Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg

Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg


Log-Analyse und Auswertung: Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Thema geschlossen
Seite 1 von 2 1 2
Alt 19.04.2023, 17:48   #1
fbin41
 
Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg - Standard

Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg


Hallo zusammen,

auf dem privaten Laptop meiner Frau verhalten sich aktuell alle drei installierten Browser (Firefox, Chrome, Edge) seltsam.

Die Browser zeigen folgende Verhaltensauffälligkeiten:

- Sie schicken den Benutzer in unregelmäßigen Abständen auf Werbeseiten
- Unter Einstellungen/Erweiterungen behaupten die Browser jeweils "Ihr Browser wird von ihrer Organisation verwaltet". Das kann jdeoch nicht sein, da der Laptop rein privat genutzt wird, alles wurde selbst installiert.)
- Firefox und Chrome haben je eine "namenlose Erweiterung", die sich nicht enfernen lässt - Detailangaben sagen jeweils "Version 2.4.11"
- Eine Bereinigung von Firefox laut hxxps://support.mozilla.org/de/kb/firefox-bereinigen ist nicht möglich, da der Button "Firefox bereinigen" an der beschriebenen Stelle nicht zu erkennen ist - auch nicht im "Fehlerbehebungsmodus"
- Firefox: Der "Fehlerbehebungsmodus" erscheint nicht wie erwartet - das Benachrichtigungsfenster beim Starten des Fehlerbehebungsmodus erscheint "suspekt" und hat nicht die gleichen Buttons wie in o.g. Anleitung

Der Beginn des Verhaltens (Werbeseiten einblenden) kann Tage bis Wochen, bis Monate zurückliegen.

(Anfang Dezember 2022 hatten meine Frau einen Vorfall bei ihrem Paypal-Konto, zum Glück ohne Schaden. Jemand Unbekanntes hatte Passwort-Änderungen initiiert.)

Ich vermute, dass die nachfolgend genannte Trojaner-Infektion ihre Bereinigung "vortäuscht" bzw. möglicherweise eine Mehrfach-Infektion vorliegt?

Die oben genannten Probleme bestehen jedenfalls weiterhin und sind zuletzt gestern (18.4.) mehrfach aufgetreten (Werbeseiten eingeblendet), bzw. die Browser-Erweiterungen sind offenbar aktuell weiterhin aktiv.

Danke im Voraus für Ihre/Eure Hilfe!

PS: Der Laptop ist ein Lenovo IdeaPad 520 mit Windows 10. Im Netzwerk haben wir einen HP OfficeJet 8860, alles im privaten WLAN hinter einer gemieteten Fritz!Box Cable. Meine Frau ist IT-Laie und macht mit dem Gerät viel Online-Shopping für die Familie.

Nachfolgend noch die technischen Infos:

Microsoft Defender meldet aktuell im "Schutzverlauf":

Zitat:
Bedrohung blockiert - 04.04.2023 20:06

Erkannt: Backdoor:Win32/Bladabindi!mclg
Status: Entfernt
Datum: 04.04.2023 20:06
Details: Dieses Programm stellt einen Remotezugriff auf den Computer bereit, auf dem es installiert ist.
Betroffene Elemente:
file: C:\Windows\Temp\4ef247ec-11e3-fdbd-b857-be8b87284343\788bd5ca-828c-9cb0-707f-17bcc0ce7e76.exe
file: C:\Windows\Temp\9539d4d7-53f8-70f9-24eb-5f8773a9b020\a3deedb8-7f46-12bc-5bff-97df1a4b83d6.exe
"Weitere Informationen" verweist auf
hxxps://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?name=Backdoor%3AWin32%2FBladabindi!mclg&threatid=2147784274


Hier noch die Logs:


FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-04-2023
durchgeführt von Anna (Administrator) auf ANNA-LENOVO-W10 (LENOVO 80YL) (19-04-2023 17:17:49)
Gestartet von D:\Software\Farbar_x86_x64\FRST64.exe
Geladene Profile: Anna
Plattform: Microsoft Windows 10 Home Version 22H2 19045.2846 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe ->) (Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(LenovoBoostAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(LenovoBoostSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(MultimediaAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudServices.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> ) C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\WebView2\msedgewebview2.exe <7>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\igfxEM.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <7>
(explorer.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> ) C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudCKKS.exe
(explorer.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> ) C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(explorer.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (LENOVO -> Lenovo(beijing) Limited) C:\Program Files\Lenovo\LenovoUtility\utility.exe
(explorer.exe ->) (Skype Software Sarl -> ) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe <6>
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\IntelCpHeciSvc.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> ) C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> ) C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\secd.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23022.140.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (SweetLabs Inc -> SweetLabs, Inc) C:\Users\athbi\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [894376 2017-04-14] (LENOVO -> Lenovo(beijing) Limited)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1922496 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [849920 2017-03-07] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [362056 2022-05-05] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11327200 2023-04-04] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706288 2021-04-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  (Keine Datei)
HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\Run: [MicrosoftEdgeAutoLaunch_88349514007821BC009C7118188706C5] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4056016 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP 7012 Status Monitor: C:\Windows\system32\hpinksts7012LM.dll [328704 2014-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8620): C:\Windows\system32\HPDiscoPM7012.dll [763912 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\85.0.4183.121\Installer\chrmstp.exe [2020-09-25] (Google LLC -> Google LLC)
Startup: C:\Users\athbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2018-01-07]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Beschränkung - Chrome <==== ACHTUNG
GroupPolicy-Firefox: Beschränkung <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02D80AC4-EAFA-45C2-B1E8-A57ED4B3365F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (Keine Datei)
Task: {04008C4A-ACC1-4D34-8A9A-C33E978AC250} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\38b71b36-98cd-41f8-b226-d1c1d1c4986c => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {07B7BEEA-5066-45BA-8D1D-4D781B4CDCC9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [647616 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0DDD97C2-5C1D-4993-AB90-E34D9FC8DA8B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [647616 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0E2B8BA9-811D-4A0D-9DDA-EDDB30F89CD9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
Task: {146A8CAD-41D5-48B3-BF2F-48C6E5252AD3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436672 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {16F7F4CD-38E4-491F-AF35-EF5805697C87} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {16F9A3B9-AE18-4434-A35B-000F8F43A5AB} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [88344 2017-02-17] (CyberLink Corp. -> CyberLink Corp.)
Task: {18B3D5DD-8FA0-477F-8FFC-EB2B54975AF3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26409896 2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {263846D5-49F4-4A02-B73C-A373DA5351C7} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {270C1F4E-8C4D-4874-9948-372B40972849} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114656 2023-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {2A1C2893-C129-45F4-8513-975173E72904} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {2F0D5672-4E48-40CC-A89A-08E7C14C7E66} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [717248 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3A76240A-181C-49CD-955C-38E7D260A883} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0028b695-de87-41b0-9a47-fa161f0940a8 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {3AD0C074-2F5B-45EA-8EBA-2FDA08F952F7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3CFD1FA0-FD46-4EDA-9B1D-ED7367378294} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {3D10AC7F-04A2-4998-BCB9-988508187666} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {5840509D-8829-414E-A65D-32541ECD119B} - System32\Tasks\AppleMobileHintergrundübertragungsdienst => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> C:\WINDOWS\Installer\{65C4EEBA-EDAC-4602-8E5C-BD22D8BEA90D}\{B49DA697-B607-4850-AB10-11CF68C3C352} <==== ACHTUNG
Task: {5CC0FA82-0DD1-415F-88A8-D8F0F43EC3C4} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506168 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {670CB788-B226-4373-B912-2AA9E2F490BF} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {6D4190F4-BE4F-4B1F-B734-304492B78359} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6F8CD596-78E4-469C-BCE9-9B0F3B2255DC} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {744C8F0F-E50C-4CE3-ACCE-9E8341C96F19} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\938cd0d6-7874-4c1a-8b37-a27db68aa6f2 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {8474F7B1-DC2B-4D64-BE7D-6D080F578EF4} - System32\Tasks\App Explorer => C:\Users\athbi\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7583768 2022-11-30] (SweetLabs Inc -> SweetLabs, Inc) <==== ACHTUNG
Task: {8540359D-1299-41B4-AA57-403C162991D5} - System32\Tasks\MUP Netzwerkkonnektivitäts-Assistent Manager-Dienst => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> "C:\ProgramData\Package Cache\{CE35B488-A482-407E-8C3E-48C213120839}\{1910C353-D10C-44B9-BA91-72D0B3B19EC1}" <==== ACHTUNG
Task: {88A929E5-219D-45C9-BABA-B89796187F71} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [717248 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8C783D4B-9D3D-42B7-A1D5-0B83CFF0FB09} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1714112 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8CCDCDF0-3F17-4CD8-8368-EEE411828A58} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [946112 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8EAF89F1-D857-4DFD-9DD0-A1B0711F67F1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ac7a0baf-274c-4f05-bffa-a2ebb28a9c59 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {8F1D8A1B-2558-46C1-909B-5793580F9083} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114656 2023-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {92D46EC5-0D24-46C4-9B9E-0906A7E080F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {936DBBC0-F92E-447A-9911-543A55FCFB88} - System32\Tasks\HPCustParticipation HP Officejet Pro 8620 => C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPCustPartic.exe [5745672 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {986F4E96-B5E9-4C2B-B306-175C25B6FEA8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26409896 2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {9BD2605E-EEE6-4734-8BA0-D5A93BB1E6A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {A50E8C74-F5E0-43CC-8905-89C4CF54032C} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {A708C525-478D-46A6-9168-0F0C99EB799E} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {A8E94241-7910-4603-B8C4-E137F7D6EBDE} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {A9144B2A-286A-4560-915B-FE515B39503D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AD768997-3A76-425B-AD74-EA03626860C1} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {AE4257FE-175C-4B34-B64F-7D6A91F8A84E} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {B0495E0F-66D5-4293-8D5E-87289E806DDB} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\Lenovo\Power2Go\CLVDLauncher.exe [347416 2016-09-20] (CyberLink Corp. -> CyberLink Corp.)
Task: {BE53B40D-0E81-4F78-8B5D-19A549970770} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506168 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {CE0ACD11-0DE5-424F-92D8-8C2F4FA077EB} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {CE80E807-042E-4154-8705-99C9B567CC0C} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506168 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {D2A474AC-58B6-4CA5-BAF2-81D58DE8E226} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {DA63F70E-D721-4640-A699-E852A5662A3C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [190744 2016-10-07] (CyberLink Corp. -> CyberLink)
Task: {DE80A756-8BA5-4FCF-9151-C798E96E9D20} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (Keine Datei)
Task: {E66940DA-4B71-4AE0-9936-8AD8FCA3A4E9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E7A3F2AA-F53B-4638-8CF0-6CBAF4B4EF93} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [766400 2022-06-13] (Mozilla Corporation -> Mozilla Foundation)
Task: {FA6BB3E0-41B5-41F5-8ADA-B549B9AC7062} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {FC74E7F7-4AF3-446B-B664-A28AC6E02533} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (Keine Datei)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2b6d82fc-ac06-414f-abe2-6e7dd76b3117}: [DhcpNameServer] 150.213.1.2
Tcpip\..\Interfaces\{337671d7-3eee-45b8-a9ff-56a66a52a8c9}: [DhcpNameServer] 192.168.178.1

Edge: 
=======
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\athbi\AppData\Local\Microsoft\Edge\User Data\Default [2023-04-19]
Edge Extension: (Edge relevant text changes) - C:\Users\athbi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-19]

FireFox:
========
FF DefaultProfile: mums5mhc.default
FF ProfilePath: C:\Users\athbi\AppData\Roaming\Mozilla\Firefox\Profiles\mums5mhc.default [2023-04-19]
FF user.js: detected! => C:\Users\athbi\AppData\Roaming\Mozilla\Firefox\Profiles\mums5mhc.default\user.js [2023-04-16]
FF NewTab: Mozilla\Firefox\Profiles\mums5mhc.default -> hxxps://defaultsearch.co/homepage?hp=1&pId=AGB200101&iDate=2020-07-29 11:11:17&bName=&bitmask=0600
FF Extension: ( ) - C:\Users\athbi\AppData\Roaming\Mozilla\Firefox\Profiles\mums5mhc.default\Extensions\{8F247DCC-255E-4B8E-9F3E-AE6FCE99A428}.xpi [2022-08-10]
FF Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\athbi\AppData\Roaming\Mozilla\Firefox\Profiles\mums5mhc.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-03-27]
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-04-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.291.2 -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\dtplugin\npDeployJava1.dll [2021-06-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.291.2 -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\plugin2\npjp2.dll [2021-06-07] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR Profile: C:\Users\athbi\AppData\Local\Google\Chrome\User Data\Default [2023-04-19]
CHR Extension: ( ) - C:\Users\athbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\njhbfjafahdoijpnjomdaadmlkliekfc [2023-04-16]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\athbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-05-03]
CHR Extension: (Chrome Media Router) - C:\Users\athbi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2022-05-03]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [100424 2022-05-02] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12634544 2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2023-04-04] (Dropbox, Inc -> Dropbox, Inc.)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\\3.13.43.0\LenovoVantageService.exe [32464 ] (Lenovo -> Lenovo Group Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe [3228400 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe [133536 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R3 MpKsl31d728a8; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B161F49B-BD94-40FE-9AD4-A31D5F66E56E}\MpKslDrv.sys [211208 2023-04-19] (Microsoft Windows -> Microsoft Corporation)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [890944 2017-09-29] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2023-04-06] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [497920 2023-04-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-04-06] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2023-04-19 17:17 - 2023-04-19 17:18 - 000000000 ____D C:\FRST
2023-04-19 17:16 - 2023-04-19 17:16 - 003459075 _____ C:\Users\athbi\Downloads\Farbar_x86_x64.zip
2023-04-19 06:24 - 2023-04-19 06:25 - 000000000 ____D C:\Users\athbi\Desktop\Firefox-Befall
2023-04-19 02:08 - 2023-04-19 02:08 - 105644032 _____ C:\WINDOWS\system32\config\SOFTWARE
2023-04-19 02:03 - 2023-04-19 02:08 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2023-04-19 01:09 - 2023-04-19 01:09 - 000004036 _____ C:\WINDOWS\system32\Tasks\PostponeDeviceSetupToast_S-1-5-21-624402189-1887333828-3918413586-1003_0
2023-04-19 00:59 - 2023-04-19 00:59 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-624402189-1887333828-3918413586-1003
2023-04-18 20:15 - 2023-04-18 20:15 - 000000000 ___HD C:\$WinREAgent
2023-04-18 09:13 - 2023-04-18 09:13 - 000024848 _____ C:\Users\athbi\Downloads\dhl-return-60004038-bc29-2622-6b19-3a0aa55fc5ad.pdf
2023-04-18 08:41 - 2023-04-18 08:41 - 000128305 _____ C:\Users\athbi\Downloads\Retourenanleitung.pdf
2023-04-16 15:21 - 2023-04-16 15:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2023-04-04 12:51 - 2023-04-04 12:51 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2023-04-19 17:06 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-04-19 16:51 - 2017-12-31 14:05 - 000000000 ____D C:\Users\athbi\AppData\LocalLow\Mozilla
2023-04-19 16:49 - 2018-06-09 15:20 - 000000000 ____D C:\Users\athbi\AppData\Local\Host App Service
2023-04-19 16:48 - 2018-06-26 19:45 - 000000000 ____D C:\Users\athbi\AppData\Local\D3DSCache
2023-04-19 16:47 - 2022-08-22 21:03 - 000000000 ____D C:\Users\athbi\AppData\Roaming\DropboxElectron
2023-04-19 16:47 - 2017-12-31 13:20 - 000000000 ____D C:\Users\athbi\AppData\Roaming\Microsoft\Word
2023-04-19 16:47 - 2017-12-31 11:03 - 000000000 ____D C:\Users\athbi\AppData\Local\Dropbox
2023-04-19 16:46 - 2017-12-30 23:00 - 000000000 ___RD C:\Users\athbi\OneDrive
2023-04-19 06:32 - 2017-08-18 03:20 - 000000000 ____D C:\ProgramData\NVIDIA
2023-04-19 06:20 - 2020-06-28 17:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-04-19 01:22 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2023-04-19 01:15 - 2020-06-28 17:57 - 001722792 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-04-19 01:15 - 2019-12-07 16:50 - 000744968 _____ C:\WINDOWS\system32\perfh007.dat
2023-04-19 01:15 - 2019-12-07 16:50 - 000150354 _____ C:\WINDOWS\system32\perfc007.dat
2023-04-19 01:10 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-04-19 01:09 - 2018-01-16 18:46 - 000000000 ____D C:\Users\Frank\AppData\Local\Dropbox
2023-04-19 01:08 - 2020-06-28 17:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-04-19 01:08 - 2020-06-28 17:47 - 000008192 ___SH C:\DumpStack.log.tmp
2023-04-19 01:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-04-19 01:08 - 2018-01-16 18:45 - 000000000 __SHD C:\Users\Frank\IntelGraphicsProfiles
2023-04-19 01:03 - 2019-12-07 11:03 - 002097152 _____ C:\WINDOWS\system32\config\BBI
2023-04-19 01:02 - 2018-06-09 15:20 - 000000000 ____D C:\Users\Frank\AppData\Local\Host App Service
2023-04-19 00:59 - 2020-06-28 17:57 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-624402189-1887333828-3918413586-1003
2023-04-19 00:59 - 2020-06-28 17:49 - 000002402 _____ C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-04-19 00:59 - 2018-01-16 18:45 - 000000000 ____D C:\Users\Frank\AppData\Local\Packages
2023-04-19 00:58 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-04-18 22:05 - 2020-06-28 17:47 - 000531912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemApps
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-04-18 20:28 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-04-18 20:24 - 2020-06-28 17:48 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-04-18 19:53 - 2017-12-31 09:29 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-04-18 19:49 - 2017-12-31 09:29 - 156112424 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-04-18 09:19 - 2020-10-07 06:41 - 000000306 __RSH C:\ProgramData\ntuser.pol
2023-04-18 09:18 - 2017-12-31 11:02 - 000001254 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2023-04-18 09:18 - 2017-12-31 11:02 - 000001250 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2023-04-18 08:18 - 2022-10-13 12:17 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-04-18 08:18 - 2022-10-13 12:17 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-04-18 08:18 - 2017-08-18 02:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-04-18 08:16 - 2021-12-11 18:13 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-624402189-1887333828-3918413586-1001
2023-04-18 08:16 - 2020-06-28 17:57 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-04-18 08:16 - 2020-06-28 17:57 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-624402189-1887333828-3918413586-1001
2023-04-18 08:16 - 2020-06-28 17:49 - 000002402 _____ C:\Users\athbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-04-17 12:20 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-04-16 15:24 - 2020-09-25 08:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-04-16 15:22 - 2017-12-31 11:02 - 000000000 ____D C:\Program Files (x86)\Dropbox
2023-04-06 10:11 - 2018-02-14 18:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-03-27 10:59 - 2018-01-03 13:10 - 000000000 ____D C:\Users\athbi\Documents\HP Scans

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2021-02-25 21:03 - 2021-02-25 21:03 - 001384728 _____ (Microsoft Corporation) C:\Users\athbi\TeamsSetupx64_s_8D8D9BFA4BA8BEE-7-0_.exe
2020-11-25 14:39 - 2020-11-25 14:39 - 000007648 _____ () C:\Users\athbi\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================
--- --- ---


und noch

FRST Additions Logfile:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-04-2023
durchgeführt von Anna (19-04-2023 17:19:38)
Gestartet von D:\Software\Farbar_x86_x64
Microsoft Windows 10 Home Version 22H2 19045.2846 (X64) (2020-06-28 15:57:19)
Start-Modus: Normal
==========================================================


