|
Log-Analyse und Auswertung: BrowserModifier:Win32/IstuniWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.06.2023, 18:12 | #1 |
| BrowserModifier:Win32/Istuni der Defender hat das soeben gefunden, ist unter Quarantäne. Betroffene Elemente: file: C:\Program Files (x86)\twengoo\ff\instui.exe. Ist da noch etwas zu tun außer löschen? Danke! Ich hoffe, ich hab alles Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 12-06-2023 durchgeführt von Hold (Administrator) auf HOLD-PC (Micro-Star International Co., Ltd MS-7B86) (13-06-2023 18:58:34) Gestartet von C:\Users\Hold\Downloads\FRST64(1).exe Geladene Profile: Hold Plattform: Microsoft Windows 10 Home Version 22H2 19045.3031 (X64) Sprache: Deutsch (Deutschland) Standard-Browser: FF Start-Modus: Normal ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe (0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe (C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe ->) (Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (DriverStore\FileRepository\u0390451.inf_amd64_39377efdd62734d1\B390182\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0390451.inf_amd64_39377efdd62734d1\B390182\atieclxx.exe (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <11> (services.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe (services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0390451.inf_amd64_39377efdd62734d1\B390182\atiesrxx.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (services.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (services.exe ->) (Huawei Technologies Co., Ltd. -> ) [Datei ist nicht signiert] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe (services.exe ->) (Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2> (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2> (services.exe ->) (Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe ==================== Registry (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech -> Logitech, Inc.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1084704 2020-05-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1713432 2021-09-17] (Cisco Systems, Inc. -> Cisco Systems, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [142418752 2023-05-04] (Microsoft Corporation -> Microsoft Corporation) HKLM\Software\Policies\...\system: [DisableAcrylicBackgroundOnLogon] 1 HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Hold\AppData\Local\Microsoft\Teams\Update.exe [2453720 2021-03-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2605488 2023-06-10] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [] => [X] HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe" -hide -runkey (Keine Datei) HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [Opera Stable] => C:\Users\Hold\AppData\Local\Programs\Opera\launcher.exe [2708376 2023-06-06] (Opera Norway AS -> Opera Software) HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31325464 2023-06-06] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [Opera Browser Assistant] => C:\Users\Hold\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4965792 2023-06-06] (Opera Norway AS -> Opera Software) HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\MountPoints2: {42dc64ac-fa67-11eb-8155-001a7dda7115} - "H:\HiSuiteDownLoader.exe" HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\MountPoints2: {d995cc1b-fc72-11ed-8686-001a7dda7115} - "H:\HiSuiteDownLoader.exe" HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\MountPoints2: {d995cc41-fc72-11ed-8686-001a7dda7115} - "H:\HiSuiteDownLoader.exe" HKLM\...\Windows x64\Print Processors\Canon MG6800 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCR.DLL [30208 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Windows x64\Print Processors\Canon TS5300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDFO.DLL [529408 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5300 series: C:\WINDOWS\system32\CNMLMAT.DLL [385024 2012-03-14] (CANON INC.) [Datei ist nicht signiert] HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6800 series: C:\WINDOWS\system32\CNMLMCR.DLL [406528 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJ Language Monitor MP550 series: C:\WINDOWS\system32\CNMLM9Z.DLL [336896 2010-04-24] (CANON INC.) [Datei ist nicht signiert] HKLM\...\Print\Monitors\Canon BJ Language Monitor TS5300 series: C:\WINDOWS\system32\CNMLMFO.DLL [959488 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.) HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [355840 2011-02-01] (CANON INC.) [Datei ist nicht signiert] HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\WINDOWS\system32\cpwmon64.dll [87600 2013-10-23] (Acro Software Inc. -> ) HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> Startup: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2020-04-22] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Avira.lnk [2019-11-08] ShortcutTarget: Avira.lnk -> C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Keine Datei) Startup: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2020-10-05] ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Hold\AppData\Local\Facebook\Games\FacebookGameroom.exe (Keine Datei) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0076A310-FB48-4BF7-9078-9E2A6A62A216} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {09A3FDF5-C938-4100-99A9-F112A445D960} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1627648 2020-05-20] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] Task: {12AF3F3A-006E-4541-BAF1-8768F9FC3A43} - System32\Tasks\Opera scheduled Autoupdate 1586608251 => C:\Users\Hold\AppData\Local\Programs\Opera\launcher.exe [2708376 2023-06-06] (Opera Norway AS -> Opera Software) Task: {135B6D5D-DC3D-435A-A6C0-72D1757ABC24} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {13607C5B-F632-4BAA-B11A-6DC858AF1B99} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1627648 2020-05-20] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] Task: {163777C8-1A69-4710-B2C8-2AC9C4FEE2B1} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969} Task: {16977DBD-2CB0-4178-8774-C3B5B217F390} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {1FA4ACE8-BF44-4A41-900E-047714381A70} - System32\Tasks\Opera scheduled assistant Autoupdate 1588331751 => C:\Users\Hold\AppData\Local\Programs\Opera\launcher.exe [2708376 2023-06-06] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Hold\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {297F6368-E760-4DB7-98E3-B6F98B0502CE} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1} Task: {39BD2EFD-EEDF-4A29-91EB-C9CE73FA295F} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-856262021-2868319075-1551791506-1000 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4147632 2023-06-10] (Microsoft Corporation -> Microsoft Corporation) Task: {3BC89124-67D7-46EC-B423-6E3E6086F023} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4147632 2023-06-10] (Microsoft Corporation -> Microsoft Corporation) Task: {3E7FDFF2-483A-4497-BA3C-3044A83B96C3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {42EF6F11-9B4A-428C-BA1D-8D21660C1E2F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation) Task: {44760C04-E7BC-406F-BA3E-86509300AE8B} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61} Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB} Task: {4E538AD1-3A04-4BAF-A971-53D32373A51F} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316} Task: {4E907AD4-84BC-4307-ACF6-9E82E0968B41} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {5180B133-DEA6-4C62-843F-DF5AE0788BA6} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1627648 2020-05-20] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert] Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A} Task: {5B437BC4-0C71-4F84-9B8B-F9BB02100075} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {69B8A916-68CC-49BA-A2A0-7D811767D81F} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [680352 2023-06-09] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {6E437D42-DAE8-4141-8417-1E740579A7E3} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [680352 2023-06-10] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {8FD0D2E1-998E-439A-B2B0-A3DD161FFCE4} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [31904 2019-03-05] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) Task: {A132A6C4-4B7C-4EFD-82D7-4A355229C854} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {AB18C02B-F009-4789-B121-5C5F0D3EC75B} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [732064 2023-06-10] (Mozilla Corporation -> Mozilla Foundation) Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371} Task: {B287C656-9F60-433E-9487-61424FD0371D} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation) Task: {BA7D26AF-140A-4C9C-916E-E701D87654F8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [5308576 2023-05-26] (Microsoft Windows -> Microsoft Corporation) Task: {BECD3DD0-6BFE-4A75-BCD4-8F1D2C5D6192} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {BEFB4101-0280-42B9-9384-E949D658AF99} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MpCmdRun.exe [1649976 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C14951BF-C1AE-49D0-A1D2-9D47A1C24E3C} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [31000 2023-06-06] (Garmin International, Inc. -> ) Task: {D28B5C2B-4E20-44B9-A480-318A6C13A086} - System32\Tasks\{7EBD5F35-2CFB-441A-B155-F53E9B47C259} => C:\Windows\system32\pcalua.exe [53760 2023-05-26] (Microsoft Windows -> Microsoft Corporation) -> -a "G:\Acrobat 8\APRO23_Win_ESD1_WWEFG.exe" -d "G:\Acrobat 8" Task: {E02B9FF8-94B0-4452-8924-73F27C5025B2} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} Task: {E8D504A5-BB36-463D-811A-2A40A7E6CF74} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation) Task: {F11E4DFE-17E8-4629-B0E4-DF7668A80E4B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [732064 2023-06-09] (Mozilla Corporation -> Mozilla Foundation) Task: {F51824DB-2BC8-43B9-BBB8-5E59A1F78240} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation) Task: {F848D2AA-7194-4797-80BE-D03650521791} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2179792 2013-05-13] (Microsoft Corporation -> Microsoft) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 10.0.0.138 Tcpip\..