| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Microsoft Edge öffnet nachts eigenständig WebsitesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.12.2023, 17:39
| #1 |
| |  Microsoft Edge öffnet nachts eigenständig Websites Ergänzung zu meinem Post - siehe weiter unten - "Microsoft Edge öffnet nachts eigenständig Websites" von 17:42 Uhr Log Datei GMER: Code:
ATTFilter GMER 2.2.19882 - hxxp://www.gmer.net
3rd party scan 2023-12-23 17:30:30
Windows 6.2.9200 x64
Running: gmer.exe
---- Services - GMER 2.2 ----
Service C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Acrobat Update Service/21 CA1 SIGNED)(2023-09-21 03:11:14) [AUTO] AdobeARMservice
Service ADOVMPPackage
Service AMDKMDAG
Service amdkmdap
Service Atierecord
Service C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe (Avira Security/21 CA1 SIGNED)(2023-12-23 12:43:50) [AUTO] AviraFallbackUpdater
Service C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe (Avira Optimizer Host/21 CA1 SIGNED)(2023-12-23 12:43:58) [AUTO] AviraOptimizerHost
Service C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe (VpnService/21 CA1 SIGNED)(2023-09-06 09:25:44) [AUTO] AviraPhantomVPN
Service C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe (Avira Security/21 CA1 SIGNED)(2023-12-23 12:43:44) [AUTO] AviraSecurity
Service C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe (Avira Security/21 CA1 SIGNED)(2023-12-23 12:43:46) [AUTO] AviraSecurityUpdater
Service C:\Windows\system32\DRIVERS\BdNet.sys (Avira Network Filter/21 CA1 SIGNED)(2023-12-23 12:44:44) [BOOT] BdNet
Service C:\Windows\system32\DRIVERS\BdSentry.sys (Avira Sentry Driver/21 CA1 SIGNED)(2023-12-23 12:44:44) [SYSTEM] BdSentry
Service C:\Windows\System32\drivers\BthA2dp.sys (Bluetooth A2DP Driver/Microsoft Corporation)(2021-11-04 14:20:49) [MANUAL] BthA2dp
Service C:\Windows\System32\drivers\bthhfenum.sys (Bluetooth Hands-Free Audio and Call Control HID Enumerator/Microsoft Corporation)(2021-11-04 14:20:49) [MANUAL] BthHFEnum
Service C:\Windows\System32\drivers\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation)(2021-06-05 12:04:43) [MANUAL] BTHMODEM
Service CoreUI
Service C:\Windows\system32\DRIVERS\ssudbus2.sys (SAMSUNG USB Composite Device Driver/21 CA1 SIGNED)(2023-11-10 17:24:30) [MANUAL] dg_ssudbus
Service C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe (Endpoint Protection Servic/Avira Operations Gmb SIGNED)(2023-12-23 12:44:44) [AUTO] EndpointProtectionService
Service C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe (Endpoint Protection Servic/Avira Operations Gmb SIGNED)(2023-12-23 12:44:44) [MANUAL] EndpointProtectionService2
Service C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe (Foxit PDF Reader Update Service/21 CA1 SIGNED)(2023-08-14 06:04:58) [AUTO] FoxitReaderUpdateService
Service C:\Program Files\Google\Chrome\Application\120.0.6099.129\elevation_service.exe (Google Chrome/21 CA1 SIGNED)(2023-12-21 08:15:48) [MANUAL] GoogleChromeElevationService
Service C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/21 CA1 SIGNED)(2023-06-08 15:22:04) [AUTO] gupdate
Service C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/21 CA1 SIGNED)(2023-06-08 15:22:04) [MANUAL] gupdatem
Service C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (21 CA1 SIGNED)(2023-07-19 01:50:05) [AUTO] HPPrintScanDoctorService
Service iaStorAV
Service napagent
Service NetbiosSmb
Service C:\Windows\System32\drivers\netprotection_network_filter.sys (Avira NetProtectionSDK WFP Driver./Avira Operations GmbH SIGNED)(2023-12-23 12:45:14) [SYSTEM] netprotection_network_filter
Service P9NP
Service RDMANDK
Service RDPUDD
Service Realtek
Service C:\Windows\system32\DRIVERS\rtp_filter.sys (Avira real-time protection filter drive/Avira Operations Gmb SIGNED)(2023-12-23 12:44:44) [SYSTEM] rtp_filter
Service C:\Windows\system32\DRIVERS\rtp_traverse.sys (Avira Driver for Data Travers/Avira Operations Gmb SIGNED)(2023-12-23 12:44:44) [SYSTEM] rtp_traverse
Service C:\Windows\system32\DRIVERS\ssudmdm.sys (SAMSUNG Android Modem Device Driver/21 CA1 SIGNED)(2023-11-10 17:24:30) [MANUAL] ssudmdm
Service C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (MSS CS Connectivity Service/DEVGURU Co., LTD. SIGNED)(2023-11-10 17:24:35) [AUTO] ss_conn_service
Service C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe (MSS CS Connectivity Service/CA - G2 SIGNED)(2023-11-10 17:24:35) [AUTO] ss_conn_service2
Service C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys (MSS CS Connectivity USB driver/21 CA1 SIGNED)(2023-11-10 17:24:30) [MANUAL] ss_conn_usb_driver2
Service C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (VPN Agent Service/Cisco Systems, Inc. SIGNED)(2023-04-28 21:32:56) [AUTO] vpnagent
Service C:\Windows\System32\drivers\vpnva64-6.sys (Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows/Cisco Systems, Inc. SIGNED)(2023-01-17 21:09:38) [MANUAL] vpnva
Service C:\Program Files\Windscribe\WindscribeService.exe (Manages the firewall and controls the VPN tunnel/Windscribe Limited SIGNED)(2023-08-20 10:35:14) [AUTO] WindscribeService
Service C:\Windows\system32\DRIVERS\WindscribeSplitTunnel.sys (21 CA1 SIGNED)(2023-08-20 10:35:14) [MANUAL] WindscribeSplitTunnel
Service C:\Windows\System32\drivers\WirelessButtonDriver64.sys (HP Wireless Button Driver/21 CA1 SIGNED)(2022-06-17 14:33:52) [MANUAL] WirelessButtonDriver64
Service workerdd
---- Registry - GMER 2.2 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\StillImage\Events\STIProxyEvent\{1EE5A00D-745A-4FBD-9A63-FF42BF5E5012}@Cmdline C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReader.exe (Foxit PDF Reader/21 CA1 SIGNED)(2023-08-14 07:28:06)
Reg HKLM\SYSTEM\CurrentControlSet\Services\AdobeARMservice@ImagePath C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Acrobat Update Service/21 CA1 SIGNED)(2023-09-21 03:11:14)
Reg HKLM\SYSTEM\CurrentControlSet\Services\AviraFallbackUpdater@ImagePath C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe (Avira Security/21 CA1 SIGNED)(2023-12-23 12:43:50)
Reg HKLM\SYSTEM\CurrentControlSet\Services\AviraOptimizerHost@ImagePath C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe (Avira Optimizer Host/21 CA1 SIGNED)(2023-12-23 12:43:58)
Reg HKLM\SYSTEM\CurrentControlSet\Services\AviraPhantomVPN@ImagePath C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe (VpnService/21 CA1 SIGNED)(2023-09-06 09:25:44)
Reg HKLM\SYSTEM\CurrentControlSet\Services\AviraSecurity@ImagePath C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe (Avira Security/21 CA1 SIGNED)(2023-12-23 12:43:44)
Reg HKLM\SYSTEM\CurrentControlSet\Services\AviraSecurity@FailureCommand C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe (Avira Security/21 CA1 SIGNED)(2023-12-23 12:43:44)
Reg HKLM\SYSTEM\CurrentControlSet\Services\AviraSecurityUpdater@ImagePath C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe (Avira Security/21 CA1 SIGNED)(2023-12-23 12:43:46)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BdNet@ImagePath C:\Windows\system32\DRIVERS\BdNet.sys (Avira Network Filter/21 CA1 SIGNED)(2023-12-23 12:44:44)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BdSentry@ImagePath C:\Windows\system32\DRIVERS\BdSentry.sys (Avira Sentry Driver/21 CA1 SIGNED)(2023-12-23 12:44:44)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthA2dp@ImagePath C:\Windows\System32\drivers\BthA2dp.sys (Bluetooth A2DP Driver/Microsoft Corporation)(2021-11-04 14:20:49)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BthHFEnum@ImagePath C:\Windows\System32\drivers\bthhfenum.sys (Bluetooth Hands-Free Audio and Call Control HID Enumerator/Microsoft Corporation)(2021-11-04 14:20:49)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHMODEM@ImagePath C:\Windows\System32\drivers\bthmodem.sys (Bluetooth Communications Driver/Microsoft Corporation)(2021-06-05 12:04:43)
Reg HKLM\SYSTEM\CurrentControlSet\Services\dg_ssudbus@ImagePath C:\Windows\system32\DRIVERS\ssudbus2.sys (SAMSUNG USB Composite Device Driver/21 CA1 SIGNED)(2023-11-10 17:24:30)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EndpointProtectionService@ImagePath C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe (Endpoint Protection Servic/Avira Operations Gmb SIGNED)(2023-12-23 12:44:44)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Chrome@CategoryMessageFile C:\Program Files\Google\Chrome\Application\120.0.6099.129\eventlog_provider.dll (Google Chrome/21 CA1 SIGNED)(2023-12-21 08:15:48)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acproxycon@CategoryMessageFile C:\Windows\SysWOW64\vpncategories.dll (Cisco AnyConnect VPN Client Event Categories/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:42)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acproxycon@EventMessageFile C:\Windows\SysWOW64\vpnevents.dll (Cisco AnyConnect Secure Mobility Client Event Messages/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:40)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpnagent@CategoryMessageFile C:\Windows\SysWOW64\vpncategories.dll (Cisco AnyConnect VPN Client Event Categories/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:42)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpnagent@EventMessageFile C:\Windows\SysWOW64\vpnevents.dll (Cisco AnyConnect Secure Mobility Client Event Messages/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:40)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpnapi@CategoryMessageFile C:\Windows\SysWOW64\vpncategories.dll (Cisco AnyConnect VPN Client Event Categories/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:42)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpnapi@EventMessageFile C:\Windows\SysWOW64\vpnevents.dll (Cisco AnyConnect Secure Mobility Client Event Messages/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:40)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpncli@CategoryMessageFile C:\Windows\SysWOW64\vpncategories.dll (Cisco AnyConnect VPN Client Event Categories/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:42)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpncli@EventMessageFile C:\Windows\SysWOW64\vpnevents.dll (Cisco AnyConnect Secure Mobility Client Event Messages/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:40)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpndownloader@CategoryMessageFile C:\Windows\SysWOW64\vpncategories.dll (Cisco AnyConnect VPN Client Event Categories/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:42)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpndownloader@EventMessageFile C:\Windows\SysWOW64\vpnevents.dll (Cisco AnyConnect Secure Mobility Client Event Messages/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:40)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpndownloader_major@CategoryMessageFile C:\Windows\SysWOW64\vpncategories.dll (Cisco AnyConnect VPN Client Event Categories/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:42)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpndownloader_major@EventMessageFile C:\Windows\SysWOW64\vpnevents.dll (Cisco AnyConnect Secure Mobility Client Event Messages/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:40)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpndownloader_minor@CategoryMessageFile C:\Windows\SysWOW64\vpncategories.dll (Cisco AnyConnect VPN Client Event Categories/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:42)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpngina@EventMessageFile C:\Windows\SysWOW64\vpnevents.dll (Cisco AnyConnect Secure Mobility Client Event Messages/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:40)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpngina@CategoryMessageFile C:\Windows\SysWOW64\vpncategories.dll (Cisco AnyConnect VPN Client Event Categories/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:42)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpninstall@EventMessageFile C:\Windows\SysWOW64\vpnevents.dll (Cisco AnyConnect Secure Mobility Client Event Messages/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:40)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpnmgmttun@CategoryMessageFile C:\Windows\SysWOW64\vpncategories.dll (Cisco AnyConnect VPN Client Event Categories/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:42)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpnmgmttun@EventMessageFile C:\Windows\SysWOW64\vpnevents.dll (Cisco AnyConnect Secure Mobility Client Event Messages/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:40)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpnplap@CategoryMessageFile C:\Windows\SysWOW64\vpncategories.dll (Cisco AnyConnect VPN Client Event Categories/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:42)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpnplap@EventMessageFile C:\Windows\SysWOW64\vpnevents.dll (Cisco AnyConnect Secure Mobility Client Event Messages/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:40)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpnui@CategoryMessageFile C:\Windows\SysWOW64\vpncategories.dll (Cisco AnyConnect VPN Client Event Categories/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:42)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpnui@EventMessageFile C:\Windows\SysWOW64\vpnevents.dll (Cisco AnyConnect Secure Mobility Client Event Messages/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:40)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpnva@CategoryMessageFile C:\Windows\SysWOW64\vpncategories.dll (Cisco AnyConnect VPN Client Event Categories/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:42)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acvpnva@EventMessageFile C:\Windows\SysWOW64\vpnevents.dll (Cisco AnyConnect Secure Mobility Client Event Messages/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:40)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acwebhelper@CategoryMessageFile C:\Windows\SysWOW64\vpncategories.dll (Cisco AnyConnect VPN Client Event Categories/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:42)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acwebhelper@EventMessageFile C:\Windows\SysWOW64\vpnevents.dll (Cisco AnyConnect Secure Mobility Client Event Messages/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:40)
Reg HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Cisco AnyConnect Secure Mobility Client\acwebhelperplugin@CategoryMessageFile C:\Windows\SysWOW64\vpncategories.dll (Cisco AnyConnect VPN Client Event Categories/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:42)
Reg HKLM\SYSTEM\CurrentControlSet\Services\FoxitReaderUpdateService@ImagePath C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe (Foxit PDF Reader Update Service/21 CA1 SIGNED)(2023-08-14 06:04:58)
Reg HKLM\SYSTEM\CurrentControlSet\Services\GoogleChromeElevationService@ImagePath C:\Program Files\Google\Chrome\Application\120.0.6099.129\elevation_service.exe (Google Chrome/21 CA1 SIGNED)(2023-12-21 08:15:48)
Reg HKLM\SYSTEM\CurrentControlSet\Services\gupdate@ImagePath C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Installer/21 CA1 SIGNED)(2023-06-08 15:22:04)
Reg HKLM\SYSTEM\CurrentControlSet\Services\HPPrintScanDoctorService@ImagePath C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (21 CA1 SIGNED)(2023-07-19 01:50:05)
Reg HKLM\SYSTEM\CurrentControlSet\Services\netprotection_network_filter@ImagePath C:\Windows\System32\drivers\netprotection_network_filter.sys (Avira NetProtectionSDK WFP Driver./Avira Operations GmbH SIGNED)(2023-12-23 12:45:14)
Reg HKLM\SYSTEM\CurrentControlSet\Services\rtp_filter@ImagePath C:\Windows\system32\DRIVERS\rtp_filter.sys (Avira real-time protection filter drive/Avira Operations Gmb SIGNED)(2023-12-23 12:44:44)
Reg HKLM\SYSTEM\CurrentControlSet\Services\rtp_filter@ClientPath C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe (Endpoint Protection Servic/Avira Operations Gmb SIGNED)(2023-12-23 12:44:44)
Reg HKLM\SYSTEM\CurrentControlSet\Services\rtp_traverse@ImagePath C:\Windows\system32\DRIVERS\rtp_traverse.sys (Avira Driver for Data Travers/Avira Operations Gmb SIGNED)(2023-12-23 12:44:44)
Reg HKLM\SYSTEM\CurrentControlSet\Services\ssudmdm@ImagePath C:\Windows\system32\DRIVERS\ssudmdm.sys (SAMSUNG Android Modem Device Driver/21 CA1 SIGNED)(2023-11-10 17:24:30)
Reg HKLM\SYSTEM\CurrentControlSet\Services\ss_conn_service@ImagePath C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (MSS CS Connectivity Service/DEVGURU Co., LTD. SIGNED)(2023-11-10 17:24:35)
Reg HKLM\SYSTEM\CurrentControlSet\Services\ss_conn_service2@ImagePath C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe (MSS CS Connectivity Service/CA - G2 SIGNED)(2023-11-10 17:24:35)
Reg HKLM\SYSTEM\CurrentControlSet\Services\ss_conn_usb_driver2@ImagePath C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys (MSS CS Connectivity USB driver/21 CA1 SIGNED)(2023-11-10 17:24:30)
Reg HKLM\SYSTEM\CurrentControlSet\Services\vpnagent@ImagePath C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (VPN Agent Service/Cisco Systems, Inc. SIGNED)(2023-04-28 21:32:56)
Reg HKLM\SYSTEM\CurrentControlSet\Services\vpnva@ImagePath C:\Windows\System32\drivers\vpnva64-6.sys (Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows/Cisco Systems, Inc. SIGNED)(2023-01-17 21:09:38)
Reg HKLM\SYSTEM\CurrentControlSet\Services\WindscribeService@ImagePath C:\Program Files\Windscribe\WindscribeService.exe (Manages the firewall and controls the VPN tunnel/Windscribe Limited SIGNED)(2023-08-20 10:35:14)
Reg HKLM\SYSTEM\CurrentControlSet\Services\WindscribeSplitTunnel@ImagePath C:\Windows\system32\DRIVERS\WindscribeSplitTunnel.sys (21 CA1 SIGNED)(2023-08-20 10:35:14)
Reg HKLM\SYSTEM\CurrentControlSet\Services\WirelessButtonDriver64@ImagePath C:\Windows\System32\drivers\WirelessButtonDriver64.sys (HP Wireless Button Driver/21 CA1 SIGNED)(2022-06-17 14:33:52)
Reg HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}@StubPath C:\Program Files\Google\Chrome\Application\120.0.6099.129\Installer\chrmstp.exe (Google Chrome Installer/21 CA1 SIGNED)(2023-12-21 08:15:48)
Reg HKLM\SOFTWARE\Microsoft\MsixRegistryCompatibility\Package\Microsoft.Paint_11.2310.42.0_x64__8wekyb3d8bbwe\User\SOFTWARE\Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\LocalServer32@ C:\Program Files\WindowsApps\Microsoft.Paint_11.2310.42.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe(2023-12-19 16:37:26)