==================== Konten: =============================


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-624402189-1887333828-3918413586-500 - Administrator - Disabled)
Anna (S-1-5-21-624402189-1887333828-3918413586-1001 - Administrator - Enabled) => C:\Users\athbi
athbi (S-1-5-21-624402189-1887333828-3918413586-1002 - Limited - Enabled) => C:\Users\athbi.LAPTOP-P33CJ5M1
DefaultAccount (S-1-5-21-624402189-1887333828-3918413586-503 - Limited - Disabled)
Frank (S-1-5-21-624402189-1887333828-3918413586-1003 - Limited - Enabled) => C:\Users\Frank
Gast (S-1-5-21-624402189-1887333828-3918413586-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-624402189-1887333828-3918413586-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ACDSee 8 (HKLM-x32\...\{AA2E6BFE-4351-481C-A720-47CB3506570B}) (Version: 8.1.100 - ACD Systems Ltd.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 23.001.20143 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{11C4575B-4B32-44D2-A097-D59A00BA60DE}) (Version: 8.5 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D39B163A-9E12-442C-95E9-33FA5746AB21}) (Version: 8.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2B3CA448-5266-480F-85FA-2FCCB3C8712C}) (Version: 15.6.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Audiograbber (HKLM-x32\...\Audiograbber) (Version: 1.83 (2020 Edition) - Audiograbber)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.7417 - CyberLink Corp.)
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{9207D68E-666A-49C7-A900-9F5B2FF289E4}) (Version: 0.8.0.71 - Dolby Laboratories, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 171.4.6182 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.733.1 - Dropbox, Inc.) Hidden
FOTOParadies (HKLM-x32\...\{FD838798-E2CB-45FA-AF79-6011519031E2}}_is1) (Version: 4.12.0.1257 - Foto Online Service GmbH)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 85.0.4183.121 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
HP Officejet Pro 8620 - Grundlegende Software für das Gerät (HKLM\...\{F6CE08BC-6929-412E-BB42-A9A7CD9721D7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Hilfe (HKLM-x32\...\{F8E43C63-DFF2-4134-A46C-2A6F00517A35}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iBackup Viewer 4.15.0 (HKLM-x32\...\{5B428966-3054-41E3-B0F8-008EE30BD019}_is1) (Version:  - iMacTools)
iCloud Outlook (HKLM\...\{A8C64C2A-BD34-464F-BA61-A969BA46FC2B}) (Version: 10.9.3.62 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM\...\{81520FC5-3518-40E9-9803-70CE8A801D07}) (Version: 10.1.1.38 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1035 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{BB1B550F-329D-4B07-A8D0-82914483411C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
iTunes (HKLM\...\{603AC145-2337-4355-A6F1-BF66FDB2FA63}) (Version: 12.12.4.1 - Apple Inc.)
Java 8 Update 291 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180291F0}) (Version: 8.0.2910.10 - Oracle Corporation)
JDiskReport 1.4.1 (HKLM-x32\...\JDiskReport 1.4.1) (Version: 1.4.1 (2014-02-26 11:50:44) - JGoodies Karsten Lentzsch)
Lenovo App Explorer (HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\Host App Service) (Version: 0.273.4.600 - SweetLabs for Lenovo)
Lenovo App Explorer (HKU\S-1-5-21-624402189-1887333828-3918413586-1002\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo)
Lenovo App Explorer (HKU\S-1-5-21-624402189-1887333828-3918413586-1003\...\Host App Service) (Version: 0.273.4.600 - SweetLabs for Lenovo)
Lenovo Utility (HKLM\...\{12ABAC82-7D83-4CB8-9DD2-434DC9AF2942}_is1) (Version: 3.0.0.17 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.43.0 - Lenovo Group Ltd.)
LibreOffice 5.3.7.2 (HKLM\...\{117F3217-458C-4371-B222-00C69DE96CB2}) (Version: 5.3.7.2 - The Document Foundation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 111.0.1661.44 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.69 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2016 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 16.0.16227.20280 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\OneDriveSetup.exe) (Version: 23.071.0402.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-624402189-1887333828-3918413586-1002\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-624402189-1887333828-3918413586-1003\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\Teams) (Version: 1.4.00.22472 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 101.0.1 (x64 de)) (Version: 101.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.3 - Mozilla)
NVIDIA GeForce Experience 3.8.0.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.8.0.89 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16227.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Qweb Symbol (HKLM-x32\...\Qweb.de) (Version: 1.0 - Qweb Symbol) <==== ACHTUNG
Studie zur Verbesserung von HP Officejet Pro 8620 (HKLM\...\{825BC9A9-A005-4FDB-BDE9-A4F2DF69C3B7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
tiptoi® Manager 5.0.2 (HKLM\...\{833392BB-E8C0-4066-9408-3A30FA43972F}_is1) (Version: 5.0.2 - Ravensburger AG)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{9E5A6059-314A-4F02-B8A4-8C9C97989589}) (Version: 8.91.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WhatsApp (HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\WhatsApp) (Version: 2.2245.9 - WhatsApp)
Windows 10-Update-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.32.21.0_x64__kgqvnymyfvs32 [2023-04-04] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.240.400.0_x64__kgqvnymyfvs32 [2023-04-18] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_7.9.9.0_x86__h6adky7gbf63m [2023-04-18] (Gameloft SE)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.16.352.0_x64__rz1tebttyb220 [2023-04-19] (Dolby Laboratories)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_144.1.1068.0_x64__v10z8vjag6ke6 [2023-04-18] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa [2023-01-07] (Apple Inc.) [Startup Task]
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2301.8.0_x64__k1h2ywk1493x8 [2023-04-19] (LENOVO INC.)
Lenovo Kontoportal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-12-30] (LENOVO INCORPORATED.)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-30] (LENOVO INCORPORATED.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_7.3.2.0_x86__h6adky7gbf63m [2023-04-06] (Gameloft SE)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-11] (Microsoft Corporation)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1820.9.73.0_x64__8xx8rvfyw5nnt [2023-03-16] (Meta) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-14] (Microsoft Corporation) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.19.7302.0_x64__8wekyb3d8bbwe [2023-04-04] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-04-09] (Netflix, Inc.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-04-19] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0 [2023-04-18] (Spotify AB) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2313.6.0_x64__cv1g1gvanyjgm [2023-04-19] (WhatsApp Inc.) [Startup Task]
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x64__8wekyb3d8bbwe [2023-01-04] (Microsoft Corporation)
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x86__8wekyb3d8bbwe [2023-01-04] (Microsoft Corporation)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52 [2021-06-13] (New Work SE)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-624402189-1887333828-3918413586-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\athbi\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21140.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-624402189-1887333828-3918413586-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\athbi\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-624402189-1887333828-3918413586-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\athbi\Dropbox [2017-12-31 16:05]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\igfxDTCM.dll [2019-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-21] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\athbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDiskReport 1.4.1\JGoodies Home Page.lnk -> hxxp://www.jgoodies.com

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============


==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========

HKU\S-1-5-21-624402189-1887333828-3918413586-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=COS2&ptag=D072920-AED1060C710&form=CONMHP&conlogo=CT3334504
HKU\S-1-5-21-624402189-1887333828-3918413586-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-624402189-1887333828-3918413586-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
HKU\S-1-5-21-624402189-1887333828-3918413586-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-624402189-1887333828-3918413586-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-624402189-1887333828-3918413586-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
HKU\S-1-5-21-624402189-1887333828-3918413586-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-624402189-1887333828-3918413586-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-624402189-1887333828-3918413586-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-624402189-1887333828-3918413586-1001 -> DefaultScope {53925601-2FCD-4A29-B367-60284FA6688C} URL = 
SearchScopes: HKU\S-1-5-21-624402189-1887333828-3918413586-1001 -> {53925601-2FCD-4A29-B367-60284FA6688C} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-02-05] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\ssv.dll [2021-06-07] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_291\bin\jp2ssv.dll [2021-06-07] (Oracle America, Inc. -> Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-16] (Microsoft Corporation -> Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2017-03-18 23:03 - 2017-03-18 23:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files (x86)\nodejs\
HKU\S-1-5-21-624402189-1887333828-3918413586-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\athbi\Pictures\IMG_1492.JPG
HKU\S-1-5-21-624402189-1887333828-3918413586-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\athbi.LAPTOP-P33CJ5M1\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
HKU\S-1-5-21-624402189-1887333828-3918413586-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{AC218C40-6184-4B36-A2A4-2FC41A623DA2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{34343FB8-9C55-4205-B25C-5A386A97EF32}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{DD46D48A-05D2-4626-9302-3BF1EAD392CF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{8B2F6B13-787A-4C13-B7A0-8669F6F1F8A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{3884368A-3A03-4217-97F7-73A1379F5D43}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{927C32C8-CD4F-4381-8073-CF61775FE17B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{6B5A2042-FDE7-432F-A3A7-7216DC153EEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{CA684955-E2E6-4FAB-B5BD-3ED8006B46EF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{20022487-6451-4800-82E6-11C1AF2CEC77}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{DB0C8512-90F3-4BB6-B68B-B054EBDA2115}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{5B98457D-CAEF-4265-A94F-DD95BF97290E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{91999B30-6C59-4E86-854F-814861874A47}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{B4F9B27F-F72F-4B4E-8C13-4F8AB713435F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{6D550B11-704C-4138-9E77-F4F86DFDF137}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{371B5B53-EFEA-44D3-9440-F7CD3242241E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{A0653830-5CCA-4318-83D9-CE5832AF5AEF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{36066C1C-C711-499C-80A9-6AB69BA784A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{AE8425FC-91DD-4159-84B5-CD1F07DC5021}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{CBAF5845-1FAA-4AE2-8B58-BC12CC63F91F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{8802D145-297C-4A7D-A3C9-0EB7843E0C04}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{41CF2DAF-D1A3-4823-98DE-4E1EA77FA13B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{594775A3-0594-43B2-992C-BBCC1C8A475D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{FB923C09-8584-4DFF-8283-B6505A5E5C22}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{7A37757B-0809-44FF-8039-F76DFBD9EF2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{EA0B16FC-649D-4079-B106-34494FDAA641}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{2A20BD29-2804-4119-9400-B60050AC1F1E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{ABE8846A-0E4B-4ABD-96E3-1728F8B4E3A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{12DBD426-96B8-46A9-93F9-3B69F0F7D2D0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{00EAF64E-9AB3-478F-9506-35AF3EDAC03F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{30E83503-6E1E-4C86-A27A-178EDE79B1F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{9A8D4232-1B0E-4DC3-9C2B-DD15069BA531}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{77439F06-CE7A-435B-9DB9-0300B7C56DF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{48F12A1A-5403-400D-8509-0A89AD7F5C52}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AB8DF726-C74D-43E6-B3EA-E6A9A9518054}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6390C560-EA31-41BE-973A-F9E0E0884A03}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E58DA280-9154-467F-B11F-931A8A11ABAA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4C6A7DDE-8AC0-4288-AB69-EAC861E6263F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{421991C6-13E6-40A9-A5E6-48D16D2506A7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{CC0ED3F7-489B-43B4-8D54-ABBE36C30935}] => (Allow) LPort=5357
FirewallRules: [{CE711B05-2DFF-4261-8610-D7B635D08D4F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{CD602CE4-D754-41AA-9CA0-20F77B058F87}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{BC16575D-E187-4694-BF97-5074E7CAA5EF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{D5EC5CA3-2278-4813-A55F-491E9825E8AA}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{F9D540D7-93BE-4021-B2EB-079EF720ABBD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{80E98B06-BDBE-48CD-A555-A382AAAF92ED}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{AD6A0026-2578-4FC4-A8EB-1D2AD0F3E130}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => Keine Datei
FirewallRules: [{08E925FA-FE14-45C7-9D80-C509E835E681}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => Keine Datei
FirewallRules: [{696FBFD0-A21C-4517-BDE3-E5E810236C70}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{46713C31-8181-4646-9DAD-1D74605FC87B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => Keine Datei
FirewallRules: [{C328306D-66E3-4106-BBB3-6197713E0CF8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => Keine Datei
FirewallRules: [{869CD70E-7C28-4149-B647-4EE37A4E2B47}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{5E875506-7461-4D1B-9EDF-B5D4B6409CD6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{982A9D5B-01AC-480A-8ED5-36E87D76C5FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3EF18B14-2DC7-412E-9569-7354CECD3556}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe => Keine Datei
FirewallRules: [{691C41A4-35AB-4708-B2DD-F4A7EC697674}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{961B8823-02F5-4AA6-A910-FA8F8E2C201A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{0EFAAB4B-1F56-475F-83B4-07E44B4EE333}C:\program files\rstudio\bin\rsession.exe] => (Block) C:\program files\rstudio\bin\rsession.exe => Keine Datei
FirewallRules: [UDP Query User{E3CC6A00-11BA-4678-B3C9-9C4EE88787BA}C:\program files\rstudio\bin\rsession.exe] => (Block) C:\program files\rstudio\bin\rsession.exe => Keine Datei
FirewallRules: [{FAC1CD3D-6EED-46E6-B46F-5E301E88D182}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{0A8942D2-F05D-46C3-81A2-9E06AFEEFB96}C:\users\athbi\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\athbi\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{EC698404-78E9-4D6B-9C2D-8C3010963F96}C:\users\athbi\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\athbi\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FAE1F094-FCB9-4B42-B131-9ACA4095C82F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{8D71F9DF-65B8-41D3-B446-9FC0E0995086}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6672EA65-F71F-4DBB-B4EB-CA7F8D18AEB8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{FA449F34-1372-4B29-9230-D45A5CABC0A3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{03D77AD8-0FB5-42D1-BB20-7E3655779C1F}] => (Allow) C:\Users\athbi\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9F2E1649-3F75-4D36-83E0-4ECFAE20A6D5}] => (Allow) C:\Users\athbi\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{00C75A60-8331-4716-BC5D-642BA36F2D45}] => (Allow) C:\Users\athbi\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{DBCDF9C3-5A71-48C2-94F0-94FCF28D391B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6519AB27-6EC6-4FBC-92F2-044D53780C17}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6FA4B9C4-F8BE-4A9E-8F0D-A0611CBDFB63}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{19B3E677-74D0-4946-A1A3-CD5100F14CC1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{9B6E2671-9D86-4524-89F8-4BD2381106CF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{FDF888C3-96B9-4EA1-B9E7-EE318DE9CD98}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{A84EBDAE-E705-498A-9D97-65E40DE0518F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{091B54F1-E17F-4C36-8E6E-D8DA08380022}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6B6DCFCC-302D-4D69-8891-1A2D2A0D4A17}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DA987158-0D87-4180-9EBF-6746F0A0FE41}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{80F3F0B7-FDF9-4084-83AC-044565766D39}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{46FEE2D0-66DF-4E8D-A061-A40064677082}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{0244CC0E-482B-4552-BC42-C8DFFAB4452B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6196D662-B204-4370-942D-6BBC8732A970}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{B005F084-13F8-4DB1-AC3E-76BEA3B83C5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{C5E8E01C-389F-4FB6-87DA-1F044D3C3EA9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{FE88192B-32AD-4B26-BBDF-90D7EA16B8D8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{7B9C61DD-21BB-4CFD-B499-D76C8AC7EC48}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.69\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8820021-1D16-46F5-B0C1-1EF32E54E0B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{F16366D6-52A1-496D-A38F-7C9CC03108B6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{9077FB14-9E1F-4387-ADF2-C879E740D618}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{8506515A-C8E8-4746-9016-F386B51E9B85}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{EAB9CCF9-B934-46BB-ABF8-340AD86FD394}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{5A01491D-D233-4C7D-B838-4FB9DCAAE25E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{6A8ED854-CC6C-4368-914E-64C1470277B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{DB37A0E1-A49F-42CD-8F0B-90F6E96D2A41}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{10791C44-681A-4FC2-85C2-44686054FC6A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{81B7E260-64FC-419D-946E-73DE1AF1A98F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{A8E53B7B-DD1F-412D-9072-A56B1CCE609F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{21260D3D-A872-43D7-958A-8379C219B9D0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{350DCE98-C7F0-4D6B-BF82-6F35806FF1EB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{BB08A189-8361-42F8-BA5E-30CD16998706}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{2DB65C9B-3780-4883-A20E-ADAB83241FF0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{E9C6707B-CEC3-4A1C-BD3E-26B220E6F9C5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{AEC42519-0400-43D9-B4B3-37B351A6E5E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{FB21002E-F19F-476A-B67F-6AF2DF985568}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{76DAF7BF-31DA-4DD2-9847-88B54F4E678D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{A1AF3ABD-5EC3-4855-9D52-C6E03508DF85}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{29AE2680-E2BD-43D2-92F0-0CA8D6E44640}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{61335FDB-AF86-4E91-8DDC-6D78B9CF9272}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{96A2A44D-DDE2-4ADB-A84F-6FA36532A46C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{81C2CB23-11BB-419B-BE0E-B32DD7E48B71}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{BC8083FE-8A80-43B2-9D53-6BFD93726AAA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )

==================== Wiederherstellungspunkte =========================

18-04-2023 20:14:02 Windows Modules Installer

==================== Fehlerhafte Geräte im Gerätemanager ============


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (04/19/2023 04:46:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname ANNA-LENOVO-W10.local already in use; will try ANNA-LENOVO-W10-2.local instead

Error: (04/19/2023 04:46:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 ANNA-LENOVO-W10.local. Addr 192.168.178.66

Error: (04/19/2023 04:46:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.66:5353   16 ANNA-LENOVO-W10.local. AAAA 2A02:810A:14BF:CCE8:6753:C417:AABC:2718

Error: (04/19/2023 01:21:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm svchost.exe Version 10.0.19041.1806 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b40

Startzeit: 01d9724ab8d9cd92

Beendigungszeit: 4294967295

Anwendungspfad: C:\Windows\System32\svchost.exe

Bericht-ID: 3e9fe180-df5d-47e6-89b3-e2865453c2a9

Vollständiger Name des fehlerhaften Pakets: 

Relative Anwendungs-ID des fehlerhaften Pakets: 

Absturztyp: Unknown

Error: (04/16/2023 03:21:53 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden.

Error: (04/16/2023 03:21:53 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden.

Error: (04/16/2023 03:21:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname ANNA-LENOVO-W10.local already in use; will try ANNA-LENOVO-W10-2.local instead

Error: (04/16/2023 03:21:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister   16 ANNA-LENOVO-W10.local. AAAA FE80:0000:0000:0000:9D9D:2049:B4A8:B916


Systemfehler:
=============
Error: (04/18/2023 10:07:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet: 
Das Handle ist ungültig.

Error: (04/18/2023 10:07:47 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Broker für Laufzeitüberwachung der Systemüberwachung" wurde mit folgendem Fehler beendet: 
%%2147944147 = Der Authentifizierungsdienst ist unbekannt.

Error: (04/18/2023 10:07:46 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Sicherheitscenter" wurde mit folgendem Fehler beendet: 
Der Authentifizierungsdienst ist unbekannt.