\Interfaces\{117921c0-aa1a-4711-8fc7-afe9d4de684b}: [DhcpNameServer] 10.0.0.138 10.0.0.138 Tcpip\..\Interfaces\{71ed5fbf-68cc-4197-8727-c3b123ec4794}: [DhcpNameServer] 10.0.0.138 10.0.0.138 Edge: ======= DownloadDir: C:\Users\Hold\Downloads Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden] Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden] Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden] Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden] Edge DefaultProfile: Default Edge Profile: C:\Users\Hold\AppData\Local\Microsoft\Edge\User Data\Default [2023-05-23] Edge DownloadDir: Default -> C:\Users\Hold\Downloads Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Hold\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2023-05-06] Edge Extension: (Edge relevant text changes) - C:\Users\Hold\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-05-23] Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee] FireFox: ======== FF DefaultProfile: ddgha12u.default-1458347090774-1576507469294 FF ProfilePath: C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ychdf87m.default-release [2023-06-10] FF ProfilePath: C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294 [2023-06-13] FF Homepage: Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294 -> orf.at FF Notifications: Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294 -> hxxps://www.youtube.com; hxxps://www.lieferando.at; hxxps://win2day.ice.hockey FF Extension: (Facebook Container) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\@contain-facebook.xpi [2022-11-04] FF Extension: (AdBlocker Ultimate) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\adblockultimate@adblockultimate.net.xpi [2023-05-25] FF Extension: (HTTPS Everywhere) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\https-everywhere@eff.org.xpi [2021-07-15] FF Extension: (Watermelon Surge) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{0ad3f4fd-59cf-4a55-9ded-68261e219d6c}.xpi [2022-03-08] FF Extension: (Microsoft Office - Dark Gray) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{1c41d9fb-f904-4d38-850f-074312f06e64}.xpi [2021-10-05] FF Extension: (Photon Colors) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{2c6c94f3-c656-41e9-aa4b-1edba5be9c21}.xpi [2021-10-05] FF Extension: (Three Wolf Moon Shirt) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{50193c98-9eee-4b67-9244-95ced154911d}.xpi [2021-10-05] FF Extension: (Minimalist Blue) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{623e2c8d-8986-4f2d-af27-e60982948572}.xpi [2021-10-05] FF Extension: (ANIMATED CAT LICKING YOUR SCREEN) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{6a21e28f-b023-41bb-aad9-7db3a398599f}.xpi [2021-10-05] FF Extension: (NoScript) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2023-05-18] FF Extension: (Download Statusbar) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{76faaba6-3aa1-47a4-bf40-90aa2505e79c}.xpi [2019-12-17] FF Extension: (Matte Black (Red)) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{a7589411-c5f6-41cf-8bdc-f66527d9d930}.xpi [2022-02-24] FF Extension: (SciFi) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{a7f8e0cd-f3f4-41bb-9043-d3fc0e9e0b92}.xpi [2021-10-05] FF Extension: (puits bleu d'infini) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{b3994f5b-c557-4b30-b0e1-1db9098f690e}.xpi [2021-09-10] FF Extension: (Dark Fox) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{e7fe4ffe-f256-4f85-906d-072fdd698585}.xpi [2021-10-05] FF Extension: (Kurgzsekseta) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{e8f3b919-d290-4270-b66f-29f3fdbb1986}.xpi [2021-10-05] FF Extension: (Add-ons Restricted Domains) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\features\{404e456e-e3f0-43cb-a930-93dfbe88b3cb}\addons-restricted-domains@mozilla.com.xpi [2023-06-10] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.13 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN) Chrome: ======= CHR Profile: C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default [2021-12-03] CHR Extension: (Präsentationen) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-16] CHR Extension: (Docs) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-16] CHR Extension: (Google Drive) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-03] CHR Extension: (YouTube) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-16] CHR Extension: (Avira Password Manager) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-07-29] CHR Extension: (Avira Safe Shopping) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2021-07-29] CHR Extension: (Tabellen) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-16] CHR Extension: (Avira Browserschutz) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2021-07-29] CHR Extension: (Google Docs Offline) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-29] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-29] CHR Extension: (Google Mail) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-03] CHR Extension: (Chrome Media Router) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-29] CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee] Opera: ======= OPR Profile: C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable [2023-06-13] OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding} OPR Extension: (Avira Safe Shopping) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo [2023-03-20] OPR Extension: (Rich Hints Agent) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-03-20] OPR Extension: (Opera Wallet) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-04-25] OPR Extension: (Amazon Assistant Promotion) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-12-04] OPR Extension: (Opera AI Prompts) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\mljbnbeedpkgakdchcmfapkjhfcogaoc [2023-04-25] OPR Extension: (Avira Password Manager) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngohaaocccbohaffogpbgfpmpgbcgccg [2023-04-25] OPR Extension: (Free Avira Phantom VPN – Entsperrt Webseiten) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\pcgkmkjdikhiodinhloioejnpjgmfigd [2020-11-05] ==================== Dienste (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncHelper.exe [3445672 2023-06-10] (Microsoft Corporation -> Microsoft Corporation) R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [236864 2022-06-24] (Huawei Technologies Co., Ltd. -> ) [Datei ist nicht signiert] S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9258016 2023-06-07] (Malwarebytes Inc. -> Malwarebytes) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.107.0521.0001\OneDriveUpdaterService.exe [3781512 2023-06-10] (Microsoft Corporation -> Microsoft Corporation) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [17734456 2023-06-05] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2022-01-29] (Reason Software Company Inc. -> Reason Software Company Inc.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\NisSrv.exe [3228464 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe [133592 2023-06-01] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 acsock; C:\WINDOWS\system32\DRIVERS\acsock64.sys [300456 2021-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Cisco Systems, Inc.) R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [54720 2022-10-21] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0390451.inf_amd64_39377efdd62734d1\B390182\amdkmdag.sys [94467928 2023-04-06] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) R1 AsrAppCharger; C:\WINDOWS\System32\DRIVERS\AsrAppCharger.sys [17192 2011-05-10] (ASROCK Incorporation -> Windows (R) Win 7 DDK provider) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.) S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-04-21] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) R3 MpKslef13de5e; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3115BFD6-FC21-4A36-A34A-903D9FCD5187}\MpKslDrv.sys [213288 2023-06-13] (Microsoft Windows -> Microsoft Corporation) R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2020-03-18] (Avira Operations GmbH & Co. KG -> The OpenVPN Project) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [221824 2016-04-25] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R1 UimBus; C:\WINDOWS\System32\drivers\uimbus.sys [109504 2018-11-27] (Paragon Software GmbH -> Paragon Software GmbH) R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uimdevim.sys [46016 2018-11-27] (Paragon Software GmbH -> Paragon Software GmbH) R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [701232 2015-08-26] (Paragon Software GmbH -> ) R1 Uim_VIM; C:\WINDOWS\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon Software GmbH -> Paragon) S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [Datei ist nicht signiert] S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74064 2021-09-17] (Cisco Systems, Inc. -> Cisco Systems, Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2023-06-01] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [498984 2023-06-01] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99608 2023-06-01] (Microsoft Windows -> Microsoft Corporation) U3 idsvc; kein ImagePath S3 NTIOLib_DVDSetup; \??