professional edition
Beschreibung: Windows(R) Operating System, OEM_DM channel
Aktivierungs-ID: bd3762d7-270d-4760-8fb3-d829ca45278a
Anwendungs-ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Erweiterte PID: 03612-03305-025-303879-02-1031-19042.0000-1082021
Product Key-Kanal: OEM:DM
Installations-ID: 189928690806723483822377218313136938330205242204366583242317120
Lizenz-URL verwenden: https://activation-v2.sls.microsoft.com/SLActivateProduct/SLActivateProduct.asmx?configextension=DM
URL fr die šberprfung: https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx
Teil-Product Key: 63BP2
Lizenzstatus: Lizenziert
Verbleibende Windows Rearm-Anzahl: 1001
Verbleibende SKU Rearm-Anzahl: 1001
Vertrauenswrdige Zeit: 21.02.2023 13:09:43
========= Ende von CMD: =========
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
========= RemoveProxy: =========
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-749038088-1968257971-3176724149-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
========= Ende von RemoveProxy: =========
=========== EmptyTemp: ==========
FlushDNS => abgeschlossen
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 31799058 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 116 B
Windows/system/drivers => 502188202 B
Edge => 17408 B
Chrome => 88885687 B
Firefox => 35988610 B
Opera => 296238177 B
Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 6656 B
Public => 6656 B
systemprofile => 6656 B
systemprofile32 => 6656 B
LocalService => 267904 B
NetworkService => 284998 B
Ganz => 118607693 B
RecycleBin => 0 B
EmptyTemp: => 1 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 13:09:54 ====
Code:
ATTFilter Emsisoft Emergency Kit – Version 2022.12
Letztes Update: 21.02.2023 13:28:46
Eigene HP-ARBEITSZ\Ganz
HP-ARBEITSZ
Windows 10x64
Scan-Einstellungen:
Scan-Methode: Malware-Scan
Objekte: Speicher, Spuren, Dateien
PUPs-Erkennung: An
Archive scannen: Aus
E-Mail-Archive scannen: Aus
ADS-Scan: An
Scan-Beginn: 21.02.2023 14:33:26
Gescannt: 84930
Gefunden 0
Scan-Ende: 21.02.2023 14:36:55
Scan-Zeit: 0:03:29
Code:
ATTFilter SecurityCheck by glax24 & Severnyj v.1.4.0.54 [06.12.21] WebSite: www.safezone.cc DateLog: 21.02.2023 14:43:38 Path starting: C:\Users\Ganz\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: Ganz VersionXML: 10.44is-19.02.2023 ___________________________________________________________________________ Windows 10(6.3.19045) (x64) Professional Release: 2009 Lang: German(0407) Installation date OS: 14.12.2020 19:45:00 LicenseStatus: Windows(R), Professional edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe SystemDrive: C: FS: [NTFS] Capacity: [217.9 Gb] Used: [165.8 Gb] Free: [52.1 Gb] ------------------------------- [ Windows ] ------------------------------- User Account Control enabled (Level 3) Sicherheitscenter (wscsvc) - The service is running Remoteregistrierung (RemoteRegistry) - The service has stopped SSDP-Suche (SSDPSRV) - The service is running Remotedesktopdienste (TermService) - The service has stopped Windows-Remoteverwaltung (WS-Verwaltung) (WinRM) - The service has stopped ------------------------------ [ MS Office ] ------------------------------ Microsoft Office 2010 x86 v.14.0.7015.1000 ---------------------------- [ Antivirus_WMI ] ---------------------------- Malwarebytes (enabled and up to date) Windows Defender (disabled and up to date) --------------------------- [ FirewallWindows ] --------------------------- Windows Defender Firewall (mpssvc) - The service is running --------------------------- [ AntiSpyware_WMI ] --------------------------- Windows Defender (disabled and up to date) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Malwarebytes version 4.5.22.236 v.4.5.22.236 --------------------------- [ OtherUtilities ] ---------------------------- LibreOffice 7.4.1.2 v.7.4.1.2 Warning! Download Update Microsoft Office Professional Plus 2010 v.14.0.7015.1000 Warning! This software is no longer supported. Please use latest Microsift Office, Office Online or LibreOffice ------------------------------- [ Backup ] -------------------------------- Microsoft OneDrive v.23.007.0109.0004 ------------------------------ [ ArchAndFM ] ------------------------------ 7-Zip 22.01 (x64 edition) v.22.01.00.0 7-Zip 22.00 v.22.00.00.0 Warning! Download Update Uninstall old version and install new one. -------------------------------- [ Media ] -------------------------------- VLC media player v.3.0.16 Warning! Download Update iTunes v.12.12.5.8 Warning! Download Update ^Please use Apple Software Update tool.