Error: (04/18/2023 10:03:35 PM) (Source: DCOM) (EventID: 10010) (User: ANNA-LENOVO-W10)
Description: Der Server "{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (04/18/2023 08:00:57 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80248007 fehlgeschlagen: 9WZDNCRFHVFW-Microsoft.BingNews

Error: (04/18/2023 08:00:00 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80248007 fehlgeschlagen: 9WZDNCRFHWLH-AD2F1837.HPPRINTERCONTROL

Error: (04/18/2023 07:57:33 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80248007 fehlgeschlagen: 9NKSQGP7F2NH-5319275A.WhatsAppDesktop

Error: (04/18/2023 07:49:17 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80242016 fehlgeschlagen: Funktionsupdate für Windows 10, Version 22H2


Windows Defender:
================
Date: 2023-04-19 17:05:37
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {5A61342C-43C9-4C86-8687-F9A088D6FFFF}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2023-04-19 01:21:40
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {EE91A563-A813-4AE7-914F-B355E573FEB3}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Vollständige Überprüfung
Benutzer: ANNA-LENOVO-W10\Anna

Date: 2023-04-04 20:21:48
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {8A98C71A-57C5-4D08-A108-C467FD8E3B99}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2023-04-04 20:06:32
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bladabindi!mclg&threatid=2147784274&enterprise=0
Name: Backdoor:Win32/Bladabindi!mclg
Schweregrad: Schwerwiegend
Kategorie: Hintertür
Pfad: file:_C:\Windows\Temp\4ef247ec-11e3-fdbd-b857-be8b87284343\788bd5ca-828c-9cb0-707f-17bcc0ce7e76.exe; file:_C:\Windows\Temp\9539d4d7-53f8-70f9-24eb-5f8773a9b020\a3deedb8-7f46-12bc-5bff-97df1a4b83d6.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Program Files (x86)\nodejs\node.exe
Sicherheitsversion: AV: 1.385.1699.0, AS: 1.385.1699.0, NIS: 1.385.1699.0
Modulversion: AM: 1.1.20200.4, NIS: 1.1.20200.4

Date: 2023-04-04 20:06:30
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bladabindi!mclg&threatid=2147784274&enterprise=0
Name: Backdoor:Win32/Bladabindi!mclg
Schweregrad: Schwerwiegend
Kategorie: Hintertür
Pfad: file:_C:\Windows\Temp\4ef247ec-11e3-fdbd-b857-be8b87284343\788bd5ca-828c-9cb0-707f-17bcc0ce7e76.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Program Files (x86)\nodejs\node.exe
Sicherheitsversion: AV: 1.385.1699.0, AS: 1.385.1699.0, NIS: 1.385.1699.0
Modulversion: AM: 1.1.20200.4, NIS: 1.1.20200.4

CodeIntegrity:
===============
Date: 2023-04-19 17:05:37
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-03-23 19:58:20
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-03-16 16:40:38
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-02-15 21:59:49
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-02-05 17:28:19
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

BIOS: LENOVO 4WCN47WW 06/30/2020
Hauptplatine: LENOVO LNVNB161216
Prozessor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 63%
Installierter physikalischer RAM: 8066.72 MB
Verfügbarer physikalischer RAM: 2984.23 MB
Summe virtueller Speicher: 10242.72 MB
Verfügbarer virtueller Speicher: 4942.05 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:93.26 GB) (Model: HFS256G3BTND-N210A) NTFS
Drive d: (Daten) (Fixed) (Total:25 GB) (Free:9.86 GB) (Model: HFS256G3BTND-N210A) NTFS

\\?\Volume{ebc8ede9-b046-4a13-88b1-1d79f48e841a}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.41 GB) NTFS
\\?\Volume{0a7f66c0-07fe-4aa2-9e89-29b2ecdf81db}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 161AE062)

Partition: GPT.

==================== Ende von Addition.txt =======================
--- --- ---
Geändert von fbin41 (19.04.2023 um 18:09 Uhr)

Alt 19.04.2023, 20:57   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg - Standard

Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg


Das System wurde leider nicht gut gepflegt:

Google Chrome 85.0.4183.121
Java 8 Update 291
LibreOffice 5.3.7.2
Mozilla Firefox (x64 de) 101.0.1
Qweb Symbol

Alles deinstallieren!
Dann Firefox mit dem Edge neu runterladen [https://ftp.mozilla.org/pub/firefox/...20112.0.1.exe] und installieren. Gibt Bescheid wenn das erledigt ist, dann gehts weiter.
__________________

__________________
Alt 19.04.2023, 21:45   #3
fbin41
 
Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg - Standard

Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg


Ja, den Pflege-Stau muss ich leider so bestätigen.
Umso mehr: Danke für die Infos zu den ersten Schritten.

Die 5 genannten Anwendungen sind nun deinstalliert.

Firefox ließ sich neu installieren, und scheint sich nun aktuell "normal" zu verhalten, d.h. er weist keine "namenlose" Erweiterung mehr auf und wird aktuell auch nicht mehr "von Ihrer Organisation verwaltet".

(Edge zeigt zwar diesen Gruppenrichtlinien-Hinweis noch, leidet aber aktuell wohl an keiner mysteriösen Erweiterung, zumindest soweit ich es in den Einstellungen von Edge selbst erkennen kann.)

Danke und zunächst mal gute Nacht!
__________________
Alt 19.04.2023, 22:39   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg - Standard

Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg


adwCleaner

Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags.

adwcleaner zwecks Kontrolle bitte wiederholen, falls es Funde gab.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.04.2023, 07:03   #5
fbin41
 
Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg - Standard

Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg


Danke wiederum. AdwCleaner hat schonmal Einiges (!) gefunden, siehe nachfolgendes Log.

(AdwCleaner hat nach diesem Durchlauf zunächst mal keinen Neustart gefordert.)

Habe dennoch einmal neu gestartet und AdwCleaner nochmal laufen lassen - im zweiten Durchgang meldete er dann, dass keine Adware und PUPs mehr vorhanden seien.

Hier das Log aus dem ersten Durchlauf mit Funden:

Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build:    08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-20-2023
# Duration: 00:00:05
# OS:       Windows 10 (Build 19045.2846)
# Cleaned:  29
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\ProgramData\Application Data\Lavasoft\Web Companion
Deleted       C:\ProgramData\Host App Service
Deleted       C:\Users\Default\AppData\Local\Host App Service
Deleted       C:\Users\Frank\AppData\Local\Host App Service
Deleted       C:\Users\athbi.LAPTOP-P33CJ5M1\AppData\Local\Host App Service
Deleted       C:\Users\athbi\AppData\Local\Host App Service
Deleted       C:\Users\athbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VLC UPDATER
Deleted       C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Deleted       C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service

***** [ Files ] *****

Deleted       C:\Users\athbi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Qweb Symbol.lnk
Deleted       C:\Windows\Installer\{F25E66C0-7A30-4C4C-B641-0DC9062017B7}\{8F247DCC-255E-4B8E-9F3E-AE6FCE99A428}.XPI
Deleted       C:\Windows\System32\Tasks_Migrated\App Explorer

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted       C:\Windows\System32\Tasks\APP EXPLORER

***** [ Registry ] *****

Deleted       HKCU\SOFTWARE\AM|Startfenster-Replace
Deleted       HKCU\Software\AM|Qweb Symbol
Deleted       HKCU\Software\AM|VLC Updater
Deleted       HKCU\Software\App Host Service
Deleted       HKCU\Software\Host App Service
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted       HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|VLC Updater
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8474F7B1-DC2B-4D64-BE7D-6D080F578EF4} 
Deleted       HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted       Startfenster

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] remove_file_ntuser
[+] remove_wingrouppolicy_registry
[+] remove_regKey_googleupdatepolicy
[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [6129 octets] - [20/04/2023 07:53:53]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Edit 8:30 Uhr:

Edge zeigt weiterhin die Meldung "Ihr 'Der Browser wird verwaltet' von Ihrer Organisation".

Die Inhalte unter edge://policy/ zeigen folgendes (nach Bestätigungsabfrage als Admin durch "Microsoft Edge Update"):

Code:
ATTFilter
{
   "chromeMetadata": {
      "OS": "Windows 10 Version 22H2 (Build 19045.2846)",
      "application": "Microsoft Edge",
      "revision": "fc2a57ec5a410298200db8ad3013657d5472c408",
      "version": "111.0.1661.44 (Offizielles Build)  (64-Bit)"
   },
   "edgePolicies": {
      "EdgeShoppingAssistantEnabled": {
         "level": "mandatory",
         "scope": "machine",
         "source": "platform",
         "value": false
      },
      "ExtensionInstallForcelist": {
         "error": "Fehler bei ExtensionInstallForcelist[0]: Ungültige Erweiterung: Es wurde erwartet, dass der Wert eines der folgenden Formulare aufweist: \u003Cextension_id> oder \u003Cextension_id>;\u003Cupdate_url>.",
         "level": "mandatory",
         "scope": "machine",
         "source": "platform",
         "value": [ "[BLOCKED]hefahfnheapkhaejmjghfcgffeaipkjl;file:///C:/WINDOWS/Installer/%7B6F2153A8-19EF-4AC6-B929-44A9764CC52F%7D/xhefahfnheapkhaejmjghfcgffeaipkjlml" ],
         "warning": "Dieses Gerät wird nicht von Ihrer Organisation verwaltet. Deshalb können darauf nur Erweiterungen aus dem Microsoft*Store installiert werden. Sie können unter „https://edge.microsoft.com/extensionwebstorebase/v1/crx“ auf das Microsoft*Store-Update zugreifen."
      },
      "ForceNetworkInProcess": {
         "error": "Unbekannte Richtlinie",
         "level": "mandatory",
         "scope": "machine",
         "source": "platform",
         "value": 1
      },
      "RendererCodeIntegrityEnabled": {
         "level": "mandatory",
         "scope": "machine",
         "source": "platform",
         "value": false
      }
   },
   "extensionPolicies": {
   },
   "status": {
      "updater": {
         "policyDescriptionKey": "statusUpdater",
         "timeSinceLastRefresh": "Vor 32 Tagen",
         "version": "1.3.173.49"
      },
      "user": {
      }
   }
}
Da könnte also noch was "schlummern".

Edit 8:44 Uhr:

Da ich nun zwischenzeitlich den noch kompromittierten (?) Edge offen hatte, habe ich den Laptop nochmal runtergefahren, neu gestartet, und nochmals AdwCleaner laufen lassen. Wie bei der vorherigen Kontrolle kam die Meldung, der Rechner sei frei von Adware und PUPs.

Dennoch bleibt sicher noch einiges zu tun?

Geändert von fbin41 (20.04.2023 um 07:44 Uhr)

Alt 20.04.2023, 08:04   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg - Standard

Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg


Ja wir sind auch noch nicht fertig. Neue FRST-Logs brauchen wir nun.
__________________
--> Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg

Alt 20.04.2023, 09:16   #7
fbin41
 
Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg - Standard

Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg


Ok, hier die FRST.txt:


FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-04-2023
durchgeführt von Anna (Administrator) auf ANNA-LENOVO-W10 (LENOVO 80YL) (20-04-2023 09:58:04)
Gestartet von D:\Software\Farbar_x86_x64\FRST64.exe
Geladene Profile: Anna
Plattform: Microsoft Windows 10 Home Version 22H2 19045.2846 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(LenovoBoostAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(LenovoBoostSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(MultimediaAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudServices.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> ) C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudCKKS.exe
(C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudServices.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> ) C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\WebView2\msedgewebview2.exe <6>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <7>
(explorer.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> ) C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(explorer.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (LENOVO -> Lenovo(beijing) Limited) C:\Program Files\Lenovo\LenovoUtility\utility.exe
(explorer.exe ->) (Skype Software Sarl -> ) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe <6>
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> ) C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> ) C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\secd.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23022.140.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [894376 2017-04-14] (LENOVO -> Lenovo(beijing) Limited)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1922496 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [849920 2017-03-07] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [362056 2022-05-05] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11327200 2023-04-04] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\Run: [MicrosoftEdgeAutoLaunch_88349514007821BC009C7118188706C5] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4056016 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP 7012 Status Monitor: C:\Windows\system32\hpinksts7012LM.dll [328704 2014-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8620): C:\Windows\system32\HPDiscoPM7012.dll [763912 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Startup: C:\Users\athbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2018-01-07]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02D80AC4-EAFA-45C2-B1E8-A57ED4B3365F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (Keine Datei)
Task: {04008C4A-ACC1-4D34-8A9A-C33E978AC250} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\38b71b36-98cd-41f8-b226-d1c1d1c4986c => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {07B7BEEA-5066-45BA-8D1D-4D781B4CDCC9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [647616 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0DDD97C2-5C1D-4993-AB90-E34D9FC8DA8B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [647616 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0E2B8BA9-811D-4A0D-9DDA-EDDB30F89CD9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
Task: {146A8CAD-41D5-48B3-BF2F-48C6E5252AD3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436672 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {16F7F4CD-38E4-491F-AF35-EF5805697C87} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {16F9A3B9-AE18-4434-A35B-000F8F43A5AB} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [88344 2017-02-17] (CyberLink Corp. -> CyberLink Corp.)
Task: {18A152A5-6A75-46EB-AAEF-19CA798549D3} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676768 2023-04-14] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {18B3D5DD-8FA0-477F-8FFC-EB2B54975AF3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26409896 2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {263846D5-49F4-4A02-B73C-A373DA5351C7} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {270C1F4E-8C4D-4874-9948-372B40972849} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114656 2023-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {2A1C2893-C129-45F4-8513-975173E72904} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {2F0D5672-4E48-40CC-A89A-08E7C14C7E66} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [717248 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3A76240A-181C-49CD-955C-38E7D260A883} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0028b695-de87-41b0-9a47-fa161f0940a8 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {3AD0C074-2F5B-45EA-8EBA-2FDA08F952F7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3CFD1FA0-FD46-4EDA-9B1D-ED7367378294} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {3D10AC7F-04A2-4998-BCB9-988508187666} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {5840509D-8829-414E-A65D-32541ECD119B} - System32\Tasks\AppleMobileHintergrundübertragungsdienst => C:\Program Files (x86)\nodejs\node.exe -> C:\WINDOWS\Installer\{65C4EEBA-EDAC-4602-8E5C-BD22D8BEA90D}\{B49DA697-B607-4850-AB10-11CF68C3C352} <==== ACHTUNG
Task: {5CC0FA82-0DD1-415F-88A8-D8F0F43EC3C4} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506168 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {670CB788-B226-4373-B912-2AA9E2F490BF} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {6D4190F4-BE4F-4B1F-B734-304492B78359} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6F8CD596-78E4-469C-BCE9-9B0F3B2255DC} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {744C8F0F-E50C-4CE3-ACCE-9E8341C96F19} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\938cd0d6-7874-4c1a-8b37-a27db68aa6f2 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {8540359D-1299-41B4-AA57-403C162991D5} - System32\Tasks\MUP Netzwerkkonnektivitäts-Assistent Manager-Dienst => C:\Program Files (x86)\nodejs\node.exe -> "C:\ProgramData\Package Cache\{CE35B488-A482-407E-8C3E-48C213120839}\{1910C353-D10C-44B9-BA91-72D0B3B19EC1}" <==== ACHTUNG
Task: {88A929E5-219D-45C9-BABA-B89796187F71} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [717248 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8C783D4B-9D3D-42B7-A1D5-0B83CFF0FB09} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1714112 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8CCDCDF0-3F17-4CD8-8368-EEE411828A58} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [946112 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8EAF89F1-D857-4DFD-9DD0-A1B0711F67F1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ac7a0baf-274c-4f05-bffa-a2ebb28a9c59 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {8F1D8A1B-2558-46C1-909B-5793580F9083} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114656 2023-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {92D46EC5-0D24-46C4-9B9E-0906A7E080F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {936DBBC0-F92E-447A-9911-543A55FCFB88} - System32\Tasks\HPCustParticipation HP Officejet Pro 8620 => C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPCustPartic.exe [5745672 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {986F4E96-B5E9-4C2B-B306-175C25B6FEA8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26409896 2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {9BD2605E-EEE6-4734-8BA0-D5A93BB1E6A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {A50E8C74-F5E0-43CC-8905-89C4CF54032C} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {A708C525-478D-46A6-9168-0F0C99EB799E} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {A8E94241-7910-4603-B8C4-E137F7D6EBDE} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {A9144B2A-286A-4560-915B-FE515B39503D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AD3747D6-035C-45F2-AE0B-1B5172774BF8} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [718752 2023-04-14] (Mozilla Corporation -> Mozilla Foundation)
Task: {AD768997-3A76-425B-AD74-EA03626860C1} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {AE4257FE-175C-4B34-B64F-7D6A91F8A84E} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {B0495E0F-66D5-4293-8D5E-87289E806DDB} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\Lenovo\Power2Go\CLVDLauncher.exe [347416 2016-09-20] (CyberLink Corp. -> CyberLink Corp.)
Task: {BE53B40D-0E81-4F78-8B5D-19A549970770} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506168 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {CE0ACD11-0DE5-424F-92D8-8C2F4FA077EB} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {CE80E807-042E-4154-8705-99C9B567CC0C} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506168 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {D2A474AC-58B6-4CA5-BAF2-81D58DE8E226} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {DA63F70E-D721-4640-A699-E852A5662A3C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [190744 2016-10-07] (CyberLink Corp. -> CyberLink)
Task: {DE80A756-8BA5-4FCF-9151-C798E96E9D20} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (Keine Datei)
Task: {E66940DA-4B71-4AE0-9936-8AD8FCA3A4E9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FA6BB3E0-41B5-41F5-8ADA-B549B9AC7062} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {FC74E7F7-4AF3-446B-B664-A28AC6E02533} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (Keine Datei)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2b6d82fc-ac06-414f-abe2-6e7dd76b3117}: [DhcpNameServer] 150.213.1.2
Tcpip\..\Interfaces\{337671d7-3eee-45b8-a9ff-56a66a52a8c9}: [DhcpNameServer] 192.168.178.1

Edge: 
=======
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\athbi\AppData\Local\Microsoft\Edge\User Data\Default [2023-04-20]
Edge Extension: (Edge relevant text changes) - C:\Users\athbi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-04-19]