\E:\NTIOLib_X64.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2023-06-13 18:57 - 2023-06-13 18:57 - 002382848 _____ (Farbar) C:\Users\Hold\Downloads\FRST64(1).exe 2023-06-10 15:47 - 2023-06-10 22:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2023-06-09 12:44 - 2023-06-09 12:44 - 001559429 _____ C:\Users\Hold\Downloads\CONTRACT_CONFIRMATION_2021-05-28-4.pdf 2023-06-09 07:58 - 2023-06-09 07:58 - 001559429 _____ C:\Users\Hold\Downloads\CONTRACT_CONFIRMATION_2021-05-28-3.pdf 2023-06-09 07:57 - 2023-06-09 07:57 - 000040192 _____ C:\Users\Hold\Downloads\ORDER_CONFIRMATION_2021-05-27.pdf 2023-06-09 07:55 - 2023-06-09 07:55 - 001559429 _____ C:\Users\Hold\Downloads\CONTRACT_CONFIRMATION_2021-05-28-2.pdf 2023-06-09 07:15 - 2023-06-09 07:15 - 000000000 ____D C:\Program Files (x86)\Teams Installer 2023-06-07 17:03 - 2023-06-07 17:03 - 000001963 _____ C:\Users\Public\Desktop\Garmin Express.lnk 2023-06-07 17:03 - 2023-06-07 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2023-06-02 07:26 - 2023-06-02 07:26 - 000000000 ____D C:\ProgramData\ChocolateyHttpCache 2023-06-02 07:24 - 2023-06-02 07:24 - 000000000 ____D C:\Program Files (x86)\Chocolatey GUI 2023-06-01 19:13 - 2023-06-01 19:14 - 000000000 ____D C:\Users\Hold\AppData\Roaming\easy_photoprint_editor 2023-06-01 19:12 - 2023-06-01 19:12 - 000002223 _____ C:\Users\Public\Desktop\Canon Easy-PhotoPrint Editor.lnk 2023-06-01 19:09 - 2023-06-01 19:09 - 149397320 _____ C:\Users\Hold\Downloads\epd_-win-1_7_1-ea20_4.exe 2023-06-01 19:09 - 2023-06-01 19:09 - 000000000 ____D C:\Users\Hold\Downloads\epd_-win-1_7_1-ea20_4 2023-05-27 11:55 - 2023-05-27 11:55 - 000120517 _____ C:\Users\Hold\Downloads\00977833-Umsatzliste-20230527-1685181310708-AT751200010012802871.pdf 2023-05-27 11:44 - 2023-05-27 11:45 - 000000000 ____D C:\Users\Hold\AppData\Local\HiSuite 2023-05-27 11:44 - 2023-05-27 11:44 - 000000000 ____D C:\Users\Hold\Documents\HiSuite 2023-05-27 11:44 - 2023-05-27 11:44 - 000000000 ____D C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiSuite 2023-05-27 11:44 - 2023-05-27 11:44 - 000000000 ____D C:\Program Files (x86)\HiSuite 2023-05-26 06:58 - 2023-05-26 06:58 - 000000000 ___HD C:\$WinREAgent 2023-05-23 17:34 - 2023-06-10 15:46 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-05-23 17:34 - 2023-05-23 17:34 - 000001785 _____ C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox (2).lnk 2023-05-18 12:14 - 2023-06-07 16:59 - 000000000 ____D C:\Users\Hold\AppData\Local\Malwarebytes 2023-05-16 21:43 - 2023-05-16 21:43 - 001559429 _____ C:\Users\Hold\Downloads\CONTRACT_CONFIRMATION_2021-05-28-1.pdf 2023-05-16 21:01 - 2023-05-16 21:01 - 000102087 _____ C:\Users\Hold\Downloads\ANNUAL_INVOICE_2023-04-24-4.pdf 2023-05-16 20:59 - 2023-05-16 20:59 - 000258827 _____ C:\Users\Hold\Downloads\Rechnung_2023-05-15_500000022713-1.pdf 2023-05-16 17:23 - 2023-05-16 17:23 - 000258827 _____ C:\Users\Hold\Downloads\Rechnung_2023-05-15_500000022713.pdf 2023-05-14 12:51 - 2023-06-10 15:47 - 000001785 _____ C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-05-14 12:46 - 2023-05-14 12:46 - 000001153 _____ C:\Users\Public\Desktop\LibreOffice.lnk 2023-05-14 12:46 - 2023-05-14 12:46 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 7.5 2023-05-14 12:45 - 2023-05-14 12:45 - 000000000 ____D C:\Program Files\LibreOffice ==================== Ein Monat (geänderte) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2023-06-13 18:59 - 2023-05-06 20:36 - 000037359 _____ C:\Users\Hold\Downloads\FRST.txt 2023-06-13 18:58 - 2023-05-06 20:35 - 000000000 ____D C:\FRST 2023-06-13 18:56 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-06-13 18:56 - 2016-11-28 18:57 - 000000000 ____D C:\Users\Hold\AppData\LocalLow\Mozilla 2023-06-13 18:41 - 2022-02-08 18:42 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-06-13 18:40 - 2018-05-09 23:09 - 000000000 ____D C:\Users\Hold\AppData\Local\D3DSCache 2023-06-13 18:23 - 2020-10-18 17:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-06-13 17:16 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-06-13 17:16 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-06-13 17:10 - 2020-10-18 17:43 - 001917508 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2023-06-13 17:10 - 2019-12-07 16:50 - 000820860 _____ C:\WINDOWS\system32\perfh007.dat 2023-06-13 17:10 - 2019-12-07 16:50 - 000177392 _____ C:\WINDOWS\system32\perfc007.dat 2023-06-13 17:10 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF 2023-06-13 17:03 - 2022-08-21 13:49 - 000003094 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate 2023-06-13 17:03 - 2021-12-14 12:49 - 000003108 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher 2023-06-13 17:02 - 2020-10-18 17:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-06-13 17:02 - 2020-10-18 17:26 - 000008192 ___SH C:\DumpStack.log.tmp 2023-06-13 17:02 - 2014-02-23 14:39 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2023-06-13 16:41 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2023-06-13 15:53 - 2020-10-18 17:59 - 000004152 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{AD2B4477-891E-4F60-8EE5-9F132CEC2808} 2023-06-13 15:53 - 2020-10-18 17:59 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2023-06-13 15:53 - 2020-10-18 17:59 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2023-06-12 20:10 - 2019-04-10 18:27 - 000000000 ____D C:\Users\Hold\AppData\Roaming\PersBackup6 2023-06-12 20:09 - 2022-01-29 14:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup 6 2023-06-12 20:09 - 2022-01-29 14:59 - 000000000 ____D C:\Program Files (x86)\Personal Backup 6 2023-06-12 20:08 - 2014-02-21 00:49 - 000000000 ____D C:\Users\Hold\Documents\PersBackup 2023-06-11 13:02 - 2021-12-03 18:29 - 000000000 ____D C:\Users\Hold\AppData\Local\Chocolatey GUI 2023-06-10 22:56 - 2021-11-16 18:19 - 000000000 ____D C:\Users\Hold\AppData\Roaming\Sky Q 2023-06-10 22:03 - 2021-10-22 16:11 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2023-06-10 22:03 - 2014-02-20 13:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-06-10 15:47 - 2022-03-05 12:08 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-06-10 15:47 - 2022-02-18 15:00 - 000001557 _____ C:\Users\Hold\Desktop\Firefox.lnk 2023-06-10 15:46 - 2021-10-05 18:04 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2023-06-10 15:44 - 2020-08-14 13:00 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-06-10 15:44 - 2020-08-14 13:00 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-06-10 15:12 - 2021-12-13 20:44 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-856262021-2868319075-1551791506-1000 2023-06-10 15:12 - 2021-10-22 16:11 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2023-06-10 15:12 - 2021-10-22 16:11 - 000002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-06-09 07:18 - 2023-03-15 18:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2023-06-09 07:18 - 2014-02-20 13:53 - 000001278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk 2023-06-09 07:18 - 2014-02-20 13:53 - 000001266 _____ C:\Users\Public\Desktop\Thunderbird.lnk 2023-06-09 07:16 - 2022-01-29 14:17 - 000001186 _____ C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo.lnk 2023-06-08 12:09 - 2020-10-18 17:59 - 000004406 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1588331751 2023-06-08 12:09 - 2020-10-18 17:59 - 000004176 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1586608251 2023-06-08 12:09 - 2020-04-11 14:30 - 000001402 _____ C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk 2023-06-07 17:14 - 2017-12-13 17:41 - 000000000 ____D C:\Users\Hold\AppData\Local\Packages 2023-06-07 17:03 - 2020-10-18 17:59 - 000003624 _____ C:\WINDOWS\system32\Tasks\GarminUpdaterTask 2023-06-07 17:03 - 2014-02-21 00:31 - 000000000 ____D C:\ProgramData\Package Cache 2023-06-07 17:03 - 2014-02-21 00:31 - 000000000 ____D C:\Program Files (x86)\Garmin 2023-06-07 16:59 - 2020-10-30 00:24 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2023-06-07 16:59 - 2019-06-29 16:17 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2023-06-07 16:58 - 2018-03-30 10:53 - 000000000 ____D C:\Program Files\Malwarebytes 2023-06-07 16:58 - 2015-11-10 21:14 - 000000000 ____D C:\ProgramData\Malwarebytes 2023-06-05 19:03 - 2021-11-16 18:19 - 000001027 _____ C:\Users\Hold\Desktop\Sky X.lnk 2023-06-05 19:03 - 2021-11-16 18:19 - 000000000 ____D C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky 2023-06-02 07:24 - 2021-12-03 18:29 - 000002049 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chocolatey GUI.lnk 2023-06-02 07:24 - 2021-12-03 18:28 - 000000000 ____D C:\ProgramData\chocolatey 2023-06-01 19:11 - 2021-07-09 10:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities 2023-06-01 19:10 - 2014-02-20 15:31 - 000000000 ____D C:\Program Files (x86)\Canon 2023-06-01 17:41 - 2018-05-09 17:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2023-05-26 09:03 - 2020-10-18 17:26 - 000655056 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2023-05-26 07:06 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2023-05-26 07:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2023-05-26 07:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources 2023-05-26 07:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2023-05-26 07:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2023-05-26 07:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2023-05-26 07:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences 2023-05-26 07:06 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2023-05-26 07:06 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2023-05-26 07:04 - 2020-10-18 17:30 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2023-05-25 20:11 - 2014-02-21 00:31 - 000000000 ____D C:\ProgramData\Garmin 2023-05-19 15:01 - 2023-01-12 18:25 - 001654372 _____ C:\Users\Hold\Desktop\Unassigned ZNEU Rest 2023-01.xlsx 2023-05-19 07:17 - 2020-07-31 10:50 - 000000000 ____D C:\Users\Hold\AppData\Roaming\Microsoft\Excel 2023-05-15 17:05 - 2020-11-05 19:48 - 000000000 ____D C:\Users\Hold\AppData\Local\CrashDumps ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======== 2015-11-08 17:47 - 2015-11-08 17:47 - 000003904 _____ () C:\Users\Hold\AppData\Local\recently-used.xbel 2016-05-14 22:18 - 2016-05-14 22:18 - 000000017 _____ () C:\Users\Hold\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) ==================== Ende von FRST.txt ======================== Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-06-2023 durchgeführt von Hold (13-06-2023 18:59:48) Gestartet von C:\Users\Hold\Downloads Microsoft Windows 10 Home Version 22H2 19045.3031 (X64) (2020-10-18 16:00:58) Start-Modus: Normal ========================================================== ==================== Konten: ============================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) Administrator (S-1-5-21-856262021-2868319075-1551791506-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-856262021-2868319075-1551791506-503 - Limited - Disabled) Gast (S-1-5-21-856262021-2868319075-1551791506-501 - Limited - Disabled) Hold (S-1-5-21-856262021-2868319075-1551791506-1000 - Administrator - Enabled) => C:\Users\Hold WDAGUtilityAccount (S-1-5-21-856262021-2868319075-1551791506-504 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.11 - Adobe Systems Incorporated) AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.05.04.352 - Advanced Micro Devices, Inc.) AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.126 - Advanced Micro Devices, Inc.) Hidden AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 4.13.0.0 - Advanced Micro Devices, Inc.) Hidden AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 5.0.0.0 - Advanced Micro Devices, Inc.) Hidden AMD SBxxx SMBus Driver Alpha (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.10.20 - Advanced Micro Devices, Inc.) AMD_Chipset_Drivers (HKLM-x32\...\{810a2b63-212d-4a59-bfb5-f2d575cd44f0}) (Version: 2.05.04.352 - Advanced Micro Devices, Inc.) Hidden ANT Drivers Installer x64 (HKLM\...\{79C21001-F741-4847-ADEF-A41B3FE1F018}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden Apple Application Support (32-Bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.) Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology) ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.) AutoHotkey 1.1.36.02 (HKLM\...\AutoHotkey) (Version: 1.1.36.02 - Lexikos) BIPA FotoShop (HKLM-x32\...\BIPA FotoShop) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Canon Easy-PhotoPrint Editor (HKLM-x32\...\Canon Easy-PhotoPrint Editor) (Version: 1.7.1 - Canon Inc.) Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.30.1.52 - Canon Inc.) Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.5.5.3 - Canon Inc.) Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - ) Canon MG6800 series On-screen Manual (HKLM-x32\...\Canon MG6800 series On-screen Manual) (Version: 7.8.0 - Canon Inc.) Canon TS5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS5300_series) (Version: 1.04 - Canon Inc.) CDBurnerXP (64 bit) (HKLM\...\{99A4E14B-FC7B-4CB4-B3EC-76E014558D29}) (Version: 4.5.8.7128 - Canneverbe Limited) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP) Chocolatey GUI (HKLM-x32\...\{F47C8853-4BAF-4877-8EA4-F274B006644B}) (Version: 2.0.0.0 - Chocolatey) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.10.03104 - Cisco Systems, Inc.) Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{A4076314-DE10-4FEB-A977-A3AF859B4073}) (Version: 4.10.03104 - Cisco Systems, Inc.) Hidden Citrix Online Plug-in - Web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Citrix Online Plug-in (DV) (HKLM-x32\...\{CF53CF7C-D996-43EB-9904-DBED57C25625}) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden Citrix Online Plug-in (HDX) (HKLM-x32\...\{812424AC-A8B5-44E6-8D48-07E939D1AD9A}) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden Citrix Online Plug-in (USB) (HKLM-x32\...\{55392E52-1AAD-44C4-BE49-258FFE72434F}) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden Citrix Online Plug-in (Web) (HKLM-x32\...\{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden Client (HKLM-x32\...\{BAB4AAD2-93A4-11D4-A165-00508B67A692}) (Version: 5.50.000 - BMD Systemhaus GesmbH) CoolUtils Mail Viewer (HKLM-x32\...\CoolUtils Mail Viewer_is1) (Version: 2.5 - Softplicity, Inc.) CrystalDiskInfo 8.9.0a (HKLM\...\CrystalDiskInfo_is1) (Version: 8.9.0a - Crystal Dew World) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.) Elevated Installer (HKLM-x32\...\{48938BC0-F4A0-41F5-B948-BF9D6DAA429A}) (Version: 7.17.2.0 - Garmin Ltd or its subsidiaries) Hidden Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook) Garmin Express (HKLM-x32\...\{df420f6a-6486-4ca2-920f-792017249e83}) (Version: 7.17.2.0 - Garmin Ltd or its subsidiaries) Garmin Express (HKLM-x32\...\{EF003F90-9FBA-46B1-8594-DEC250EDC3FF}) (Version: 7.17.2.0 - Garmin Ltd or its subsidiaries) Hidden GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team) HiSuite (HKLM-x32\...\Hi Suite) (Version: 11.0.0.650 - Huawei Technologies Co., Ltd.) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}) (Version: 1.24.738.1 - Intel Corporation) Hidden LibreOffice 7.5.3.2 (HKLM\...\{063CC195-EEF8-4601-89C6-CB18230BD5E6}) (Version: 7.5.3.2 - The Document Foundation) Malwarebytes version 4.5.30.269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.5.30.269 - Malwarebytes) Microsoft .NET Framework 4.5.2 (DEU) (HKLM\...\{1DB0C90B-2A9F-3A1E-B1DF-616C5A2A1417}) (Version: 4.5.51209 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.2 (HKLM\...\{26784146-6E05-3FF9-9335-786C7C0FB5BE}) (Version: 4.5.51209 - Microsoft Corporation) Hidden Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64) (HKLM\...\{25E80DAA-FD87-DCE5-202C-CC02F6673002}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32\...\{C83ECC62-5360-3FF9-97B1-100895F1B093}) (Version: 114.0.1823.43 - Microsoft Corporation) Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 114.0.1823.43 - Microsoft Corporation) Microsoft Excel MUI (German) 2013 (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Groove MUI (German) 2013 (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office 32-bit Components 2013 (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office OSM MUI (German) 2013 (HKLM\...\{90150000-00E1-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office OSM UX MUI (German) 2013 (HKLM\...\{90150000-00E2-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2013 (HKLM\...\{90150000-002C-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - English (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - Italiano (HKLM\...\{90150000-001F-0410-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Shared 32-bit MUI (German) 2013 (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2013 (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Standard 2013 (HKLM\...\{90150000-0012-0000-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Standard 2013 (HKLM\...\Office15.STANDARD) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.107.0521.0001 - Microsoft Corporation) Microsoft OneNote MUI (German) 2013 (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Outlook MUI (German) 2013 (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft PowerPoint MUI (German) 2013 (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Publisher MUI (German) 2013 (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Teams) (Version: 1.4.00.4167 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23026 (HKLM\...\{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}) (Version: 14.0.23026 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23026 (HKLM\...\{0D3E9E15-DE7A-300B-96F1-B4AF12B96488}) (Version: 14.0.23026 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation) Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Word MUI (German) 2013 (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation) Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 114.0.1 (x64 de)) (Version: 114.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 114.0.1 - Mozilla) Mozilla Thunderbird (x86 de) (HKLM-x32\...\Mozilla Thunderbird 102.12.0 (x86 de)) (Version: 102.12.0 - Mozilla) MyHarmony (HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech) Opera Stable 99.0.4788.65 (HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Opera 99.0.4788.65) (Version: 99.0.4788.65 - Opera Software) Outils de vérification linguistique 2013 de Microsoft Office*- Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Paragon Backup & Recovery™ 17 CE (HKLM\...\{505143F0-48A3-4ABD-A1FE-F77425BFBF66}) (Version: 17.9.3.4927 - Paragon Software) Hidden Paragon Backup & Recovery™ 17 CE (HKLM-x32\...