Reg HKLM\SOFTWARE\Microsoft\Security Center\Provider\Av\{468991AE-F75E-72DE-2142-043C852BE961}@REPORTINGEXE C:\Program Files\Avira\Endpoint Protection SDK\wsc_agent.exe (Avira Real-time Protection SDK Update Agen/Avira Operations Gmb SIGNED)(2023-12-23 12:44:47)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Acrobat.exe@ C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Acrobat /21 CA1 SIGNED)(2023-11-05 03:48:06)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AcrobatInfo.exe@ C:\Program Files\Adobe\Acrobat DC\Acrobat\AcrobatInfo.exe (Adobe Acrobat /21 CA1 SIGNED)(2023-11-05 03:48:06)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\chrome.exe@ C:\Program Files\Google\Chrome\Application\chrome.exe (Google Chrome/21 CA1 SIGNED)(2023-06-08 15:22:35)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\firefox.exe@ C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation SIGNED)(2023-12-19 16:35:59)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\FoxitPDFReader.exe@ C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReader.exe (Foxit PDF Reader/21 CA1 SIGNED)(2023-08-14 07:28:06)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\thunderbird.exe@ C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Thunderbird/Mozilla Corporation SIGNED)(2023-12-22 02:49:56)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/system32/DRIVERS/ssudbus2.sys@Source C:\Windows\System32\DriverStore\FileRepository\ssudbus.inf_amd64_76330fadf036c230\amd64\ssudbus2.sys (SAMSUNG USB Composite Device Driver/21 CA1 SIGNED)(2023-11-10 17:24:30)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/system32/DRIVERS/ssudmdm.sys@Source C:\Windows\System32\DriverStore\FileRepository\ssudmdm.inf_amd64_85ed24214db389b6\amd64\ssudmdm.sys (SAMSUNG Android Modem Device Driver/21 CA1 SIGNED)(2023-11-10 17:24:30)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/ss_conn_usb_driver2.sys@Source C:\Windows\System32\DriverStore\FileRepository\ss_conn_usb_driver2.inf_amd64_2b21a2a8f9f2cfc4\amd64\ss_conn_usb_driver2.sys (MSS CS Connectivity USB driver/21 CA1 SIGNED)(2023-11-10 17:24:30)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/vpnva64-6.sys@Source C:\Windows\System32\DriverStore\FileRepository\vpnva-6.inf_amd64_f73c5a339bf7c27d\vpnva64-6.sys (Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows/Cisco Systems, Inc. SIGNED)(2023-04-28 20:50:46)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\PnpLockdownFiles\%SystemRoot%/System32/drivers/WirelessButtonDriver64.sys@Source C:\Windows\System32\DriverStore\FileRepository\wirelessbuttondriver.inf_amd64_146ce0bbdaef69c6\WirelessButtonDriver64.sys (HP Wireless Button Driver/21 CA1 SIGNED)(2022-06-17 14:33:52)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CopyTrans HEIC for Windows_is1@UninstallString C:\Program Files\CopyTrans HEIC for Windows\unins000.exe (Setup/Uninstall/Ursa Minor Ltd SIGNED)(2023-12-01 14:20:30)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mein CEWE FOTOBUCH@UninstallString C:\Program Files\CEWE\Mein CEWE FOTOBUCH\uninstall.exe(2023-11-29 17:06:06)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mein CEWE FOTOBUCH@DisplayIcon C:\Program Files\CEWE\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe(2023-11-29 17:00:40)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 121.0 (x64 en-US)@DisplayIcon C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation SIGNED)(2023-12-19 16:35:59)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 121.0 (x64 en-US)@UninstallString C:\Program Files\Mozilla Firefox\uninstall\helper.exe (Firefox Helper/Mozilla Corporation SIGNED)(2023-12-19 16:35:59)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 115.6.0 (x64 en-US)@DisplayIcon C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Thunderbird/Mozilla Corporation SIGNED)(2023-12-22 02:49:56)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Thunderbird 115.6.0 (x64 en-US)@UninstallString C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe (Thunderbird Helper/Mozilla Corporation SIGNED)(2023-12-22 02:49:56)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\weh-iss-net.downloadhelper.coapp_is1@UninstallString C:\Program Files\net.downloadhelper.coapp\unins000.exe(2023-11-08 00:06:58)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{68E1CCB4-4965-4713-BDEB-77F6D6C9BF9D}_is1@UninstallString C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe (Endpoint Protection Servic/Avira Operations Gmb SIGNED)(2023-12-23 12:44:44)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}@UninstallString C:\Program Files (x86)\Samsung\USB Drivers\Uninstall.exe (SAMSUNG USB Drivers for Mobile Phones(x64)/21 CA1 SIGNED)(2023-11-10 17:24:37)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1@DisplayIcon C:\Program Files\Windscribe\Windscribe.exe (Windscribe/Windscribe Limited SIGNED)(2023-08-20 10:35:14)
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1@UninstallString C:\Program Files\Windscribe\uninstall.exe (Setup/Uninstall/Windscribe Limited SIGNED)(2023-08-20 10:35:14)
Reg HKLM\SOFTWARE\Classes\acrobat\shell\open\command@ C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Acrobat /21 CA1 SIGNED)(2023-11-05 03:48:06)
Reg HKLM\SOFTWARE\Classes\Applications\firefox.exe\shell\open\command@ C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation SIGNED)(2023-12-19 16:35:59)
Reg HKLM\SOFTWARE\Classes\Avira.Security\shell\open\command@ C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe (Avira Security/21 CA1 SIGNED)(2023-12-23 12:43:44)
Reg HKLM\SOFTWARE\Classes\bibfile\shell\open\command@ C:\Program Files (x86)\Citavi 6\Bin\Citavi.exe (Citavi/21 CA1 SIGNED)(2023-08-15 07:19:38)
Reg HKLM\SOFTWARE\Classes\ChromeHTML\Application@ApplicationIcon C:\Program Files\Google\Chrome\Application\chrome.exe (Google Chrome/21 CA1 SIGNED)(2023-06-08 15:22:35)
Reg HKLM\SOFTWARE\Classes\Citavi.cdm6\shell\open\command@ C:\Program Files (x86)\Citavi 6\Bin\Citavi DBServer Manager.exe (Citavi 6 DBServer Manager/21 CA1 SIGNED)(2023-08-15 07:19:38)
Reg HKLM\SOFTWARE\Classes\Citavi.ctv6\shell\open\command@ C:\Program Files (x86)\Citavi 6\Bin\Citavi.exe (Citavi/21 CA1 SIGNED)(2023-08-15 07:19:38)
Reg HKLM\SOFTWARE\Classes\CLSID\{00000001-3DCC-4B48-A82E-E2071FE58E05}\InProcServer32@ C:\Program Files\Avira\Endpoint Protection SDK\amsi\x64\avamsi.dll (Avira Antimalware Scan Interface/21 CA1 SIGNED)(2023-12-23 12:44:41)
Reg HKLM\SOFTWARE\Classes\CLSID\{123FCDEB-862C-41BE-A256-19CFF2CA2F44}\LocalServer32@ C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Acrobat /21 CA1 SIGNED)(2023-11-05 03:48:06)
Reg HKLM\SOFTWARE\Classes\CLSID\{12BA069D-0FC6-4577-97C6-5DF634CE6E84}\InProcServer32@ C:\Program Files\Adobe\Acrobat DC\Acrobat\ViewerPS.dll (Acrobat Viewer ProxyStub Library/21 CA1 SIGNED)(2023-06-14 20:40:30)
Reg HKLM\SOFTWARE\Classes\CLSID\{13C3C803-0CEF-4AE1-AF81-B73DD04BCAB5}\InProcServer32@ C:\Program Files\Adobe\Acrobat DC\Acrobat\adobeafp.dll (Adobe Acrobat File Preview/21 CA1 SIGNED)(2023-09-06 23:36:42)
Reg HKLM\SOFTWARE\Classes\CLSID\{17F2E344-8227-4AA7-A25A-E89424566BBA}\InProcServer32@ C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe (Adobe PDF Broker Process for Internet Explorer/21 CA1 SIGNED)(2023-09-06 23:36:46)
Reg HKLM\SOFTWARE\Classes\CLSID\{1814CEEB-49E2-407F-AF99-FA755A7D2607}\InProcServer32@ C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll (Mozilla Foundation SIGNED)(2023-12-19 16:35:59)
Reg HKLM\SOFTWARE\Classes\CLSID\{1BFA8EF7-4C47-4FA8-94AA-3F9DFDBE58C5}\LocalServer32@ C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Acrobat /21 CA1 SIGNED)(2023-11-05 03:48:06)
Reg HKLM\SOFTWARE\Classes\CLSID\{29F458BE-8866-11D5-A3DD-00B0D0F3BAA7}\LocalServer32@ C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Thunderbird/Mozilla Corporation SIGNED)(2023-12-22 02:49:56)
Reg HKLM\SOFTWARE\Classes\CLSID\{2b9aa930-a500-485b-a159-a988e701ed78}\InprocServer32@ C:\Program Files\CopyTrans HEIC for Windows\CopyTransHEICforWindows.dll (Ursa Minor Ltd SIGNED)(2023-12-01 14:17:30)
Reg HKLM\SOFTWARE\Classes\CLSID\{2EAF0840-690A-101B-9CA8-9240CE2738AE}\LocalServer32@ C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Acrobat /21 CA1 SIGNED)(2023-11-05 03:48:06)
Reg HKLM\SOFTWARE\Classes\CLSID\{37FB52DA-F779-408D-B505-3F83CFBBFC20}\InprocHandler32@ C:\Program Files (x86)\Google\Update\1.3.36.352\psmachine_64.dll (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:08)
Reg HKLM\SOFTWARE\Classes\CLSID\{453161A5-1E23-4C83-B41B-1C6F1911F312}\InprocServer32@ C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\FoxitPDFReaderBrowserAx64.dll (21 CA1 SIGNED)(2023-08-14 06:01:02)
Reg HKLM\SOFTWARE\Classes\CLSID\{4A22008F-71EC-4200-ABB0-33F9AA90543F}\InProcServer32@ C:\Program Files\Mozilla Firefox\notificationserver.dll (Mozilla Foundation SIGNED)(2023-12-19 16:35:59)
Reg HKLM\SOFTWARE\Classes\CLSID\{6365D39F-2E73-4837-BC59-2014AAA20FA7}\InProcServer32@ C:\Program Files (x86)\Google\Update\1.3.36.352\psmachine_64.dll (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:08)
Reg HKLM\SOFTWARE\Classes\CLSID\{6D12C400-4E34-101B-9CA8-9240CE2738AE}\LocalServer32@ C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Acrobat /21 CA1 SIGNED)(2023-11-05 03:48:06)
Reg HKLM\SOFTWARE\Classes\CLSID\{6EDCD38E-8861-11D5-A3DD-00B0D0F3BAA7}\InProcServer32@ C:\Program Files\Mozilla Thunderbird\MapiProxy_InUse.dll (Mozilla.org SIGNED)(2023-12-22 02:49:56)
Reg HKLM\SOFTWARE\Classes\CLSID\{72498821-3203-101B-B02E-04021C009402}\LocalServer32@ C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Acrobat /21 CA1 SIGNED)(2023-11-05 03:48:06)
Reg HKLM\SOFTWARE\Classes\CLSID\{86E29874-F020-44C8-9E45-D360CC872BBC}\InprocServer32@ C:\Program Files\CopyTrans HEIC for Windows\CopyTransHEICforWindows.dll (Ursa Minor Ltd SIGNED)(2023-12-01 14:17:30)
Reg HKLM\SOFTWARE\Classes\CLSID\{9A9F603B-51A8-4630-AE99-4BBF01675575}\InprocServer32@ C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\FoxitPDFReaderBrowserAx64.dll (21 CA1 SIGNED)(2023-08-14 06:01:02)
Reg HKLM\SOFTWARE\Classes\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32@ C:\Program Files (x86)\Google\Update\1.3.36.352\psmachine_64.dll (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:08)
Reg HKLM\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LocalServer32@ C:\Program Files\Google\Chrome\Application\120.0.6099.129\notification_helper.exe (Google Chrome/21 CA1 SIGNED)(2023-12-21 08:15:48)
Reg HKLM\SOFTWARE\Classes\CLSID\{B801CA65-A1FC-11D0-85AD-444553540000}\LocalServer32@ C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Acrobat /21 CA1 SIGNED)(2023-11-05 03:48:06)
Reg HKLM\SOFTWARE\Classes\CLSID\{B8E661E9-A6D5-463D-9EF3-0434D51AEA3B}@LocalizedString C:\Program Files\Windscribe\ws_com.dll(2023-08-20 10:35:14)
Reg HKLM\SOFTWARE\Classes\CLSID\{B8E661E9-A6D5-463D-9EF3-0434D51AEA3B}\InProcServer32@ C:\Program Files\Windscribe\ws_proxy_stub.dll(2023-08-20 10:35:14)
Reg HKLM\SOFTWARE\Classes\CLSID\{B8E661E9-A6D5-463D-9EF3-0434D51AEA3B}\LocalServer32@ C:\Program Files\Windscribe\ws_com_server.exe(2023-08-20 10:35:14)
Reg HKLM\SOFTWARE\Classes\CLSID\{BD57A9B2-4E7D-4892-9107-9F4106472DA4}\LocalServer32@ C:\Program Files\Adobe\Acrobat DC\Acrobat\AcroBroker.exe (Adobe PDF Broker Process for Internet Explorer/21 CA1 SIGNED)(2023-09-06 23:36:46)
Reg HKLM\SOFTWARE\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\InprocServer32@ C:\Program Files\Adobe\Acrobat DC\Acrobat\plug_ins\Accessibility.api (Adobe Acrobat Accessibility Plug-in/21 CA1 SIGNED)(2023-10-09 19:50:50)
Reg HKLM\SOFTWARE\Classes\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32@ C:\Program Files (x86)\Google\Update\1.3.36.352\psmachine_64.dll (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:08)
Reg HKLM\SOFTWARE\Classes\CLSID\{CA8A9780-280D-11CF-A24D-444553540000}\InprocServer32@ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF64.dll (PDF Browser Control/21 CA1 SIGNED)(2023-08-01 05:57:12)
Reg HKLM\SOFTWARE\Classes\CLSID\{D86D3661-4F11-4a9a-AD85-772A52AE6D69}\InprocServer32@ C:\Program Files\Adobe\Acrobat DC\Acrobat\adobeafp.dll (Adobe Acrobat File Preview/21 CA1 SIGNED)(2023-09-06 23:36:42)
Reg HKLM\SOFTWARE\Classes\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}@DisplayName C:\Program Files\Adobe\Acrobat DC\Acrobat\pdfprevhndlr.dll (Adobe PDF Preview Handler/21 CA1 SIGNED)(2023-06-14 20:40:30)
Reg HKLM\SOFTWARE\Classes\CLSID\{F0B4F6AD-5E09-4CB1-B763-EC390CBDE51D}\InprocServer32@ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl64.dll (PDF Browser Control/21 CA1 SIGNED)(2023-09-06 23:36:46)
Reg HKLM\SOFTWARE\Classes\CLSID\{FD2C8897-2BE8-459c-B8E4-0D2FCFD341F0}\InprocServer32@ C:\Program Files\Adobe\Acrobat DC\Acrobat\adobeafp.dll (Adobe Acrobat File Preview/21 CA1 SIGNED)(2023-09-06 23:36:42)
Reg HKLM\SOFTWARE\Classes\CLSID\{FF76CB60-2E68-101B-B02E-04021C009402}\LocalServer32@ C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Acrobat /21 CA1 SIGNED)(2023-11-05 03:48:06)
Reg HKLM\SOFTWARE\Classes\endnotefile\shell\open\command@ C:\Program Files (x86)\Citavi 6\Bin\Citavi.exe (Citavi/21 CA1 SIGNED)(2023-08-15 07:19:38)
Reg HKLM\SOFTWARE\Classes\FirefoxHTML-308046B0AF4A39CB\shell\open\command@ C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation SIGNED)(2023-12-19 16:35:59)
Reg HKLM\SOFTWARE\Classes\FormsCentral.fcdt\shell\Open\command@ C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Acrobat /21 CA1 SIGNED)(2023-11-05 03:48:06)
Reg HKLM\SOFTWARE\Classes\FoxitPDFReader\Shell\Open\Command@ C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReader.exe (Foxit PDF Reader/21 CA1 SIGNED)(2023-08-14 07:28:06)
Reg HKLM\SOFTWARE\Classes\Installer\Products\4135AF478C58A2E409D79DCECC7B077A@ProductIcon C:\Windows\Installer\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}\ARPPRODUCTICON.exe (InstallShield/Flexera Software LLC)(2023-11-10 17:23:49)
Reg HKLM\SOFTWARE\Classes\Installer\Products\540133A64FF89CB4C9655E39CAEA822C@ProductIcon C:\Windows\Installer\{6A331045-8FF4-4BC9-9C56-E593ACAE28C2}\ARPPRODUCTICON.exe (InstallShield/Flexera Software, Inc.)(2023-07-11 16:40:20)
Reg HKLM\SOFTWARE\Classes\Installer\Products\68AB67CA330133017706CB5110E47A00@ProductIcon C:\Windows\Installer\{AC76BA86-1033-1033-7760-BC15014EA700}\_SC_Acrobat.ico (InstallShield/Flexera Software LLC)(2023-07-06 15:00:00)
Reg HKLM\SOFTWARE\Classes\launchreader\shell\open\command@ C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Acrobat /21 CA1 SIGNED)(2023-11-05 03:48:06)
Reg HKLM\SOFTWARE\Classes\mcf-pbf-file\shell\Mein CEWE FOTOBUCH.exe\command@ C:\Program Files\CEWE\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe(2023-11-29 17:00:40)
Reg HKLM\SOFTWARE\Classes\OvidSP File\shell\open\command@ C:\Program Files (x86)\Citavi 6\Bin\Citavi.exe (Citavi/21 CA1 SIGNED)(2023-08-15 07:19:38)
Reg HKLM\SOFTWARE\Classes\SOFTWARE\Adobe\Acrobat\Exe@ C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe (Adobe Acrobat /21 CA1 SIGNED)(2023-11-05 03:48:06)
Reg HKLM\SOFTWARE\Classes\Thunderbird.Url.mailto\shell\open\command@ C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Thunderbird/Mozilla Corporation SIGNED)(2023-12-22 02:49:56)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{00000001-3DCC-4B48-A82E-E2071FE58E05}\InProcServer32@ C:\Program Files\Avira\Endpoint Protection SDK\amsi\Win32\avamsi.dll (Avira Antimalware Scan Interface/21 CA1 SIGNED)(2023-12-23 12:44:41)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{24DA047B-40C0-4018-841B-6B7409F730FC}\InprocServer32@ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll (PDF Browser Control/21 CA1 SIGNED)(2023-08-01 05:57:12)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{25461599-633D-42B1-84FB-7CD68D026E53}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:09)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{2b9aa930-a500-485b-a159-a988e701ed78}\InprocServer32@ C:\Program Files (x86)\CopyTrans HEIC for Windows\CopyTransHEICforWindows.dll (Ursa Minor Ltd SIGNED)(2023-12-01 14:17:30)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{37FB52DA-F779-408D-B505-3F83CFBBFC20}\InprocHandler32@ C:\Program Files (x86)\Google\Update\1.3.36.352\psmachine.dll (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:08)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{453161A5-1E23-4C83-B41B-1C6F1911F312}\InprocServer32@ C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\FoxitPDFReaderBrowserAx.dll (21 CA1 SIGNED)(2023-08-14 05:58:26)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.36.352\goopdate.dll (Google Update/21 CA1 SIGNED)(2023-12-07 09:56:56)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{521FDB42-7130-4806-822A-FC5163FAD983}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateBroker.exe (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:09)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{548A1F06-AECE-4506-8ABB-5E3D3A99B67B}\InProcServer32@ C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnapi.dll (AnyConnect Secure Mobility Client VPN API/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:24)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{54D85801-93A9-4057-B56E-FD345BC138B9}\InProcServer32@ C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\pddomproxy.dll (Foxit PDF Library/21 CA1 SIGNED)(2023-08-14 05:57:28)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.36.352\goopdate.dll (Google Update/21 CA1 SIGNED)(2023-12-07 09:56:56)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{598FE0E5-E02D-465D-9A9D-37974A28FD42}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:09)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{6365D39F-2E73-4837-BC59-2014AAA20FA7}\InProcServer32@ C:\Program Files (x86)\Google\Update\1.3.36.352\psmachine.dll (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:08)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}\InProcServer32@ C:\Windows\SysWow64\secman.dll (Security Manager Component for Microsoft Outlook allows to turn off and on Outlook Object Model Security Guard/MAPILab Ltd. & Add-in Express Ltd. SIGNED)(2023-11-10 17:23:51)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.36.352\goopdate.dll (Google Update/21 CA1 SIGNED)(2023-12-07 09:56:56)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{6F8BD55B-E83D-4A47-85BE-81FFA8057A69}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateBroker.exe (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:09)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{74A13FDD-9BCF-4229-9CAB-0079A5E17A25}\InprocServer32@ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl.dll (PDF Browser Control/21 CA1 SIGNED)(2023-09-06 23:36:46)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{7DE94008-8AFD-4C70-9728-C6FBFFF6A73E}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateBroker.exe (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:09)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}\InprocServer32@ C:\Windows\SysWow64\secman.dll (Security Manager Component for Microsoft Outlook allows to turn off and on Outlook Object Model Security Guard/MAPILab Ltd. & Add-in Express Ltd. SIGNED)(2023-11-10 17:23:51)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{86E29874-F020-44C8-9E45-D360CC872BBC}\InprocServer32@ C:\Program Files (x86)\CopyTrans HEIC for Windows\CopyTransHEICforWindows.dll (Ursa Minor Ltd SIGNED)(2023-12-01 14:17:30)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.36.352\goopdate.dll (Google Update/21 CA1 