FireFox:
========
FF DefaultProfile: uf33delb.default-1681935890333
FF ProfilePath: C:\Users\athbi\AppData\Roaming\Mozilla\Firefox\Profiles\uf33delb.default-1681935890333 [2023-04-20]
FF Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\athbi\AppData\Roaming\Mozilla\Firefox\Profiles\uf33delb.default-1681935890333\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-04-19]
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-04-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [100424 2022-05-02] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12634544 2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2023-04-04] (Dropbox, Inc -> Dropbox, Inc.)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\\3.13.43.0\LenovoVantageService.exe [32464 ] (Lenovo -> Lenovo Group Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe [3228400 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe [133536 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R3 MpKsl3aa3b101; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CDE71409-D008-404B-B2BE-73CBB295120E}\MpKslDrv.sys [211208 2023-04-19] (Microsoft Windows -> Microsoft Corporation)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [890944 2017-09-29] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2023-04-06] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [497920 2023-04-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-04-06] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2023-04-20 07:50 - 2023-04-20 07:58 - 000000000 ____D C:\AdwCleaner
2023-04-20 07:48 - 2023-04-20 07:48 - 008791352 _____ (Malwarebytes) C:\Users\athbi\Downloads\adwcleaner.exe
2023-04-19 22:24 - 2023-04-19 22:24 - 000000000 ____D C:\Users\athbi\Desktop\Alte Firefox-Daten
2023-04-19 22:23 - 2023-04-19 22:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-04-19 22:23 - 2023-04-19 22:23 - 058462736 _____ (Mozilla) C:\Users\athbi\Downloads\Firefox Setup 112.0.1.exe
2023-04-19 22:23 - 2023-04-19 22:23 - 000002041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Privater Modus.lnk
2023-04-19 22:23 - 2023-04-19 22:23 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-04-19 22:23 - 2023-04-19 22:23 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk
2023-04-19 22:23 - 2023-04-19 22:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-04-19 22:17 - 2023-04-19 22:17 - 000000000 ____D C:\Users\athbi\AppData\LocalLow\Oracle
2023-04-19 17:17 - 2023-04-20 09:58 - 000000000 ____D C:\FRST
2023-04-19 17:16 - 2023-04-19 17:16 - 003459075 _____ C:\Users\athbi\Downloads\Farbar_x86_x64.zip
2023-04-19 02:08 - 2023-04-19 02:08 - 105906176 _____ C:\WINDOWS\system32\config\SOFTWARE
2023-04-19 02:03 - 2023-04-19 02:08 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2023-04-19 01:09 - 2023-04-19 01:09 - 000004036 _____ C:\WINDOWS\system32\Tasks\PostponeDeviceSetupToast_S-1-5-21-624402189-1887333828-3918413586-1003_0
2023-04-19 00:59 - 2023-04-19 00:59 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-624402189-1887333828-3918413586-1003
2023-04-18 20:15 - 2023-04-18 20:15 - 000000000 ___HD C:\$WinREAgent
2023-04-18 09:13 - 2023-04-18 09:13 - 000024848 _____ C:\Users\athbi\Downloads\dhl-return-60004038-bc29-2622-6b19-3a0aa55fc5ad.pdf
2023-04-18 08:41 - 2023-04-18 08:41 - 000128305 _____ C:\Users\athbi\Downloads\Retourenanleitung.pdf
2023-04-16 15:21 - 2023-04-16 15:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2023-04-04 12:51 - 2023-04-04 12:51 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2023-04-20 09:57 - 2022-02-14 18:23 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-04-20 09:57 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-04-20 08:38 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-04-20 08:38 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-04-20 08:35 - 2022-08-22 21:03 - 000000000 ____D C:\Users\athbi\AppData\Roaming\DropboxElectron
2023-04-20 08:35 - 2017-12-31 11:03 - 000000000 ____D C:\Users\athbi\AppData\Local\Dropbox
2023-04-20 08:35 - 2017-12-30 23:00 - 000000000 ___RD C:\Users\athbi\OneDrive
2023-04-20 08:34 - 2017-08-18 03:20 - 000000000 ____D C:\ProgramData\NVIDIA
2023-04-20 08:11 - 2017-12-31 16:19 - 000000000 ____D C:\Users\athbi\AppData\Roaming\WhatsApp
2023-04-20 08:10 - 2017-12-31 16:19 - 000000000 ____D C:\Users\athbi\AppData\Local\WhatsApp
2023-04-20 08:10 - 2017-12-30 22:54 - 000000000 ___SD C:\Users\athbi\AppData\Roaming\Microsoft\Credentials
2023-04-20 07:58 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-04-19 22:23 - 2020-09-25 08:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-04-19 22:16 - 2017-12-31 14:05 - 000000000 ____D C:\Users\athbi\AppData\LocalLow\Mozilla
2023-04-19 22:08 - 2017-12-31 13:39 - 000000000 ____D C:\Users\athbi\AppData\Local\Google
2023-04-19 17:20 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2023-04-19 16:48 - 2018-06-26 19:45 - 000000000 ____D C:\Users\athbi\AppData\Local\D3DSCache
2023-04-19 16:47 - 2017-12-31 13:20 - 000000000 ____D C:\Users\athbi\AppData\Roaming\Microsoft\Word
2023-04-19 06:20 - 2020-06-28 17:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-04-19 01:15 - 2020-06-28 17:57 - 001722792 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-04-19 01:15 - 2019-12-07 16:50 - 000744968 _____ C:\WINDOWS\system32\perfh007.dat
2023-04-19 01:15 - 2019-12-07 16:50 - 000150354 _____ C:\WINDOWS\system32\perfc007.dat
2023-04-19 01:09 - 2018-01-16 18:46 - 000000000 ____D C:\Users\Frank\AppData\Local\Dropbox
2023-04-19 01:08 - 2020-06-28 17:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-04-19 01:08 - 2020-06-28 17:47 - 000008192 ___SH C:\DumpStack.log.tmp
2023-04-19 01:08 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-04-19 01:08 - 2018-01-16 18:45 - 000000000 __SHD C:\Users\Frank\IntelGraphicsProfiles
2023-04-19 01:03 - 2019-12-07 11:03 - 002097152 _____ C:\WINDOWS\system32\config\BBI
2023-04-19 00:59 - 2020-06-28 17:57 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-624402189-1887333828-3918413586-1003
2023-04-19 00:59 - 2020-06-28 17:49 - 000002402 _____ C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-04-19 00:59 - 2018-01-16 18:45 - 000000000 ____D C:\Users\Frank\AppData\Local\Packages
2023-04-18 22:05 - 2020-06-28 17:47 - 000531912 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemApps
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-04-18 20:28 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-04-18 20:24 - 2020-06-28 17:48 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-04-18 19:53 - 2017-12-31 09:29 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-04-18 19:49 - 2017-12-31 09:29 - 156112424 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-04-18 09:19 - 2020-10-07 06:41 - 000000306 __RSH C:\ProgramData\ntuser.pol
2023-04-18 09:18 - 2017-12-31 11:02 - 000001254 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2023-04-18 09:18 - 2017-12-31 11:02 - 000001250 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2023-04-18 08:18 - 2022-10-13 12:17 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-04-18 08:18 - 2022-10-13 12:17 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-04-18 08:18 - 2017-08-18 02:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-04-18 08:16 - 2021-12-11 18:13 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-624402189-1887333828-3918413586-1001
2023-04-18 08:16 - 2020-06-28 17:57 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-04-18 08:16 - 2020-06-28 17:57 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-624402189-1887333828-3918413586-1001
2023-04-18 08:16 - 2020-06-28 17:49 - 000002402 _____ C:\Users\athbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-04-17 12:20 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-04-16 15:22 - 2017-12-31 11:02 - 000000000 ____D C:\Program Files (x86)\Dropbox
2023-04-06 10:11 - 2018-02-14 18:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-03-27 10:59 - 2018-01-03 13:10 - 000000000 ____D C:\Users\athbi\Documents\HP Scans

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2021-02-25 21:03 - 2021-02-25 21:03 - 001384728 _____ (Microsoft Corporation) C:\Users\athbi\TeamsSetupx64_s_8D8D9BFA4BA8BEE-7-0_.exe
2020-11-25 14:39 - 2020-11-25 14:39 - 000007648 _____ () C:\Users\athbi\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================
--- --- ---


und hier die Addition

FRST Additions Logfile:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-04-2023
durchgeführt von Anna (20-04-2023 09:59:40)
Gestartet von D:\Software\Farbar_x86_x64
Microsoft Windows 10 Home Version 22H2 19045.2846 (X64) (2020-06-28 15:57:19)
Start-Modus: Normal
==========================================================


==================== Konten: =============================


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-624402189-1887333828-3918413586-500 - Administrator - Disabled)
Anna (S-1-5-21-624402189-1887333828-3918413586-1001 - Administrator - Enabled) => C:\Users\athbi
athbi (S-1-5-21-624402189-1887333828-3918413586-1002 - Limited - Enabled) => C:\Users\athbi.LAPTOP-P33CJ5M1
DefaultAccount (S-1-5-21-624402189-1887333828-3918413586-503 - Limited - Disabled)
Frank (S-1-5-21-624402189-1887333828-3918413586-1003 - Administrator - Enabled) => C:\Users\Frank
Gast (S-1-5-21-624402189-1887333828-3918413586-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-624402189-1887333828-3918413586-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ACDSee 8 (HKLM-x32\...\{AA2E6BFE-4351-481C-A720-47CB3506570B}) (Version: 8.1.100 - ACD Systems Ltd.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 23.001.20143 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{11C4575B-4B32-44D2-A097-D59A00BA60DE}) (Version: 8.5 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D39B163A-9E12-442C-95E9-33FA5746AB21}) (Version: 8.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2B3CA448-5266-480F-85FA-2FCCB3C8712C}) (Version: 15.6.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Audiograbber (HKLM-x32\...\Audiograbber) (Version: 1.83 (2020 Edition) - Audiograbber)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.7417 - CyberLink Corp.)
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{9207D68E-666A-49C7-A900-9F5B2FF289E4}) (Version: 0.8.0.71 - Dolby Laboratories, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 171.4.6182 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.733.1 - Dropbox, Inc.) Hidden
FOTOParadies (HKLM-x32\...\{FD838798-E2CB-45FA-AF79-6011519031E2}}_is1) (Version: 4.12.0.1257 - Foto Online Service GmbH)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
HP Officejet Pro 8620 - Grundlegende Software für das Gerät (HKLM\...\{F6CE08BC-6929-412E-BB42-A9A7CD9721D7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Hilfe (HKLM-x32\...\{F8E43C63-DFF2-4134-A46C-2A6F00517A35}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iBackup Viewer 4.15.0 (HKLM-x32\...\{5B428966-3054-41E3-B0F8-008EE30BD019}_is1) (Version:  - iMacTools)
iCloud Outlook (HKLM\...\{A8C64C2A-BD34-464F-BA61-A969BA46FC2B}) (Version: 10.9.3.62 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM\...\{81520FC5-3518-40E9-9803-70CE8A801D07}) (Version: 10.1.1.38 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1035 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{BB1B550F-329D-4B07-A8D0-82914483411C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
iTunes (HKLM\...\{603AC145-2337-4355-A6F1-BF66FDB2FA63}) (Version: 12.12.4.1 - Apple Inc.)
JDiskReport 1.4.1 (HKLM-x32\...\JDiskReport 1.4.1) (Version: 1.4.1 (2014-02-26 11:50:44) - JGoodies Karsten Lentzsch)
Lenovo App Explorer (HKU\S-1-5-21-624402189-1887333828-3918413586-1002\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo)
Lenovo App Explorer (HKU\S-1-5-21-624402189-1887333828-3918413586-1003\...\Host App Service) (Version: 0.273.4.600 - SweetLabs for Lenovo)
Lenovo Utility (HKLM\...\{12ABAC82-7D83-4CB8-9DD2-434DC9AF2942}_is1) (Version: 3.0.0.17 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.43.0 - Lenovo Group Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 111.0.1661.44 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.69 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2016 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 16.0.16227.20280 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\OneDriveSetup.exe) (Version: 23.071.0402.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-624402189-1887333828-3918413586-1002\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-624402189-1887333828-3918413586-1003\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\Teams) (Version: 1.4.00.22472 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 112.0.1 (x64 de)) (Version: 112.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 112.0.1 - Mozilla)
NVIDIA GeForce Experience 3.8.0.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.8.0.89 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16227.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Studie zur Verbesserung von HP Officejet Pro 8620 (HKLM\...\{825BC9A9-A005-4FDB-BDE9-A4F2DF69C3B7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
tiptoi® Manager 5.0.2 (HKLM\...\{833392BB-E8C0-4066-9408-3A30FA43972F}_is1) (Version: 5.0.2 - Ravensburger AG)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{9E5A6059-314A-4F02-B8A4-8C9C97989589}) (Version: 8.91.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WhatsApp (Outdated) (HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\WhatsApp) (Version: 2.2314.11 - WhatsApp)
Windows 10-Update-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.32.21.0_x64__kgqvnymyfvs32 [2023-04-04] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.240.400.0_x64__kgqvnymyfvs32 [2023-04-18] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_7.9.9.0_x86__h6adky7gbf63m [2023-04-18] (Gameloft SE)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.17.857.0_x64__rz1tebttyb220 [2023-04-20] (Dolby Laboratories)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_144.1.1068.0_x64__v10z8vjag6ke6 [2023-04-18] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa [2023-01-07] (Apple Inc.) [Startup Task]
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2303.112.0_x64__k1h2ywk1493x8 [2023-04-20] (LENOVO INC.)
Lenovo Kontoportal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-12-30] (LENOVO INCORPORATED.)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-30] (LENOVO INCORPORATED.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_7.3.2.0_x86__h6adky7gbf63m [2023-04-06] (Gameloft SE)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-11] (Microsoft Corporation)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1820.9.73.0_x64__8xx8rvfyw5nnt [2023-03-16] (Meta) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-14] (Microsoft Corporation) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.19.7302.0_x64__8wekyb3d8bbwe [2023-04-04] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-04-09] (Netflix, Inc.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-04-19] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0 [2023-04-18] (Spotify AB) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2313.6.0_x64__cv1g1gvanyjgm [2023-04-19] (WhatsApp Inc.) [Startup Task]
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x64__8wekyb3d8bbwe [2023-01-04] (Microsoft Corporation)
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x86__8wekyb3d8bbwe [2023-01-04] (Microsoft Corporation)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52 [2021-06-13] (New Work SE)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-624402189-1887333828-3918413586-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\athbi\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21140.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-624402189-1887333828-3918413586-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\athbi\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-624402189-1887333828-3918413586-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\athbi\Dropbox [2017-12-31 16:05]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\igfxDTCM.dll [2019-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-21] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\athbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDiskReport 1.4.1\JGoodies Home Page.lnk -> hxxp://www.jgoodies.com

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============


==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========

HKU\S-1-5-21-624402189-1887333828-3918413586-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-624402189-1887333828-3918413586-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
HKU\S-1-5-21-624402189-1887333828-3918413586-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-624402189-1887333828-3918413586-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-624402189-1887333828-3918413586-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
HKU\S-1-5-21-624402189-1887333828-3918413586-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-624402189-1887333828-3918413586-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-624402189-1887333828-3918413586-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-624402189-1887333828-3918413586-1001 -> DefaultScope {53925601-2FCD-4A29-B367-60284FA6688C} URL = 
SearchScopes: HKU\S-1-5-21-624402189-1887333828-3918413586-1001 -> {53925601-2FCD-4A29-B367-60284FA6688C} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-02-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-16] (Microsoft Corporation -> Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\localhost -> localhost

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2017-03-18 23:03 - 2017-03-18 23:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-624402189-1887333828-3918413586-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\athbi\Pictures\IMG_1492.JPG
HKU\S-1-5-21-624402189-1887333828-3918413586-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\athbi.LAPTOP-P33CJ5M1\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
HKU\S-1-5-21-624402189-1887333828-3918413586-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{AC218C40-6184-4B36-A2A4-2FC41A623DA2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{34343FB8-9C55-4205-B25C-5A386A97EF32}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{DD46D48A-05D2-4626-9302-3BF1EAD392CF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{8B2F6B13-787A-4C13-B7A0-8669F6F1F8A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{3884368A-3A03-4217-97F7-73A1379F5D43}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{927C32C8-CD4F-4381-8073-CF61775FE17B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{6B5A2042-FDE7-432F-A3A7-7216DC153EEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{CA684955-E2E6-4FAB-B5BD-3ED8006B46EF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{20022487-6451-4800-82E6-11C1AF2CEC77}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{DB0C8512-90F3-4BB6-B68B-B054EBDA2115}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{5B98457D-CAEF-4265-A94F-DD95BF97290E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{91999B30-6C59-4E86-854F-814861874A47}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{B4F9B27F-F72F-4B4E-8C13-4F8AB713435F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{6D550B11-704C-4138-9E77-F4F86DFDF137}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{371B5B53-EFEA-44D3-9440-F7CD3242241E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{A0653830-5CCA-4318-83D9-CE5832AF5AEF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{36066C1C-C711-499C-80A9-6AB69BA784A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{AE8425FC-91DD-4159-84B5-CD1F07DC5021}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{CBAF5845-1FAA-4AE2-8B58-BC12CC63F91F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{8802D145-297C-4A7D-A3C9-0EB7843E0C04}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{41CF2DAF-D1A3-4823-98DE-4E1EA77FA13B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{594775A3-0594-43B2-992C-BBCC1C8A475D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{FB923C09-8584-4DFF-8283-B6505A5E5C22}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{7A37757B-0809-44FF-8039-F76DFBD9EF2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{EA0B16FC-649D-4079-B106-34494FDAA641}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{2A20BD29-2804-4119-9400-B60050AC1F1E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{ABE8846A-0E4B-4ABD-96E3-1728F8B4E3A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{12DBD426-96B8-46A9-93F9-3B69F0F7D2D0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{00EAF64E-9AB3-478F-9506-35AF3EDAC03F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{30E83503-6E1E-4C86-A27A-178EDE79B1F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{9A8D4232-1B0E-4DC3-9C2B-DD15069BA531}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{77439F06-CE7A-435B-9DB9-0300B7C56DF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{48F12A1A-5403-400D-8509-0A89AD7F5C52}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AB8DF726-C74D-43E6-B3EA-E6A9A9518054}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6390C560-EA31-41BE-973A-F9E0E0884A03}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E58DA280-9154-467F-B11F-931A8A11ABAA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4C6A7DDE-8AC0-4288-AB69-EAC861E6263F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{421991C6-13E6-40A9-A5E6-48D16D2506A7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{CC0ED3F7-489B-43B4-8D54-ABBE36C30935}] => (Allow) LPort=5357
FirewallRules: [{CE711B05-2DFF-4261-8610-D7B635D08D4F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{CD602CE4-D754-41AA-9CA0-20F77B058F87}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{BC16575D-E187-4694-BF97-5074E7CAA5EF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{D5EC5CA3-2278-4813-A55F-491E9825E8AA}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{AD6A0026-2578-4FC4-A8EB-1D2AD0F3E130}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => Keine Datei
FirewallRules: [{08E925FA-FE14-45C7-9D80-C509E835E681}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => Keine Datei
FirewallRules: [{696FBFD0-A21C-4517-BDE3-E5E810236C70}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{46713C31-8181-4646-9DAD-1D74605FC87B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => Keine Datei
FirewallRules: [{C328306D-66E3-4106-BBB3-6197713E0CF8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => Keine Datei
FirewallRules: [{869CD70E-7C28-4149-B647-4EE37A4E2B47}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{5E875506-7461-4D1B-9EDF-B5D4B6409CD6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{982A9D5B-01AC-480A-8ED5-36E87D76C5FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3EF18B14-2DC7-412E-9569-7354CECD3556}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe => Keine Datei
FirewallRules: [{691C41A4-35AB-4708-B2DD-F4A7EC697674}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{961B8823-02F5-4AA6-A910-FA8F8E2C201A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{0EFAAB4B-1F56-475F-83B4-07E44B4EE333}C:\program files\rstudio\bin\rsession.exe] => (Block) C:\program files\rstudio\bin\rsession.exe => Keine Datei
FirewallRules: [UDP Query User{E3CC6A00-11BA-4678-B3C9-9C4EE88787BA}C:\program files\rstudio\bin\rsession.exe] => (Block) C:\program files\rstudio\bin\rsession.exe => Keine Datei
FirewallRules: [TCP Query User{0A8942D2-F05D-46C3-81A2-9E06AFEEFB96}C:\users\athbi\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\athbi\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{EC698404-78E9-4D6B-9C2D-8C3010963F96}C:\users\athbi\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\athbi\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FAE1F094-FCB9-4B42-B131-9ACA4095C82F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{8D71F9DF-65B8-41D3-B446-9FC0E0995086}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6672EA65-F71F-4DBB-B4EB-CA7F8D18AEB8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{FA449F34-1372-4B29-9230-D45A5CABC0A3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{03D77AD8-0FB5-42D1-BB20-7E3655779C1F}] => (Allow) C:\Users\athbi\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9F2E1649-3F75-4D36-83E0-4ECFAE20A6D5}] => (Allow) C:\Users\athbi\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{00C75A60-8331-4716-BC5D-642BA36F2D45}] => (Allow) C:\Users\athbi\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{DBCDF9C3-5A71-48C2-94F0-94FCF28D391B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6519AB27-6EC6-4FBC-92F2-044D53780C17}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6FA4B9C4-F8BE-4A9E-8F0D-A0611CBDFB63}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{19B3E677-74D0-4946-A1A3-CD5100F14CC1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{9B6E2671-9D86-4524-89F8-4BD2381106CF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{FDF888C3-96B9-4EA1-B9E7-EE318DE9CD98}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{A84EBDAE-E705-498A-9D97-65E40DE0518F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{091B54F1-E17F-4C36-8E6E-D8DA08380022}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6B6DCFCC-302D-4D69-8891-1A2D2A0D4A17}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DA987158-0D87-4180-9EBF-6746F0A0FE41}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{80F3F0B7-FDF9-4084-83AC-044565766D39}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{46FEE2D0-66DF-4E8D-A061-A40064677082}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{0244CC0E-482B-4552-BC42-C8DFFAB4452B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6196D662-B204-4370-942D-6BBC8732A970}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{B005F084-13F8-4DB1-AC3E-76BEA3B83C5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{C5E8E01C-389F-4FB6-87DA-1F044D3C3EA9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{FE88192B-32AD-4B26-BBDF-90D7EA16B8D8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{7B9C61DD-21BB-4CFD-B499-D76C8AC7EC48}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.69\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8820021-1D16-46F5-B0C1-1EF32E54E0B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{F16366D6-52A1-496D-A38F-7C9CC03108B6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{9077FB14-9E1F-4387-ADF2-C879E740D618}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{8506515A-C8E8-4746-9016-F386B51E9B85}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{EAB9CCF9-B934-46BB-ABF8-340AD86FD394}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{5A01491D-D233-4C7D-B838-4FB9DCAAE25E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{6A8ED854-CC6C-4368-914E-64C1470277B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{DB37A0E1-A49F-42CD-8F0B-90F6E96D2A41}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{10791C44-681A-4FC2-85C2-44686054FC6A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{81B7E260-64FC-419D-946E-73DE1AF1A98F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{A8E53B7B-DD1F-412D-9072-A56B1CCE609F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{21260D3D-A872-43D7-958A-8379C219B9D0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{350DCE98-C7F0-4D6B-BF82-6F35806FF1EB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{BB08A189-8361-42F8-BA5E-30CD16998706}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{2DB65C9B-3780-4883-A20E-ADAB83241FF0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{E9C6707B-CEC3-4A1C-BD3E-26B220E6F9C5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{AEC42519-0400-43D9-B4B3-37B351A6E5E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{FB21002E-F19F-476A-B67F-6AF2DF985568}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{76DAF7BF-31DA-4DD2-9847-88B54F4E678D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{A1AF3ABD-5EC3-4855-9D52-C6E03508DF85}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{29AE2680-E2BD-43D2-92F0-0CA8D6E44640}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{61335FDB-AF86-4E91-8DDC-6D78B9CF9272}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{96A2A44D-DDE2-4ADB-A84F-6FA36532A46C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{81C2CB23-11BB-419B-BE0E-B32DD7E48B71}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{BC8083FE-8A80-43B2-9D53-6BFD93726AAA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{DD9AD8CE-BD47-4A74-A631-4E4A5A9A967D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{24165090-20D1-4882-A9D3-49D9BB8BA7CD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Wiederherstellungspunkte =========================

