| |
| |||||||
Antiviren-, Firewall- und andere Schutzprogramme: Malwarebytes FundeWindows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen. |
 |
24.03.2025, 19:28
| #1 |
 |  Malwarebytes Funde beim heutigen Scan hat Malwarebytes 4 Funde angezeigt, sind jetzt in der Quarantäne und zwar: Malware.AI.3919384741 in C:users\hold\Appdata\Local\Nuget\Cache\Autohotkey.Inststall.1.1.36.00.NUPKG C:users\hold\Appdata\Local\Nuget\Cache\Autohotkey.Inststall.1.1.35.00.NUPKG C:users\hold\Appdata\Local\Nuget\Cache\Autohotkey.Inststall.1.1.36.01.NUPKG und jetzt die Scans Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 24-03-2025
durchgeführt von Hold (Administrator) auf HOLD-PC (Micro-Star International Co., Ltd MS-7B86) (24-03-2025 19:05:30)
Gestartet von C:\Users\Hold\Downloads\FRST64(1).exe
Geladene Profile: Hold
Plattform: Microsoft Windows 10 Home Version 22H2 19045.5608 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe
(0A0B0503-04C2-4CCF-9BC2-4F164DC80FEE -> Advanced Micro Devices, Inc.) C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
(C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe ->) (Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
(DriverStore\FileRepository\u0390451.inf_amd64_39377efdd62734d1\B390182\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0390451.inf_amd64_39377efdd62734d1\B390182\atieclxx.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.031.0217.0003\Microsoft.SharePoint.exe
(explorer.exe ->) (Palo Alto Networks -> Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe
(Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <14>
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0390451.inf_amd64_39377efdd62734d1\B390182\atiesrxx.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Huawei Technologies Co., Ltd. -> ) [Datei ist nicht signiert] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(services.exe ->) (Intel® Upgrade Service -> Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdlogsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\NisSrv.exe
(services.exe ->) (Palo Alto Networks -> Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Reason Software Company Inc. -> Reason Software Company Inc.) C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1084704 2020-05-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [GlobalProtect] => C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [13306216 2023-01-19] (Palo Alto Networks -> Palo Alto Networks)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [165672064 2025-03-03] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\Policies\...\system: [DisableAcrylicBackgroundOnLogon] 1
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Hold\AppData\Local\Microsoft\Teams\Update.exe [2453720 2021-03-04] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [5007680 2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [] => [X]
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe" -hide -runkey (Keine Datei)
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Hold\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] (Amazon Services LLC -> )
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [Microsoft.Lists] => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\Microsoft.SharePoint.exe [1026904 2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [28999440 2024-11-06] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\MountPoints2: {42dc64ac-fa67-11eb-8155-001a7dda7115} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\MountPoints2: {c2559b58-5f94-11ee-87b0-001a7dda7115} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\MountPoints2: {d995cc1b-fc72-11ed-8686-001a7dda7115} - "H:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\MountPoints2: {d995cc41-fc72-11ed-8686-001a7dda7115} - "H:\HiSuiteDownLoader.exe"
HKLM\...\Windows x64\Print Processors\Canon MG6800 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCR.DLL [30208 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Canon TS5300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDFO.DLL [529408 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5300 series: C:\WINDOWS\system32\CNMLMAT.DLL [385024 2012-03-14] (CANON INC.) [Datei ist nicht signiert]
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6800 series: C:\WINDOWS\system32\CNMLMCR.DLL [406528 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP550 series: C:\WINDOWS\system32\CNMLM9Z.DLL [336896 2010-04-24] (CANON INC.) [Datei ist nicht signiert]
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS5300 series: C:\WINDOWS\system32\CNMLMFO.DLL [959488 2020-12-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [355840 2011-02-01] (CANON INC.) [Datei ist nicht signiert]
HKLM\...\Print\Monitors\CutePDF Writer Monitor: C:\WINDOWS\system32\cpwmon64.dll [87600 2013-10-23] (Acro Software Inc. -> )
HKLM\Software\...\Authentication\Credential Providers: [{25CA8579-1BD8-469c-B9FC-6AC45A161C18}] -> C:\WINDOWS\system32\PanV2CredProv.dll [2023-01-19] (Palo Alto Networks -> )
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Avira.lnk [2019-11-08]
ShortcutTarget: Avira.lnk -> C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Keine Datei)
Startup: C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk [2020-10-05]
ShortcutTarget: Facebook Gameroom.lnk -> C:\Users\Hold\AppData\Local\Facebook\Games\FacebookGameroom.exe (Keine Datei)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {D28B5C2B-4E20-44B9-A480-318A6C13A086} - System32\Tasks\{7EBD5F35-2CFB-441A-B155-F53E9B47C259} => C:\Windows\System32\pcalua.exe [91136 2025-02-12] (Microsoft Windows -> Microsoft Corporation) -> -a "G:\Acrobat 8\APRO23_Win_ESD1_WWEFG.exe" -d "G:\Acrobat 8"