SIGNED)(2023-12-07 09:56:56)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{8A1D4361-2C08-4700-A351-3EAA9CBFF5E4}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateBroker.exe (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:09)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{9A9F603B-51A8-4630-AE99-4BBF01675575}\InprocServer32@ C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\FoxitPDFReaderBrowserAx.dll (21 CA1 SIGNED)(2023-08-14 05:58:26)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.36.352\goopdate.dll (Google Update/21 CA1 SIGNED)(2023-12-07 09:56:56)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{9B2340A0-4068-43D6-B404-32E27217859D}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:09)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{9D6AA569-9F30-41AD-885A-346685C74928}\InprocServer32@ C:\Program Files (x86)\Google\Update\1.3.36.352\psmachine.dll (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:08)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{ABC01078-F197-4B0B-ADBC-CFE684B39C82}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:09)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.36.352\goopdate.dll (Google Update/21 CA1 SIGNED)(2023-12-07 09:56:56)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{ADDF22CF-3E9B-4CD7-9139-8169EA6636E4}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:09)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}@LocalizedString C:\Program Files (x86)\Google\Update\1.3.36.352\goopdate.dll (Google Update/21 CA1 SIGNED)(2023-12-07 09:56:56)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{B3D28DBD-0DFA-40E4-8071-520767BADC7E}\LocalServer32@ C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleUpdateOnDemand.exe (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:09)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{C15C0F4F-DDFB-4591-AD53-C9A71C9C15C0}\InprocServer32@ C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnapi.dll (AnyConnect Secure Mobility Client VPN API/Cisco Systems, Inc. SIGNED)(2023-04-28 21:33:24)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{C6271107-A214-4F11-98C0-3F16BC670D28}\InprocServer32@ C:\Program Files (x86)\Google\Update\1.3.36.352\psmachine.dll (Google Update/21 CA1 SIGNED)(2023-12-07 09:57:08)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{CA8A9780-280D-11CF-A24D-444553540000}\InprocServer32@ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll (PDF Browser Control/21 CA1 SIGNED)(2023-08-01 05:57:12)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{DC6EFB56-9CFA-464D-8880-44885D7DC193}@DisplayName C:\Program Files\Adobe\Acrobat DC\Acrobat\pdfprevhndlr.dll (Adobe PDF Preview Handler/21 CA1 SIGNED)(2023-06-14 20:40:30)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{EE5A151A-AD2A-4CEE-AD65-228B59F5B4AD}\InProcServer32@ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll (PDF Browser Control/21 CA1 SIGNED)(2023-08-01 05:57:12)
Reg HKLM\SOFTWARE\Classes\WOW6432Node\CLSID\{F0B4F6AD-5E09-4CB1-B763-EC390CBDE51D}\InprocServer32@ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDFImpl.dll (PDF Browser Control/21 CA1 SIGNED)(2023-09-06 23:36:46)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\mspaint.exe@ C:\Program Files\WindowsApps\Microsoft.Paint_11.2310.42.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe(2023-12-19 16:37:26)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\notepad.exe@ C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2310.13.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe(2023-12-02 07:03:25)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\SnippingTool.exe@ C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2310.54.0_x64__8wekyb3d8bbwe\SnippingTool\SnippingTool.exe(2023-12-02 07:03:24)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\WindowsPackageManagerServer.exe@ C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.3482.0_x64__8wekyb3d8bbwe\WindowsPackageManagerServer.exe(2023-12-21 19:29:08)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\App Paths\winget.exe@ C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.21.3482.0_x64__8wekyb3d8bbwe\winget.exe(2023-12-21 19:29:08)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@org.whispersystems.signal-desktop C:\Users\PC\AppData\Local\Programs\signal-desktop\Signal.exe (Signal/2 SIGNED)(2023-07-10 15:25:35)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Windscribe C:\Program Files\Windscribe\Windscribe.exe (Windscribe/Windscribe Limited SIGNED)(2023-08-20 10:35:14)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\1182e88030ca76f34631fe25fe5c9c71@UninstallString C:\Program Files\Google\Chrome\Application\chrome.exe (Google Chrome/21 CA1 SIGNED)(2023-06-08 15:22:35)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\7d96caee-06e6-597c-9f2f-c7bb2e0948b4@UninstallString C:\Users\PC\AppData\Local\Programs\signal-desktop\Uninstall Signal.exe (Private messaging from your desktop/2 SIGNED)(2023-11-30 02:40:22)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\7d96caee-06e6-597c-9f2f-c7bb2e0948b4@DisplayIcon C:\Users\PC\AppData\Local\Programs\signal-desktop\Signal.exe (Signal/2 SIGNED)(2023-07-10 15:25:35)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\b2a229ee517bba9f648c7093450bc695@UninstallString C:\Program Files\Google\Chrome\Application\chrome.exe (Google Chrome/21 CA1 SIGNED)(2023-06-08 15:22:35)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoomUMX@DisplayIcon C:\Users\PC\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Meetings/21 CA1 SIGNED)(2023-12-05 15:29:57)
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZoomUMX@UninstallString C:\Users\PC\AppData\Roaming\Zoom\uninstall\Installer.exe (Zoom Installer/21 CA1 SIGNED)(2023-12-05 15:30:03)
---- Files - GMER 2.2 ----
File C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\storage\default\https+++mail.google.com\cache\context_open.marker 0 bytes
---- EOF - GMER 2.2 ----
Geändert von kar_y_na (23.12.2023 um 18:08 Uhr) |
|
23.12.2023, 17:42
| #2 |
| | Microsoft Edge öffnet nachts eigenständig Websites Hi!
__________________Am 21.12.23 abends habe ich meinen Laptop auf Energiesparen gestellt, um am nächsten Morgen von meinen Mitbewohnern zu erfahren, dass sie Stimmen aus meinem Laptop gehört hatten. Als ich den Laptop geöffnet habe, waren mehrere "Desktops" darauf geöffnet, die Icons waren größer eingestellt, als ich es am Abend zuvor hinterlassen hatte und auf jedem wurde ich zur Eingabe meines Windows Kennworts gebeten. Ich habe versucht, es wegzuklicken. Als das nicht ging, habe ich den Laptop heruntergefahren. Als ich den Laptop wieder gestartet habe, habe ich im Suchverlauf gesehen, dass bei Microsoft Edge mehrere Websites geöffnet worden waren. Diese waren in der Reihenfolge: MSN Wetter (2x), Microsoft Edge ("Ihr Browser wurde auf die neueste Version aktualisiert"), zwei verschiedene MSN Nachrichtenseiten, 2 Suchanfragen "Kate Hudson" auf bing.com und www.tiktok.com (was ich fast nie nutze, das war auch der Grund für die gehörten Stimmen). Zusätzlich ist seitdem mein Microsoft Konto auf meinem PC (und auch auf Edge abgemeldet). Ich habe aus Sorge, mein Passwort damit preiszugeben, dieses nicht eingegeben. Mir ist noch nie passiert, dass mein Laptop selbstständig Webseiten öffnet. Daher 2 Fragen: Ist das ein Virus/Malware/Trojaner? Falls ja, wie kann ich diesen vollständig entfernen? Das habe ich seither gemacht: 22.12. war der Laptop aus, heruntergefahren 23.12., heute, habe ich einige Programme, die im letzten Monat installiert wurden, deinstalliert. 7zip, Mozilla Maintenance Service, Aryson MBOX, TikTok, leider aus Versehen Microsoft Office Professional Plus 2019, Kurznotizen, Microsoft Power Automate. Mit dem Windows Virenschutz habe ich einen ausführlichen Scan gestartet, der hatte mir FileZilla als potentielle Bedrohung gezeigt (weiß nicht, wie ich hier an die Logfiles komme). Dann habe ich Avira installiert und den Scan gestartet (Logfiles hoffentlich gleich anbei) und schließlich als ich auf diese Website gestoßen bin, habe ich FRST installiert und gestartet. Um die Logfiles von Avira zu bekommen (habe eine neue Version, die Verwaltung/Ereignisse nicht hat), habe ich gerade im Anschluss noch GMER.exe heruntergeladen, den Scan gestartet und diesen angefügt. Da ich die Avira Logdaten nicht habe, hier ein Hinweis, was gefunden wurde: 2 Dateien namens JS/ExtenBro.MEK. Ich weiß leider nicht, wie ich die Logs in mehrere Beiträge bringe, ohne mir zu antworten oder zwei Themen zu öffnen- deshalb ist die GMER Logdatei bisher nicht dabei. Ich füge sie gern z.B. nach der ersten Antwort hinzu oder wenn mir jemand sagt/ich rausfinde, wie ich 2 Beiträge mache. Danke im Voraus für die Hilfe!! Hier zuerst FRST Log, dann Addition Log von FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 22-12-2023
durchgeführt von PC (Administrator) auf DESKTOP-N67O51V (HP HP 255 G8 Notebook PC) (23-12-2023 14:15:55)
Gestartet von C:\Users\PC\Downloads\FRST64.exe
Geladene Profile: PC
Plattform: Microsoft Windows 11 Pro Version 21H2 22000.2538 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.UI.Application.exe
(C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\SentryEye.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.30700.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.77\msedgewebview2.exe <12>
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\BridgeCommunication.exe
(DriverStore\FileRepository\u0376573.inf_amd64_8aae8753e0431618\B374868\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0376573.inf_amd64_8aae8753e0431618\B374868\atieclxx.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <14>
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe <3>
(explorer.exe ->) (Signal Messenger, LLC -> Signal Messenger, LLC) C:\Users\PC\AppData\Local\Programs\signal-desktop\Signal.exe <4>
(explorer.exe ->) (Windscribe Limited -> Windscribe Limited) C:\Program Files\Windscribe\Windscribe.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <36>
(SECOMN64.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0376573.inf_amd64_8aae8753e0431618\B374868\atiesrxx.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe
(services.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_2f779d0a8fdf496c\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\SysInfoCap.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkWiFiManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_e80fb7173daab733\RtkAudUService64.exe <3>
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Windscribe Limited -> Windscribe Limited) C:\Program Files\Windscribe\WindscribeService.exe
(svchost.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.25873.9001.0_x64__8wekyb3d8bbwe\SecHealthUI.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.30700.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\SecurityHealth\1.0.2306.10002-0\SecurityHealthHost.exe <2>
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_e80fb7173daab733\RtkAudUService64.exe [3496296 2022-11-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2044568 2023-04-28] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\Run: [MicrosoftEdgeAutoLaunch_B47356396DDD0FAAE76D0ED141F5CEA2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854376 2023-12-14] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\Run: [org.whispersystems.signal-desktop] => C:\Users\PC\AppData\Local\Programs\signal-desktop\Signal.exe [163723200 2023-11-30] (Signal Messenger, LLC -> Signal Messenger, LLC)
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\PC\AppData\Local\Microsoft\Teams\Update.exe [2589872 2023-12-01] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\Run: [Lync] => "C:\Program Files\Microsoft Office\root\Office16\lync.exe" /fromrunkey (Keine Datei)
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\Run: [Windscribe] => C:\Program Files\Windscribe\Windscribe.exe [5820256 2023-08-20] (Windscribe Limited -> Windscribe Limited)
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\Run: [] => [X]
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\MountPoints2: {04744ccc-186a-11ee-a0fd-f0a654c7e720} - "D:\LaunchU3.exe" -a
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\MountPoints2: {1bba6ef6-4dc6-11ee-a0ff-00e04c3674dd} - "D:\RTK_NIC_DRIVER_INSTALLER.sfx.exe"
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\120.0.6099.129\Installer\chrmstp.exe [2023-12-21] (Google LLC -> Google LLC)
GroupPolicy: Beschränkung ? <==== ACHTUNG
GroupPolicy-Firefox: Beschränkung <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {F1A96586-FD36-4B63-AA09-F8A507206F80} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-21] (Adobe Inc. -> Adobe Inc.)
Task: {00951599-F01D-4CF6-BDE6-0427A1FAB552} - System32\Tasks\Avira_FallbackUpdater => C:\Windows\system32\sc.exe [94208 2021-06-05] (Microsoft Windows -> Microsoft Corporation) -> start AviraFallbackUpdater Delayed=false
Task: {5CDC5E8C-BB44-4713-A1EE-5A8DEEE6CCB2} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry
Task: {5CDC5E8C-BB44-4713-A1EE-5A8DEEE6CCB2} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog
Task: {5CDC5E8C-BB44-4713-A1EE-5A8DEEE6CCB2} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector
Task: {41C933F6-6CE2-4AC0-AF0F-9CB93453FC0D} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [260360 2023-12-18] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {61E663FC-487B-472B-B43A-C470B7D37E6F} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1813000 2023-12-18] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {36B8DC9B-1903-4AC9-941A-7ACEC837F816} - System32\Tasks\Avira_Security_Update => C:\Windows\system32\net.exe [81920 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
Task: {6C2562B8-1A9E-406A-9E34-763838A2B5E4} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [37097112 2023-12-23] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {2055F9FC-CAA6-4C13-B096-A3E1686766C1} - System32\Tasks\GoogleUpdateTaskMachineCore{EC1159AD-2AA5-4980-9CD9-AE9146ECA513} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-06-08] (Google LLC -> Google LLC)
Task: {A23628F5-2E87-416C-8431-5312AAC7799E} - System32\Tasks\GoogleUpdateTaskMachineUA{5847186A-3DEB-4816-960D-47E75862EA08} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-06-08] (Google LLC -> Google LLC)
Task: {A7DDEB2D-04D1-417B-ADFA-FBA9FE3FAAAA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2023-12-19] (Mozilla Corporation -> Mozilla Foundation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{46fed04a-97b3-4d2f-ba03-2efce39b3323}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{46fed04a-97b3-4d2f-ba03-2efce39b3323}: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{91d464f8-e578-4053-982a-0ceae5058406}: [DhcpNameServer] 200.73.96.146 190.104.12.42
Tcpip\..\Interfaces\{f4ee2eeb-1fc4-404e-b303-917efd9b6667}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{f4ee2eeb-1fc4-404e-b303-917efd9b6667}: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{f4ee2eeb-1fc4-404e-b303-917efd9b6667}\64259445A51224F6870273439303: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{f4ee2eeb-1fc4-404e-b303-917efd9b6667}\64259445A51224F6870273439303: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{f4ee2eeb-1fc4-404e-b303-917efd9b6667}\75C414E4D2442333439353: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{f4ee2eeb-1fc4-404e-b303-917efd9b6667}\75C414E4D2442333439353: [DhcpDomain] Speedport_W_921V_1_48_000
Tcpip\..\Interfaces\{f4ee2eeb-1fc4-404e-b303-917efd9b6667}\B4162796E616: [DhcpNameServer] 192.168.61.183
Tcpip\..\Interfaces\{f4ee2eeb-1fc4-404e-b303-917efd9b6667}\E264275656145627F60757562747F6744544: [DhcpNameServer] 200.123.4.2 200.123.2.222 8.8.8.8
Tcpip\..\Interfaces\{f4ee2eeb-1fc4-404e-b303-917efd9b6667}\E6F62746029494: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{f4ee2eeb-1fc4-404e-b303-917efd9b6667}\E6F62746029494: [DhcpDomain] fritz.box
Edge:
=======
Edge Profile: C:\Users\PC\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-23]
Edge Extension: (Avira Safe Shopping) - C:\Users\PC\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2023-12-23]
Edge Extension: (Google Docs Offline) - C:\Users\PC\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-11-15]
Edge Extension: (Edge relevant text changes) - C:\Users\PC\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-17]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
Edge HKLM-x32\...\Edge\Extension: [mielbhbkcliienpdicphhecpodcaeefg]
FireFox:
========
FF DefaultProfile: f7ocj1ka.default
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\f7ocj1ka.default [2023-05-29]
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release [2023-12-23]
FF Homepage: Mozilla\Firefox\Profiles\ec0rkfhe.default-release -> hxxps://www.ecosia.org/?c=de
FF Notifications: Mozilla\Firefox\Profiles\ec0rkfhe.default-release -> hxxps://web.instahelp.me
FF Extension: (Facebook Container) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\@contain-facebook.xpi [2023-07-20]
FF Extension: (Google Scholar-Schaltfläche) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\button@scholar.google.com.xpi [2023-07-04]
FF Extension: (Cisco Webex Extension) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\ciscowebexstart1@cisco.com.xpi [2023-07-04]
FF Extension: (Language: Deutsch (German)) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\langpack-de@firefox.mozilla.org.xpi [2023-12-22]
FF Extension: (uBlock Origin) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\uBlock0@raymondhill.net.xpi [2023-12-06]
FF Extension: (Citavi Picker) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2023-07-04]
FF Extension: (Snowflake) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\{b11bea1f-a888-4332-8d8a-cec2be7d24b9}.xpi [2023-07-04]
FF Extension: (Video DownloadHelper) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2023-09-01]
FF Extension: (Ecosia – Die Suchmaschine, die Bäume pflanzt) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2023-07-04]
FF Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-07-04]
FF Extension: (Citavi Picker) - C:\Program Files\Mozilla Firefox\distribution\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2023-06-21]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-11-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-08-14] (FOXIT SOFTWARE INC. -> Foxit Corporation)
Chrome:
=======
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default [2023-12-23]
CHR Notifications: Default -> hxxps://clickdoc.elvi.de
CHR Extension: (Documentos de Google sin conexión) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-30]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2023-09-18]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-06-08]
CHR Extension: (Citavi Picker) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2023-07-12]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-21] (Adobe Inc. -> Adobe Inc.)