18-04-2023 20:14:02 Windows Modules Installer
19-04-2023 22:17:53 Removed LibreOffice 5.3.7.2

==================== Fehlerhafte Geräte im Gerätemanager ============


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (04/19/2023 04:46:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname ANNA-LENOVO-W10.local already in use; will try ANNA-LENOVO-W10-2.local instead

Error: (04/19/2023 04:46:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 ANNA-LENOVO-W10.local. Addr 192.168.178.66

Error: (04/19/2023 04:46:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.66:5353   16 ANNA-LENOVO-W10.local. AAAA 2A02:810A:14BF:CCE8:6753:C417:AABC:2718

Error: (04/19/2023 01:21:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm svchost.exe Version 10.0.19041.1806 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b40

Startzeit: 01d9724ab8d9cd92

Beendigungszeit: 4294967295

Anwendungspfad: C:\Windows\System32\svchost.exe

Bericht-ID: 3e9fe180-df5d-47e6-89b3-e2865453c2a9

Vollständiger Name des fehlerhaften Pakets: 

Relative Anwendungs-ID des fehlerhaften Pakets: 

Absturztyp: Unknown

Error: (04/16/2023 03:21:53 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden.

Error: (04/16/2023 03:21:53 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden.

Error: (04/16/2023 03:21:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname ANNA-LENOVO-W10.local already in use; will try ANNA-LENOVO-W10-2.local instead

Error: (04/16/2023 03:21:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister   16 ANNA-LENOVO-W10.local. AAAA FE80:0000:0000:0000:9D9D:2049:B4A8:B916


Systemfehler:
=============
Error: (04/20/2023 08:34:09 AM) (Source: DCOM) (EventID: 10010) (User: ANNA-LENOVO-W10)
Description: Der Server "{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (04/20/2023 08:04:23 AM) (Source: DCOM) (EventID: 10010) (User: ANNA-LENOVO-W10)
Description: Der Server "{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (04/20/2023 07:58:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "System Interface Foundation Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/20/2023 07:58:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LenovoVantageService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/20/2023 07:58:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/20/2023 07:58:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Content Protection HECI Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/20/2023 07:58:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Content Protection HDCP Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/20/2023 07:58:01 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "DbxSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.


Windows Defender:
================
Date: 2023-04-19 17:05:37
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {5A61342C-43C9-4C86-8687-F9A088D6FFFF}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2023-04-19 01:21:40
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {EE91A563-A813-4AE7-914F-B355E573FEB3}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Vollständige Überprüfung
Benutzer: ANNA-LENOVO-W10\Anna

Date: 2023-04-04 20:21:48
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {8A98C71A-57C5-4D08-A108-C467FD8E3B99}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2023-04-04 20:06:32
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bladabindi!mclg&threatid=2147784274&enterprise=0
Name: Backdoor:Win32/Bladabindi!mclg
Schweregrad: Schwerwiegend
Kategorie: Hintertür
Pfad: file:_C:\Windows\Temp\4ef247ec-11e3-fdbd-b857-be8b87284343\788bd5ca-828c-9cb0-707f-17bcc0ce7e76.exe; file:_C:\Windows\Temp\9539d4d7-53f8-70f9-24eb-5f8773a9b020\a3deedb8-7f46-12bc-5bff-97df1a4b83d6.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Program Files (x86)\nodejs\node.exe
Sicherheitsversion: AV: 1.385.1699.0, AS: 1.385.1699.0, NIS: 1.385.1699.0
Modulversion: AM: 1.1.20200.4, NIS: 1.1.20200.4

Date: 2023-04-04 20:06:30
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bladabindi!mclg&threatid=2147784274&enterprise=0
Name: Backdoor:Win32/Bladabindi!mclg
Schweregrad: Schwerwiegend
Kategorie: Hintertür
Pfad: file:_C:\Windows\Temp\4ef247ec-11e3-fdbd-b857-be8b87284343\788bd5ca-828c-9cb0-707f-17bcc0ce7e76.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Program Files (x86)\nodejs\node.exe
Sicherheitsversion: AV: 1.385.1699.0, AS: 1.385.1699.0, NIS: 1.385.1699.0
Modulversion: AM: 1.1.20200.4, NIS: 1.1.20200.4

CodeIntegrity:
===============
Date: 2023-04-19 17:05:37
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-03-23 19:58:20
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-03-16 16:40:38
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-02-15 21:59:49
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-02-05 17:28:19
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

BIOS: LENOVO 4WCN47WW 06/30/2020
Hauptplatine: LENOVO LNVNB161216
Prozessor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 62%
Installierter physikalischer RAM: 8066.72 MB
Verfügbarer physikalischer RAM: 2994.46 MB
Summe virtueller Speicher: 10242.72 MB
Verfügbarer virtueller Speicher: 4644.03 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:93.41 GB) (Model: HFS256G3BTND-N210A) NTFS
Drive d: (Daten) (Fixed) (Total:25 GB) (Free:9.42 GB) (Model: HFS256G3BTND-N210A) NTFS

\\?\Volume{ebc8ede9-b046-4a13-88b1-1d79f48e841a}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.41 GB) NTFS
\\?\Volume{0a7f66c0-07fe-4aa2-9e89-29b2ecdf81db}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 161AE062)

Partition: GPT.

==================== Ende von Addition.txt =======================
--- --- ---


Im Übrigen habe ich in der Zwischenzeit - ohne Änderungen, rein forensisch - lokal weitere Informationen zu der suspekten Edge-Erweiterung zusammengetragen, und hier gepostet:

https://forums.malwarebytes.com/topic/297039-suspicious-browser-extension-affecting-firefox-chrome-and-edge/

Dabei bin ich auf die noch immer auf dem Rechner vorhandene Datei gestoßen:

Zitat:
[2] samplename: xhefahfnheapkhaejmjghfcgffeaipkjlml
Found under: C:\Windows\Installer\{6F2153A8-19EF-4AC6-B929-44A9764CC52F}
MD5 hash (from VT): c2e16f47fcd672732c57d728192ea7f4
und habe sie bei VirusTotal geprüft:

https://www.virustotal.com/gui/file/ad5542e0a22d62bfca338e68684df0c9bdf3005ed3a30e09ffb265bf4ede3756/details

Und letzlich vielleicht als ein möglicher Indikator für einen Erfolg irgendwann:

Zitat:
When searching for the text string "version='2.4.11'" in C:\Windows\Installer with TotalCommander, I now find 52 hits, all having time stamps from the past months.
Edit 10:18 Uhr:

Doch wie gesagt: Ich habe nur Informationen gesammelt, nichts verändert. Die FRST-Logs entstanden nach dem Sammeln und Dokumentieren der Informationen

Alt 20.04.2023, 09:30   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg - Standard

Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg


Scripting/Repair mit FRST64

WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
CloseProcesses:
C:\Program Files (x86)\nodejs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
Task: {5840509D-8829-414E-A65D-32541ECD119B} - System32\Tasks\AppleMobileHintergrundübertragungsdienst => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> C:\WINDOWS\Installer\{65C4EEBA-EDAC-4602-8E5C-BD22D8BEA90D}\{B49DA697-B607-4850-AB10-11CF68C3C352} <==== ACHTUNG
Task: {8540359D-1299-41B4-AA57-403C162991D5} - System32\Tasks\MUP Netzwerkkonnektivitäts-Assistent Manager-Dienst => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> "C:\ProgramData\Package Cache\{CE35B488-A482-407E-8C3E-48C213120839}\{1910C353-D10C-44B9-BA91-72D0B3B19EC1}" <==== ACHTUNG
FF user.js: detected! => C:\Users\athbi\AppData\Roaming\Mozilla\Firefox\Profiles\mums5mhc.default\user.js [2023-04-16]
FF NewTab: Mozilla\Firefox\Profiles\mums5mhc.default -> https://defaultsearch.co/homepage?hp=1&pId=AGB200101&iDate=2020-07-29 11:11:17&bName=&bitmask=0600
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
DeleteKey: HKLM\SOFTWARE\Node.js
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Node.js
DeleteKey: HKLM\SOFTWARE\Classes\Installer\Products\4D45993E1218CF443A3DFD6652D48B19
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4D45993E1218CF443A3DFD6652D48B19
DeleteKey: HKU\.DEFAULT\Software\Node.js
DeleteKey: HKCU\SOFTWARE\Node.js
emptytemp:
End::
  • Starte nun FRST und klicke direkt den Reparieren Button.Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.04.2023, 10:27   #9
fbin41
 
Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg - Standard

Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg


Code:
ATTFilter
Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-04-2023
durchgeführt von Anna (20-04-2023 11:10:49) Run:1
Gestartet von D:\Software\Farbar_x86_x64
Geladene Profile: Anna & athbi & Frank
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Start::
CloseProcesses:
C:\Program Files (x86)\nodejs
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
Task: {5840509D-8829-414E-A65D-32541ECD119B} - System32\Tasks\AppleMobileHintergrundübertragungsdienst => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> C:\WINDOWS\Installer\{65C4EEBA-EDAC-4602-8E5C-BD22D8BEA90D}\{B49DA697-B607-4850-AB10-11CF68C3C352} <==== ACHTUNG
Task: {8540359D-1299-41B4-AA57-403C162991D5} - System32\Tasks\MUP Netzwerkkonnektivitäts-Assistent Manager-Dienst => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> "C:\ProgramData\Package Cache\{CE35B488-A482-407E-8C3E-48C213120839}\{1910C353-D10C-44B9-BA91-72D0B3B19EC1}" <==== ACHTUNG
FF user.js: detected! => C:\Users\athbi\AppData\Roaming\Mozilla\Firefox\Profiles\mums5mhc.default\user.js [2023-04-16]
FF NewTab: Mozilla\Firefox\Profiles\mums5mhc.default -> https://defaultsearch.co/homepage?hp=1&pId=AGB200101&iDate=2020-07-29 11:11:17&bName=&bitmask=0600
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
DeleteKey: HKLM\SOFTWARE\Node.js
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Node.js
DeleteKey: HKLM\SOFTWARE\Classes\Installer\Products\4D45993E1218CF443A3DFD6652D48B19
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4D45993E1218CF443A3DFD6652D48B19
DeleteKey: HKU\.DEFAULT\Software\Node.js
DeleteKey: HKCU\SOFTWARE\Node.js
emptytemp:
End::
         
*****************

Prozesse erfolgreich geschlossen.
"C:\Program Files (x86)\nodejs" => nicht gefunden
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5840509D-8829-414E-A65D-32541ECD119B}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5840509D-8829-414E-A65D-32541ECD119B}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\AppleMobileHintergrundübertragungsdienst => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AppleMobileHintergrundübertragungsdienst" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{8540359D-1299-41B4-AA57-403C162991D5}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8540359D-1299-41B4-AA57-403C162991D5}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\MUP Netzwerkkonnektivitäts-Assistent Manager-Dienst => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MUP Netzwerkkonnektivitäts-Assistent Manager-Dienst" => erfolgreich entfernt
"C:\Users\athbi\AppData\Roaming\Mozilla\Firefox\Profiles\mums5mhc.default\user.js" => nicht gefunden
"FF NewTab: Mozilla\Firefox\Profiles\mums5mhc.default -> https://defaultsearch.co/homepage?hp=1&pId=AGB200101&iDate=2020-07-29 11:11:17&bName=&bitmask=0600" => nicht gefunden
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.8 => erfolgreich entfernt
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.1 => erfolgreich entfernt
HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=3.0.4 => erfolgreich entfernt
HKLM\SOFTWARE\Node.js => nicht gefunden
HKLM\SOFTWARE\WOW6432Node\Node.js => erfolgreich entfernt
HKLM\SOFTWARE\Classes\Installer\Products\4D45993E1218CF443A3DFD6652D48B19 => nicht gefunden
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4D45993E1218CF443A3DFD6652D48B19 => nicht gefunden
HKU\.DEFAULT\Software\Node.js => nicht gefunden
HKCU\SOFTWARE\Node.js => erfolgreich entfernt

=========== EmptyTemp: ==========

FlushDNS => abgeschlossen
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1687973627 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 29946587 B
Edge => 1172037 B
Firefox => 34522351 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 22112690 B
athbi => 519905845 B
athbi.LAPTOP-P33CJ5M1 => 519923815 B
Frank => 675923513 B

RecycleBin => 423000087 B
EmptyTemp: => 3.6 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 11:19:39 ====
Dazu vielleicht noch die Anmerkungen:

Das Nodejs unter "C:\Program Files (x86)\nodejs" hatte ich schon vorgestern mal "weg bewegt", da es mir suspekt erschien - meine Frau arbeitet sicher nicht damit.

Die Zeitstempel der nodejs-Verzeichnisse (29.7.2020) passten zu einer früheren Infektion mit "Web Companion" aus Juli/August 2020.
Diese frühere Infektion aus dem Sommer 2020 hatte ich damals offenbar nur sehr unvollständig entfernt!?

Na (nicht) gut, aber deswegen bin ich ja jetzt hier. Danke schon wieder einmal! Wie geht es weiter?
Geändert von fbin41 (20.04.2023 um 10:35 Uhr)

Alt 20.04.2023, 10:30   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg - Standard

Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg


Und wieder neue FRST-Logs.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.04.2023, 11:00   #11
fbin41
 
Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg - Standard

Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg


Da sind sie:


FRST Logfile:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 18-04-2023
durchgeführt von Anna (Administrator) auf ANNA-LENOVO-W10 (LENOVO 80YL) (20-04-2023 11:42:01)
Gestartet von D:\Software\Farbar_x86_x64\FRST64.exe
Geladene Profile: Anna
Plattform: Microsoft Windows 10 Home Version 22H2 19045.2846 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(LenovoBoostAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(LenovoBoostSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(MultimediaAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudServices.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> ) C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudCKKS.exe
(C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudServices.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> ) C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\WebView2\msedgewebview2.exe <6>
(C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2>
(DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\igfxEM.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <7>
(explorer.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> ) C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\iCloudServices.exe
(explorer.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
(explorer.exe ->) (Ghisler Software GmbH -> Ghisler Software GmbH) C:\Program Files\totalcmd\TOTALCMD64.EXE
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (LENOVO -> Lenovo(beijing) Limited) C:\Program Files\Lenovo\LenovoUtility\utility.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (Skype Software Sarl -> ) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe <6>
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\IntelCpHeciSvc.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> ) C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\APSDaemon.exe
(svchost.exe ->) (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> ) C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa\iCloud\secd.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Hewlett Packard -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23022.140.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [LenovoUtility] => C:\Program Files\Lenovo\LenovoUtility\utility.exe [894376 2017-04-14] (LENOVO -> Lenovo(beijing) Limited)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1922496 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [849920 2017-03-07] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [362056 2022-05-05] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11327200 2023-04-04] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\Run: [HP Officejet Pro 8620 (NET)] => C:\Program Files\HP\HP Officejet Pro 8620\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\Run: [MicrosoftEdgeAutoLaunch_88349514007821BC009C7118188706C5] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4056016 2023-03-16] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP 7012 Status Monitor: C:\Windows\system32\hpinksts7012LM.dll [328704 2014-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 8620): C:\Windows\system32\HPDiscoPM7012.dll [763912 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Startup: C:\Users\athbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2018-01-07]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {02D80AC4-EAFA-45C2-B1E8-A57ED4B3365F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (Keine Datei)
Task: {04008C4A-ACC1-4D34-8A9A-C33E978AC250} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\38b71b36-98cd-41f8-b226-d1c1d1c4986c => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {07B7BEEA-5066-45BA-8D1D-4D781B4CDCC9} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [647616 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0DDD97C2-5C1D-4993-AB90-E34D9FC8DA8B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [647616 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0E2B8BA9-811D-4A0D-9DDA-EDDB30F89CD9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
Task: {146A8CAD-41D5-48B3-BF2F-48C6E5252AD3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [436672 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {16F7F4CD-38E4-491F-AF35-EF5805697C87} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564152 2023-04-03] (Adobe Inc. -> Adobe Inc.)
Task: {16F9A3B9-AE18-4434-A35B-000F8F43A5AB} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [88344 2017-02-17] (CyberLink Corp. -> CyberLink Corp.)
Task: {18A152A5-6A75-46EB-AAEF-19CA798549D3} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [676768 2023-04-14] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {18B3D5DD-8FA0-477F-8FFC-EB2B54975AF3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26409896 2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {263846D5-49F4-4A02-B73C-A373DA5351C7} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {270C1F4E-8C4D-4874-9948-372B40972849} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114656 2023-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {2A1C2893-C129-45F4-8513-975173E72904} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {2F0D5672-4E48-40CC-A89A-08E7C14C7E66} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [717248 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3A76240A-181C-49CD-955C-38E7D260A883} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\0028b695-de87-41b0-9a47-fa161f0940a8 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {3AD0C074-2F5B-45EA-8EBA-2FDA08F952F7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {3CFD1FA0-FD46-4EDA-9B1D-ED7367378294} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService
Task: {3D10AC7F-04A2-4998-BCB9-988508187666} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {5CC0FA82-0DD1-415F-88A8-D8F0F43EC3C4} - System32\Tasks\RtHDVBg_LENOVO_DOLBYDRAGON => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506168 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {670CB788-B226-4373-B912-2AA9E2F490BF} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {6D4190F4-BE4F-4B1F-B734-304492B78359} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6F8CD596-78E4-469C-BCE9-9B0F3B2255DC} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {744C8F0F-E50C-4CE3-ACCE-9E8341C96F19} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\938cd0d6-7874-4c1a-8b37-a27db68aa6f2 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {88A929E5-219D-45C9-BABA-B89796187F71} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [717248 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8C783D4B-9D3D-42B7-A1D5-0B83CFF0FB09} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [1714112 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8CCDCDF0-3F17-4CD8-8368-EEE411828A58} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [946112 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8EAF89F1-D857-4DFD-9DD0-A1B0711F67F1} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\ac7a0baf-274c-4f05-bffa-a2ebb28a9c59 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
Task: {8F1D8A1B-2558-46C1-909B-5793580F9083} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114656 2023-04-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {92D46EC5-0D24-46C4-9B9E-0906A7E080F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {936DBBC0-F92E-447A-9911-543A55FCFB88} - System32\Tasks\HPCustParticipation HP Officejet Pro 8620 => C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPCustPartic.exe [5745672 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
Task: {986F4E96-B5E9-4C2B-B306-175C25B6FEA8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26409896 2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {9BD2605E-EEE6-4734-8BA0-D5A93BB1E6A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {A50E8C74-F5E0-43CC-8905-89C4CF54032C} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {A708C525-478D-46A6-9168-0F0C99EB799E} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {A8E94241-7910-4603-B8C4-E137F7D6EBDE} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {A9144B2A-286A-4560-915B-FE515B39503D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
Task: {AD3747D6-035C-45F2-AE0B-1B5172774BF8} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [718752 2023-04-14] (Mozilla Corporation -> Mozilla Foundation)
Task: {AD768997-3A76-425B-AD74-EA03626860C1} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {AE4257FE-175C-4B34-B64F-7D6A91F8A84E} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {B0495E0F-66D5-4293-8D5E-87289E806DDB} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\Lenovo\Power2Go\CLVDLauncher.exe [347416 2016-09-20] (CyberLink Corp. -> CyberLink Corp.)
Task: {BE53B40D-0E81-4F78-8B5D-19A549970770} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506168 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {CE0ACD11-0DE5-424F-92D8-8C2F4FA077EB} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe [28888 2022-11-29] (Lenovo -> Lenovo Group Ltd.)
Task: {CE80E807-042E-4154-8705-99C9B567CC0C} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1506168 2019-03-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {D2A474AC-58B6-4CA5-BAF2-81D58DE8E226} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-27] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {DA63F70E-D721-4640-A699-E852A5662A3C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe [190744 2016-10-07] (CyberLink Corp. -> CyberLink)
Task: {DE80A756-8BA5-4FCF-9151-C798E96E9D20} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (Keine Datei)
Task: {E66940DA-4B71-4AE0-9936-8AD8FCA3A4E9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MpCmdRun.exe [1645864 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {FA6BB3E0-41B5-41F5-8ADA-B549B9AC7062} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService
Task: {FC74E7F7-4AF3-446B-B664-A28AC6E02533} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (Keine Datei)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{2b6d82fc-ac06-414f-abe2-6e7dd76b3117}: [DhcpNameServer] 150.213.1.2
Tcpip\..\Interfaces\{337671d7-3eee-45b8-a9ff-56a66a52a8c9}: [DhcpNameServer] 192.168.178.1

Edge: 
=======
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\athbi\AppData\Local\Microsoft\Edge\User Data\Default [2023-04-20]

FireFox:
========
FF DefaultProfile: uf33delb.default-1681935890333
FF ProfilePath: C:\Users\athbi\AppData\Roaming\Mozilla\Firefox\Profiles\uf33delb.default-1681935890333 [2023-04-20]
FF Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\athbi\AppData\Roaming\Mozilla\Firefox\Profiles\uf33delb.default-1681935890333\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-04-19]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-04-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-03] (Microsoft Corporation -> Microsoft Corporation)

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-04-03] (Adobe Inc. -> Adobe Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [100424 2022-05-02] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12634544 2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-11] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2023-04-04] (Dropbox, Inc -> Dropbox, Inc.)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2019-01-21] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\\3.13.43.0\LenovoVantageService.exe [32464 ] (Lenovo -> Lenovo Group Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe [3228400 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe [133536 2023-04-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R3 MpKslee885f9e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4693A991-7324-47CE-9ED0-F1F4779FEE5E}\MpKslDrv.sys [211208 2023-04-20] (Microsoft Windows -> Microsoft Corporation)
R3 SPUVCbv; C:\WINDOWS\System32\Drivers\SPUVCbv64.sys [890944 2017-09-29] (SUNPLUS INNOVATION TECHNOLOGY INC. -> Sunplus Innovation Technology Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2023-04-06] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [497920 2023-04-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-04-06] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2023-04-20 07:50 - 2023-04-20 07:58 - 000000000 ____D C:\AdwCleaner
2023-04-20 07:48 - 2023-04-20 07:48 - 008791352 _____ (Malwarebytes) C:\Users\athbi\Downloads\adwcleaner.exe
2023-04-19 22:24 - 2023-04-19 22:24 - 000000000 ____D C:\Users\athbi\Desktop\Alte Firefox-Daten
2023-04-19 22:23 - 2023-04-19 22:25 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-04-19 22:23 - 2023-04-19 22:23 - 058462736 _____ (Mozilla) C:\Users\athbi\Downloads\Firefox Setup 112.0.1.exe
2023-04-19 22:23 - 2023-04-19 22:23 - 000002041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Privater Modus.lnk
2023-04-19 22:23 - 2023-04-19 22:23 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-04-19 22:23 - 2023-04-19 22:23 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk
2023-04-19 22:23 - 2023-04-19 22:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-04-19 22:17 - 2023-04-19 22:17 - 000000000 ____D C:\Users\athbi\AppData\LocalLow\Oracle
2023-04-19 17:17 - 2023-04-20 11:42 - 000000000 ____D C:\FRST
2023-04-19 17:16 - 2023-04-19 17:16 - 003459075 _____ C:\Users\athbi\Downloads\Farbar_x86_x64.zip
2023-04-19 02:08 - 2023-04-20 11:20 - 105906176 _____ C:\WINDOWS\system32\config\SOFTWARE
2023-04-19 02:03 - 2023-04-19 02:08 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2023-04-19 01:09 - 2023-04-19 01:09 - 000004036 _____ C:\WINDOWS\system32\Tasks\PostponeDeviceSetupToast_S-1-5-21-624402189-1887333828-3918413586-1003_0
2023-04-19 00:59 - 2023-04-19 00:59 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-624402189-1887333828-3918413586-1003
2023-04-18 20:15 - 2023-04-18 20:15 - 000000000 ___HD C:\$WinREAgent
2023-04-18 09:13 - 2023-04-18 09:13 - 000024848 _____ C:\Users\athbi\Downloads\dhl-return-60004038-bc29-2622-6b19-3a0aa55fc5ad.pdf
2023-04-18 08:41 - 2023-04-18 08:41 - 000128305 _____ C:\Users\athbi\Downloads\Retourenanleitung.pdf
2023-04-16 15:21 - 2023-04-16 15:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2023-04-04 12:51 - 2023-04-04 12:51 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2023-04-20 11:41 - 2022-02-14 18:23 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-04-20 11:35 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-04-20 11:25 - 2020-06-28 17:57 - 001722792 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-04-20 11:25 - 2019-12-07 16:50 - 000744968 _____ C:\WINDOWS\system32\perfh007.dat
2023-04-20 11:25 - 2019-12-07 16:50 - 000150354 _____ C:\WINDOWS\system32\perfc007.dat
2023-04-20 11:25 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2023-04-20 11:21 - 2022-08-22 21:03 - 000000000 ____D C:\Users\athbi\AppData\Roaming\DropboxElectron
2023-04-20 11:21 - 2017-12-31 11:03 - 000000000 ____D C:\Users\athbi\AppData\Local\Dropbox
2023-04-20 11:21 - 2017-12-30 23:00 - 000000000 ___RD C:\Users\athbi\OneDrive
2023-04-20 11:20 - 2020-06-28 17:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-04-20 11:20 - 2020-06-28 17:47 - 000437960 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-04-20 11:20 - 2020-06-28 17:47 - 000008192 ___SH C:\DumpStack.log.tmp
2023-04-20 11:20 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2023-04-20 11:20 - 2019-12-07 11:03 - 002097152 _____ C:\WINDOWS\system32\config\BBI
2023-04-20 11:20 - 2017-08-18 03:20 - 000000000 ____D C:\ProgramData\NVIDIA
2023-04-20 11:11 - 2018-03-23 13:24 - 000000000 ____D C:\Users\athbi\AppData\LocalLow\Temp
2023-04-20 08:38 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-04-20 08:38 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-04-20 08:11 - 2017-12-31 16:19 - 000000000 ____D C:\Users\athbi\AppData\Roaming\WhatsApp
2023-04-20 08:10 - 2017-12-31 16:19 - 000000000 ____D C:\Users\athbi\AppData\Local\WhatsApp
2023-04-20 08:10 - 2017-12-30 22:54 - 000000000 ___SD C:\Users\athbi\AppData\Roaming\Microsoft\Credentials
2023-04-20 07:58 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-04-19 22:23 - 2020-09-25 08:02 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-04-19 22:16 - 2017-12-31 14:05 - 000000000 ____D C:\Users\athbi\AppData\LocalLow\Mozilla
2023-04-19 22:08 - 2017-12-31 13:39 - 000000000 ____D C:\Users\athbi\AppData\Local\Google
2023-04-19 16:48 - 2018-06-26 19:45 - 000000000 ____D C:\Users\athbi\AppData\Local\D3DSCache
2023-04-19 16:47 - 2017-12-31 13:20 - 000000000 ____D C:\Users\athbi\AppData\Roaming\Microsoft\Word
2023-04-19 06:20 - 2020-06-28 17:47 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-04-19 01:09 - 2018-01-16 18:46 - 000000000 ____D C:\Users\Frank\AppData\Local\Dropbox
2023-04-19 01:08 - 2018-01-16 18:45 - 000000000 __SHD C:\Users\Frank\IntelGraphicsProfiles
2023-04-19 00:59 - 2020-06-28 17:57 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-624402189-1887333828-3918413586-1003
2023-04-19 00:59 - 2020-06-28 17:49 - 000002402 _____ C:\Users\Frank\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-04-19 00:59 - 2018-01-16 18:45 - 000000000 ____D C:\Users\Frank\AppData\Local\Packages
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemApps
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-04-18 22:04 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\System
2023-04-18 20:28 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-04-18 20:24 - 2020-06-28 17:48 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-04-18 19:53 - 2017-12-31 09:29 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-04-18 19:49 - 2017-12-31 09:29 - 156112424 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-04-18 09:19 - 2020-10-07 06:41 - 000000306 __RSH C:\ProgramData\ntuser.pol
2023-04-18 09:18 - 2017-12-31 11:02 - 000001254 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2023-04-18 09:18 - 2017-12-31 11:02 - 000001250 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2023-04-18 08:18 - 2022-10-13 12:17 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-04-18 08:18 - 2022-10-13 12:17 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-04-18 08:18 - 2017-08-18 02:54 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-04-18 08:16 - 2021-12-11 18:13 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-624402189-1887333828-3918413586-1001
2023-04-18 08:16 - 2020-06-28 17:57 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-04-18 08:16 - 2020-06-28 17:57 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-624402189-1887333828-3918413586-1001
2023-04-18 08:16 - 2020-06-28 17:49 - 000002402 _____ C:\Users\athbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-04-17 12:20 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-04-16 15:22 - 2017-12-31 11:02 - 000000000 ____D C:\Program Files (x86)\Dropbox
2023-04-06 10:11 - 2018-02-14 18:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-03-27 10:59 - 2018-01-03 13:10 - 000000000 ____D C:\Users\athbi\Documents\HP Scans

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2021-02-25 21:03 - 2021-02-25 21:03 - 001384728 _____ (Microsoft Corporation) C:\Users\athbi\TeamsSetupx64_s_8D8D9BFA4BA8BEE-7-0_.exe
2020-11-25 14:39 - 2020-11-25 14:39 - 000007648 _____ () C:\Users\athbi\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================
--- --- ---


und Addition.txt

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-04-2023
durchgeführt von Anna (20-04-2023 11:43:42)
Gestartet von D:\Software\Farbar_x86_x64
Microsoft Windows 10 Home Version 22H2 19045.2846 (X64) (2020-06-28 15:57:19)
Start-Modus: Normal
==========================================================


==================== Konten: =============================


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-624402189-1887333828-3918413586-500 - Administrator - Disabled)
Anna (S-1-5-21-624402189-1887333828-3918413586-1001 - Administrator - Enabled) => C:\Users\athbi
athbi (S-1-5-21-624402189-1887333828-3918413586-1002 - Limited - Enabled) => C:\Users\athbi.LAPTOP-P33CJ5M1
DefaultAccount (S-1-5-21-624402189-1887333828-3918413586-503 - Limited - Disabled)
Frank (S-1-5-21-624402189-1887333828-3918413586-1003 - Administrator - Enabled) => C:\Users\Frank
Gast (S-1-5-21-624402189-1887333828-3918413586-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-624402189-1887333828-3918413586-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ACDSee 8 (HKLM-x32\...\{AA2E6BFE-4351-481C-A720-47CB3506570B}) (Version: 8.1.100 - ACD Systems Ltd.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 23.001.20143 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601047}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{11C4575B-4B32-44D2-A097-D59A00BA60DE}) (Version: 8.5 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{D39B163A-9E12-442C-95E9-33FA5746AB21}) (Version: 8.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2B3CA448-5266-480F-85FA-2FCCB3C8712C}) (Version: 15.6.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Audiograbber (HKLM-x32\...\Audiograbber) (Version: 1.83 (2020 Edition) - Audiograbber)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink Power2Go 8 (HKLM-x32\...\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.7007 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.7417 - CyberLink Corp.)
Dolby Audio X2 Windows API SDK (HKLM\...\{F290F786-5F69-48D4-B20B-D21C7DE56EF0}) (Version: 0.8.8.88 - Dolby Laboratories, Inc.)
Dolby Audio X2 Windows APP (HKLM\...\{9207D68E-666A-49C7-A900-9F5B2FF289E4}) (Version: 0.8.0.71 - Dolby Laboratories, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 171.4.6182 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.733.1 - Dropbox, Inc.) Hidden
FOTOParadies (HKLM-x32\...\{FD838798-E2CB-45FA-AF79-6011519031E2}}_is1) (Version: 4.12.0.1257 - Foto Online Service GmbH)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
HP Officejet Pro 8620 - Grundlegende Software für das Gerät (HKLM\...\{F6CE08BC-6929-412E-BB42-A9A7CD9721D7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
HP Officejet Pro 8620 Hilfe (HKLM-x32\...\{F8E43C63-DFF2-4134-A46C-2A6F00517A35}) (Version: 32.0.0 - Hewlett Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
iBackup Viewer 4.15.0 (HKLM-x32\...\{5B428966-3054-41E3-B0F8-008EE30BD019}_is1) (Version:  - iMacTools)
iCloud Outlook (HKLM\...\{A8C64C2A-BD34-464F-BA61-A969BA46FC2B}) (Version: 10.9.3.62 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM\...\{81520FC5-3518-40E9-9803-70CE8A801D07}) (Version: 10.1.1.38 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1035 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{BB1B550F-329D-4B07-A8D0-82914483411C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) ME UninstallLegacy (HKLM\...\{E9B9A1A5-6398-4C99-8FDE-10794F6505C5}) (Version: 1.0.1.0 - Intel Corporation) Hidden
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden
iTunes (HKLM\...\{603AC145-2337-4355-A6F1-BF66FDB2FA63}) (Version: 12.12.4.1 - Apple Inc.)
JDiskReport 1.4.1 (HKLM-x32\...\JDiskReport 1.4.1) (Version: 1.4.1 (2014-02-26 11:50:44) - JGoodies Karsten Lentzsch)
Lenovo App Explorer (HKU\S-1-5-21-624402189-1887333828-3918413586-1002\...\Host App Service) (Version: 0.272.1.560 - SweetLabs for Lenovo)
Lenovo App Explorer (HKU\S-1-5-21-624402189-1887333828-3918413586-1003\...\Host App Service) (Version: 0.273.4.600 - SweetLabs for Lenovo)
Lenovo Utility (HKLM\...\{12ABAC82-7D83-4CB8-9DD2-434DC9AF2942}_is1) (Version: 3.0.0.17 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.13.43.0 - Lenovo Group Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 111.0.1661.44 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.69 - Microsoft Corporation)
Microsoft HEVC Media Extension Installation for Microsoft.HEVCVideoExtension_1.0.2512.0_x64__8wekyb3d8bbwe (x64) (HKLM\...\{B0169E83-757B-EF66-E2F0-391944D785BC}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2016 - de-de (HKLM\...\HomeStudentRetail - de-de) (Version: 16.0.16227.20280 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\OneDriveSetup.exe) (Version: 23.071.0402.0001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-624402189-1887333828-3918413586-1002\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-624402189-1887333828-3918413586-1003\...\OneDriveSetup.exe) (Version: 21.220.1024.0005 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\Teams) (Version: 1.4.00.22472 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{89581302-705F-42C5-99B0-E368A845DAD5}) (Version: 3.70.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 112.0.1 (x64 de)) (Version: 112.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 112.0.1 - Mozilla)
NVIDIA GeForce Experience 3.8.0.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.8.0.89 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.16227.20204 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.16130.20218 - Microsoft Corporation) Hidden
Studie zur Verbesserung von HP Officejet Pro 8620 (HKLM\...\{825BC9A9-A005-4FDB-BDE9-A4F2DF69C3B7}) (Version: 32.3.198.49673 - Hewlett-Packard Co.)
tiptoi® Manager 5.0.2 (HKLM\...\{833392BB-E8C0-4066-9408-3A30FA43972F}_is1) (Version: 5.0.2 - Ravensburger AG)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{9E5A6059-314A-4F02-B8A4-8C9C97989589}) (Version: 8.91.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0-2) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
WhatsApp (Outdated) (HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\WhatsApp) (Version: 2.2314.11 - WhatsApp)
Windows 10-Update-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\ZoomUMX) (Version: 5.9.1 (2581) - Zoom Video Communications, Inc.)