\{37102375-99b6-4ec1-af7d-ec77bb61cd49}) (Version: 17.9.3.4927 - Paragon Software GmbH) Paragon UIM (HKLM\...\{49AED3CA-E137-4E65-9555-D05C60281BAC}) (Version: 24.60.0.460 - Paragon Software) Hidden PerformanceTest v10.0 (HKLM\...\PerformanceTest 10_is1) (Version: 10.0.1010.0 - Passmark Software) Personal Backup 6.2.26.0 (32-bit) (HKLM-x32\...\Personal Backup 6_is1) (Version: 6.2.26.0 - Dr. J. Rathlev) Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8960.1 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.38.1118.2019 - Realtek) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0012-0000-1000-0000000FF1CE}_Office15.STANDARD_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.STANDARD_{4A8F14BC-FE6D-4FC8-AA48-14D574A71843}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.STANDARD_{4A8F14BC-FE6D-4FC8-AA48-14D574A71843}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}_Office15.STANDARD_{4A8F14BC-FE6D-4FC8-AA48-14D574A71843}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.STANDARD_{4A8F14BC-FE6D-4FC8-AA48-14D574A71843}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.STANDARD_{4A8F14BC-FE6D-4FC8-AA48-14D574A71843}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.STANDARD_{DABB9E2A-F054-4F97-9EB2-6992316C6EC7}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.STANDARD_{835E4BED-E265-4103-AE14-0B4C70CF3FE8}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.STANDARD_{1F7000D3-A917-4AD2-BA55-59E6FDAF062A}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0410-1000-0000000FF1CE}_Office15.STANDARD_{3FAA8A3E-95DC-4A9A-BB4A-205B253789A9}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-002C-0407-1000-0000000FF1CE}_Office15.STANDARD_{1570284D-DA86-4D62-A5D7-E44D5773B6D0}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.STANDARD_{4A7FC05F-2E0D-43B2-9AE6-E38ECB006524}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.STANDARD_{4A8F14BC-FE6D-4FC8-AA48-14D574A71843}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.STANDARD_{4A8F14BC-FE6D-4FC8-AA48-14D574A71843}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.STANDARD_{1931508C-C004-4983-81E3-70BE6252904B}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.STANDARD_{43F504AE-9084-432C-9ACA-98153827AD5B}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E1-0407-1000-0000000FF1CE}_Office15.STANDARD_{4A8F14BC-FE6D-4FC8-AA48-14D574A71843}) (Version: - Microsoft) Hidden Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E2-0407-1000-0000000FF1CE}_Office15.STANDARD_{4A8F14BC-FE6D-4FC8-AA48-14D574A71843}) (Version: - Microsoft) Hidden Sky X 23.4.1.0 (HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\com.bskyb.skyxplayer_is1) (Version: 23.4.1.0 - Sky) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.6.0.12455 - Microsoft Corporation) TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.42.7 - TeamViewer) twengoo (HKLM-x32\...\{2ADA8DBD-2833-4235-A07E-0CD653A992FF}) (Version: 1.0.0.0 - Twengoo) Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.) Update for Skype for Business 2015 (KB4484289) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.STANDARD_{1C76EBD9-0A70-4094-A543-00CAA3B62113}) (Version: - Microsoft) Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{C22F49B1-0F67-47DC-A490-E8B4B6558EA9}) (Version: 8.91.0.0 - Microsoft Corporation) VLC media player (HKLM\...\VLC media player) (Version: 3.0.18 - VideoLAN) VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.17.4 - VideoLAN) Windows Live ID Sign-in Assistant (HKLM\...\{CE52672C-A0E9-4450-8875-88A221D5CD50}) (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows-PC-Integritätsprüfung (HKLM\...\{4254C1AD-B9B0-4020-A4B1-D8B61D12142A}) (Version: 3.7.2204.15001 - Microsoft Corporation) Windows-PC-Integritätsprüfung (HKLM\...\{63EFBDB5-01B0-4614-BE9F-7F1908E42275}) (Version: 3.1.2109.29003 - Microsoft Corporation) Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation) Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) Winmail Opener 1.7 (HKLM-x32\...\Winmail Opener) (Version: 1.7 - Eolsoft) Packages: ========= AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m [2023-06-07] (Advanced Micro Devices Inc.) [Startup Task] Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_3.2.4.0_x64__kgqvnymyfvs32 [2023-06-10] (king.com) Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2542.1.0_x64__kgqvnymyfvs32 [2023-06-13] (king.com) Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.244.400.0_x64__kgqvnymyfvs32 [2023-06-05] (king.com) Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation) iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa [2023-05-24] (Apple Inc.) [Startup Task] Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-24] (Microsoft Corporation) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad] Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.12.219.0_x64__dt26b99r8h8gj [2020-12-26] (Realtek Semiconductor Corp) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe [2023-03-20] (Microsoft Studios) [MS Ad] Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-11] (Twitter Inc.) WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x64__8wekyb3d8bbwe [2023-06-07] (Microsoft Corporation) WindowsAppRuntime.1.3 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.851.1712.0_x86__8wekyb3d8bbwe [2023-06-07] (Microsoft Corporation) WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2016-05-14] (Microsoft Corporation) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-856262021-2868319075-1551791506-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Hold\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-856262021-2868319075-1551791506-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation) CustomCLSID: HKU\S-1-5-21-856262021-2868319075-1551791506-1000_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Hold\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19350.3\x64\Microsoft.Teams.AddinLoader.dll => Keine Datei CustomCLSID: HKU\S-1-5-21-856262021-2868319075-1551791506-1000_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Hold\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-10] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-10] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-10] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-25] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-10] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.107.0521.0001\FileSyncShell64.dll [2023-06-10] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> Keine Datei ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> Keine Datei ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-02-25] (Malwarebytes Inc. -> Malwarebytes) ==================== Codecs (Nicht auf der Ausnahmeliste) ==================== ==================== Verknüpfungen & WMI ======================== ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============= 2016-10-15 22:30 - 2010-04-24 05:00 - 000336896 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNMLM9Z.DLL 2016-05-14 19:36 - 2012-03-14 06:00 - 000385024 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNMLMAT.DLL 2014-02-20 15:32 - 2011-02-01 10:23 - 000355840 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNMN6PPM.DLL ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ======== ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ================= ==================== Internet Explorer (Nicht auf der Ausnahmeliste) ========== BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2018-07-18] (Microsoft Corporation -> Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2019-08-19] (Microsoft Corporation -> Microsoft Corporation) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.) IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com Da befinden sich 7940 mehr Seiten. IE trusted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\secunia.com. -> hxxps://secunia.com. IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\007guard.com -> install.007guard.com IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\008i.com -> 008i.com IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\008k.com -> www.008k.com IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\00hq.com -> www.00hq.com IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\010402.com -> 010402.com IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\0scan.com -> www.0scan.com IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\1-2005-search.com -> www.1-2005-search.com IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\1000gratisproben.com -> www.1000gratisproben.com IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\1001namen.com -> www.1001namen.com IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\100888290cs.com -> mir.100888290cs.com IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\100sexlinks.com -> www.100sexlinks.com IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\10sek.com -> www.10sek.com IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\12-26.net -> user1.12-26.net IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\12-27.net -> user1.12-27.net IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\123fporn.info -> www.123fporn.info IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\123moviedownload.com -> www.123moviedownload.com IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\123simsen.com -> www.123simsen.com Da befinden sich 7945 mehr Seiten. ==================== Hosts Inhalt: ========================= (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2018-04-12 01:38 - 2023-06-13 17:02 - 000003384 _____ C:\WINDOWS\system32\drivers\etc\hosts 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 rp.yefeneri2.com 0.0.0.0 os.yefeneri2.com 0.0.0.0 os2.yefeneri2.