S2 AviraFallbackUpdater; C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe [6576104 2023-12-23] (Avira Operations GmbH -> Avira Operations GmbH)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [3003056 2023-06-29] (Avira Operations GmbH -> Avira Operations GmbH)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [389096 2023-09-06] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [266936 2023-12-18] (Avira Operations GmbH -> Avira Operations GmbH)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [297392 2023-12-18] (Avira Operations GmbH -> Avira Operations GmbH)
R2 EndpointProtectionService; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [11261592 2023-12-14] (Avira Operations GmbH -> Avira Operations GmbH)
S3 EndpointProtectionService2; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [11261592 2023-12-14] (Avira Operations GmbH -> Avira Operations GmbH)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2432608 2023-08-14] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 HPAppHelperCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\AppHelperCap.exe [887856 2023-10-25] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\DiagsCap.exe [886720 2023-10-25] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\NetworkCap.exe [882728 2023-10-25] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2023-11-14] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\SysInfoCap.exe [886832 2023-10-25] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_2f779d0a8fdf496c\x64\TouchpointAnalyticsClientService.exe [491648 2023-10-24] (HP Inc. -> HP Inc.)
R2 RtkWiFiManServ; C:\Windows\RtkWiFiManServ.exe [827936 2021-06-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R2 SECOMNService; C:\Windows\System32\SECOMN64.exe [743904 2022-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [402248 2023-10-11] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2022-10-04] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2022-10-04] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files\Windscribe\WindscribeService.exe [1085280 2023-08-20] (Windscribe Limited -> Windscribe Limited)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 acsock; C:\Windows\system32\DRIVERS\acsock64.sys [310216 2023-04-28] (Microsoft Windows Hardware Compatibility Publisher -> Cisco Systems, Inc.)
R3 AMDAfdAudioService; C:\Windows\System32\DriverStore\FileRepository\amdacpafd.inf_amd64_49eb6a8a3f603dc1\amdacpafd.sys [361936 2022-02-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdwddmg; C:\Windows\System32\DriverStore\FileRepository\u0376573.inf_amd64_8aae8753e0431618\B374868\amdkmdag.sys [80558960 2022-02-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R0 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [190712 2023-12-12] (Avira Operations GmbH -> Avira Operations GmbH)
R1 BdSentry; C:\Windows\System32\DRIVERS\BdSentry.sys [233560 2023-12-12] (Avira Operations GmbH -> Avira Operations GmbH)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [507904 2021-11-04] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [180224 2021-11-04] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [98304 2021-06-05] (Microsoft Corporation) [Datei ist nicht signiert]
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-10-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 HPCustomCapDriver; C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
R1 netprotection_network_filter; C:\Windows\System32\drivers\netprotection_network_filter.sys [114992 2023-12-14] (Avira Operations GmbH -> Avira Operations GmbH)
S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_d2a498d51a4f7bec\rtcx21x64.sys [409000 2021-06-01] (Realtek Semiconductor Corp. -> Realtek)
S0 rtp_elam; C:\Windows\System32\DRIVERS\rtp_elam.sys [28784 2023-12-14] (Microsoft Windows Early Launch Anti-Malware Publisher -> Avira Operations GmbH)
R1 rtp_filter; C:\Windows\System32\DRIVERS\rtp_filter.sys [376952 2023-12-14] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_traverse; C:\Windows\system32\DRIVERS\rtp_traverse.sys [41984 2023-12-14] (Avira Operations GmbH -> Avira Operations GmbH)
S3 rtux64w10; C:\Windows\System32\DriverStore\FileRepository\rtux64w10.inf_amd64_a39ece60dbc76c55\rtux64w10.sys [683520 2021-06-05] (Microsoft Windows -> Realtek Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-10-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-10-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 tapwindscribe0901; C:\Windows\System32\drivers\tapwindscribe0901.sys [57768 2023-08-20] (Windscribe Limited -> The OpenVPN Project)
S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [74064 2023-04-28] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [55856 2023-12-08] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [103656 2021-06-05] (Microsoft Windows -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [594304 2023-12-08] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-08] (Microsoft Windows -> Microsoft Corporation)
S3 WindscribeSplitTunnel; C:\Windows\system32\DRIVERS\WindscribeSplitTunnel.sys [38152 2023-08-20] (Windscribe Limited -> )
R3 windtun420; C:\Windows\System32\drivers\windtun420.sys [47544 2023-08-20] (Windscribe Limited -> WireGuard LLC)
S3 WireGuard; C:\Windows\System32\drivers\wireguard.sys [489368 2023-08-20] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2023-12-23 14:15 - 2023-12-23 14:16 - 000027744 _____ C:\Users\PC\Downloads\FRST.txt
2023-12-23 14:15 - 2023-12-23 14:16 - 000000000 ____D C:\FRST
2023-12-23 14:12 - 2023-12-23 14:12 - 002387456 _____ (Farbar) C:\Users\PC\Downloads\FRST64.exe
2023-12-23 13:46 - 2023-12-23 13:46 - 000000000 ____D C:\Users\Public\Security Sessions
2023-12-23 13:45 - 2023-12-23 13:45 - 000000000 ____D C:\Windows\SysWOW64\statReporter
2023-12-23 13:45 - 2023-12-23 13:45 - 000000000 ____D C:\Users\PC\AppData\Local\AviraWebView2Cache
2023-12-23 13:45 - 2023-12-23 13:45 - 000000000 _____ C:\Windows\system32\rtp.db
2023-12-23 13:45 - 2023-12-14 09:09 - 000114992 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\netprotection_network_filter.sys
2023-12-23 13:44 - 2023-12-23 13:46 - 000000000 ____D C:\Users\PC\AppData\Local\Avira
2023-12-23 13:44 - 2023-12-23 13:44 - 000000000 ____D C:\Program Files\Avira
2023-12-23 13:44 - 2023-12-14 12:54 - 000376952 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\rtp_filter.sys
2023-12-23 13:44 - 2023-12-14 12:54 - 000041984 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\rtp_traverse.sys
2023-12-23 13:44 - 2023-12-12 20:36 - 000190712 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\BdNet.sys
2023-12-23 13:44 - 2023-12-12 19:33 - 000233560 _____ (Avira Operations GmbH) C:\Windows\system32\Drivers\BdSentry.sys
2023-12-23 13:43 - 2023-12-23 13:44 - 000000000 ____D C:\Users\Public\Speedup Sessions
2023-12-23 13:43 - 2023-12-23 13:44 - 000000000 ____D C:\ProgramData\Avira
2023-12-23 13:43 - 2023-12-23 13:44 - 000000000 ____D C:\Program Files (x86)\Avira
2023-12-23 13:43 - 2023-12-23 13:43 - 006576104 _____ (Avira Operations GmbH) C:\Users\PC\Downloads\avira_de_sptl1_3276aa397672fa93__pavwws-spotlight-release.exe
2023-12-23 13:43 - 2023-12-23 13:43 - 000003888 _____ C:\Windows\system32\Tasks\Avira_Security_Maintenance
2023-12-23 13:43 - 2023-12-23 13:43 - 000003776 _____ C:\Windows\system32\Tasks\AviraSystemSpeedupVerify
2023-12-23 13:43 - 2023-12-23 13:43 - 000003702 _____ C:\Windows\system32\Tasks\Avira_FallbackUpdater
2023-12-23 13:43 - 2023-12-23 13:43 - 000003478 _____ C:\Windows\system32\Tasks\Avira_Security_Update
2023-12-23 13:43 - 2023-12-23 13:43 - 000003428 _____ C:\Windows\system32\Tasks\Avira_Security_Service_SCM_Watchdog
2023-12-23 13:43 - 2023-12-23 13:43 - 000002818 _____ C:\Windows\system32\Tasks\Avira_Security_Systray
2023-12-23 13:43 - 2023-12-23 13:43 - 000001150 _____ C:\Users\Public\Desktop\Avira.lnk
2023-12-23 13:43 - 2023-12-23 13:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2023-12-23 12:44 - 2023-12-23 12:44 - 000000448 __RSH C:\ProgramData\ntuser.pol
2023-12-23 12:43 - 2023-12-23 12:43 - 102236160 _____ C:\Windows\system32\config\SOFTWARE
2023-12-23 12:08 - 2023-12-23 12:43 - 000000000 ____D C:\Windows\Microsoft Antimalware
2023-12-22 03:49 - 2023-12-22 08:53 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2023-12-19 17:51 - 2023-12-19 17:53 - 000000000 ____D C:\Users\PC\Downloads\Shein fotos
2023-12-19 17:35 - 2023-12-23 12:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-12-14 22:33 - 2023-12-14 22:40 - 000549078 _____ C:\Users\PC\Downloads\Anmeldeformular.pdf
2023-12-07 11:04 - 2023-12-07 11:04 - 000138964 _____ C:\Users\PC\Downloads\Kostenerstattung der medizinischen Behandlung während der Entsendung-1.pdf
2023-12-07 11:02 - 2023-12-07 11:02 - 000150682 _____ C:\Users\PC\Downloads\Kostenerstattung der medizinischen Behandlung während der Entsendung.pdf
2023-12-06 21:54 - 2023-12-06 21:54 - 000059699 _____ C:\Users\PC\Downloads\20231206215449_TK-Behandlung im Ausland - Rechnung einreichen.pdf
2023-12-05 16:30 - 2023-12-05 16:30 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-12-05 14:41 - 2023-12-05 14:41 - 005790266 _____ C:\Users\PC\Downloads\978-3-662-55379-4-1_compressed_compressed.pdf
2023-12-05 14:35 - 2023-12-05 14:35 - 008201822 _____ C:\Users\PC\Downloads\978-3-662-55379-4-1_compressed.pdf
2023-12-05 14:32 - 2023-12-05 14:32 - 010289435 _____ C:\Users\PC\Downloads\978-3-662-55379-4-1.pdf
2023-12-05 14:10 - 2023-12-05 14:11 - 013674838 _____ C:\Users\PC\Downloads\978-3-662-55379-4.pdf
2023-12-04 16:43 - 2023-12-04 16:43 - 000795918 _____ C:\Users\PC\Downloads\Einladung EG Karina Hagemann.pdf
2023-12-01 15:17 - 2023-12-01 15:20 - 000000000 ____D C:\Program Files\CopyTrans HEIC for Windows
2023-12-01 15:17 - 2023-12-01 15:20 - 000000000 ____D C:\Program Files (x86)\CopyTrans HEIC for Windows
2023-12-01 15:17 - 2023-12-01 15:17 - 000000000 ____D C:\ProgramData\WindSolutions
2023-12-01 15:16 - 2023-12-01 15:16 - 007838192 _____ (Ursa Minor Ltd ) C:\Users\PC\Downloads\CopyTransHEICforWindowsv2.000.exe
2023-12-01 15:14 - 2023-12-01 15:14 - 000151113 _____ C:\Users\PC\Downloads\AMALIA GALINDO 2023.pdf
2023-12-01 12:12 - 2023-12-01 12:12 - 000000000 ___HD C:\OneDriveTemp
2023-12-01 11:23 - 2023-12-01 11:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMyFone
2023-12-01 11:22 - 2023-12-01 11:22 - 034935032 _____ (Shenzhen iMyFone Technology Co., Ltd. ) C:\Users\PC\Downloads\heic-converter-setup.exe
2023-12-01 11:20 - 2023-12-01 11:20 - 048414720 _____ C:\Users\PC\Downloads\JPEGminiPro_installer_4_0_0_8.msi
2023-12-01 09:51 - 2023-12-01 09:52 - 000051762 _____ C:\Users\PC\Downloads\Steckbrief V. Carré.pdf
2023-12-01 09:51 - 2023-12-01 09:51 - 000259724 _____ C:\Users\PC\Downloads\Steckbrief_NinaPoetzl.pdf
2023-12-01 09:51 - 2023-12-01 09:51 - 000046485 _____ C:\Users\PC\Downloads\Vorlage Steckbrief.pdf
2023-12-01 09:50 - 2023-12-01 09:50 - 000079583 _____ C:\Users\PC\Downloads\Steckbrief Lena Flacke.pdf
2023-12-01 09:50 - 2023-12-01 09:50 - 000071856 _____ C:\Users\PC\Downloads\Steckbrief-1.pdf
2023-12-01 09:47 - 2023-12-01 09:47 - 000052269 _____ C:\Users\PC\Downloads\Steckbrief.pdf
2023-11-29 22:36 - 2023-11-29 22:36 - 006887812 _____ C:\Users\PC\Downloads\combinepdf.pdf
2023-11-29 18:02 - 2023-12-08 19:30 - 000000000 ____D C:\Users\PC\Desktop\Jonael Fotobuch
2023-11-29 18:00 - 2023-11-29 18:00 - 000000000 ____D C:\Program Files\CEWE
2023-11-29 17:59 - 2023-11-29 17:59 - 008168976 _____ C:\Users\PC\Downloads\setup_Mein_CEWE_FOTOBUCH.exe
2023-11-29 14:59 - 2023-11-29 14:59 - 000000165 ____H C:\Users\PC\Documents\~$01_Tagesplan2_2.xlsx
2023-11-27 20:19 - 2023-11-27 20:19 - 000184732 _____ C:\Users\PC\Downloads\978-3-319-71928-3_30.pdf
2023-11-27 19:20 - 2023-11-27 19:20 - 000494584 _____ C:\Users\PC\Downloads\paper0226.pdf
2023-11-27 17:07 - 2023-11-27 17:07 - 000995578 _____ C:\Users\PC\Downloads\Este Tierra Brilliante This Brilliant Earth.pdf
2023-11-27 15:47 - 2023-11-27 15:47 - 002411669 _____ C:\Users\PC\Downloads\Broschüre Folsäure, dt.pdf
2023-11-27 14:47 - 2023-11-27 14:47 - 000388403 _____ C:\Users\PC\Downloads\909862aaa-1.pdf
2023-11-26 21:11 - 2023-11-26 21:11 - 000137024 _____ (Zoom Video Communications, Inc.) C:\Users\PC\Downloads\Zoom_cm_fof5M0usfg0ouwZ9vvrZo4_m90p4i1TXedP-oTdNSPwEfNyFQBWh4yOpbrk@7hGIW7oXx9gRm+Lh_k8c12a4102dcb6480_.exe
2023-11-26 19:01 - 2023-11-26 19:01 - 000161407 _____ C:\Users\PC\Downloads\DE Jabra Elite 8 Active Tech Sheet A4 Web 160823.pdf
2023-11-24 20:43 - 2023-12-23 13:16 - 000000000 ____D C:\Program Files\7-Zip
2023-11-24 20:42 - 2023-11-24 20:42 - 001589510 _____ (Igor Pavlov) C:\Users\PC\Downloads\7z2301-x64.exe
2023-11-24 20:41 - 2023-11-24 20:41 - 000417232 _____ C:\Users\PC\Downloads\Chat_GPT-5 for PC Installation v1.1.3(1).rar
2023-11-24 20:33 - 2023-11-24 20:33 - 000417232 _____ C:\Users\PC\Downloads\Chat_GPT-5 for PC Installation v1.1.3.rar
2023-11-24 17:26 - 2023-11-24 17:26 - 000407921 _____ C:\Users\PC\Downloads\Erstgespräch_Kinderwunsch.pdf
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2023-12-23 14:03 - 2023-06-08 16:22 - 000000000 ____D C:\Program Files (x86)\Google
2023-12-23 14:03 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\SystemTemp
2023-12-23 13:45 - 2023-07-10 16:25 - 000000000 ____D C:\Users\PC\AppData\Roaming\Signal
2023-12-23 13:44 - 2021-06-05 13:10 - 000000000 ___HD C:\Windows\ELAMBKUP
2023-12-23 13:36 - 2022-03-24 14:27 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-12-23 13:34 - 2021-06-05 13:10 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-23 13:30 - 2023-08-12 03:14 - 000000000 ____D C:\Users\PC\AppData\Roaming\DeepL_SE
2023-12-23 13:15 - 2023-05-29 18:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-12-23 13:14 - 2023-05-29 18:06 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-12-23 13:00 - 2022-03-24 14:29 - 000000000 ____D C:\Users\PC\AppData\Local\Packages
2023-12-23 13:00 - 2022-03-24 14:29 - 000000000 ____D C:\ProgramData\Packages
2023-12-23 13:00 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\AppReadiness
2023-12-23 12:56 - 2021-06-05 13:10 - 000000000 ___HD C:\Program Files\WindowsApps
2023-12-23 12:53 - 2022-03-24 14:29 - 000000000 ____D C:\Users\PC
2023-12-23 12:52 - 2022-03-25 07:28 - 000000000 ____D C:\Program Files\Microsoft Office
2023-12-23 12:52 - 2021-06-05 13:10 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-12-23 12:49 - 2022-03-24 14:45 - 001659148 _____ C:\Windows\system32\PerfStringBackup.INI
2023-12-23 12:49 - 2021-06-05 18:52 - 000720574 _____ C:\Windows\system32\perfh007.dat
2023-12-23 12:49 - 2021-06-05 18:52 - 000148654 _____ C:\Windows\system32\perfc007.dat
2023-12-23 12:49 - 2021-06-05 13:09 - 000000000 ____D C:\Windows\INF
2023-12-23 12:47 - 2023-07-16 13:09 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Teams
2023-12-23 12:44 - 2023-05-03 09:57 - 000012288 ___SH C:\DumpStack.log.tmp
2023-12-23 12:44 - 2022-03-24 14:27 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2023-12-23 12:38 - 2021-06-05 13:01 - 000524288 _____ C:\Windows\system32\config\BBI
2023-12-22 11:39 - 2023-05-03 10:02 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Word
2023-12-22 11:39 - 2022-03-24 14:27 - 000000000 ____D C:\Windows\system32\SleepStudy
2023-12-22 09:11 - 2023-05-29 18:06 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-12-22 07:19 - 2023-10-26 18:27 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2023-12-22 04:47 - 2023-10-26 18:57 - 000000000 ____D C:\Users\PC\AppData\Local\CrashDumps
2023-12-22 01:31 - 2022-03-24 14:40 - 000000000 ____D C:\Users\PC\AppData\Local\PlaceholderTileLogoFolder
2023-12-21 23:08 - 2022-03-24 14:29 - 000000000 ____D C:\Users\PC\AppData\Local\D3DSCache
2023-12-21 09:15 - 2023-06-08 16:22 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-12-21 09:15 - 2023-06-08 16:22 - 000002204 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-12-19 18:07 - 2022-03-24 14:45 - 000000000 ____D C:\ProgramData\HP
2023-12-14 22:32 - 2022-03-25 07:01 - 000003584 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-350317605-4065228070-467651021-1001
2023-12-14 22:32 - 2022-03-24 14:32 - 000003370 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-350317605-4065228070-467651021-1001
2023-12-14 22:32 - 2022-03-24 14:32 - 000002386 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-12-13 00:04 - 2023-06-08 16:09 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Excel
2023-12-12 23:59 - 2023-07-06 03:37 - 000000000 ____D C:\Users\PC\Documents\Persönliches
2023-12-11 03:29 - 2023-08-20 11:35 - 000000000 ____D C:\Program Files\Windscribe
2023-12-08 17:06 - 2023-07-06 02:52 - 000000000 ____D C:\Users\PC\Documents\00_Bolivien
2023-12-08 16:55 - 2023-07-06 03:39 - 000000000 ____D C:\Users\PC\Documents\Reisen
2023-12-08 01:38 - 2022-03-24 14:27 - 000000000 ____D C:\Windows\system32\Drivers\wd
2023-12-07 10:57 - 2023-06-08 16:22 - 000004002 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA{5847186A-3DEB-4816-960D-47E75862EA08}
2023-12-07 10:57 - 2023-06-08 16:22 - 000003878 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore{EC1159AD-2AA5-4980-9CD9-AE9146ECA513}
2023-12-06 19:07 - 2023-07-06 04:00 - 000000000 ____D C:\Users\PC\Documents\Zoom
2023-12-05 16:30 - 2023-07-17 17:56 - 000000000 ____D C:\Users\PC\AppData\Roaming\Zoom
2023-12-05 15:01 - 2023-07-06 03:16 - 000000000 ____D C:\Users\PC\Documents\Citavi 6
2023-12-04 20:27 - 2023-07-06 02:52 - 000800844 _____ C:\Users\PC\Documents\01_Tagesplan2_2.xlsx
2023-12-04 17:05 - 2023-07-06 02:53 - 000000000 ____D C:\Users\PC\Documents\00_Jonael
2023-12-02 14:17 - 2022-03-24 14:32 - 000000000 ___RD C:\Users\PC\OneDrive
2023-12-01 12:11 - 2022-03-24 14:29 - 000000000 ____D C:\Users\PC\AppData\Local\ConnectedDevicesPlatform
2023-12-01 12:02 - 2021-06-05 13:10 - 000000000 ____D C:\Windows\LiveKernelReports
2023-12-01 11:40 - 2022-03-24 14:36 - 000000000 ____D C:\Users\PC\AppData\Local\Comms
2023-12-01 11:33 - 2023-07-16 13:10 - 000002383 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school).lnk
2023-12-01 11:29 - 2022-03-24 14:29 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-11-24 20:39 - 2023-10-26 17:58 - 000000000 ____D C:\ProgramData\WinZip
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 22-12-2023
durchgeführt von PC (23-12-2023 14:18:23)
Gestartet von C:\Users\PC\Downloads
Microsoft Windows 11 Pro Version 21H2 22000.2538 (X64) (2022-03-24 13:28:54)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-350317605-4065228070-467651021-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-350317605-4065228070-467651021-503 - Limited - Disabled)
Gast (S-1-5-21-350317605-4065228070-467651021-501 - Limited - Disabled)
PC (S-1-5-21-350317605-4065228070-467651021-1001 - Administrator - Enabled) => C:\Users\PC
WDAGUtilityAccount (S-1-5-21-350317605-4065228070-467651021-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Security (Enabled - Up to date) {468991AE-F75E-72DE-2142-043C852BE961}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.006.20380 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Avira Fallback Updater (HKLM-x32\...\Avira Fallback Updater) (Version: - ) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.43.1.16819 - Avira Operations GmbH & Co. KG) Hidden
Avira Security (HKLM-x32\...\Avira Security_is1) (Version: 1.1.97.5 - Avira Operations GmbH) Hidden
Avira Security (HKLM-x32\...\AviraSecurityUninstaller) (Version: - Avira Operations GmbH)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.27.0.19 - Avira Operations GmbH) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.10.07061 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{11E16B39-0FA6-4DF0-9736-73BB638C9924}) (Version: 4.10.07061 - Cisco Systems, Inc.) Hidden
Citavi 6 (HKLM-x32\...\{6A331045-8FF4-4BC9-9C56-E593ACAE28C2}) (Version: 6.17.0.0 - Swiss Academic Software)
CopyTrans HEIC for Windows (HKLM\...\CopyTrans HEIC for Windows_is1) (Version: 2.0.0.0 - Ursa Minor Ltd)
Documentos (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\cd93b26705c340f11fb89a1272d1a9a3) (Version: 1.0 - Google\Chrome)
Endpoint Protection SDK (HKLM\...\{68E1CCB4-4965-4713-BDEB-77F6D6C9BF9D}_is1) (Version: 1.0.2312.1409 - Avira Operations GmbH) Hidden
Foxit PDF Reader (HKLM-x32\...\{58919E0A-3B2E-11EE-AA33-54BF64A63C26}) (Version: 2023.2.0.21408 - Foxit Software Inc.)