Packages:
=========
Bubble Witch 3 Saga -> C:\Program Files\WindowsApps\king.com.BubbleWitch3Saga_7.32.21.0_x64__kgqvnymyfvs32 [2023-04-04] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.240.400.0_x64__kgqvnymyfvs32 [2023-04-18] (king.com)
Disney Magic Kingdoms -> C:\Program Files\WindowsApps\A278AB0D.DisneyMagicKingdoms_7.9.9.0_x86__h6adky7gbf63m [2023-04-18] (Gameloft SE)
Dolby Access -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.17.857.0_x64__rz1tebttyb220 [2023-04-20] (Dolby Laboratories)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_144.1.1068.0_x64__v10z8vjag6ke6 [2023-04-18] (HP Inc.)
iCloud -> C:\Program Files\WindowsApps\AppleInc.iCloud_14.1.108.0_x64__nzyj5cx40ttqa [2023-01-07] (Apple Inc.) [Startup Task]
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2303.112.0_x64__k1h2ywk1493x8 [2023-04-20] (LENOVO INC.)
Lenovo Kontoportal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-12-30] (LENOVO INCORPORATED.)
Lenovo Settings -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoSettings_3.177.0.0_x86__4642shxvsv8s2 [2017-12-30] (LENOVO INCORPORATED.)
March of Empires: War of Lords -> C:\Program Files\WindowsApps\A278AB0D.MarchofEmpires_7.3.2.0_x86__h6adky7gbf63m [2023-04-06] (Gameloft SE)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2019-10-11] (Microsoft Corporation)
Messenger -> C:\Program Files\WindowsApps\FACEBOOK.317180B0BB486_1820.9.73.0_x64__8xx8rvfyw5nnt [2023-03-16] (Meta) [Startup Task]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-02-14] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-02-14] (Microsoft Corporation) [MS Ad]
Minecraft for Windows 10 -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.19.7302.0_x64__8wekyb3d8bbwe [2023-04-04] (Microsoft Studios)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-04-09] (Netflix, Inc.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-04-19] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0 [2023-04-18] (Spotify AB) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2313.6.0_x64__cv1g1gvanyjgm [2023-04-19] (WhatsApp Inc.) [Startup Task]
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x64__8wekyb3d8bbwe [2023-01-04] (Microsoft Corporation)
WindowsAppRuntime.1.1 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.1_1005.616.1651.0_x86__8wekyb3d8bbwe [2023-01-04] (Microsoft Corporation)
XING -> C:\Program Files\WindowsApps\XINGAG.XING_4.0.9.0_x86__xpfg3f7e9an52 [2021-06-13] (New Work SE)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-624402189-1887333828-3918413586-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\athbi\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21140.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-624402189-1887333828-3918413586-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\athbi\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-624402189-1887333828-3918413586-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\athbi\Dropbox [2017-12-31 16:05]
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} => C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll [2016-10-07] (CyberLink Corp. -> Cyberlink)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.61.0.dll [2023-03-04] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\igfxDTCM.dll [2019-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-12-21] (NVIDIA Corporation -> NVIDIA Corporation)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

Shortcut: C:\Users\athbi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDiskReport 1.4.1\JGoodies Home Page.lnk -> hxxp://www.jgoodies.com

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============


==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========

HKU\S-1-5-21-624402189-1887333828-3918413586-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-624402189-1887333828-3918413586-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
HKU\S-1-5-21-624402189-1887333828-3918413586-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-624402189-1887333828-3918413586-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-624402189-1887333828-3918413586-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
HKU\S-1-5-21-624402189-1887333828-3918413586-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-624402189-1887333828-3918413586-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
HKU\S-1-5-21-624402189-1887333828-3918413586-1003\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
SearchScopes: HKU\S-1-5-21-624402189-1887333828-3918413586-1001 -> DefaultScope {53925601-2FCD-4A29-B367-60284FA6688C} URL = 
SearchScopes: HKU\S-1-5-21-624402189-1887333828-3918413586-1001 -> {53925601-2FCD-4A29-B367-60284FA6688C} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2023-02-05] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-16] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2023-04-16] (Microsoft Corporation -> Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-624402189-1887333828-3918413586-1001\...\localhost -> localhost

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2017-03-18 23:03 - 2017-03-18 23:01 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-624402189-1887333828-3918413586-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\athbi\Pictures\IMG_1492.JPG
HKU\S-1-5-21-624402189-1887333828-3918413586-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\athbi.LAPTOP-P33CJ5M1\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
HKU\S-1-5-21-624402189-1887333828-3918413586-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{AC218C40-6184-4B36-A2A4-2FC41A623DA2}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{34343FB8-9C55-4205-B25C-5A386A97EF32}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{DD46D48A-05D2-4626-9302-3BF1EAD392CF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{8B2F6B13-787A-4C13-B7A0-8669F6F1F8A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{3884368A-3A03-4217-97F7-73A1379F5D43}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{927C32C8-CD4F-4381-8073-CF61775FE17B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{6B5A2042-FDE7-432F-A3A7-7216DC153EEC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{CA684955-E2E6-4FAB-B5BD-3ED8006B46EF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.134.694.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{20022487-6451-4800-82E6-11C1AF2CEC77}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{DB0C8512-90F3-4BB6-B68B-B054EBDA2115}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{5B98457D-CAEF-4265-A94F-DD95BF97290E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{91999B30-6C59-4E86-854F-814861874A47}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{B4F9B27F-F72F-4B4E-8C13-4F8AB713435F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{6D550B11-704C-4138-9E77-F4F86DFDF137}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{371B5B53-EFEA-44D3-9440-F7CD3242241E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{A0653830-5CCA-4318-83D9-CE5832AF5AEF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.126.501.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{36066C1C-C711-499C-80A9-6AB69BA784A4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{AE8425FC-91DD-4159-84B5-CD1F07DC5021}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{CBAF5845-1FAA-4AE2-8B58-BC12CC63F91F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{8802D145-297C-4A7D-A3C9-0EB7843E0C04}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{41CF2DAF-D1A3-4823-98DE-4E1EA77FA13B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{594775A3-0594-43B2-992C-BBCC1C8A475D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{FB923C09-8584-4DFF-8283-B6505A5E5C22}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{7A37757B-0809-44FF-8039-F76DFBD9EF2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.120.510.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{EA0B16FC-649D-4079-B106-34494FDAA641}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{2A20BD29-2804-4119-9400-B60050AC1F1E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{ABE8846A-0E4B-4ABD-96E3-1728F8B4E3A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{12DBD426-96B8-46A9-93F9-3B69F0F7D2D0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{00EAF64E-9AB3-478F-9506-35AF3EDAC03F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{30E83503-6E1E-4C86-A27A-178EDE79B1F1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{9A8D4232-1B0E-4DC3-9C2B-DD15069BA531}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{77439F06-CE7A-435B-9DB9-0300B7C56DF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.112.451.0_x86__zpdnekdrzrea0\Spotify.exe => Keine Datei
FirewallRules: [{48F12A1A-5403-400D-8509-0A89AD7F5C52}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{AB8DF726-C74D-43E6-B3EA-E6A9A9518054}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{6390C560-EA31-41BE-973A-F9E0E0884A03}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{E58DA280-9154-467F-B11F-931A8A11ABAA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4C6A7DDE-8AC0-4288-AB69-EAC861E6263F}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{421991C6-13E6-40A9-A5E6-48D16D2506A7}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{CC0ED3F7-489B-43B4-8D54-ABBE36C30935}] => (Allow) LPort=5357
FirewallRules: [{CE711B05-2DFF-4261-8610-D7B635D08D4F}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{CD602CE4-D754-41AA-9CA0-20F77B058F87}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\SendAFax.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{BC16575D-E187-4694-BF97-5074E7CAA5EF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\DigitalWizards.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{D5EC5CA3-2278-4813-A55F-491E9825E8AA}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8620\bin\FaxApplications.exe (Hewlett Packard -> Hewlett-Packard Development Company, LP)
FirewallRules: [{AD6A0026-2578-4FC4-A8EB-1D2AD0F3E130}] => (Allow) C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHost.exe => Keine Datei
FirewallRules: [{08E925FA-FE14-45C7-9D80-C509E835E681}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MMSSHost\MMSSHost.exe => Keine Datei
FirewallRules: [{696FBFD0-A21C-4517-BDE3-E5E810236C70}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{46713C31-8181-4646-9DAD-1D74605FC87B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => Keine Datei
FirewallRules: [{C328306D-66E3-4106-BBB3-6197713E0CF8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => Keine Datei
FirewallRules: [{869CD70E-7C28-4149-B647-4EE37A4E2B47}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{5E875506-7461-4D1B-9EDF-B5D4B6409CD6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{982A9D5B-01AC-480A-8ED5-36E87D76C5FB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{3EF18B14-2DC7-412E-9569-7354CECD3556}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe => Keine Datei
FirewallRules: [{691C41A4-35AB-4708-B2DD-F4A7EC697674}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{961B8823-02F5-4AA6-A910-FA8F8E2C201A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [TCP Query User{0EFAAB4B-1F56-475F-83B4-07E44B4EE333}C:\program files\rstudio\bin\rsession.exe] => (Block) C:\program files\rstudio\bin\rsession.exe => Keine Datei
FirewallRules: [UDP Query User{E3CC6A00-11BA-4678-B3C9-9C4EE88787BA}C:\program files\rstudio\bin\rsession.exe] => (Block) C:\program files\rstudio\bin\rsession.exe => Keine Datei
FirewallRules: [TCP Query User{0A8942D2-F05D-46C3-81A2-9E06AFEEFB96}C:\users\athbi\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\athbi\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{EC698404-78E9-4D6B-9C2D-8C3010963F96}C:\users\athbi\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\athbi\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{FAE1F094-FCB9-4B42-B131-9ACA4095C82F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{8D71F9DF-65B8-41D3-B446-9FC0E0995086}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6672EA65-F71F-4DBB-B4EB-CA7F8D18AEB8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{FA449F34-1372-4B29-9230-D45A5CABC0A3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.77.97.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{03D77AD8-0FB5-42D1-BB20-7E3655779C1F}] => (Allow) C:\Users\athbi\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9F2E1649-3F75-4D36-83E0-4ECFAE20A6D5}] => (Allow) C:\Users\athbi\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{00C75A60-8331-4716-BC5D-642BA36F2D45}] => (Allow) C:\Users\athbi\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{DBCDF9C3-5A71-48C2-94F0-94FCF28D391B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6519AB27-6EC6-4FBC-92F2-044D53780C17}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6FA4B9C4-F8BE-4A9E-8F0D-A0611CBDFB63}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{19B3E677-74D0-4946-A1A3-CD5100F14CC1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.85.3409.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{9B6E2671-9D86-4524-89F8-4BD2381106CF}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{FDF888C3-96B9-4EA1-B9E7-EE318DE9CD98}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{A84EBDAE-E705-498A-9D97-65E40DE0518F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{091B54F1-E17F-4C36-8E6E-D8DA08380022}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.87.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6B6DCFCC-302D-4D69-8891-1A2D2A0D4A17}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{DA987158-0D87-4180-9EBF-6746F0A0FE41}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{80F3F0B7-FDF9-4084-83AC-044565766D39}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{46FEE2D0-66DF-4E8D-A061-A40064677082}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{0244CC0E-482B-4552-BC42-C8DFFAB4452B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6196D662-B204-4370-942D-6BBC8732A970}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{B005F084-13F8-4DB1-AC3E-76BEA3B83C5D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{C5E8E01C-389F-4FB6-87DA-1F044D3C3EA9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{FE88192B-32AD-4B26-BBDF-90D7EA16B8D8}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3428.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{7B9C61DD-21BB-4CFD-B499-D76C8AC7EC48}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.69\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C8820021-1D16-46F5-B0C1-1EF32E54E0B0}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{F16366D6-52A1-496D-A38F-7C9CC03108B6}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{9077FB14-9E1F-4387-ADF2-C879E740D618}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{8506515A-C8E8-4746-9016-F386B51E9B85}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{EAB9CCF9-B934-46BB-ABF8-340AD86FD394}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{5A01491D-D233-4C7D-B838-4FB9DCAAE25E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{6A8ED854-CC6C-4368-914E-64C1470277B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{DB37A0E1-A49F-42CD-8F0B-90F6E96D2A41}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{10791C44-681A-4FC2-85C2-44686054FC6A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{81B7E260-64FC-419D-946E-73DE1AF1A98F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.208.923.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{A8E53B7B-DD1F-412D-9072-A56B1CCE609F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{21260D3D-A872-43D7-958A-8379C219B9D0}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{350DCE98-C7F0-4D6B-BF82-6F35806FF1EB}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{BB08A189-8361-42F8-BA5E-30CD16998706}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.96.3207.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> )
FirewallRules: [{2DB65C9B-3780-4883-A20E-ADAB83241FF0}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{E9C6707B-CEC3-4A1C-BD3E-26B220E6F9C5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{AEC42519-0400-43D9-B4B3-37B351A6E5E8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{FB21002E-F19F-476A-B67F-6AF2DF985568}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{76DAF7BF-31DA-4DD2-9847-88B54F4E678D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{A1AF3ABD-5EC3-4855-9D52-C6E03508DF85}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{29AE2680-E2BD-43D2-92F0-0CA8D6E44640}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{61335FDB-AF86-4E91-8DDC-6D78B9CF9272}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{96A2A44D-DDE2-4ADB-A84F-6FA36532A46C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{81C2CB23-11BB-419B-BE0E-B32DD7E48B71}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{BC8083FE-8A80-43B2-9D53-6BFD93726AAA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.209.743.0_x86__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> )
FirewallRules: [{DD9AD8CE-BD47-4A74-A631-4E4A5A9A967D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{24165090-20D1-4882-A9D3-49D9BB8BA7CD}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Wiederherstellungspunkte =========================

18-04-2023 20:14:02 Windows Modules Installer
19-04-2023 22:17:53 Removed LibreOffice 5.3.7.2

==================== Fehlerhafte Geräte im Gerätemanager ============


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (04/19/2023 04:46:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname ANNA-LENOVO-W10.local already in use; will try ANNA-LENOVO-W10-2.local instead

Error: (04/19/2023 04:46:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 ANNA-LENOVO-W10.local. Addr 192.168.178.66

Error: (04/19/2023 04:46:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.178.66:5353   16 ANNA-LENOVO-W10.local. AAAA 2A02:810A:14BF:CCE8:6753:C417:AABC:2718

Error: (04/19/2023 01:21:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm svchost.exe Version 10.0.19041.1806 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: b40

Startzeit: 01d9724ab8d9cd92

Beendigungszeit: 4294967295

Anwendungspfad: C:\Windows\System32\svchost.exe

Bericht-ID: 3e9fe180-df5d-47e6-89b3-e2865453c2a9

Vollständiger Name des fehlerhaften Pakets: 

Relative Anwendungs-ID des fehlerhaften Pakets: 

Absturztyp: Unknown

Error: (04/16/2023 03:21:53 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden.

Error: (04/16/2023 03:21:53 PM) (Source: DbxSvc) (EventID: 281) (User: )
Description: CertFindCertificateInStore failed with: (-2146885628) Das Objekt oder die Eigenschaft wurde nicht gefunden.

Error: (04/16/2023 03:21:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname ANNA-LENOVO-W10.local already in use; will try ANNA-LENOVO-W10-2.local instead

Error: (04/16/2023 03:21:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister   16 ANNA-LENOVO-W10.local. AAAA FE80:0000:0000:0000:9D9D:2049:B4A8:B916


Systemfehler:
=============
Error: (04/20/2023 11:10:51 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/20/2023 11:10:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dropbox-Update-Service (dbupdatem)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/20/2023 11:10:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dropbox-Update-Service (dbupdate)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (04/20/2023 11:10:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "System Interface Foundation Service" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (04/20/2023 11:10:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "LenovoVantageService" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (04/20/2023 11:10:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Dolby DAX2 API Service" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.

Error: (04/20/2023 11:10:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Apple Mobile Device Service" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (04/20/2023 11:10:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "DbxSvc" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.


Windows Defender:
================
Date: 2023-04-19 17:05:37
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {5A61342C-43C9-4C86-8687-F9A088D6FFFF}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2023-04-19 01:21:40
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {EE91A563-A813-4AE7-914F-B355E573FEB3}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Vollständige Überprüfung
Benutzer: ANNA-LENOVO-W10\Anna

Date: 2023-04-04 20:21:48
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {8A98C71A-57C5-4D08-A108-C467FD8E3B99}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM

Date: 2023-04-04 20:06:32
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bladabindi!mclg&threatid=2147784274&enterprise=0
Name: Backdoor:Win32/Bladabindi!mclg
Schweregrad: Schwerwiegend
Kategorie: Hintertür
Pfad: file:_C:\Windows\Temp\4ef247ec-11e3-fdbd-b857-be8b87284343\788bd5ca-828c-9cb0-707f-17bcc0ce7e76.exe; file:_C:\Windows\Temp\9539d4d7-53f8-70f9-24eb-5f8773a9b020\a3deedb8-7f46-12bc-5bff-97df1a4b83d6.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Program Files (x86)\nodejs\node.exe
Sicherheitsversion: AV: 1.385.1699.0, AS: 1.385.1699.0, NIS: 1.385.1699.0
Modulversion: AM: 1.1.20200.4, NIS: 1.1.20200.4

Date: 2023-04-04 20:06:30
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bladabindi!mclg&threatid=2147784274&enterprise=0
Name: Backdoor:Win32/Bladabindi!mclg
Schweregrad: Schwerwiegend
Kategorie: Hintertür
Pfad: file:_C:\Windows\Temp\4ef247ec-11e3-fdbd-b857-be8b87284343\788bd5ca-828c-9cb0-707f-17bcc0ce7e76.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Program Files (x86)\nodejs\node.exe
Sicherheitsversion: AV: 1.385.1699.0, AS: 1.385.1699.0, NIS: 1.385.1699.0
Modulversion: AM: 1.1.20200.4, NIS: 1.1.20200.4

CodeIntegrity:
===============
Date: 2023-04-19 17:05:37
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-03-23 19:58:20
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-03-16 16:40:38
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-02-15 21:59:49
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2023-02-05 17:28:19
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_90f68cd0dc48b625\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Speicherinformationen =========================== 

BIOS: LENOVO 4WCN47WW 06/30/2020
Hauptplatine: LENOVO LNVNB161216
Prozessor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 62%
Installierter physikalischer RAM: 8066.72 MB
Verfügbarer physikalischer RAM: 3027.34 MB
Summe virtueller Speicher: 10242.72 MB
Verfügbarer virtueller Speicher: 5475.25 MB

==================== Laufwerke ================================

Drive c: (Windows) (Fixed) (Total:212.23 GB) (Free:95.54 GB) (Model: HFS256G3BTND-N210A) NTFS
Drive d: (Daten) (Fixed) (Total:25 GB) (Free:9.42 GB) (Model: HFS256G3BTND-N210A) NTFS

\\?\Volume{ebc8ede9-b046-4a13-88b1-1d79f48e841a}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.41 GB) NTFS
\\?\Volume{0a7f66c0-07fe-4aa2-9e89-29b2ecdf81db}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.21 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 161AE062)

Partition: GPT.

==================== Ende von Addition.txt =======================

Alt 20.04.2023, 11:03   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg - Standard

Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg


Scripting/Repair mit FRST64

WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!
  • Kopiere den gesamten Inhalt der folgenden Code-Box:
    Code:
    ATTFilter
    Start::
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG
End::
  • Starte nun FRST und klicke direkt den Reparieren Button.Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
  • Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
  • Gegebenenfalls muss dein Rechner neu gestartet werden.
  • Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.04.2023, 11:15   #13
fbin41
 
Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg - Standard

Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg


Hier die erneute Fixlog.txt

Code:
ATTFilter
Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 18-04-2023
durchgeführt von Anna (20-04-2023 12:09:09) Run:2
Gestartet von D:\Software\Farbar_x86_x64
Geladene Profile: Anna
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Start::
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG
End::
*****************

Prozesse erfolgreich geschlossen.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => erfolgreich entfernt
C:\ProgramData\NTUSER.pol => erfolgreich verschoben
HKLM\SOFTWARE\Policies\Google => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Microsoft\Edge => erfolgreich entfernt


Das System musste neu gestartet werden.