Task: {B0C2EFF6-17C7-416D-82A6-0898650ACE4C} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1627648 2020-05-20] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
Task: {B4441101-5AD1-404C-84B6-0E821262217C} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1627648 2020-05-20] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
Task: {BA7D26AF-140A-4C9C-916E-E701D87654F8} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5973416 2025-03-13] (Microsoft Windows -> Microsoft Corporation)
Task: {30A7D77A-60AA-4760-AEB1-3E20D431AE15} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [30992 2024-11-06] (Garmin International, Inc. -> )
Task: {F51824DB-2BC8-43B9-BBB8-5E59A1F78240} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {42EF6F11-9B4A-428C-BA1D-8D21660C1E2F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {E02B9FF8-94B0-4452-8924-73F27C5025B2} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {4E538AD1-3A04-4BAF-A971-53D32373A51F} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {44760C04-E7BC-406F-BA3E-86509300AE8B} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {297F6368-E760-4DB7-98E3-B6F98B0502CE} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {163777C8-1A69-4710-B2C8-2AC9C4FEE2B1} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {0E7A0897-312A-4EF1-A314-20943EC9FBC9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpCmdRun.exe [1732816 2025-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {90513843-67A7-47EC-B87C-F65ACAAD0E75} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpCmdRun.exe [1732816 2025-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5C159FE6-4E26-4B74-80DF-62146BBC3451} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpCmdRun.exe [1732816 2025-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C9D39DED-67E4-4020-A3C3-9EFA2BBFE552} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpCmdRun.exe [1732816 2025-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E8D504A5-BB36-463D-811A-2A40A7E6CF74} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {BECD3DD0-6BFE-4A75-BCD4-8F1D2C5D6192} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {F848D2AA-7194-4797-80BE-D03650521791} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2179792 2013-05-13] (Microsoft Corporation -> Microsoft)
Task: {0076A310-FB48-4BF7-9078-9E2A6A62A216} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2108624 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {A132A6C4-4B7C-4EFD-82D7-4A355229C854} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1491664 2013-05-13] (Microsoft Corporation -> Microsoft Corporation)
Task: {13607C5B-F632-4BAA-B11A-6DC858AF1B99} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1627648 2020-05-20] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
Task: {69B8A916-68CC-49BA-A2A0-7D811767D81F} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [682560 2025-03-21] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {6E437D42-DAE8-4141-8417-1E740579A7E3} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [682560 2025-03-18] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {83C2424E-42A4-43AA-99B8-26D4784115F8} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-856262021-2868319075-1551791506-1000 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [682560 2025-03-21] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {FD9A4C61-0968-4191-BE0D-08C81A0C1BBC} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-856262021-2868319075-1551791506-1000 E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [682560 2025-03-18] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {183AC676-0BD5-43CC-BF7B-2B2938AA3E2E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-03-21] (Mozilla Corporation -> Mozilla Foundation)
Task: {F75220A6-E35B-44B2-B928-A5A839C28ED8} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [34880 2025-03-18] (Mozilla Corporation -> Mozilla Foundation)
Task: {8FD0D2E1-998E-439A-B2B0-A3DD161FFCE4} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [31904 2019-03-05] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {97A00CF3-7BF8-44BE-B202-EA41D9A39AF7} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4222800 2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {39BD2EFD-EEDF-4A29-91EB-C9CE73FA295F} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-856262021-2868319075-1551791506-1000 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4222800 2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C8BD8EE-0362-4A48-9E04-BF7AD1CEA067} - System32\Tasks\OneDrive Startup Task-S-1-5-21-856262021-2868319075-1551791506-1000 => C:\Program Files\Microsoft OneDrive\25.015.0126.0002\OneDriveLauncher.exe /startInstances (Keine Datei)
Task: {1FA4ACE8-BF44-4A41-900E-047714381A70} - System32\Tasks\Opera scheduled assistant Autoupdate 1588331751 => C:\Users\Hold\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Hold\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {12AF3F3A-006E-4541-BAF1-8768F9FC3A43} - System32\Tasks\Opera scheduled Autoupdate 1586608251 => C:\Users\Hold\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Keine Datei)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\..\Interfaces\{117921c0-aa1a-4711-8fc7-afe9d4de684b}: [DhcpNameServer] 10.0.0.138 10.0.0.138
Tcpip\..\Interfaces\{117921c0-aa1a-4711-8fc7-afe9d4de684b}: [DhcpDomain] home
Tcpip\..\Interfaces\{71ed5fbf-68cc-4197-8727-c3b123ec4794}: [DhcpNameServer] 10.0.0.138 10.0.0.138
Tcpip\..\Interfaces\{71ed5fbf-68cc-4197-8727-c3b123ec4794}: [DhcpDomain] home
Tcpip\..\Interfaces\{f357bc00-42a2-436b-8185-df56f636c528}: [NameServer] 172.16.14.80,172.16.14.81