Gmail (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\1182e88030ca76f34631fe25fe5c9c71) (Version: 1.0 - Google\Chrome)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 120.0.6099.129 - Google LLC)
Google Drive (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\c4818ee695088edade03b0e7dd0e4c59) (Version: 1.0 - Google\Chrome)
Hojas de cálculo (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\b2a229ee517bba9f648c7093450bc695) (Version: 1.0 - Google\Chrome)
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: 7.3.3 - CEWE Stiftung u Co. KGaA)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 120.0.2210.91 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.77 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\OneDriveSetup.exe) (Version: 23.246.1127.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\Teams) (Version: 1.6.00.29964 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{ACF2602E-BD31-4BE5-AC03-9C8FDB638ADA}) (Version: 4.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 121.0 (x64 en-US)) (Version: 121.0 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 115.6.0 (x64 en-US)) (Version: 115.6.0 - Mozilla)
Presentaciones (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\4f8b446637346f455e3e12bcc497a8a6) (Version: 1.0 - Google\Chrome)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.59.0 - Samsung Electronics Co., Ltd.)
Signal 6.40.0 (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 6.40.0 - Signal Messenger, LLC)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23081.1 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23081.1 - Samsung Electronics Co., Ltd.)
VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Windscribe (HKLM\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.6.14 - Windscribe Limited)
YouTube (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\5871af6285f0460949db70ad593d5a4e) (Version: 1.0 - Google\Chrome)
Zoom (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\ZoomUMX) (Version: 5.16.2 (22807) - Zoom Video Communications, Inc.)
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2023-11-15] ()
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m [2023-06-07] (Advanced Micro Devices Inc.) [Startup Task]
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.36.274.0_x64__v10z8vjag6ke6 [2023-12-12] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_150.1.1140.0_x64__v10z8vjag6ke6 [2023-11-14] (HP Inc.)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-12-22] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0 [2023-12-08] (Spotify AB) [Startup Task]
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-350317605-4065228070-467651021-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-350317605-4065228070-467651021-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\PC\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => Keine Datei
CustomCLSID: HKU\S-1-5-21-350317605-4065228070-467651021-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\PC\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23270.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-350317605-4065228070-467651021-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-350317605-4065228070-467651021-1001_Classes\CLSID\{8ecb5a87-c13f-46fe-abd1-b59015f99cda}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-350317605-4065228070-467651021-1001_Classes\CLSID\{9EADBD1A-447B-4240-A9DD-73FE7C53A981}\InprocServer32 -> C:\Program Files\Microsoft Office\Root\Office16\OUTLMIME.DLL => Keine Datei
CustomCLSID: HKU\S-1-5-21-350317605-4065228070-467651021-1001_Classes\CLSID\{b72e6f5e-f6e0-a9eb-461b-6118363bd15c}\localserver32 -> "C:\Users\PC\AppData\Local\0install.net\implementations\sha256new_7ATQFYMYISD5LU42STURHNI33TRSMJBHVQPLEAO3EX4R5WPI6GTQ\DeepL.exe" -ToastActivated => Keine Datei
CustomCLSID: HKU\S-1-5-21-350317605-4065228070-467651021-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\PC\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-12-11] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2023-12-18] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL [2023-12-18] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-12-11] (Avira Operations GmbH -> Avira Operations GmbH)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Windows\System32\atiacm64.dll [2022-02-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2023-12-11] (Avira Operations GmbH -> Avira Operations GmbH)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Documentos.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Hojas de cálculo.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Presentaciones.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2023-11-24 20:43 - 2023-06-20 09:00 - 000101376 _____ (Igor Pavlov) [Datei ist nicht signiert] C:\Program Files\7-Zip\7-zip.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\x64\SwissAcademic.Citavi.IEPicker.DLL [2023-08-15] (Swiss Academic Software -> Swiss Academic Software)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Program Files (x86)\Internet Explorer\Citavi Picker\SwissAcademic.Citavi.IEPicker.DLL [2023-08-15] (Swiss Academic Software -> Swiss Academic Software)
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2021-06-05 13:08 - 2021-06-05 13:08 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-350317605-4065228070-467651021-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\StartupApproved\StartupFolder: => "DeepL auto-start.lnk"
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\StartupApproved\Run: => "Windscribe"
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_B47356396DDD0FAAE76D0ED141F5CEA2"
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{4D01583C-F9BE-4AB0-8AB6-4278CCFF2353}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7C157381-8488-475C-9E40-93C0ACAF8CCB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{084959AD-9BC2-4622-8AC8-5472F70C514A}] => (Allow) LPort=57209
FirewallRules: [{99051D13-8DEA-4940-A5AB-5EE5A6759D87}] => (Allow) LPort=57210
FirewallRules: [{1DB45496-CFCD-4A4F-940A-A501AF296217}] => (Allow) LPort=57211
FirewallRules: [{FF862496-5DB2-4DBD-9CF6-A65BFE5CF0DD}] => (Allow) LPort=57212
FirewallRules: [{F0780A09-55FD-46FC-8193-34F5D2ADBEB3}] => (Allow) LPort=57213
FirewallRules: [{587DC5B0-8492-4025-B0C1-45D83A372A8A}] => (Allow) LPort=57214
FirewallRules: [{5C2F4B64-C456-4AEC-9387-88DE0E4F415F}] => (Allow) LPort=57215
FirewallRules: [{27C9F9C8-A51D-47CD-A75B-341B93D3876F}] => (Allow) LPort=57216
FirewallRules: [{17D7255C-4335-4467-B836-B2ECE5381C95}] => (Allow) LPort=57217
FirewallRules: [{4B4FB4BD-9582-4265-8517-D5D5CF4D764B}] => (Allow) LPort=57218
FirewallRules: [{50723289-0A46-4E59-A07E-8761218C127A}] => (Allow) LPort=57209
FirewallRules: [{16D8C32D-D439-4334-B624-FB5264D74EB1}] => (Allow) LPort=57210
FirewallRules: [{0F397F98-5C8F-4863-842A-BD05C92F4B0E}] => (Allow) LPort=57211
FirewallRules: [{1E219F24-6D5B-4903-A38D-F3BC80917DB9}] => (Allow) LPort=57212
FirewallRules: [{ACAAECB1-DB21-49B1-8AC2-B5332BE84794}] => (Allow) LPort=57213
FirewallRules: [{768E49AC-47CE-40AD-8FFD-38B677F4E2F5}] => (Allow) LPort=57214
FirewallRules: [{47CA2657-2D31-4552-B507-1C260F6A86B0}] => (Allow) LPort=57215
FirewallRules: [{E49C6559-EDFC-40CF-A138-C7D3BE479D22}] => (Allow) LPort=57216
FirewallRules: [{C71F71A1-2321-4DB0-B06A-105E3DF5B367}] => (Allow) LPort=57217
FirewallRules: [{519F97DB-4861-491A-82CB-BD4F1AFB0FDB}] => (Allow) LPort=57218
FirewallRules: [{F966E350-48E4-4163-AAF8-4C15FBAB93AB}] => (Allow) LPort=23007
FirewallRules: [{85811004-8D59-434C-949E-E468E7A24161}] => (Allow) LPort=23008
FirewallRules: [{53A39332-16D6-4F2C-B4D1-61FF6F773E6E}] => (Allow) LPort=33009
FirewallRules: [{A938CCE6-621E-4BB8-A9B0-6DB7BA22FDD4}] => (Allow) LPort=33010
FirewallRules: [{010B1A40-8C22-4E2A-A52F-B9DE87A7B6EA}] => (Allow) LPort=33011
FirewallRules: [{A502D5C6-DE43-4E5E-B792-A39161B82F79}] => (Allow) LPort=43012
FirewallRules: [{D1E849D9-AA20-42EF-8397-3F26A6EF1FB6}] => (Allow) LPort=43013
FirewallRules: [{681AFCD9-FE99-4958-BAA5-B30E1C7A3A61}] => (Allow) LPort=53014
FirewallRules: [{4178BF93-B5EA-41C2-81B7-DB6752C1A505}] => (Allow) LPort=53015
FirewallRules: [{A848EF6B-8296-4CE8-8038-FDEAAC9632D1}] => (Allow) LPort=53016
FirewallRules: [{DBCDC1B9-9846-4A99-A6C9-C3B83BB70D21}] => (Allow) LPort=23007
FirewallRules: [{8C70F163-E381-4DBC-8E2B-9BF5F0AB013D}] => (Allow) LPort=23008
FirewallRules: [{B1399091-09DD-4050-83EC-6E079A33B0A5}] => (Allow) LPort=33009
FirewallRules: [{31C88A57-EB31-4104-9AA5-802620102EC2}] => (Allow) LPort=33010
FirewallRules: [{2D7E5E24-258B-489D-85C8-E3C3BACBBA57}] => (Allow) LPort=33011
FirewallRules: [{FC01329F-5AD7-45AA-9666-5C84EC86FD50}] => (Allow) LPort=43012
FirewallRules: [{2F176E02-91A1-41A5-8897-BAEB46514C52}] => (Allow) LPort=43013
FirewallRules: [{7AF2B0E9-C393-4CF4-8F0D-8A8AC98F3A75}] => (Allow) LPort=53014
FirewallRules: [{641838E5-DDBA-470E-B098-40DF73BF99F6}] => (Allow) LPort=53015
FirewallRules: [{FE39E837-EE3F-4BE3-96E0-1A2AF8286F43}] => (Allow) LPort=53016
FirewallRules: [{403B010D-A8DA-4539-97FC-69037DCE83B7}] => (Allow) LPort=50053
FirewallRules: [{701E34F4-DBA0-4AA8-993C-5853AB3B0CD6}] => (Allow) LPort=50053
FirewallRules: [TCP Query User{3B2C740D-1673-4D10-9AD0-821BB4E09CB0}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{A38E7B1D-E497-4041-BAE7-BC284F357A6C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{731A0CF2-4227-449A-907B-1AE1E34D3491}C:\users\pc\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\pc\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{AC0FD30C-9034-41C9-9035-7720ED66496C}C:\users\pc\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\pc\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1B2A0465-6751-4280-A57C-0A11951DF803}] => (Allow) C:\Users\PC\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8679C26C-D57E-4261-86FB-E25673C0AEFB}] => (Allow) C:\Users\PC\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{9AE1A530-1042-45EE-BBA3-1C802907BCA3}] => (Allow) C:\Users\PC\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{A9C91ABD-6D66-4DA7-802E-D7EF8F5D5824}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{35E973FB-BC73-4C9F-B9EE-85123F19F69A}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1AC6E210-EFC1-4E8B-84CC-00A58FDBFC9F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8A661D53-4B99-4A13-8BFF-C7ED02EF78BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{54F23557-9BF0-45C8-8D25-60DBD40BF0D9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D165DC86-BB3E-415F-A62B-FCA927B800B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7B46B1EE-83D1-48E9-AE8A-2CA3876EA890}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A16F272C-2238-4172-BE66-21B15AAFE328}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F9E4A73D-A951-4F80-A195-A6F308AF3B18}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{706C9566-8991-485F-82CF-FE4C2F69F555}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{48C6AB88-C2C2-411B-B744-39E181C6487C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5671674A-6FAA-4DFD-A7E1-D2BB35C456F4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{2EDC40A4-7EBB-4858-A123-980DDAF6F006}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.77\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{24EA14FA-2DDC-47AE-94BC-29764B2C259E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Wiederherstellungspunkte =========================
==================== Fehlerhafte Geräte im Gerätemanager ============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (12/23/2023 12:52:14 PM) (Source: Firefox Default Browser Agent) (EventID: 2) (User: )
Description: Event-ID 2
Error: (12/23/2023 12:52:07 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm OfficeClickToRun.exe Version 16.0.10405.20015 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1344
Startzeit: 01da359655767ac2
Beendigungszeit: 4294967295
Anwendungspfad: C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
Bericht-ID: 05ca24e5-1356-43d8-ad6d-0ff7b3ee1f07
Vollständiger Name des fehlerhaften Pakets:
Relative Anwendungs-ID des fehlerhaften Pakets:
Absturztyp: Top level window is idle
Error: (12/23/2023 12:44:51 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-N67O51V)
Description: C:\Users\PC\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfigMicrosoftTeams_8wekyb3d8bbwe-2147024894
Error: (12/23/2023 12:14:49 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-N67O51V)
Description: C:\Users\PC\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfigMicrosoftTeams_8wekyb3d8bbwe-2147024894
Error: (12/23/2023 12:03:57 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-N67O51V)
Description: C:\Users\PC\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfigMicrosoftTeams_8wekyb3d8bbwe-2147024894
Error: (12/22/2023 08:55:29 AM) (Source: Outlook) (EventID: 35) (User: )
Description: Event-ID 35
Error: (12/22/2023 08:55:29 AM) (Source: Outlook) (EventID: 34) (User: )
Description: Event-ID 34
Error: (12/22/2023 08:55:18 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-N67O51V)
Description: C:\Users\PC\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfigMicrosoftTeams_8wekyb3d8bbwe-2147024894
Systemfehler:
=============
Error: (12/23/2023 12:03:12 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{F4EE2EEB-1FC4-404E-B303-917EFD9B6667} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (12/22/2023 11:39:08 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{F4EE2EEB-1FC4-404E-B303-917EFD9B6667} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (12/22/2023 09:09:50 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{F4EE2EEB-1FC4-404E-B303-917EFD9B6667} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (12/22/2023 09:04:59 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-N67O51V)
Description: Der Server "{8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (12/22/2023 09:03:49 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{F4EE2EEB-1FC4-404E-B303-917EFD9B6667} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (12/22/2023 02:06:51 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{F4EE2EEB-1FC4-404E-B303-917EFD9B6667} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (12/21/2023 11:50:13 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{F4EE2EEB-1FC4-404E-B303-917EFD9B6667} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (12/21/2023 10:38:33 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{F4EE2EEB-1FC4-404E-B303-917EFD9B6667} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Windows Defender:
================
Date: 2023-12-23 13:12:02
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUABundler:Win32/FileZilla_BundleInstaller&threatid=311942&enterprise=0
Name: PUABundler:Win32/FileZilla_BundleInstaller
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_C:\Users\PC\Downloads\FileZilla_3.66.0_win64_sponsored2-setup.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Benutzer
Benutzer: DESKTOP-N67O51V\PC
Prozessname: Unknown
Sicherheitsversion: AV: 1.403.975.0, AS: 1.403.975.0, NIS: 1.403.975.0
Modulversion: AM: 1.1.23110.2, NIS: 1.1.23110.2
Date: 2023-12-22 01:58:24
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {B1BC690F-537A-43B8-B412-3B0EC5F5C82F}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2023-12-10 20:58:36
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {FE52764F-15D3-4338-9A0B-B0545C346EC3}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2023-12-07 12:03:33
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {49CEA6EF-E081-42DA-A0FC-1FA045F9F632}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2023-12-06 14:32:55
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {3D3F6220-8E42-4A23-A054-4F5DA6416C19}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Event[0]
Date: 2023-10-06 22:33:02
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren.
Security Intelligence versucht: Sicherung
Fehlercode: 0x80004004
Fehlerbeschreibung: Vorgang abgebrochen
Security Intelligence-Version: 1.397.1626.0;1.397.1626.0
Modulversion: 1.1.23080.2005
Date: 2023-10-06 22:33:02
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Security Intelligence aufgetreten. Es wird versucht, zu einer vorherigen Version zurückzukehren.