==== Ende von Fixlog 12:09:11 ====

Alt 20.04.2023, 11:16   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg - Standard

Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg


Kontrollscans mit MBAM und RK

Wir sind fast fertig. Jetzt ist es an der Zeit für Kontrollscans mit
Poste nach Abschluss der beiden Scans die Logs in CODE-Tags.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 20.04.2023, 18:02   #15
fbin41
 
Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg - Standard

Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg


Malwarebytes hat nun offenbar unter C:Windows\Installer aufgeräumt:

Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 20.04.23
Scan-Zeit: 17:38
Protokolldatei: 71c0fb9e-df91-11ed-9e2a-54e1ad682a8b.json

-Softwaredaten-
Version: 4.5.26.259
Komponentenversion: 1.0.1976
Version des Aktualisierungspakets: 1.0.68287
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10 (Build 19045.2846)
CPU: x64
Dateisystem: NTFS
Benutzer: ANNA-LENOVO-W10\Anna

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 349076
Erkannte Bedrohungen: 570
In die Quarantäne verschobene Bedrohungen: 570
Abgelaufene Zeit: 5 Min., 5 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 191
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{009D793E-019A-408D-80FC-1111E8D601C0}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{04D98D49-CA61-4E93-A0B2-8F52460BA992}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{081D22D9-F646-41C7-B020-7AABCC6475A0}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{0D638A90-07C1-4DD8-A9BB-6637984CAE12}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{130770CA-2F23-4E0C-AFE6-25313FA9F129}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{1463AADD-E96C-452C-BD36-F5F1E9BFFE60}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{17F4F09D-34E2-474A-9700-1B740B3ED9EB}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{18A56E8E-D29F-43FF-9353-2B9E9423EC4D}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{18A8E9B3-5D73-4F90-BAF7-A948103658DD}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{1937F795-B549-401B-87A2-53C2F7EBF45A}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{1B07856D-A262-465C-B4AE-DB8AD9FF2108}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{1C96EF96-4C8D-4D9C-8003-7383AAF809E5}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{1FC2C9D8-2808-4B23-B0AB-170E1630BB36}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{24A2FA22-CC05-4995-9A94-3863DEC6512D}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{24B56D41-0239-4575-9F7C-6D85B480DADB}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{24E93DB8-BF8D-49CA-B19D-4683819364B8}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{2546542E-3EDA-449D-92EE-E1EB1C93597D}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{26368EC2-F906-4F63-B2F4-98F7807710AC}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{2813D3A7-C28A-41ED-AD62-63F35BD60A4C}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{2B71C7F2-53AE-4EF2-92CC-E795B37C386A}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{30081BFE-B990-4D22-9881-6A3F4B0DB01A}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{309A8C89-9873-421A-B6CC-2A9C3A0052CA}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{30AEAE1A-DE14-46FA-99C2-3AD9CAAFA415}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{31B0B022-6729-4338-BA40-39AEAC72AA5A}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{323E9497-749D-4C39-A263-9F248BFFFCB8}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{32FB6B07-48CA-409C-AED7-283E66BF5753}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{331D7DDE-6FBB-483E-9806-79EE4E2D8D68}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{34F35160-6519-4ECE-B1CC-304D1A7FFFCF}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{3699836B-0F44-4A84-907E-5EE69F358D7C}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{3B85D7B7-793C-4B77-B08E-716888A0417A}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{3E4EA4A8-4DE5-468B-994C-F16886A8D011}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{3EE7F39F-70B7-4909-8653-1F1054C60536}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{3F2F0CC7-7D69-4078-8E93-725314A56ACB}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{3F772A89-30C1-4FBD-81A4-201F8964326B}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{40C02CB7-1CE5-413E-9063-6E60843F4A9A}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{40E8F663-7DE4-4905-879D-B85B5D6C9DC0}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{420E9D9D-1F2A-4A66-AE1B-A654F0D77FDD}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{44453246-9706-4D09-ABBC-6B2B29CD69EE}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{48D72DC1-62BE-41F2-85BF-5B121E5F725C}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{493D768F-7970-473B-A94A-9464BC426D9F}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{4A86C221-53F7-41D7-89DF-E8CEF00A2E57}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{4C42157E-98C4-4807-B435-96CA2237831F}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{4E543FEB-895D-4F6C-B60B-F49261900274}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{4E7A5E2A-451D-4E59-BF6F-9792277F855F}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{4EA26C03-60FB-4BCE-A5BE-B9A5DE535A50}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{4F420260-CD63-4BA4-9197-76A32052899D}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{50E5E000-BA3A-4C44-97BC-CA02C3DB4CB1}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{51669EF8-1953-4ADB-A6C8-07227798D480}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{52605AA6-C703-4091-AD19-9B87A77B3B76}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{54900CF5-CDAD-4589-A54F-30C87A46EF5C}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{55155EDD-29DA-44C7-B0ED-E96DFD1313D6}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{554DBD7E-4680-4231-BDED-F89EC2F06976}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{568593FF-608F-4422-80F8-9CB81EC89EEE}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{5691FF66-59EA-4B71-8B1F-4572A949ABD6}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{5C2BD156-5A2D-41A6-9B4D-1B51FA82D250}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{628575BA-494D-475F-A1C4-D0465FE2C353}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{64025A4D-9B01-426E-AE6D-B7E56F231E3C}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{6650ACBF-CD45-47DB-AD99-0DF0D0A18E0C}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{699DAD57-B7D6-4162-ADBF-D0CDF5D1E6BA}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{6B4DC3C9-F59F-491B-9A6B-1CE4CA171CAE}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{6E9EAAC6-6DFC-4D20-B33E-BA2DE5A002AD}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{6F2153A8-19EF-4AC6-B929-44A9764CC52F}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{714A3EB0-0292-44BE-98C6-134E86471CD4}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{72DA827F-168D-4E74-8602-3AE0C3F4C7CD}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{73CAD8BA-F71A-4EEE-B340-6E6D5A3A3653}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{7462B355-A768-4599-A243-21FEFF83BDF6}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{756EA1AF-6D0B-418E-A99F-35715B5B418B}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{75B9C77E-0C3C-4AFA-B2A8-4F35D9957665}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{79954DF1-A233-49E2-A039-9D56740F38EA}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{7B9056D7-604B-4C71-A037-C1F45013BD27}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{7D1AE669-B217-466D-BE84-C2892B6874F9}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{7D434D4F-30E6-4891-A579-58ACBBDEC178}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{7D671C4B-458B-43AA-9BB8-981D9A02D756}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{7DF978CC-663D-412E-B024-5C756F442B9A}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{7E0176B7-5E6B-4009-9C1E-FD5E4EDE6DE7}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{7E118547-6528-44BD-8DE4-0376DB0D0BE3}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{81157D08-6E5B-4117-BB40-858884D8F7B9}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{81BB723B-EFD4-4236-AF62-57173123DAD6}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{8269DBEB-983D-4816-8EDB-E19EA3721268}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{826BE966-221F-42A1-8A7E-4736B27D03FD}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{85D6222A-786E-40C7-AAEB-9B4C7009B0FB}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{862CD8AE-9889-4898-BCB9-9EDD087B12F7}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{87EFA460-61A1-45E0-9C13-84707D1BEDA0}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{88291D64-633A-4745-857D-1ED65D05C14A}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{888AC62F-96DE-43C4-9ACD-E146FE7EB216}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{8DB54D8D-A806-4B4A-A7BB-8635DB4910C3}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{8DD132CD-46D7-42E6-965C-BFAB9314C814}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{8EA913A1-1FF3-4E38-B290-A90C3B72EA31}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{8F8D3C2F-05DE-4210-BCA6-6DD68D1BD188}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{90ABF913-1BEB-452E-80A4-FB428CE759BB}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{90D46587-2DD1-4D88-B1D3-166AA20575C4}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{915C8EFE-A04F-42B7-BF41-607826167863}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{91A5AE67-E446-401A-91DE-9B45591099D0}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{92F8A39D-72F5-4C08-BF79-ABDE5C9019F5}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{94857958-1988-465F-902B-3FAEA2E72072}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{95FA6DE6-62BE-47A5-8141-55AF4E9D4AD4}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{96E79B31-9E01-4676-8457-EB2DD057D99B}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{99088FD5-2193-4FC1-B6C3-9C770151467A}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{99F42666-3B7C-4C78-A275-7B28C1A56466}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{9A3BE63C-0B87-4E9D-BCFB-81DC300C70B3}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{9AC524FC-54CF-46DF-AAE8-7ACDB3A4CD0E}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{9BAD3E58-A2DB-4840-B08B-E55CE4C12E5C}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{A050B9E1-CC2F-4E66-9DFC-7B84B700C58E}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{A0A6DFB8-A946-448B-B4D4-A2AF00BDBFC1}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{A4FBE797-ED04-4A88-93FD-096849236875}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{A57E38B8-1B45-4BB7-A304-AC5C673A1030}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{A7EAC703-5509-4873-B779-2C8E49ECCC16}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{A8829B21-0667-459B-BC91-2A3C0E6377EF}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{AA50C8DE-F071-4047-97C0-B689F5D38CB9}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{AE3F0D6F-C6B3-4631-9B32-5C1B76876D72}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{AE8D5BEE-1D1D-46F4-A834-D8E96F2D7BC7}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{AEA8B53C-8CBF-4560-AA3F-664FE3804116}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{AFBA8917-2B74-47DA-A14B-10A556CB8409}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{B044BF77-2244-48DD-BFA8-09797F5551E5}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{B1044CBA-2BEA-4B94-9DA6-CC5DABA036E5}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{B2DB6D4D-BF91-4981-B03C-C4887C8C4F76}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{B429B8AE-1720-4083-8D9D-CC662D562632}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{B44D7EFD-B777-4EF2-AF5F-FCF81879A1A3}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{B7FD396E-E3A4-4C66-A29E-1971387D1239}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{B82E9A31-E60A-4B87-9D7E-9CAF6A1CBED8}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{B889341C-D9C1-4B77-A068-2E4E587CAC36}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{B91BF17F-224A-4193-B222-06A8A5F6686D}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{BA05E9D5-82DB-48B7-BD35-E2E05893CD6D}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{C0630F54-5322-4F37-B30E-CF4AFDAE3B5C}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{C0DD8FD2-BEB0-4F6C-BFC8-CC5E4456DD62}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{C1982C5B-3CE4-4EFA-BED6-D62749BFB1D7}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{C3CF1274-5657-4273-91F1-C060AA4BD740}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{C5320065-79CF-4934-B5FC-3DDDA1F0B87D}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{C58C5C24-C49E-4BA8-B38F-F09A596E711D}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{C6EF3905-91DD-42DD-AF97-CE7B68B17810}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{C6FBF7F1-5035-4229-85EE-2978C1A89A91}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{C7C5E312-19D1-4DEA-ACE5-DF913D4AAAC6}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{C8BF98CF-8485-4B45-A245-811A11F6F15B}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{C915C5A5-80FF-4519-BB3E-70D27CBC7307}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{C9327584-C864-4FB4-8E65-0586A08B8BD1}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{C93379D8-BC35-470A-9544-10348DB9B3CB}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{CA4F8357-2978-4E87-BC0C-67598882FC4E}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{CB34724D-791D-44C7-90C7-7CC009072B05}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{CC706477-31BC-4AC6-8EA3-1DB780690BB7}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{CD273D2B-970F-447A-9F73-9CC71CBF6E6B}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{CE1533DE-0DAF-4A5F-8DC1-749A1E2AEE1C}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{CF706157-B182-4D79-BFD1-78742E1ED56A}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{CF93AD3F-8AB4-45D8-B81B-FB6A284F5CB9}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{CFD948D7-EC46-4D3A-82A4-26013301E7EB}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{D05B0715-217E-4E55-B71D-55C365633E13}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{D0709F03-8D56-4CF5-8498-FDF3954F8515}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{D28D4F15-AF69-46AF-9DF3-3E9E161FFCA6}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{D2AEB45E-9E55-431B-9C1C-1C18687712BC}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{D31EB023-25FD-4088-AE59-62C6F7209274}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{D4A96DA2-4B00-4907-B7BE-F5384EAD53E6}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{D4E3B7D1-CE95-43DF-B783-4080D62343AC}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{D50C17F3-526B-47D8-9559-A01574732D1F}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{D53A8D99-7339-41BF-90C9-948DF270D233}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{D572FA92-2A07-4D4B-A49D-1FC698D320FD}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{D5C3B18E-D027-423A-A4C9-0AB4275EBB53}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{D76465A7-F959-48FB-BDD9-992382482868}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{D9EE46F1-BB92-422B-920D-8B8732DEA2BD}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{DAC83065-8892-4367-B75A-55603EAC67A5}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{DCC806B6-F1DD-4223-9B1B-D29A0A82F069}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{DD6DD428-9159-40EC-9A79-B5372EEFCF9D}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{DF4F322C-9541-444E-B138-3E01BDCD9D15}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{E21ED873-5053-43AC-BB7D-EE60A8F8FFA9}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{E3DC5B37-2BCC-4CEC-A996-D869805DDEEF}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{E58F550E-88EC-4D6E-AEC5-492C8230C7B2}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{E6452BB0-5949-45F4-B78A-B95F5BC55B37}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{E649A5E3-1158-4A6D-9DFB-98EE4A013855}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{E7DC6AA2-CE20-4E97-A61A-E6593E0A75D1}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{E8635CA8-680B-47E3-9150-7F4B8AEE2393}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{E92617C5-5D89-490F-90D8-0F7309863CD2}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{EA7E7523-22FD-418D-BD3E-C8685EA38DB2}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{EBA9B5AF-73FC-4283-914F-2C67BD22B963}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{EBEC4949-8772-4EE0-BCD5-568E561E302E}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{EC730E43-1E60-4A46-B451-6D563CB019F5}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{EF96EA70-A4FC-4DCA-ACF9-E8EFBF83AB63}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{F2613DFB-4D27-4F52-8A2D-0B73371C6BAE}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{F273E949-EB38-4E1D-BAB3-FB37A568DFA5}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{F45B8AED-E7D9-4481-8A53-C53764F79B5D}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{F472DB1A-A2FF-4844-912C-BBEBF3FFE883}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{F488CE27-E9BD-4440-B324-0022B6299BB0}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{F4C2DD8A-4E02-4213-AFF4-6E416BD88D43}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{F707414D-14C5-4D11-BEF1-7D54F0660C63}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{F7236897-5813-470B-91DF-31E6ACE24AF1}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{FB73A25A-7E4D-495A-92E8-62EC3D2DA65E}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{FB78DAAB-E10B-479A-920F-6344B4A03D67}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{FC7C69EC-2924-44B8-99A7-C7EDE3A8258B}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{FD45B75E-6BE1-47E2-A0B4-26B941423CEF}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{FDF96A9C-77C2-4DC6-A25E-EFFC257717BD}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
PUP.Optional.DownloadProtect, C:\WINDOWS\INSTALLER\{FF8402FE-C7FE-40B0-A77E-B60FC9425154}, In Quarantäne, 238, 237878, 1.0.68287, , ame, , , 
Trojan.DownloadProtect, C:\PROGRAMDATA\PACKAGE CACHE\{CE35B488-A482-407E-8C3E-48C213120839}, In Quarantäne, 14185, 910813, 1.0.68287, , ame, , , 
Trojan.DownloadProtect, C:\WINDOWS\INSTALLER\{65C4EEBA-EDAC-4602-8E5C-BD22D8BEA90D}, In Quarantäne, 14185, 910814, 1.0.68287, , ame, , , 
Trojan.DownloadProtect, C:\WINDOWS\INSTALLER\{0FE15D5E-E7C3-49D1-8E6D-7B7F809935BF}, In Quarantäne, 14185, 910814, 1.0.68287, , ame, , ,
Fortsetzung folgt sogleich ...

Thema geschlossen
Seite 1 von 2 1 2

Themen zu Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg
backdoor, backdoor bladabindi, blockiert, bonjour, browser, computer, cpu, defender, desktop, failed, firefox, google, home, installation, internet, internet explorer, programm, prozesse, realtek, registry, scan, software, starten, svchost.exe, udp, windows


« Windows 11: Steam und Mail Konto Zugriffe gehackt | Windows 10: Pareto Logic und Browser Fenster die sich im Hintergrund öffnen »


Ähnliche Themen: Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg


  1. Windows Defender erkennt Ethernet-Treiber von Intel-Seite als Backdoor:Win32/Bladabindi!ml
    Mülltonne - 02.04.2023 (9)
  2. Backdoor:Win32/Bladabindi!mclg Meldung und Entfernt
    Plagegeister aller Art und deren Bekämpfung - 10.07.2022 (17)
  3. "Backdoor:Win32/Bladabindi!ml" von Windows Defender entdeckt: was tun?
    Log-Analyse und Auswertung - 25.02.2022 (12)
  4. Backdoor:Win32/Bladabindi.YPS!MTB - von Defender entfernt - ist der Rechner sauber?
    Log-Analyse und Auswertung - 08.12.2021 (4)
  5. Windows Defender hat Backdoor:Win32/Bladabindi.YPS!MTB erkannt
    Log-Analyse und Auswertung - 21.11.2021 (9)
  6. windows 10: Backdoor:Win32/Bladabindi.YPS!MTB - nach Download
    Log-Analyse und Auswertung - 19.11.2021 (12)
  7. Win 10: Backdoor:Win32/Bladabindi.YPS!MTB und TrojanDownloader:JS/Nemucod
    Log-Analyse und Auswertung - 19.11.2021 (10)
  8. Trojan:Script/Wacatac.B!ml + Backdoor:Win32/Bladabindi!ml
    Log-Analyse und Auswertung - 27.08.2021 (4)
  9. Windows 10 - nach WiperSoft Deinstallation Probleme mit Browser (Chrome, MS-Edge)
    Log-Analyse und Auswertung - 29.06.2021 (8)
  10. Windows 10: Backdoor:Win32/Bladabindi!ml
    Log-Analyse und Auswertung - 22.04.2021 (11)
  11. Browser Modifier:Win32/SupTab!blnk Infektion auf neuem Rechner
    Log-Analyse und Auswertung - 18.11.2016 (8)
  12. Windows 8: Trojaner (Backdoor.Win32.Androm.gjvy) auf Computer nach öffnen einer Email für pay pal Rechnung
    Log-Analyse und Auswertung - 25.03.2015 (13)
  13. Probleme mit Backdoor.Win32.Sinowal
    Plagegeister aller Art und deren Bekämpfung - 30.10.2012 (23)
  14. Nach Bereinigung von HEUR:Trojan.Win32.Generic Probleme in Windows Ausführung
    Log-Analyse und Auswertung - 02.05.2011 (6)
  15. Probleme beim Online-Banking: Trojan.Win32.Generic!BT, Win32.Backdoor.Papras/A und andere...
    Log-Analyse und Auswertung - 06.11.2010 (19)
  16. Probleme mit WIN32 Backdoor
    Log-Analyse und Auswertung - 27.04.2009 (0)
  17. Probleme nach Wurm Infektion
    Plagegeister aller Art und deren Bekämpfung - 14.01.2009 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg - Hallo zusammen, auf dem privaten Laptop meiner Frau verhalten sich aktuell alle drei installierten Browser (Firefox, Chrome, Edge) seltsam. Die Browser zeigen folgende Verhaltensauffälligkeiten: - Sie schicken den Benutzer in - Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg...
Archiv
Du betrachtest: Windows 10: Browser-Probleme nach Infektion mit Backdoor:Win32/Bladabindi!mclg auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131