^ ------------------------------- [ Browser ] ------------------------------- Mozilla Firefox (x64 de) v.109.0.1 Warning! Download Update Google Chrome v.110.0.5481.104 Microsoft Edge v.110.0.1587.50 Opera Stable 95.0.4635.46 v.95.0.4635.46 ----------------------------- [ EmailClient ] ----------------------------- Mozilla Thunderbird (x86 de) v.102.6.1 Warning! Download Update ------------------ [ AntivirusFirewallProcessServices ] ------------------- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe v.4.0.0.1451 Malwarebytes Service (MBAMService) - The service is running C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe v.3.2.0.1172 Microsoft Defender Antivirus-Dienst (WinDefend) - The service has stopped Microsoft Defender Antivirus-Netzwerkinspektionsdienst (WdNisSvc) - The service has stopped ---------------------------- [ UnwantedApps ] ----------------------------- CCleaner v.6.09 Warning! Suspected demo version of anti-spyware, driver updater or optimizer. If this program is not familiar to you it is recommended to uninstall it and execute PC scanning using Malwarebytes Anti-Malware. Possible you became a victim of fraud or social engineering. Computer experts no longer recommend this program. VdhCoApp 1.4.0 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. Bonjour v.3.1.0.1 Warning! Application is distributed through the partnership programs and bundle assemblies. Uninstallation recommended. Possible you became a victim of fraud or social engineering. ----------------------------- [ End of Log ] ------------------------------ |
|
21.02.2023, 15:17
| #21 |
| /// TB-Ausbilder | WIN 10 Anhang geöffnet: Telekom Rechnung…pdf.htm - [TEIL 1 - Farbar Untersuchungsergebnis] Auf dem System war Adware und PUP (Potentiell Unerwünschte Programme). Bitte die folgenden Programme updaten (falls noch benötigt) oder deinstallieren (falls nicht mehr benötigt):
Die Downloadlinks findest du in der Logdatei von SecurityCheck. Entfernung der verwendeten Tools Führe KpRm gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei. Dann wären wir durch! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber. Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst...  Vielleicht möchtest du das Forum mit einer kleinen Spende  unterstützen.  Zum Schluss bitte unbedingt die Sicherheitsmaßnahmen lesen und umsetzen: Hinweis: Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
22.02.2023, 00:30
| #22 |
| | WIN 10 Anhang geöffnet: Telekom Rechnung…pdf.htm - [TEIL 1 - Farbar Untersuchungsergebnis]Code:
ATTFilter # Run at 22.02.2023 00:15:57
# KpRm (Kernel-panik) version 2.11.0
# Website https://kernel-panik.me/tool/kprm/
# Run by Ganz from C:\Users\Ganz\Downloads
# Computer Name: HP-ARBEITSZ
# OS: Windows 10 X64 (19045) (10.0.19045.0)
# Number of passes: 1
- Checked options -
~ Delete Tools
- Delete Tools -
## AdwCleaner
[OK] C:\Users\Ganz\Desktop\adwcleaner.exe deleted
## Emisoft Emergency Kit
[OK] C:\Users\Ganz\Downloads\EmsisoftEmergencyKit.exe deleted
## FRST
[OK] C:\Users\Ganz\Desktop\Addition-05-2.txt deleted
[OK] C:\Users\Ganz\Desktop\Addition.txt deleted
[OK] C:\Users\Ganz\Desktop\Fixlog.txt deleted
[OK] C:\Users\Ganz\Desktop\Fixlog_21-02-2023 13.10.35.txt deleted
[OK] C:\Users\Ganz\Desktop\FRST-04-1.txt deleted
[OK] C:\Users\Ganz\Desktop\FRST-05-1.txt deleted
[OK] C:\Users\Ganz\Desktop\FRST-OlderVersion deleted
[OK] C:\Users\Ganz\Desktop\FRST.txt deleted
[OK] C:\Users\Ganz\Desktop\FRST64.exe deleted
[OK] C:\Users\Ganz\Desktop\Search.txt deleted
[OK] C:\Users\Ganz\Downloads\FRST03\FRST.exe deleted
[OK] C:\Users\Ganz\Downloads\FRST03\FRST64.exe deleted
[OK] C:\Users\Ganz\Downloads\FRST02\FRST-OlderVersion deleted
[OK] C:\Users\Ganz\Downloads\FRST02\FRST.exe deleted
[OK] C:\Users\Ganz\Downloads\FRST 02\Addition.txt deleted
[OK] C:\Users\Ganz\Downloads\FRST 02\FRST-OlderVersion deleted
[OK] C:\Users\Ganz\Downloads\FRST 02\FRST.txt deleted
## Malwarebytes (log)
[OK] C:\Users\Ganz\Desktop\Malwarebytes.txt deleted
[OK] C:\Users\Ganz\Desktop\MBAM.TXT-02.txt deleted
## SecurityCheck
[OK] C:\Users\Ganz\Downloads\SecurityCheck.exe deleted
[OK] C:\SecurityCheck deleted
- Other Lines -
## Quarantines keeped
~ C:\AdwCleaner (AdwCleaner)
~ C:\EEK (Emisoft Emergency Kit)
~ C:\FRST (FRST)
-- KPRM finished in 5.28s --
|
|
22.02.2023, 12:17
| #23 |
| /// TB-Ausbilder | WIN 10 Anhang geöffnet: Telekom Rechnung…pdf.htm - [TEIL 1 - Farbar Untersuchungsergebnis] Wir sind froh, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Jeder andere bitte hier klicken und ein eigenes Thema erstellen. |
|
| Themen zu WIN 10 Anhang geöffnet: Telekom Rechnung…pdf.htm - [TEIL 1 - Farbar Untersuchungsergebnis] |
| .com, .dll, administrator, antivirus, avast, avira, bonjour, browser, converter, cpu, defender, desktop, email, excel, firefox, google, helper, hijack, hijackthis, homepage, installation, internet, internet explorer, monitor, mozilla, prozesse, registry, scan, security, server, services.exe, software, svchost.exe, system, tcp, udp, usb, windows, winlogon.exe |
![WIN 10 Anhang geöffnet: Telekom Rechnung…pdf.htm - [TEIL 1 - Farbar Untersuchungsergebnis]](iconimages/plagegeister-aller-art-deren-bekaempfung/win-10-anhang-geoeffnet-telekom-rechnung-pdf-htm-teil-1-farbar-untersuchungsergebnis_ltr.gif)
Lesestoff:
Linear-Darstellung