Security Intelligence versucht: Aktuell
Fehlercode: 0x80004004
Fehlerbeschreibung: Vorgang abgebrochen
Security Intelligence-Version: 1.399.144.0;1.399.144.0
Modulversion: 1.1.23090.2007
CodeIntegrity:
===============
Date: 2023-12-23 14:18:49
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Avira\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
BIOS: Insyde F.32 08/02/2022
Hauptplatine: HP 890E
Prozessor: AMD Ryzen 5 5500U with Radeon Graphics
Prozentuale Nutzung des RAM: 62%
Installierter physikalischer RAM: 15680 MB
Verfügbarer physikalischer RAM: 5868.94 MB
Summe virtueller Speicher: 42304 MB
Verfügbarer virtueller Speicher: 28331.35 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:476.11 GB) (Free:85.46 GB) (Model: SSD_M.2_512GB_InnovationIT_QLC) NTFS
\\?\Volume{1bdf9136-eb93-430e-8aa2-f098de50168a}\ () (Fixed) (Total:0.61 GB) (Free:0.08 GB) NTFS
\\?\Volume{d32e5aa6-d023-46c6-a7b0-1a164c5410e3}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: D4572D45)
Partition: GPT.
==================== Ende von Addition.txt =======================
|
|
23.12.2023, 18:02
| #3 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Microsoft Edge öffnet nachts eigenständig WebsitesZitat:
Hast du nie Updates gemacht, absichtlich stillgelegt oder ist das Updatesystem bei dir kaputt? Zitat:
Von wo hast du diese Office-Version denn her, wo gekauft?
__________________ |
|
23.12.2023, 18:07
| #4 |
| | Microsoft Edge öffnet nachts eigenständig Websites Laut meinen Einstellungen ist Windows auf dem neuesten Stand und wurde am 10.11.23 upgedatet. Versehentlich gelöscht, war ein Fehler. War in den Programmen und da da stand, dass es gestern installiert wurde, dachte ich, ich lösche es und es ist bestimmt noch das richtige drauf. Was ist nicht wusste ist, dass es sich wohl gestern nur geupdatet hat und ich dadurch das ganze Programm gelöscht habe, bescheiden. Die Office Version war beim Laptop, den ich am 2.5.23 bei Cybernerds gekauft habe, installiert. |
|
23.12.2023, 18:22
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Edge öffnet nachts eigenständig Websites Dann läuft da was mal wieder komplett schief bei Windows. Die Ausgabe 21H2 ist jedenfalls steinalt und bekommt keine Updates mehr. Wenn du kein Angebot auf 23H2 bekommst, wirst du das manuell ins System prügeln müssen. Zuerst mal aber biotte alles von Avira deinstallieren.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.12.2023, 21:09
| #6 |
| | Microsoft Edge öffnet nachts eigenständig Websites Hi cosinus, Avira ist jetzt deinstalliert inklusive Browser Addons. Soll ich GMER.exe auch deinstallieren? Windows 11 23H2 habe ich versucht zu installieren - hat allerdings bisher nicht geklappt. (Vergeblicher Installationsversuch: Download von "Windows11InstallationAssistant.exe" von microsoft.com, da wurde verlangt, den PC zu prüfen, ob er die Systemanforderungen erfüllt durch "WindowsPCHealthCheckSetup.msi". Das wurde bestätigt und ich habe auf installieren geklickt. Ergebnis: "Da hat etwas nicht geklappt Wählen Sie Erneut versuchen, und wenn das nicht funktioniert, wenden Sie sich an Microsoft Support für Hilfe. Fehlercode 0x8007007f" Erneut versuchen hat leider nicht geklappt. Hast du eine Idee, wie ich die 23H2 bekomme? Außerdem - habe ich einen Trojaner/Virus/Malware/o.ä.? Danke im Voraus!! |
|
23.12.2023, 22:00
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Edge öffnet nachts eigenständig Websites Bitte hör mit GMER auf. Das ist völlig veralter und schon seit Jahren irrelevant. Zuerst mal: alles wichtigen Dateien sichern. Dann holst dir dir das aktuelle ISO-Image von Windows 11. Mach dem Download einfach doppelklicken. Das wird dann als virtuelles Laufwerk bereitgestellt und dann einfach die setup.exe ausführen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2023, 23:02
| #8 |
| | Microsoft Edge öffnet nachts eigenständig Websites Gmer ist gelöscht, Windows 23H2 ist installiert, guter Tipp, danke. Was könnte denn das Eigenleben von Microsoft Edge ausgelöst haben? Und - habe ich gerade Malware auf dem Laptop? Wenn ja, möchte ich natürlich etwas dagegen tun = was? Wenn nein, könnte ich wieder auf meinem Laptop weiter arbeiten. Vielen Dank! |
|
24.12.2023, 00:15
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Edge öffnet nachts eigenständig Websites Z.B. die vielen Sicherheitslücken. Ob du damit arbeiten willst ist deine Entscheidung. Du kannst aber jetzt gerne mal neue Logs mit FRST erstellen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
24.12.2023, 17:13
| #10 |
| | Microsoft Edge öffnet nachts eigenständig Websites Ok - ist da noch was zu finden oder ist der Fehler damit beseitigt? Danke, Karl FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 22-12-2023
durchgeführt von PC (Administrator) auf DESKTOP-N67O51V (HP HP 255 G8 Notebook PC) (24-12-2023 17:07:19)
Gestartet von C:\Users\PC\Downloads\FRST64.exe
Geladene Profile: PC
Plattform: Microsoft Windows 11 Pro Version 23H2 22631.2861 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (ACLAP -> Node.js) C:\Program Files\net.downloadhelper.coapp\bin\net.downloadhelper.coapp-win-64.exe
(DriverStore\FileRepository\u0376573.inf_amd64_8aae8753e0431618\B374868\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0376573.inf_amd64_8aae8753e0431618\B374868\atieclxx.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(explorer.exe ->) (Signal Messenger, LLC -> Signal Messenger, LLC) C:\Users\PC\AppData\Local\Programs\signal-desktop\Signal.exe <5>
(explorer.exe ->) (Windscribe Limited -> Windscribe Limited) C:\Program Files\Windscribe\Windscribe.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.352\GoogleCrashHandler64.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <22>
(SECOMN64.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0376573.inf_amd64_8aae8753e0431618\B374868\atiesrxx.exe
(services.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_2f779d0a8fdf496c\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\SysInfoCap.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d315e0ae42c5f5e6\RtkAudUService64.exe <3>
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Windscribe Limited -> Windscribe Limited) C:\Program Files\Windscribe\WindscribeService.exe
(svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.30700.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.2567_none_e93fb1d442e4b410\TiWorker.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d315e0ae42c5f5e6\RtkAudUService64.exe [1922856 2023-09-22] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2044568 2023-04-28] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\Run: [MicrosoftEdgeAutoLaunch_B47356396DDD0FAAE76D0ED141F5CEA2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854280 2023-12-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\Run: [org.whispersystems.signal-desktop] => C:\Users\PC\AppData\Local\Programs\signal-desktop\Signal.exe [163723200 2023-11-30] (Signal Messenger, LLC -> Signal Messenger, LLC)
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\PC\AppData\Local\Microsoft\Teams\Update.exe [2589872 2023-12-01] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\Run: [Windscribe] => C:\Program Files\Windscribe\Windscribe.exe [5820256 2023-08-20] (Windscribe Limited -> Windscribe Limited)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\120.0.6099.129\Installer\chrmstp.exe [2023-12-21] (Google LLC -> Google LLC)
GroupPolicy: Beschränkung ? <==== ACHTUNG
GroupPolicy-Firefox: Beschränkung <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {F1A96586-FD36-4B63-AA09-F8A507206F80} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-21] (Adobe Inc. -> Adobe Inc.)
Task: {2055F9FC-CAA6-4C13-B096-A3E1686766C1} - System32\Tasks\GoogleUpdateTaskMachineCore{EC1159AD-2AA5-4980-9CD9-AE9146ECA513} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-06-08] (Google LLC -> Google LLC)
Task: {A23628F5-2E87-416C-8431-5312AAC7799E} - System32\Tasks\GoogleUpdateTaskMachineUA{5847186A-3DEB-4816-960D-47E75862EA08} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-06-08] (Google LLC -> Google LLC)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
Task: {E8D753ED-28DC-4D37-84B0-B0A0FC6BFBC3} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {28C5EA0A-1E8A-45E5-91E2-B5367569A7DE} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {86ABCC80-CCAD-4286-8027-F683F2C5A871} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9C73EB65-2DAF-4B85-9B49-406555A08758} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A7DDEB2D-04D1-417B-ADFA-FBA9FE3FAAAA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [35232 2023-12-19] (Mozilla Corporation -> Mozilla Foundation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{46fed04a-97b3-4d2f-ba03-2efce39b3323}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{91d464f8-e578-4053-982a-0ceae5058406}: [DhcpNameServer] 200.73.96.146 190.104.12.42
Tcpip\..\Interfaces\{f4ee2eeb-1fc4-404e-b303-917efd9b6667}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{f4ee2eeb-1fc4-404e-b303-917efd9b6667}: [DhcpDomain] fritz.box
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\PC\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-23]
Edge Extension: (Google Docs Offline) - C:\Users\PC\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-11-15]
Edge Extension: (Edge relevant text changes) - C:\Users\PC\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-17]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
Edge HKLM-x32\...\Edge\Extension: [mielbhbkcliienpdicphhecpodcaeefg]
FireFox:
========
FF DefaultProfile: f7ocj1ka.default
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\f7ocj1ka.default [2023-05-29]
FF ProfilePath: C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release [2023-12-24]
FF Homepage: Mozilla\Firefox\Profiles\ec0rkfhe.default-release -> hxxps://www.ecosia.org/?c=de
FF Notifications: Mozilla\Firefox\Profiles\ec0rkfhe.default-release -> hxxps://web.instahelp.me
FF Extension: (Facebook Container) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\@contain-facebook.xpi [2023-07-20]
FF Extension: (Google Scholar-Schaltfläche) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\button@scholar.google.com.xpi [2023-07-04]
FF Extension: (Cisco Webex Extension) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\ciscowebexstart1@cisco.com.xpi [2023-07-04]
FF Extension: (Language: Deutsch (German)) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\langpack-de@firefox.mozilla.org.xpi [2023-12-22]
FF Extension: (uBlock Origin) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\uBlock0@raymondhill.net.xpi [2023-12-06]
FF Extension: (Citavi Picker) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2023-07-04]
FF Extension: (Snowflake) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\{b11bea1f-a888-4332-8d8a-cec2be7d24b9}.xpi [2023-07-04]
FF Extension: (Video DownloadHelper) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2023-09-01]
FF Extension: (Ecosia – Die Suchmaschine, die Bäume pflanzt) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\{d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}.xpi [2023-07-04]
FF Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\PC\AppData\Roaming\Mozilla\Firefox\Profiles\ec0rkfhe.default-release\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2023-07-04]
FF Extension: (Citavi Picker) - C:\Program Files\Mozilla Firefox\distribution\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2023-06-21]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-11-05] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\plugins\npFoxitPDFReaderPlugin.dll [2023-08-14] (FOXIT SOFTWARE INC. -> Foxit Corporation)
Chrome:
=======
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default [2023-12-23]
CHR Notifications: Default -> hxxps://clickdoc.elvi.de
CHR Extension: (Avira Password Manager) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2023-12-23]
CHR Extension: (Avira Safe Shopping) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2023-12-23]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-30]
CHR Extension: (Keepa - Amazon Price Tracker) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2023-12-23]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-06-08]
CHR Extension: (Citavi Picker) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2023-07-12]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-21] (Adobe Inc. -> Adobe Inc.)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Common Files\Foxit\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe [2432608 2023-08-14] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\AppHelperCap.exe [887856 2023-10-25] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\DiagsCap.exe [886720 2023-10-25] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\NetworkCap.exe [882728 2023-10-25] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2023-11-14] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_30f448e100bbebf7\x64\SysInfoCap.exe [886832 2023-10-25] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_2f779d0a8fdf496c\x64\TouchpointAnalyticsClientService.exe [491648 2023-10-24] (HP Inc. -> HP Inc.)
R2 SECOMNService; C:\WINDOWS\System32\SECOMN64.exe [743904 2022-02-18] (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534592 2023-12-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2022-10-04] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2022-10-04] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-08] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files\Windscribe\WindscribeService.exe [1085280 2023-08-20] (Windscribe Limited -> Windscribe Limited)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 acsock; C:\WINDOWS\system32\DRIVERS\acsock64.sys [310216 2023-04-28] (Microsoft Windows Hardware Compatibility Publisher -> Cisco Systems, Inc.)
R3 AMDAfdAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\amdacpafd.inf_amd64_ea6bfcdad05c0606\amdacpafd.sys [435080 2023-07-04] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0376573.inf_amd64_8aae8753e0431618\B374868\amdkmdag.sys [80558960 2022-02-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Datei ist nicht signiert]
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-16] (HP Inc. -> HP Inc.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-10-04] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [57768 2023-08-20] (Windscribe Limited -> The OpenVPN Project)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74064 2023-04-28] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-08] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-08] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-08] (Microsoft Windows -> Microsoft Corporation)
S3 WindscribeSplitTunnel; C:\WINDOWS\system32\DRIVERS\WindscribeSplitTunnel.sys [38152 2023-08-20] (Windscribe Limited -> )
R3 windtun420; C:\WINDOWS\System32\drivers\windtun420.sys [47544 2023-08-20] (Windscribe Limited -> WireGuard LLC)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2023-12-23 23:20 - 2023-12-23 23:20 - 000722202 _____ C:\WINDOWS\system32\perfh007.dat
2023-12-23 23:20 - 2023-12-23 23:20 - 000149258 _____ C:\WINDOWS\system32\perfc007.dat
2023-12-23 23:14 - 2023-12-23 23:14 - 000000448 __RSH C:\ProgramData\ntuser.pol
2023-12-23 23:07 - 2023-02-23 03:37 - 000053832 _____ (ELAN Microelectronic Corp.) C:\WINDOWS\system32\Drivers\PTPFilter.sys
2023-12-23 23:07 - 2023-02-23 03:36 - 001245304 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\ETDCtrl.exe
2023-12-23 23:07 - 2023-02-23 03:36 - 000646728 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\ETDCmds.dll
2023-12-23 23:07 - 2023-02-23 03:36 - 000589384 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\Drivers\ETD.sys
2023-12-23 23:07 - 2023-02-23 03:36 - 000495688 _____ (ELAN Microelectronic Corp.) C:\WINDOWS\system32\ETDApix.dll
2023-12-23 23:07 - 2023-02-23 03:36 - 000474184 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\ETDFavorite.dll
2023-12-23 23:07 - 2023-02-23 03:36 - 000402040 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\ETDCtrlHelper.exe
2023-12-23 23:07 - 2023-02-23 03:36 - 000202312 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\ETDService.exe
2023-12-23 23:07 - 2023-02-23 03:36 - 000033392 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\system32\Drivers\ETDHCF.sys
2023-12-23 23:07 - 2022-09-29 03:18 - 000019872 _____ C:\WINDOWS\system32\RtEventLog.dll
2023-12-23 22:51 - 2023-12-23 22:51 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2023-12-23 22:50 - 2023-12-23 22:50 - 000000020 ___SH C:\Users\PC\ntuser.ini
2023-12-23 22:49 - 2023-12-23 23:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-12-23 22:49 - 2023-12-23 22:49 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2023-12-23 22:49 - 2023-12-23 22:49 - 000011433 _____ C:\WINDOWS\diagerr.xml
2023-12-23 22:49 - 2023-12-23 22:49 - 000003682 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-12-23 22:49 - 2023-12-23 22:49 - 000003644 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{5847186A-3DEB-4816-960D-47E75862EA08}
2023-12-23 22:49 - 2023-12-23 22:49 - 000003482 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-12-23 22:49 - 2023-12-23 22:49 - 000003458 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-12-23 22:49 - 2023-12-23 22:49 - 000003420 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{EC1159AD-2AA5-4980-9CD9-AE9146ECA513}
2023-12-23 22:49 - 2023-12-23 22:49 - 000003058 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-350317605-4065228070-467651021-1001
2023-12-23 22:49 - 2023-12-23 22:49 - 000002854 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-350317605-4065228070-467651021-1001
2023-12-23 22:49 - 2023-12-23 22:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-12-23 22:49 - 2023-12-23 22:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2023-12-23 22:49 - 2023-12-23 22:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira
2023-12-23 22:47 - 2023-12-23 23:20 - 001662892 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-12-23 22:45 - 2023-12-23 22:45 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Network
2023-12-23 22:44 - 2023-12-23 22:44 - 000000000 ____D C:\WINDOWS\system32\config\BFS
2023-12-23 22:43 - 2023-12-23 22:50 - 000000000 ____D C:\Windows.old
2023-12-23 22:43 - 2023-12-23 22:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-12-23 22:43 - 2023-12-23 22:43 - 000474176 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-12-23 22:37 - 2023-12-23 22:43 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Crypto
2023-12-23 22:37 - 2023-12-23 22:37 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\SystemCertificates
2023-12-23 22:37 - 2023-12-23 22:37 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Network
2023-12-23 22:36 - 2023-12-23 22:43 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2023-12-23 22:35 - 2023-12-23 22:51 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows
2023-12-23 22:35 - 2023-12-23 22:50 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Spelling
2023-12-23 22:35 - 2023-12-23 22:50 - 000000000 ____D C:\Users\PC
2023-12-23 22:35 - 2023-12-23 22:35 - 000000000 _SHDL C:\Users\PC\Vorlagen
2023-12-23 22:35 - 2023-12-23 22:35 - 000000000 _SHDL C:\Users\PC\Startmenü
2023-12-23 22:35 - 2023-12-23 22:35 - 000000000 _SHDL C:\Users\PC\Netzwerkumgebung
2023-12-23 22:35 - 2023-12-23 22:35 - 000000000 _SHDL C:\Users\PC\Lokale Einstellungen
2023-12-23 22:35 - 2023-12-23 22:35 - 000000000 _SHDL C:\Users\PC\Eigene Dateien
2023-12-23 22:35 - 2023-12-23 22:35 - 000000000 _SHDL C:\Users\PC\Druckumgebung