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com ==================== Andere Bereiche =========================== (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\;C:\ProgramData\chocolatey\bin; HKU\S-1-5-21-856262021-2868319075-1551791506-1000\Control Panel\Desktop\\Wallpaper -> D:\Fotos\Brasilien16\IMG_2909.JPG DNS Servers: 10.0.0.138 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Keine Datei) ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk" HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKLM\...\StartupApproved\Run: => "iTunesHelper" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run32: => "ConnectionCenter" HKLM\...\StartupApproved\Run32: => "SDTray" HKLM\...\StartupApproved\Run32: => "CanonQuickMenu" HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk" HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk" HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall" HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "GarminExpress" HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "Opera Browser Assistant" HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "Opera Stable" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [UDP Query User{4CE991B2-B38A-43BC-BAB1-9203556C713F}C:\users\hold\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\hold\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [TCP Query User{D84E05FD-2312-4DC4-8075-9A1916BD56AF}C:\users\hold\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\hold\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [UDP Query User{F73053EF-6862-458C-BC42-D4B98A11B16D}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [TCP Query User{BE532A11-CF89-4BBB-90B7-8DDD768F6477}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN) FirewallRules: [{FD9B3171-81C7-44F3-B314-5DCD5059D0C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{11F4409C-2B7C-45FA-8E05-B139C11B6B98}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [TCP Query User{34E1B575-13A3-4AE6-A311-70E0FFA0746D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [UDP Query User{497899E9-744A-4864-9C97-DE2B8CDE2DE7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{67213130-5D65-4419-B5DE-56A61D621311}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei FirewallRules: [{9A510696-5EF3-4BDB-A2D0-B6538A8A3C36}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei FirewallRules: [{A647EC86-C8D9-40AF-8EDC-B4B7F2D227B3}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei FirewallRules: [{7A9271F6-8ACF-4503-AB5C-0430A89C1329}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{1D867D88-4276-4F0B-B1D5-4A023DC12A7E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{AA67A866-1F2E-4693-851A-7F1B6C4EF773}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{58AC0C2E-0630-4000-BE5B-540764E0F0DB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{9AFCEA5B-F3C8-4246-B420-EDBD6BB370AE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{CDFA0ADC-1E4B-4C1B-9A83-4F115FE217F6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{F71BA20F-1865-48BE-B865-D7B00374F83C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{C3774AB8-3688-4C45-B00D-3A6A315A2D3C}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{54AB6B53-0444-4214-8555-F9BBEB856ADB}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{265FD2C5-81B7-43BD-9A66-29329A7571F9}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{45B36C63-34CD-46EE-B8CD-4D9F6EE7B22F}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{E4926C3A-8931-4ED9-8800-75BAE05C5450}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{CC23CD43-FA74-447D-AA77-3E6D8BED7142}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{8D5B02A5-D167-4062-9274-A2C6DCED28DF}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12129.4.57066.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) FirewallRules: [{2D4B8EEF-015B-4FFD-AA9D-8283BAD2191A}] => (Allow) C:\Users\Hold\AppData\Local\Programs\Opera\99.0.4788.47\opera.exe (Opera Norway AS -> Opera Software) FirewallRules: [{2AA9FACA-C0B7-4FD0-B745-3DA2DB74B82C}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{CB2853C6-C1AC-43D8-9C78-FC2438391526}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{77E347E3-41B8-4F05-B5CE-F152193003CA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{CE8C09F7-B5FF-4434-B0A4-0BF14DF4EAC6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.98.3402.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{35AC5939-98DA-4AC4-994D-B53B5AD498E9}] => (Allow) C:\Users\Hold\AppData\Local\Programs\Opera\99.0.4788.65\opera.exe (Opera Norway AS -> Opera Software) FirewallRules: [{E647A744-EE67-441E-BAD9-02945736865C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{40277813-A426-4581-87EA-2B7A0235FB07}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{260F968A-CCC2-4B31-B842-89054C38C902}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{2D52FF94-E4C6-4BAA-A213-20BBAA7214D3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{83314E63-C75C-4B90-A5D2-D2DCEB8A35D4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\114.0.1823.43\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Wiederherstellungspunkte ========================= 25-05-2023 19:26:58 Geplanter Prüfpunkt 02-06-2023 07:33:06 Garmin Express 02-06-2023 07:33:20 Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 07-06-2023 17:02:36 Garmin Express 07-06-2023 17:02:50 Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 ==================== Fehlerhafte Geräte im Gerätemanager ============ Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: vpnva Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Fehlereinträge in der Ereignisanzeige: ======================== Applikationsfehler: ================== Error: (06/13/2023 05:05:01 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 11.6.0.1030, Zeitstempel: 0x5042b0f0 Name des fehlerhaften Moduls: IAStorUtil.ni.dll, Version: 11.6.0.1030, Zeitstempel: 0x5042b0eb Ausnahmecode: 0xc0000005 Fehleroffset: 0x000305e5 ID des fehlerhaften Prozesses: 0x2278 Startzeit der fehlerhaften Anwendung: 0x01d99e086a810263 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\207ebc012ecbf4f2e521fa64bf3419fe\IAStorUtil.ni.dll Berichtskennung: b0cb1a37-b59d-4370-8988-2df01f4a06ec Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (06/13/2023 05:05:01 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: IAStorDataMgrSvc.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.NullReferenceException bei IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges() bei IAStorUtil.SystemDataModelListener.LoadSavedSystemState() bei IAStorDataMgr.EventRelay.<Start>b__0(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (06/13/2023 03:52:47 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: ) Description: Event-ID 2 Error: (06/13/2023 03:52:46 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: ) Description: Event-ID 2 Error: (06/13/2023 03:51:53 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 11.6.0.1030, Zeitstempel: 0x5042b0f0 Name des fehlerhaften Moduls: IAStorUtil.ni.dll, Version: 11.6.0.1030, Zeitstempel: 0x5042b0eb Ausnahmecode: 0xc0000005 Fehleroffset: 0x000305e5 ID des fehlerhaften Prozesses: 0x2498 Startzeit der fehlerhaften Anwendung: 0x01d99dfe334faeaa Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\207ebc012ecbf4f2e521fa64bf3419fe\IAStorUtil.ni.dll Berichtskennung: 344da6b5-ab72-4912-9b7b-b224c843dbb1 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (06/13/2023 03:51:53 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: IAStorDataMgrSvc.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.NullReferenceException bei IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges() bei IAStorUtil.SystemDataModelListener.LoadSavedSystemState() bei IAStorDataMgr.EventRelay.<Start>b__0(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Error: (06/12/2023 09:07:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 11.6.0.1030, Zeitstempel: 0x5042b0f0 Name des fehlerhaften Moduls: IAStorUtil.ni.dll, Version: 11.6.0.1030, Zeitstempel: 0x5042b0eb Ausnahmecode: 0xc0000005 Fehleroffset: 0x000305e5 ID des fehlerhaften Prozesses: 0x1520 Startzeit der fehlerhaften Anwendung: 0x01d99d6116b1670c Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\207ebc012ecbf4f2e521fa64bf3419fe\IAStorUtil.ni.dll Berichtskennung: 1cff8ea9-b593-4f26-b1d9-1a1969daa7ca Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (06/12/2023 09:07:14 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Anwendung: IAStorDataMgrSvc.exe Frameworkversion: v4.0.30319 Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet. Ausnahmeinformationen: System.NullReferenceException bei IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges() bei IAStorUtil.SystemDataModelListener.LoadSavedSystemState() bei IAStorDataMgr.EventRelay.