2023-12-23 22:35 - 2023-12-23 22:35 - 000000000 _SHDL C:\Users\PC\Documents\Eigene Videos
2023-12-23 22:35 - 2023-12-23 22:35 - 000000000 _SHDL C:\Users\PC\Documents\Eigene Musik
2023-12-23 22:35 - 2023-12-23 22:35 - 000000000 _SHDL C:\Users\PC\Documents\Eigene Bilder
2023-12-23 22:35 - 2023-12-23 22:35 - 000000000 _SHDL C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2023-12-23 22:35 - 2023-12-23 22:35 - 000000000 _SHDL C:\Users\PC\AppData\Local\Verlauf
2023-12-23 22:35 - 2023-12-23 22:35 - 000000000 _SHDL C:\Users\PC\AppData\Local\Anwendungsdaten
2023-12-23 22:35 - 2023-12-23 22:35 - 000000000 _SHDL C:\Users\PC\Anwendungsdaten
2023-12-23 22:35 - 2023-12-23 22:35 - 000000000 ____D C:\WINDOWS\system32\AMD
2023-12-23 22:35 - 2023-12-23 22:35 - 000000000 ____D C:\WINDOWS\Firmware
2023-12-23 22:34 - 2023-12-23 22:36 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2023-12-23 22:21 - 2023-12-23 22:21 - 000016240 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2023-12-23 22:14 - 2023-12-23 22:14 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2023-12-23 22:14 - 2023-12-23 22:14 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2023-12-23 22:14 - 2023-12-23 22:14 - 000000000 ____D C:\WINDOWS\addins
2023-12-23 22:01 - 2023-12-23 22:01 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2023-12-23 21:35 - 2023-12-23 22:50 - 000000000 ___DC C:\WINDOWS\Panther
2023-12-23 21:33 - 2023-12-23 22:49 - 000000000 ___HD C:\$GetCurrent
2023-12-23 21:33 - 2023-12-23 21:33 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2023-12-23 20:45 - 2023-12-23 21:35 - 000000036 _____ C:\WINDOWS\progress.ini
2023-12-23 20:29 - 2023-12-23 20:29 - 000001330 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2023-12-23 20:29 - 2023-12-23 20:29 - 000000000 ____D C:\Users\PC\AppData\Local\PCHealthCheck
2023-12-23 14:18 - 2023-12-23 14:19 - 000032615 _____ C:\Users\PC\Downloads\Addition.txt
2023-12-23 14:15 - 2023-12-24 17:08 - 000021084 _____ C:\Users\PC\Downloads\FRST.txt
2023-12-23 14:15 - 2023-12-24 17:07 - 000000000 ____D C:\FRST
2023-12-23 14:12 - 2023-12-23 14:12 - 002387456 _____ (Farbar) C:\Users\PC\Downloads\FRST64.exe
2023-12-23 13:46 - 2023-12-23 13:46 - 000000000 ____D C:\Users\Public\Security Sessions
2023-12-23 13:45 - 2023-12-23 22:43 - 000000000 ____D C:\WINDOWS\SysWOW64\statReporter
2023-12-23 13:45 - 2023-12-23 20:30 - 002496416 _____ C:\WINDOWS\system32\rtp.db
2023-12-23 13:45 - 2023-12-23 13:45 - 000000000 ____D C:\Users\PC\AppData\Local\AviraWebView2Cache
2023-12-23 13:44 - 2023-12-23 13:46 - 000000000 ____D C:\Users\PC\AppData\Local\Avira
2023-12-23 13:43 - 2023-12-23 21:16 - 000000000 ____D C:\Program Files (x86)\Avira
2023-12-23 13:43 - 2023-12-23 13:43 - 006576104 _____ (Avira Operations GmbH) C:\Users\PC\Downloads\avira_de_sptl1_3276aa397672fa93__pavwws-spotlight-release.exe
2023-12-23 12:08 - 2023-12-23 12:43 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2023-12-22 03:49 - 2023-12-22 08:53 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2023-12-19 17:51 - 2023-12-19 17:53 - 000000000 ____D C:\Users\PC\Downloads\Shein fotos
2023-12-19 17:35 - 2023-12-23 12:14 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-12-14 22:33 - 2023-12-14 22:40 - 000549078 _____ C:\Users\PC\Downloads\Anmeldeformular.pdf
2023-12-07 11:04 - 2023-12-07 11:04 - 000138964 _____ C:\Users\PC\Downloads\Kostenerstattung der medizinischen Behandlung während der Entsendung-1.pdf
2023-12-07 11:02 - 2023-12-07 11:02 - 000150682 _____ C:\Users\PC\Downloads\Kostenerstattung der medizinischen Behandlung während der Entsendung.pdf
2023-12-06 21:54 - 2023-12-06 21:54 - 000059699 _____ C:\Users\PC\Downloads\20231206215449_TK-Behandlung im Ausland - Rechnung einreichen.pdf
2023-12-05 16:30 - 2023-12-23 22:43 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2023-12-05 14:41 - 2023-12-05 14:41 - 005790266 _____ C:\Users\PC\Downloads\978-3-662-55379-4-1_compressed_compressed.pdf
2023-12-05 14:35 - 2023-12-05 14:35 - 008201822 _____ C:\Users\PC\Downloads\978-3-662-55379-4-1_compressed.pdf
2023-12-05 14:32 - 2023-12-05 14:32 - 010289435 _____ C:\Users\PC\Downloads\978-3-662-55379-4-1.pdf
2023-12-05 14:10 - 2023-12-05 14:11 - 013674838 _____ C:\Users\PC\Downloads\978-3-662-55379-4.pdf
2023-12-04 16:43 - 2023-12-04 16:43 - 000795918 _____ C:\Users\PC\Downloads\Einladung EG Karina Hagemann.pdf
2023-12-01 15:17 - 2023-12-01 15:20 - 000000000 ____D C:\Program Files\CopyTrans HEIC for Windows
2023-12-01 15:17 - 2023-12-01 15:20 - 000000000 ____D C:\Program Files (x86)\CopyTrans HEIC for Windows
2023-12-01 15:17 - 2023-12-01 15:17 - 000000000 ____D C:\ProgramData\WindSolutions
2023-12-01 15:16 - 2023-12-01 15:16 - 007838192 _____ (Ursa Minor Ltd ) C:\Users\PC\Downloads\CopyTransHEICforWindowsv2.000.exe
2023-12-01 15:14 - 2023-12-01 15:14 - 000151113 _____ C:\Users\PC\Downloads\AMALIA GALINDO 2023.pdf
2023-12-01 12:12 - 2023-12-01 12:12 - 000000000 ___HD C:\OneDriveTemp
2023-12-01 11:23 - 2023-12-23 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMyFone
2023-12-01 11:22 - 2023-12-01 11:22 - 034935032 _____ (Shenzhen iMyFone Technology Co., Ltd. ) C:\Users\PC\Downloads\heic-converter-setup.exe
2023-12-01 11:20 - 2023-12-01 11:20 - 048414720 _____ C:\Users\PC\Downloads\JPEGminiPro_installer_4_0_0_8.msi
2023-12-01 09:51 - 2023-12-01 09:52 - 000051762 _____ C:\Users\PC\Downloads\Steckbrief V. Carré.pdf
2023-12-01 09:51 - 2023-12-01 09:51 - 000259724 _____ C:\Users\PC\Downloads\Steckbrief_NinaPoetzl.pdf
2023-12-01 09:51 - 2023-12-01 09:51 - 000046485 _____ C:\Users\PC\Downloads\Vorlage Steckbrief.pdf
2023-12-01 09:50 - 2023-12-01 09:50 - 000079583 _____ C:\Users\PC\Downloads\Steckbrief Lena Flacke.pdf
2023-12-01 09:50 - 2023-12-01 09:50 - 000071856 _____ C:\Users\PC\Downloads\Steckbrief-1.pdf
2023-12-01 09:47 - 2023-12-01 09:47 - 000052269 _____ C:\Users\PC\Downloads\Steckbrief.pdf
2023-11-29 22:36 - 2023-11-29 22:36 - 006887812 _____ C:\Users\PC\Downloads\combinepdf.pdf
2023-11-29 18:02 - 2023-12-08 19:30 - 000000000 ____D C:\Users\PC\Desktop\Jonael Fotobuch
2023-11-29 18:00 - 2023-11-29 18:00 - 000000000 ____D C:\Program Files\CEWE
2023-11-29 17:59 - 2023-11-29 17:59 - 008168976 _____ C:\Users\PC\Downloads\setup_Mein_CEWE_FOTOBUCH.exe
2023-11-29 14:59 - 2023-11-29 14:59 - 000000165 ____H C:\Users\PC\Documents\~$01_Tagesplan2_2.xlsx
2023-11-27 20:19 - 2023-11-27 20:19 - 000184732 _____ C:\Users\PC\Downloads\978-3-319-71928-3_30.pdf
2023-11-27 19:20 - 2023-11-27 19:20 - 000494584 _____ C:\Users\PC\Downloads\paper0226.pdf
2023-11-27 17:07 - 2023-11-27 17:07 - 000995578 _____ C:\Users\PC\Downloads\Este Tierra Brilliante This Brilliant Earth.pdf
2023-11-27 15:47 - 2023-11-27 15:47 - 002411669 _____ C:\Users\PC\Downloads\Broschüre Folsäure, dt.pdf
2023-11-27 14:47 - 2023-11-27 14:47 - 000388403 _____ C:\Users\PC\Downloads\909862aaa-1.pdf
2023-11-26 21:11 - 2023-11-26 21:11 - 000137024 _____ (Zoom Video Communications, Inc.) C:\Users\PC\Downloads\Zoom_cm_fof5M0usfg0ouwZ9vvrZo4_m90p4i1TXedP-oTdNSPwEfNyFQBWh4yOpbrk@7hGIW7oXx9gRm+Lh_k8c12a4102dcb6480_.exe
2023-11-26 19:01 - 2023-11-26 19:01 - 000161407 _____ C:\Users\PC\Downloads\DE Jabra Elite 8 Active Tech Sheet A4 Web 160823.pdf
2023-11-24 20:42 - 2023-11-24 20:42 - 001589510 _____ (Igor Pavlov) C:\Users\PC\Downloads\7z2301-x64.exe
2023-11-24 20:41 - 2023-11-24 20:41 - 000417232 _____ C:\Users\PC\Downloads\Chat_GPT-5 for PC Installation v1.1.3(1).rar
2023-11-24 20:33 - 2023-11-24 20:33 - 000417232 _____ C:\Users\PC\Downloads\Chat_GPT-5 for PC Installation v1.1.3.rar
2023-11-24 17:26 - 2023-11-24 17:26 - 000407921 _____ C:\Users\PC\Downloads\Erstgespräch_Kinderwunsch.pdf
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2023-12-24 17:07 - 2023-05-29 18:06 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-12-24 17:07 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-12-24 17:06 - 2023-07-10 16:25 - 000000000 ____D C:\Users\PC\AppData\Roaming\Signal
2023-12-24 17:06 - 2023-06-08 16:22 - 000000000 ____D C:\Program Files (x86)\Google
2023-12-24 17:06 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-12-23 23:20 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2023-12-23 23:14 - 2023-05-03 09:57 - 000012288 ___SH C:\DumpStack.log.tmp
2023-12-23 23:14 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-12-23 23:14 - 2022-05-07 06:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-12-23 23:08 - 2022-03-25 06:59 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-12-23 23:07 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-12-23 23:07 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\appcompat
2023-12-23 23:07 - 2022-03-24 14:29 - 000000000 ____D C:\Users\PC\AppData\Local\Packages
2023-12-23 23:07 - 2022-03-24 14:29 - 000000000 ____D C:\ProgramData\Packages
2023-12-23 23:06 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2023-12-23 23:05 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2023-12-23 23:01 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-12-23 22:58 - 2022-03-24 14:29 - 000000000 ____D C:\Users\PC\AppData\Local\D3DSCache
2023-12-23 22:50 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-12-23 22:50 - 2022-03-24 14:29 - 000002348 _____ C:\Users\PC\Desktop\Microsoft Edge.lnk
2023-12-23 22:50 - 2022-03-24 14:29 - 000000000 __RHD C:\Users\Public\AccountPictures
2023-12-23 22:49 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-12-23 22:49 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows NT
2023-12-23 22:49 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Windows Defender
2023-12-23 22:49 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-12-23 22:46 - 2023-06-08 16:22 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-12-23 22:46 - 2023-06-08 16:22 - 000002204 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2023-12-23 22:45 - 2022-05-07 06:24 - 000000000 __RHD C:\Users\Public\Libraries
2023-12-23 22:45 - 2022-03-24 14:27 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-12-23 22:43 - 2023-10-06 14:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PDF Reader
2023-12-23 22:43 - 2023-08-20 11:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windscribe
2023-12-23 22:43 - 2023-08-10 02:20 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome
2023-12-23 22:43 - 2023-07-11 17:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 6
2023-12-23 22:43 - 2022-05-07 06:24 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2023-12-23 22:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2023-12-23 22:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2023-12-23 22:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\spool
2023-12-23 22:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2023-12-23 22:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-12-23 22:43 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2023-12-23 22:43 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2023-12-23 22:43 - 2021-06-05 13:10 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2023-12-23 22:43 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2023-12-23 22:43 - 2021-06-05 13:10 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2023-12-23 22:36 - 2023-11-10 18:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2023-12-23 22:36 - 2023-07-11 17:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2023-12-23 22:35 - 2022-05-07 06:28 - 000000000 ____D C:\WINDOWS\Setup
2023-12-23 22:35 - 2022-05-07 06:24 - 000000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows
2023-12-23 22:33 - 2023-10-01 08:01 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2023-12-23 22:33 - 2022-05-07 11:39 - 000000000 ___SD C:\WINDOWS\system32\AppV
2023-12-23 22:33 - 2022-05-07 11:39 - 000000000 ____D C:\WINDOWS\InboxApps
2023-12-23 22:33 - 2022-05-07 11:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-12-23 22:33 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\de
2023-12-23 22:33 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\de
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\id-ID
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\et-EE
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\es-MX
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\DDFs
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Globalization
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\DiagTrack
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-12-23 22:33 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\System
2023-12-23 22:33 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\servicing
2023-12-23 22:32 - 2022-05-07 11:39 - 000036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2023-12-23 22:32 - 2022-05-07 06:25 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2023-12-23 22:32 - 2022-05-07 06:25 - 000076800 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2023-12-23 22:32 - 2022-05-07 06:24 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2023-12-23 22:32 - 2022-05-07 06:24 - 000118784 _____ (Khronos Group) C:\WINDOWS\system32\opencl.dll
2023-12-23 22:15 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\OCR
2023-12-23 22:14 - 2023-07-06 03:17 - 000000000 ____D C:\Users\PC\Documents\Geschenke
2023-12-23 22:13 - 2022-05-07 11:39 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2023-12-23 22:13 - 2022-05-07 11:39 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2023-12-23 22:13 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2023-12-23 22:13 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2023-12-23 22:13 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2023-12-23 22:13 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2023-12-23 22:13 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\winrm
2023-12-23 22:13 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\WCN
2023-12-23 22:13 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\slmgr
2023-12-23 22:13 - 2022-05-07 11:29 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2023-12-23 22:13 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2023-12-23 22:13 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2023-12-23 22:13 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2023-12-23 22:13 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\dsc
2023-12-23 22:13 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2023-12-23 22:13 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2023-12-23 22:13 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2023-12-23 20:56 - 2023-10-26 18:57 - 000000000 ____D C:\Users\PC\AppData\Local\CrashDumps
2023-12-23 13:30 - 2023-08-12 03:14 - 000000000 ____D C:\Users\PC\AppData\Roaming\DeepL_SE
2023-12-23 13:15 - 2023-05-29 18:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-12-23 12:52 - 2022-03-25 07:28 - 000000000 ____D C:\Program Files\Microsoft Office
2023-12-23 12:47 - 2023-07-16 13:09 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Teams
2023-12-22 11:39 - 2023-05-03 10:02 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Word
2023-12-22 09:11 - 2023-05-29 18:06 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-12-22 07:19 - 2023-10-26 18:27 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2023-12-22 01:31 - 2022-03-24 14:40 - 000000000 ____D C:\Users\PC\AppData\Local\PlaceholderTileLogoFolder
2023-12-19 18:07 - 2022-03-24 14:45 - 000000000 ____D C:\ProgramData\HP
2023-12-14 22:32 - 2022-03-24 14:32 - 000002386 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-12-13 00:04 - 2023-06-08 16:09 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Excel
2023-12-12 23:59 - 2023-07-06 03:37 - 000000000 ____D C:\Users\PC\Documents\Persönliches
2023-12-11 03:29 - 2023-08-20 11:35 - 000000000 ____D C:\Program Files\Windscribe
2023-12-08 17:06 - 2023-07-06 02:52 - 000000000 ____D C:\Users\PC\Documents\00_Bolivien
2023-12-08 16:55 - 2023-07-06 03:39 - 000000000 ____D C:\Users\PC\Documents\Reisen
2023-12-08 01:38 - 2022-03-24 14:27 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-12-06 19:07 - 2023-07-06 04:00 - 000000000 ____D C:\Users\PC\Documents\Zoom
2023-12-05 16:30 - 2023-07-17 17:56 - 000000000 ____D C:\Users\PC\AppData\Roaming\Zoom
2023-12-05 15:01 - 2023-07-06 03:16 - 000000000 ____D C:\Users\PC\Documents\Citavi 6
2023-12-04 20:27 - 2023-07-06 02:52 - 000800844 _____ C:\Users\PC\Documents\01_Tagesplan2_2.xlsx
2023-12-04 17:05 - 2023-07-06 02:53 - 000000000 ____D C:\Users\PC\Documents\00_Jonael
2023-12-02 14:17 - 2022-03-24 14:32 - 000000000 ___RD C:\Users\PC\OneDrive
2023-12-01 12:11 - 2022-03-24 14:29 - 000000000 ____D C:\Users\PC\AppData\Local\ConnectedDevicesPlatform
2023-12-01 11:40 - 2022-03-24 14:36 - 000000000 ____D C:\Users\PC\AppData\Local\Comms
2023-12-01 11:33 - 2023-07-16 13:10 - 000002383 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school).lnk
2023-11-24 20:39 - 2023-10-26 17:58 - 000000000 ____D C:\ProgramData\WinZip
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
FRST Additions Logfile: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 22-12-2023
durchgeführt von PC (24-12-2023 17:12:11)
Gestartet von C:\Users\PC\Downloads
Microsoft Windows 11 Pro Version 23H2 22631.2861 (X64) (2023-12-23 21:50:06)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-350317605-4065228070-467651021-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-350317605-4065228070-467651021-503 - Limited - Disabled)
Gast (S-1-5-21-350317605-4065228070-467651021-501 - Limited - Disabled)
PC (S-1-5-21-350317605-4065228070-467651021-1001 - Administrator - Enabled) => C:\Users\PC
WDAGUtilityAccount (S-1-5-21-350317605-4065228070-467651021-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-1033-7760-BC15014EA700}) (Version: 23.006.20380 - Adobe)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 4.10.07061 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{11E16B39-0FA6-4DF0-9736-73BB638C9924}) (Version: 4.10.07061 - Cisco Systems, Inc.) Hidden
Citavi 6 (HKLM-x32\...\{6A331045-8FF4-4BC9-9C56-E593ACAE28C2}) (Version: 6.17.0.0 - Swiss Academic Software)
CopyTrans HEIC for Windows (HKLM\...\CopyTrans HEIC for Windows_is1) (Version: 2.0.0.0 - Ursa Minor Ltd)
Documentos (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\cd93b26705c340f11fb89a1272d1a9a3) (Version: 1.0 - Google\Chrome)
Foxit PDF Reader (HKLM-x32\...\{58919E0A-3B2E-11EE-AA33-54BF64A63C26}) (Version: 2023.2.0.21408 - Foxit Software Inc.)
Gmail (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\1182e88030ca76f34631fe25fe5c9c71) (Version: 1.0 - Google\Chrome)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 120.0.6099.129 - Google LLC)
Google Drive (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\c4818ee695088edade03b0e7dd0e4c59) (Version: 1.0 - Google\Chrome)
Hojas de cálculo (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\b2a229ee517bba9f648c7093450bc695) (Version: 1.0 - Google\Chrome)
Mein CEWE FOTOBUCH (HKLM\...\Mein CEWE FOTOBUCH) (Version: 7.3.3 - CEWE Stiftung u Co. KGaA)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 120.0.2210.91 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.91 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\OneDriveSetup.exe) (Version: 23.246.1127.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\Teams) (Version: 1.6.00.29964 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 121.0 (x64 en-US)) (Version: 121.0 - Mozilla)
Mozilla Thunderbird (x64 en-US) (HKLM\...\Mozilla Thunderbird 115.6.0 (x64 en-US)) (Version: 115.6.0 - Mozilla)
Presentaciones (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\4f8b446637346f455e3e12bcc497a8a6) (Version: 1.0 - Google\Chrome)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.59.0 - Samsung Electronics Co., Ltd.)