<Start>b__0(System.Object) bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object) bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean) bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem() bei System.Threading.ThreadPoolWorkQueue.Dispatch() bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback() Systemfehler: ============= Error: (06/13/2023 05:05:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/13/2023 05:02:54 PM) (Source: SNMP) (EventID: 1500) (User: ) Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten. Error: (06/13/2023 05:02:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "AMD Log Utility" wurde aufgrund folgenden Fehlers nicht gestartet: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. Error: (06/13/2023 05:02:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (45000 ms) wurde beim Verbindungsversuch mit dem Dienst AMD Log Utility erreicht. Error: (06/13/2023 03:51:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (06/13/2023 03:49:47 PM) (Source: SNMP) (EventID: 1500) (User: ) Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten. Error: (06/13/2023 03:49:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "AMD Crash Defender Service" wurde aufgrund folgenden Fehlers nicht gestartet: Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung. Error: (06/13/2023 03:49:44 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (45000 ms) wurde beim Verbindungsversuch mit dem Dienst AMD Crash Defender Service erreicht. Windows Defender: ================ Date: 2023-06-13 18:22:33 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {2DCA2706-ED56-4187-A816-73EAD6E2C8E3} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM Date: 2023-06-13 17:56:08 Description: Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt. Weitere Informationen: https://go.microsoft.com/fwlink/?linkid=37020&name=BrowserModifier:Win32/Istuni&threatid=265835&enterprise=0 Name: BrowserModifier:Win32/Istuni Schweregrad: Hoch Kategorie: Browserveränderer Pfad: file:_C:\Program Files (x86)\twengoo\ff\instui.exe Erkennungsursprung: Lokaler Computer Erkennungstype: Konkret Erkennungsquelle: Benutzer Benutzer: Hold-PC\Hold Prozessname: Unknown Sicherheitsversion: AV: 1.391.1318.0, AS: 1.391.1318.0, NIS: 1.391.1318.0 Modulversion: AM: 1.1.23050.3, NIS: 1.1.23050.3 Date: 2023-06-07 22:40:09 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {6CB27A6E-6FCC-4B05-9FF7-05B27BD981D9} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM Date: 2023-06-07 17:12:38 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {EEFB3E86-8807-42A0-A344-BC5BC1F09B8E} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM Date: 2023-06-03 21:56:46 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {FFF69DF9-CC9E-4845-A060-342C56D747B7} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM CodeIntegrity: =============== Date: 2023-06-13 18:22:33 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.23050.3-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Speicherinformationen =========================== BIOS: American Megatrends Inc. M.70 06/17/2020 Hauptplatine: Micro-Star International Co., Ltd B450-A PRO MAX (MS-7B86) Prozessor: AMD Ryzen 5 3400G with Radeon Vega Graphics Prozentuale Nutzung des RAM: 44% Installierter physikalischer RAM: 14282.68 MB Verfügbarer physikalischer RAM: 7961.86 MB Summe virtueller Speicher: 28618.68 MB Verfügbarer virtueller Speicher: 21159.88 MB ==================== Laufwerke ================================ Drive c: () (Fixed) (Total:359.24 GB) (Free:154.92 GB) (Model: KINGSTON SA400S37480G) NTFS Drive d: (Volume) (Fixed) (Total:87.79 GB) (Free:30.48 GB) (Model: KINGSTON SA400S37480G) NTFS Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) (Model: KINGSTON SA400S37480G) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)] Drive g: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:444.24 GB) (Model: TOSHIBA External USB 3.0 USB Device) NTFS ==================== MBR & Partitionstabelle ==================== ========================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 624A1F8B) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=87.8 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=359.2 GB) - (Type=07 NTFS) ========================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: CED0B5E5) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== Ende von Addition.txt ======================= |
13.06.2023, 18:49 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BrowserModifier:Win32/Istuni adwCleaner
__________________Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags. adwcleaner zwecks Kontrolle bitte wiederholen, falls es Funde gab.
__________________ |
13.06.2023, 18:55 | #3 |
| BrowserModifier:Win32/IstuniCode:
ATTFilter # ------------------------------- # Malwarebytes AdwCleaner 8.4.0.0 # ------------------------------- # Build: 08-30-2022 # Database: 2022-10-10.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 06-13-2023 # Duration: 00:00:09 # OS: Windows 10 (Build 19045.3031) # Scanned: 32102 # Detected: 0 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** No Preinstalled Software found. AdwCleaner[S00].txt - [1406 octets] - [04/12/2021 12:14:31] AdwCleaner[S01].txt - [1467 octets] - [09/12/2021 16:42:42] AdwCleaner[S02].txt - [1528 octets] - [09/12/2021 18:09:57] AdwCleaner[S03].txt - [1589 octets] - [14/12/2021 22:43:21] AdwCleaner[S04].txt - [1650 octets] - [21/12/2021 20:11:54] AdwCleaner[S05].txt - [1711 octets] - [28/12/2021 00:35:39] AdwCleaner[S06].txt - [1772 octets] - [31/12/2021 19:19:47] AdwCleaner[S07].txt - [1833 octets] - [06/01/2022 17:05:05] AdwCleaner[S08].txt - [1894 octets] - [14/01/2022 09:39:35] AdwCleaner[S09].txt - [1955 octets] - [19/01/2022 18:05:17] AdwCleaner[S10].txt - [2016 octets] - [25/01/2022 20:01:35] AdwCleaner[S11].txt - [2077 octets] - [03/02/2022 10:59:20] AdwCleaner[S12].txt - [2138 octets] - [08/02/2022 17:34:34] AdwCleaner[S13].txt - [2199 octets] - [14/02/2022 18:29:32] AdwCleaner[S14].txt - [2260 octets] - [22/02/2022 20:14:01] AdwCleaner[S15].txt - [2321 octets] - [01/03/2022 20:09:07] AdwCleaner[S16].txt - [2382 octets] - [07/03/2022 18:22:16] AdwCleaner[S17].txt - [2443 octets] - [15/03/2022 17:12:36] AdwCleaner[S18].txt - [2504 octets] - [23/03/2022 18:46:50] AdwCleaner[S19].txt - [2565 octets] - [30/03/2022 13:40:52] AdwCleaner[S20].txt - [2626 octets] - [14/04/2022 23:26:42] AdwCleaner[S21].txt - [2687 octets] - [25/04/2022 20:13:59] AdwCleaner[S22].txt - [2748 octets] - [03/05/2022 18:28:20] AdwCleaner[S23].txt - [2809 octets] - [12/05/2022 13:14:42] AdwCleaner[S24].txt - [2870 octets] - [27/05/2022 12:08:37] AdwCleaner[S25].txt - [2931 octets] - [05/06/2022 13:56:14] AdwCleaner[S26].txt - [2992 octets] - [16/06/2022 12:53:15] AdwCleaner[S27].txt - [3053 octets] - [24/06/2022 12:26:56] AdwCleaner[S28].txt - [3114 octets] - [08/07/2022 09:44:20] AdwCleaner[S29].txt - [3175 octets] - [14/07/2022 15:45:21] AdwCleaner[S30].txt - [3236 octets] - [20/07/2022 18:22:02] AdwCleaner[S31].txt - [3297 octets] - [03/08/2022 18:13:26] AdwCleaner[S32].txt - [3358 octets] - [17/08/2022 13:04:52] AdwCleaner[S33].txt - [3757 octets] - [24/08/2022 14:24:19] AdwCleaner[C33].txt - [3909 octets] - [24/08/2022 14:24:36] AdwCleaner[S34].txt - [3541 octets] - [24/08/2022 14:47:09] AdwCleaner[S35].txt - [3602 octets] - [26/08/2022 13:12:34] AdwCleaner[S36].txt - [3663 octets] - [30/08/2022 23:26:09] AdwCleaner[S37].txt - [3724 octets] - [31/08/2022 14:51:13] AdwCleaner[S38].txt - [3785 octets] - [05/09/2022 16:46:12] AdwCleaner[S39].txt - [3846 octets] - [07/09/2022 17:53:22] AdwCleaner[S40].txt - [3907 octets] - [13/09/2022 23:11:30] AdwCleaner[S41].txt - [3982 octets] - [21/09/2022 17:24:42] AdwCleaner[S42].txt - [4043 octets] - [25/09/2022 23:20:32] AdwCleaner[S43].txt - [4104 octets] - [29/09/2022 17:27:37] AdwCleaner[S44].txt - [4165 octets] - [04/10/2022 19:17:11] AdwCleaner[S45].txt - [4226 octets] - [11/10/2022 17:41:40] AdwCleaner[S46].txt - [4287 octets] - [17/10/2022 20:04:26] AdwCleaner[S47].txt - [4348 octets] - [21/10/2022 16:52:57] AdwCleaner[S48].txt - [4409 octets] - [31/10/2022 22:47:16] AdwCleaner[S49].txt - [4470 octets] - [04/11/2022 15:26:50] AdwCleaner[S50].txt - [4531 octets] - [09/11/2022 16:29:26] AdwCleaner[S51].txt - [4592 octets] - [14/11/2022 18:55:45] AdwCleaner[S52].txt - [4653 octets] - [24/11/2022 15:15:11] AdwCleaner[S53].txt - [4714 octets] - [28/11/2022 18:55:32] AdwCleaner[S54].txt - [4775 octets] - [10/12/2022 22:30:23] AdwCleaner[S55].txt - [4836 octets] - [16/12/2022 12:38:19] AdwCleaner[S56].txt - [4897 octets] - [27/12/2022 17:35:19] AdwCleaner[S57].txt - [4958 octets] - [04/01/2023 17:02:54] AdwCleaner[S58].txt - [5019 octets] - [26/01/2023 14:03:04] AdwCleaner[S59].txt - [5080 octets] - [01/02/2023 16:58:51] AdwCleaner[S60].txt - [5141 octets] - [11/02/2023 11:52:06] AdwCleaner[S61].txt - [5202 octets] - [24/02/2023 18:52:21] AdwCleaner[S62].txt - [5263 octets] - [02/03/2023 18:01:12] AdwCleaner[S63].txt - [5324 octets] - [10/03/2023 15:05:58] AdwCleaner[S64].txt - [5385 octets] - [17/03/2023 15:25:05] AdwCleaner[S65].txt - [5446 octets] - [29/03/2023 09:09:04] AdwCleaner[S66].txt - [5507 octets] - [04/04/2023 17:07:04] AdwCleaner[S67].txt - [5568 octets] - [06/04/2023 20:14:07] AdwCleaner[S68].txt - [5629 octets] - [13/04/2023 17:25:17] AdwCleaner[S69].txt - [5690 octets] - [16/04/2023 12:30:04] AdwCleaner[S70].txt - [5751 octets] - [27/04/2023 23:06:47] AdwCleaner[S71].txt - [5812 octets] - [01/05/2023 18:56:49] AdwCleaner[S72].txt - [5873 octets] - [10/05/2023 09:58:16] AdwCleaner[S73].txt - [5934 octets] - [15/05/2023 18:27:33] AdwCleaner[S74].txt - [5995 octets] - [17/05/2023 18:22:14] AdwCleaner[S75].txt - [6056 octets] - [30/05/2023 18:33:09] AdwCleaner[S76].txt - [6117 octets] - [07/06/2023 17:06:17] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S77].txt ########## |
13.06.2023, 19:07 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | BrowserModifier:Win32/IstuniZitat:
Wann wurde damit zuletzt gescannt? Funde? Wo sind die Logs dazu?