Signal 6.40.0 (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 6.40.0 - Signal Messenger, LLC)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23081.1 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23081.1 - Samsung Electronics Co., Ltd.)
VdhCoApp 1.6.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
Windows*11-Installationsassistent (HKLM-x32\...\{115DF11E-4B4C-4EA9-9A79-00DB0C7EF02D}) (Version: 1.4.19041.3630 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM\...\{4254C1AD-B9B0-4020-A4B1-D8B61D12142A}) (Version: 3.7.2204.15001 - Microsoft Corporation)
Windscribe (HKLM\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 2.6.14 - Windscribe Limited)
YouTube (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\5871af6285f0460949db70ad593d5a4e) (Version: 1.0 - Google\Chrome)
Zoom (HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\ZoomUMX) (Version: 5.16.2 (22807) - Zoom Video Communications, Inc.)
Packages:
=========
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC [2023-11-15] ()
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.30024.0_x64__0a9344xs7nr4m [2023-06-07] (Advanced Micro Devices Inc.) [Startup Task]
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.800.344.0_x64__8wekyb3d8bbwe [2023-12-23] (Microsoft Corporation)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.36.274.0_x64__v10z8vjag6ke6 [2023-12-12] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_150.1.1140.0_x64__v10z8vjag6ke6 [2023-11-14] (HP Inc.)
Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-12-23] (Microsoft Corporation)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-12-23] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0 [2023-12-23] (Spotify AB) [Startup Task]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-12-23] (Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-350317605-4065228070-467651021-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-350317605-4065228070-467651021-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> "C:\Users\PC\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe" -ToastActivated => Keine Datei
CustomCLSID: HKU\S-1-5-21-350317605-4065228070-467651021-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\PC\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.23270.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-350317605-4065228070-467651021-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-350317605-4065228070-467651021-1001_Classes\CLSID\{8ecb5a87-c13f-46fe-abd1-b59015f99cda}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-350317605-4065228070-467651021-1001_Classes\CLSID\{9EADBD1A-447B-4240-A9DD-73FE7C53A981}\InprocServer32 -> C:\Program Files\Microsoft Office\Root\Office16\OUTLMIME.DLL => Keine Datei
CustomCLSID: HKU\S-1-5-21-350317605-4065228070-467651021-1001_Classes\CLSID\{b72e6f5e-f6e0-a9eb-461b-6118363bd15c}\localserver32 -> "C:\Users\PC\AppData\Local\0install.net\implementations\sha256new_7ATQFYMYISD5LU42STURHNI33TRSMJBHVQPLEAO3EX4R5WPI6GTQ\DeepL.exe" -ToastActivated => Keine Datei
CustomCLSID: HKU\S-1-5-21-350317605-4065228070-467651021-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\PC\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-02-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Documentos.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=mpnpojknpmmopombnjdcgaaiekajbnjb
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Gmail.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fmgjjmmmlfnkbppncabfkddbjimcfncm
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Google Drive.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=aghbiahbpaijignceidepookljebhfak
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Hojas de cálculo.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=fhihpiojkbmbpdjeoajapmgkhlnakfjf
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Presentaciones.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=kefjledonklijopmnomlcbpllchaibag
ShortcutWithArgument: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\YouTube.lnk -> C:\Program Files\Google\Chrome\Application\chrome_proxy.exe (Google LLC) -> --profile-directory=Default --app-id=agimnkijcaahngcdmfeangaknmldooml
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:/Program Files (x86)/Internet Explorer/Citavi Picker/x64/SwissAcademic.Citavi.IEPicker.DLL => Keine Datei
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:/Program Files (x86)/Internet Explorer/Citavi Picker/SwissAcademic.Citavi.IEPicker.DLL => Keine Datei
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2021-06-05 13:08 - 2021-06-05 13:08 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-350317605-4065228070-467651021-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\StartupApproved\StartupFolder: => "DeepL auto-start.lnk"
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\StartupApproved\Run: => "Lync"
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_B47356396DDD0FAAE76D0ED141F5CEA2"
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-350317605-4065228070-467651021-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{24EA14FA-2DDC-47AE-94BC-29764B2C259E}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{5671674A-6FAA-4DFD-A7E1-D2BB35C456F4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{48C6AB88-C2C2-411B-B744-39E181C6487C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{706C9566-8991-485F-82CF-FE4C2F69F555}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F9E4A73D-A951-4F80-A195-A6F308AF3B18}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A16F272C-2238-4172-BE66-21B15AAFE328}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{7B46B1EE-83D1-48E9-AE8A-2CA3876EA890}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{D165DC86-BB3E-415F-A62B-FCA927B800B1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{54F23557-9BF0-45C8-8D25-60DBD40BF0D9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8A661D53-4B99-4A13-8BFF-C7ED02EF78BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{1AC6E210-EFC1-4E8B-84CC-00A58FDBFC9F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{35E973FB-BC73-4C9F-B9EE-85123F19F69A}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A9C91ABD-6D66-4DA7-802E-D7EF8F5D5824}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9AE1A530-1042-45EE-BBA3-1C802907BCA3}] => (Allow) C:\Users\PC\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{8679C26C-D57E-4261-86FB-E25673C0AEFB}] => (Allow) C:\Users\PC\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{1B2A0465-6751-4280-A57C-0A11951DF803}] => (Allow) C:\Users\PC\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [UDP Query User{AC0FD30C-9034-41C9-9035-7720ED66496C}C:\users\pc\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\pc\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{731A0CF2-4227-449A-907B-1AE1E34D3491}C:\users\pc\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\pc\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{A38E7B1D-E497-4041-BAE7-BC284F357A6C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{3B2C740D-1673-4D10-9AD0-821BB4E09CB0}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{701E34F4-DBA0-4AA8-993C-5853AB3B0CD6}] => (Allow) LPort=50053
FirewallRules: [{403B010D-A8DA-4539-97FC-69037DCE83B7}] => (Allow) LPort=50053
FirewallRules: [{FE39E837-EE3F-4BE3-96E0-1A2AF8286F43}] => (Allow) LPort=53016
FirewallRules: [{641838E5-DDBA-470E-B098-40DF73BF99F6}] => (Allow) LPort=53015
FirewallRules: [{7AF2B0E9-C393-4CF4-8F0D-8A8AC98F3A75}] => (Allow) LPort=53014
FirewallRules: [{2F176E02-91A1-41A5-8897-BAEB46514C52}] => (Allow) LPort=43013
FirewallRules: [{FC01329F-5AD7-45AA-9666-5C84EC86FD50}] => (Allow) LPort=43012
FirewallRules: [{2D7E5E24-258B-489D-85C8-E3C3BACBBA57}] => (Allow) LPort=33011
FirewallRules: [{31C88A57-EB31-4104-9AA5-802620102EC2}] => (Allow) LPort=33010
FirewallRules: [{B1399091-09DD-4050-83EC-6E079A33B0A5}] => (Allow) LPort=33009
FirewallRules: [{8C70F163-E381-4DBC-8E2B-9BF5F0AB013D}] => (Allow) LPort=23008
FirewallRules: [{DBCDC1B9-9846-4A99-A6C9-C3B83BB70D21}] => (Allow) LPort=23007
FirewallRules: [{A848EF6B-8296-4CE8-8038-FDEAAC9632D1}] => (Allow) LPort=53016
FirewallRules: [{4178BF93-B5EA-41C2-81B7-DB6752C1A505}] => (Allow) LPort=53015
FirewallRules: [{681AFCD9-FE99-4958-BAA5-B30E1C7A3A61}] => (Allow) LPort=53014
FirewallRules: [{D1E849D9-AA20-42EF-8397-3F26A6EF1FB6}] => (Allow) LPort=43013
FirewallRules: [{A502D5C6-DE43-4E5E-B792-A39161B82F79}] => (Allow) LPort=43012
FirewallRules: [{010B1A40-8C22-4E2A-A52F-B9DE87A7B6EA}] => (Allow) LPort=33011
FirewallRules: [{A938CCE6-621E-4BB8-A9B0-6DB7BA22FDD4}] => (Allow) LPort=33010
FirewallRules: [{53A39332-16D6-4F2C-B4D1-61FF6F773E6E}] => (Allow) LPort=33009
FirewallRules: [{85811004-8D59-434C-949E-E468E7A24161}] => (Allow) LPort=23008
FirewallRules: [{F966E350-48E4-4163-AAF8-4C15FBAB93AB}] => (Allow) LPort=23007
FirewallRules: [{519F97DB-4861-491A-82CB-BD4F1AFB0FDB}] => (Allow) LPort=57218
FirewallRules: [{C71F71A1-2321-4DB0-B06A-105E3DF5B367}] => (Allow) LPort=57217
FirewallRules: [{E49C6559-EDFC-40CF-A138-C7D3BE479D22}] => (Allow) LPort=57216
FirewallRules: [{47CA2657-2D31-4552-B507-1C260F6A86B0}] => (Allow) LPort=57215
FirewallRules: [{768E49AC-47CE-40AD-8FFD-38B677F4E2F5}] => (Allow) LPort=57214
FirewallRules: [{ACAAECB1-DB21-49B1-8AC2-B5332BE84794}] => (Allow) LPort=57213
FirewallRules: [{1E219F24-6D5B-4903-A38D-F3BC80917DB9}] => (Allow) LPort=57212
FirewallRules: [{0F397F98-5C8F-4863-842A-BD05C92F4B0E}] => (Allow) LPort=57211
FirewallRules: [{16D8C32D-D439-4334-B624-FB5264D74EB1}] => (Allow) LPort=57210
FirewallRules: [{50723289-0A46-4E59-A07E-8761218C127A}] => (Allow) LPort=57209
FirewallRules: [{4B4FB4BD-9582-4265-8517-D5D5CF4D764B}] => (Allow) LPort=57218
FirewallRules: [{17D7255C-4335-4467-B836-B2ECE5381C95}] => (Allow) LPort=57217
FirewallRules: [{27C9F9C8-A51D-47CD-A75B-341B93D3876F}] => (Allow) LPort=57216
FirewallRules: [{5C2F4B64-C456-4AEC-9387-88DE0E4F415F}] => (Allow) LPort=57215
FirewallRules: [{587DC5B0-8492-4025-B0C1-45D83A372A8A}] => (Allow) LPort=57214
FirewallRules: [{F0780A09-55FD-46FC-8193-34F5D2ADBEB3}] => (Allow) LPort=57213
FirewallRules: [{FF862496-5DB2-4DBD-9CF6-A65BFE5CF0DD}] => (Allow) LPort=57212
FirewallRules: [{1DB45496-CFCD-4A4F-940A-A501AF296217}] => (Allow) LPort=57211
FirewallRules: [{99051D13-8DEA-4940-A5AB-5EE5A6759D87}] => (Allow) LPort=57210
FirewallRules: [{084959AD-9BC2-4622-8AC8-5472F70C514A}] => (Allow) LPort=57209
FirewallRules: [{7C157381-8488-475C-9E40-93C0ACAF8CCB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{4D01583C-F9BE-4AB0-8AB6-4278CCFF2353}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{CF27204E-3518-484B-B107-D421C5BFCCC4}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.91\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2FC10305-ECD4-40BD-B9BC-A50A7988E303}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{45C7E7DF-D90C-4761-8131-28E894459A37}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{BFB1140E-7DE1-46A3-BEFE-15FABB054579}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{001D6F80-B70E-4E6D-8CB8-13CC6CDA9526}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{1FFBAF21-9EAA-45FE-8A83-32B7D57E28DB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5C184FB2-665F-4A55-A7C4-0FEAF198B6CD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F65E750E-7E58-43A4-B65A-A7B8A84A41EC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{AFDAE51D-FC01-42D3-B1B3-2C28791B0D53}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5745784A-56F3-43E8-B897-23A01838A976}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{A126C410-0148-40F3-97BF-9E4D56807590}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{842DD470-5012-4292-89EA-7A35369F13F3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5DE56330-44B7-43C6-BD1F-0A7A6202A3C1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.226.1187.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
==================== Wiederherstellungspunkte =========================
23-12-2023 23:01:15 Windows Modules Installer
==================== Fehlerhafte Geräte im Gerätemanager ============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (12/23/2023 11:14:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Error: (12/23/2023 11:14:15 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (12/23/2023 11:14:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren.
.
Error: (12/23/2023 11:14:15 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.
]
Error: (12/23/2023 10:50:44 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80040d07, "mapi16://{S-1-5-21-350317605-4065228070-467651021-1001}/">.
Error: (12/23/2023 10:50:44 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80004005, "file:///C:\[66bb18a2-5868-43af-ac0f-ae82e29e7e0e]\Users\">.
Error: (12/23/2023 10:50:44 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Die Liste der eingeschlossenen und ausgeschlossenen Adressen konnte vvon Windows Search nicht verarbeitet werden. Fehler: <30, 0x80004005, "file:///C:\[66bb18a2-5868-43af-ac0f-ae82e29e7e0e]\ProgramData\Microsoft\Windows\Start Menu\">.
Error: (12/23/2023 10:48:42 PM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Name der fehlerhaften Anwendung: SECOMN64.exe, Version: 2.0.10.58, Zeitstempel: 0x620de6b5
Name des fehlerhaften Moduls: SECOMN64.dll, Version: 2.0.10.58, Zeitstempel: 0x620de6ae
Ausnahmecode: 0xc0000409
Fehleroffset: 0x00000000000f0591
ID des fehlerhaften Prozesses: 0x0x1198
Startzeit der fehlerhaften Anwendung: 0x0x1da35e932910df5
Pfad der fehlerhaften Anwendung: C:\WINDOWS\System32\SECOMN64.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\SECOMN64.dll
Berichtskennung: 664576f9-fa5c-496a-9e8e-48048b85cc6d
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (12/23/2023 11:16:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200b fehlgeschlagen: Realtek Semiconductor Corp. - Extension - 6.0.9570.1
Error: (12/23/2023 11:16:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200b fehlgeschlagen: Realtek Semiconductor Corp. - Extension - 6.0.9570.1
Error: (12/23/2023 11:08:27 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200b fehlgeschlagen: Realtek - AudioProcessingObject - 13.198.1117.186
Error: (12/23/2023 11:08:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200b fehlgeschlagen: Realtek Semiconductor Corp. - Extension - 6.0.9570.1
Error: (12/23/2023 10:49:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Sound Research SECOMN Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (12/23/2023 10:44:34 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "Druckererweiterungen und -benachrichtigungen" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
==================== Speicherinformationen ===========================
BIOS: Insyde F.32 08/02/2022
Hauptplatine: HP 890E
Prozessor: AMD Ryzen 5 5500U with Radeon Graphics
Prozentuale Nutzung des RAM: 48%
Installierter physikalischer RAM: 15680 MB
Verfügbarer physikalischer RAM: 8065.76 MB
Summe virtueller Speicher: 38559.37 MB
Verfügbarer virtueller Speicher: 29495.43 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:475.89 GB) (Free:66.55 GB) (Model: SSD_M.2_512GB_InnovationIT_QLC) NTFS
\\?\Volume{5bdce1ca-c652-455b-8fbf-d2096c831322}\ () (Fixed) (Total:0.83 GB) (Free:0.08 GB) NTFS
\\?\Volume{d32e5aa6-d023-46c6-a7b0-1a164c5410e3}\ () (Fixed) (Total:0.1 GB) (Free:0.07 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 476.9 GB) (Disk ID: D4572D45)
Partition: GPT.
==================== Ende von Addition.txt =======================
Geändert von kar_y_na (24.12.2023 um 17:41 Uhr) |
|
24.12.2023, 17:34
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Edge öffnet nachts eigenständig Websites adwCleaner Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags. adwcleaner zwecks Kontrolle bitte wiederholen, falls es Funde gab.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.12.2023, 13:32
| #12 |
| | Microsoft Edge öffnet nachts eigenständig Websites Erledigt, danke Karl: Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2023-07-19.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 12-25-2023
# Duration: 00:00:04
# OS: Windows 11 (Build 22631.2861)
# Cleaned: 8
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Deleted Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
Deleted Preinstalled.SamsungSmartSwitch File C:\Users\Public\Desktop\Smart Switch.lnk
Deleted Preinstalled.SamsungSmartSwitch Folder C:\Program Files (x86)\SAMSUNG\SMART SWITCH PC
Deleted Preinstalled.SamsungSmartSwitch Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SAMSUNG\SMART SWITCH PC
Deleted Preinstalled.SamsungSmartSwitch Folder C:\Users\PC\AppData\Roaming\SAMSUNG\SMART SWITCH PC
Deleted Preinstalled.SamsungSmartSwitch Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}
Deleted Preinstalled.SamsungSmartSwitch Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [2363 octets] - [25/12/2023 13:24:37]
AdwCleaner[S01].txt - [2424 octets] - [25/12/2023 13:27:09]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ##########
|
|
25.12.2023, 13:33
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Microsoft Edge öffnet nachts eigenständig Websites Kontrollscans mit MBAM und RK Poste nach Abschluss der beiden Scans die Logs in CODE-Tags.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.12.2023, 23:09
| #14 |
| | Microsoft Edge öffnet nachts eigenständig Websites Bin auf Familienbesuch, antworte demnächst, Karl. |
|
27.12.2023, 11:13
| #15 |
| | Microsoft Edge öffnet nachts eigenständig Websites Ok: Außerdem, ich hatte vor ca. einem Monat eine Datei "Chat_GPT-5 for PC Installation v1.1.3.rar" heruntergeladen (vorher gegoogelt, ob es Malware ist; sollte es anscheinend nicht sein). Ich habe sie vergeblich 2-3 Mal vergeblich versucht zu installieren. Danach habe ich sie gelöscht, da sie A nutzlos war und B aus Sicherheit. Kann das dazu beigetragen haben, dass Edge ein Eigenleben entwickelte? Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 27.12.23
Scan-Zeit: 10:50
Protokolldatei: 67f77288-a49d-11ee-8e3b-f0a654c7e720.json
-Softwaredaten-
Version: 4.6.7.301
Komponentenversion: 1.0.2222
Version des Aktualisierungspakets: 1.0.78907
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 11 (Build 22631.2861)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-N67O51V\PC
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 267223
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 4 Min., 23 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter Program : RogueKiller Anti-Malware
Version : 15.13.1.0
x64 : Yes
Program Date : Dec 5 2023
Location : C:\Users\PC\Downloads\RogueKiller_portable64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 11 (10.0.22631) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : PC
User is Admin : Yes
Date : 2023/12/27 09:23:53
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 337
Found items : 0
Total scanned : 81382
Signatures Version : 20231214_082405
Truesight Driver : Yes
Updates Count : 0
************************* Warnings *************************
************************* Updates *************************
************************* Processes *************************
************************* Modules *************************
************************* Services *************************
************************* Scheduled Tasks *************************
************************* Registry *************************
************************* WMI *************************
************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts
************************* Filesystem *************************
************************* Web Browsers *************************
************************* Antirootkit *************************
Geändert von kar_y_na (27.12.2023 um 11:21 Uhr) |
|
| Themen zu Microsoft Edge öffnet nachts eigenständig Websites |
| avira, browser, edge browser, edge öffnet fenster ungewollt, entfernen, firefox, frage, google, homepage, installation, internet, internet explorer, mozilla, netzwerk, prozesse, realtek, registry, scan, schutz, security, services.exe, software, suchmaschine, svchost.exe, udp, usb, windows |
Linear-Darstellung