__________________ Logfiles bitte immer in CODE-Tags posten |
13.06.2023, 19:15 | #5 |
| BrowserModifier:Win32/IstuniCode:
ATTFilter Malwarebytes www.malwarebytes.com -Protokolldetails- Scan-Datum: 13.06.23 Scan-Zeit: 20:08 Protokolldatei: 56fbaa6c-0a15-11ee-bf55-00fffaea9793.json -Softwaredaten- Version: 4.5.30.269 Komponentenversion: 1.0.2037 Version des Aktualisierungspakets: 1.0.70825 Lizenz: Kostenlos -Systemdaten- Betriebssystem: Windows 10 (Build 19045.3031) CPU: x64 Dateisystem: NTFS Benutzer: Hold-PC\Hold -Scan-Übersicht- Scan-Typ: Bedrohungs-Scan Scan gestartet von: Manuell Ergebnis: Abgeschlossen Gescannte Objekte: 300040 Erkannte Bedrohungen: 0 In die Quarantäne verschobene Bedrohungen: 0 Abgelaufene Zeit: 4 Min., 33 Sek. -Scan-Optionen- Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Erkennung PUM: Erkennung -Scan-Details- Prozess: 0 (keine bösartigen Elemente erkannt) Modul: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswert: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Daten-Stream: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Datei: 0 (keine bösartigen Elemente erkannt) Physischer Sektor: 0 (keine bösartigen Elemente erkannt) WMI: 0 (keine bösartigen Elemente erkannt) (end) |
13.06.2023, 19:20 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BrowserModifier:Win32/Istuni Bitte lies meinen letzten Beitrag richtig. Ich hab gefragt wann du damit schon gescannt hast und ob es Funde gab. Ich sagte nicht, dass du neu scannen solltest.
__________________ --> BrowserModifier:Win32/Istuni |
13.06.2023, 19:23 | #7 |
| BrowserModifier:Win32/Istuni Sorry, vor 14 Tagen und da war nix, ich mach das in etwa alle 2 Wochen, war seit 3.12.2021 nichts mehr |
13.06.2023, 19:46 | #8 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | BrowserModifier:Win32/IstuniZitat:
- Microsoft Office 2013 ist EOL -> deinstallieren, LibreOffice hast du ja schon - Opera ist überflüssig, außerdem hast du bereits Firefox und in Windows ist der Edge eingebaut - twengoo auf jeden Fall deinstallieren
__________________ Logfiles bitte immer in CODE-Tags posten |
13.06.2023, 19:48 | #9 |
| BrowserModifier:Win32/Istuni mach ich, ist die Geschichte damit erledigt? |
13.06.2023, 19:54 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BrowserModifier:Win32/Istuni Wir können danach noch nen Kontrollscan mit RK machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
13.06.2023, 20:22 | #11 |
| BrowserModifier:Win32/IstuniCode:
ATTFilter Program : RogueKiller Anti-Malware Version : 15.10.0.0 x64 : Yes Program Date : May 24 2023 Location : C:\Users\Hold\Downloads\RogueKiller_portable64.exe Premium : No Company : Adlice Software Website : https://www.adlice.com/ Contact : https://adlice.com/contact/ Website : https://adlice.com/download/roguekiller/ Operating System : Windows 10 (10.0.19045) 64-bit 64-bit OS : Yes Startup : 0 WindowsPE : No User : Hold User is Admin : Yes Date : 2023/06/13 19:19:42 Type : Removal Aborted : No Scan Mode : Standard Duration : 995 Found items : 3 Total scanned : 113458 Signatures Version : 20230605_114837 Truesight Driver : Yes Updates Count : 5 ************************* Warnings ************************* ************************* Removal ************************* [PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\.DEFAULT\Software\OCS -- -> Gelöscht [+] scan_what : 2 [+] vendors : PUP.Gen1 [+] Name : HKEY_USERS\.DEFAULT\Software\OCS [+] Type : Registry [+] file_vtscore : 0 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 0 [+] status : 3 [+] status_str : Gelöscht [+] removed : Yes [+] status_choice : 2 [+] malpe_score : 0 [PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\S-1-5-21-856262021-2868319075-1551791506-1000\Software\OCS -- -> Gelöscht [+] scan_what : 2 [+] vendors : PUP.Gen1 [+] Name : HKEY_USERS\S-1-5-21-856262021-2868319075-1551791506-1000\Software\OCS [+] Type : Registry [+] file_vtscore : 0 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 1 [+] status : 3 [+] status_str : Gelöscht [+] removed : Yes [+] status_choice : 2 [+] malpe_score : 0 [PUP.Gen1 (Potenziell bösartig)] HKEY_USERS\S-1-5-18\Software\OCS -- -> Gelöscht [+] scan_what : 2 [+] vendors : PUP.Gen1 [+] Name : HKEY_USERS\S-1-5-18\Software\OCS [+] Type : Registry [+] file_vtscore : 0 [+] file_vttotal : 0 [+] is_malicious : Yes [+] detection_level : 3 [+] id : 2 [+] status : 3 [+] status_str : Gelöscht [+] removed : Yes [+] status_choice : 2 [+] malpe_score : 0 |
13.06.2023, 20:24 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | BrowserModifier:Win32/Istuni Nur dödlige Registryeinträge Dann wären wir durch! Wenn Du möchtest, kannst Du das Forum mit einer kleinen Spende unterstützen. Abschließend unbedingt unsere Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt:
__________________ Logfiles bitte immer in CODE-Tags posten |
13.06.2023, 20:26 | #13 |
| BrowserModifier:Win32/Istuni Vielen Dank!! |
14.06.2023, 13:46 | #14 |
/// TB-Ausbilder | BrowserModifier:Win32/Istuni Wir sind froh, dass wir helfen konnten Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Jeder andere bitte hier klicken und ein eigenes Thema erstellen. |
Themen zu BrowserModifier:Win32/Istuni |
bonjour, cpu, defender, desktop, firefox, google, home, homepage, installation, internet, internet explorer, microsoft defender, mozilla, netstat, port, prozesse, realtek, registry, rundll, scan, services.exe, software, udp, updates, windows, wmi |