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Hold\AppData\Local\Microsoft\Edge\User Data\Default [2025-03-24]
Edge DownloadDir: Default -> C:\Users\Hold\Downloads
Edge Notifications: Default -> hxxps://www.facebook.com
Edge Extension: (Google Docs Offline) - C:\Users\Hold\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-01]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\Hold\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2024-10-23]hxxps://clients2.google.com/service/update2/crx
Edge Extension: (Edge relevant text changes) - C:\Users\Hold\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]hxxps://edge.microsoft.com/extensionwebstorebase/v1/crx
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: ddgha12u.default-1458347090774-1576507469294
FF ProfilePath: C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ychdf87m.default-release [2025-02-21]
FF ProfilePath: C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294 [2025-03-24]
FF Homepage: Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294 -> orf.at
FF Notifications: Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294 -> hxxps://www.youtube.com; hxxps://www.lieferando.at; hxxps://win2day.ice.hockey; hxxps://ankick.skysportaustria.at; hxxps://ma.amazonflow.top
FF Extension: (Facebook Container) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\@contain-facebook.xpi [2025-03-24]
FF Extension: (AdBlocker Ultimate) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\adblockultimate@adblockultimate.net.xpi [2025-02-16]
FF Extension: (HTTPS Everywhere) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\https-everywhere@eff.org.xpi [2021-07-15]
FF Extension: (Watermelon Surge) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{0ad3f4fd-59cf-4a55-9ded-68261e219d6c}.xpi [2022-03-08]
FF Extension: (Microsoft Office - Dark Gray) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{1c41d9fb-f904-4d38-850f-074312f06e64}.xpi [2021-10-05]
FF Extension: (Photon Colors) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{2c6c94f3-c656-41e9-aa4b-1edba5be9c21}.xpi [2021-10-05]
FF Extension: (Three Wolf Moon Shirt) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{50193c98-9eee-4b67-9244-95ced154911d}.xpi [2021-10-05]
FF Extension: (Minimalist Blue) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{623e2c8d-8986-4f2d-af27-e60982948572}.xpi [2021-10-05]
FF Extension: (ANIMATED CAT LICKING YOUR SCREEN) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{6a21e28f-b023-41bb-aad9-7db3a398599f}.xpi [2021-10-05]
FF Extension: (NoScript) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2025-01-03]
FF Extension: (Download Statusbar) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{76faaba6-3aa1-47a4-bf40-90aa2505e79c}.xpi [2024-04-26]
FF Extension: (Matte Black (Red)) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{a7589411-c5f6-41cf-8bdc-f66527d9d930}.xpi [2022-02-24]
FF Extension: (SciFi) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{a7f8e0cd-f3f4-41bb-9043-d3fc0e9e0b92}.xpi [2021-10-05]
FF Extension: (puits bleu d'infini) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{b3994f5b-c557-4b30-b0e1-1db9098f690e}.xpi [2021-09-10]
FF Extension: (Dark Fox) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{e7fe4ffe-f256-4f85-906d-072fdd698585}.xpi [2021-10-05]
FF Extension: (Kurgzsekseta) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\Extensions\{e8f3b919-d290-4270-b66f-29f3fdbb1986}.xpi [2021-10-05]
FF Extension: (Fix add-ons signed before 2018 (Bug 1954818)) - C:\Users\Hold\AppData\Roaming\Mozilla\Firefox\Profiles\ddgha12u.default-1458347090774-1576507469294\features\{f87588db-f36e-402c-aff8-d79265031fb2}\hotfix-intermediate-2018@mozilla.com.xpi [2025-03-22]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.13 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.14 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.15 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.19 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.21 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2024-06-08] (VideoLAN -> VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
Chrome:
=======
CHR Profile: C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default [2021-12-03]
CHR Extension: (Präsentationen) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-03-16]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Docs) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-03-16]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Google Drive) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-11-03]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (YouTube) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-03-16]hxxp://clients2.google.com/service/update2/crx
CHR Extension: (Avira Password Manager) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2021-07-29]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Avira Safe Shopping) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2021-07-29]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Tabellen) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-03-16]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Avira Browserschutz) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2021-07-29]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Google Docs Offline) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-07-29]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-07-29]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Google Mail) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-11-03]hxxps://clients2.google.com/service/update2/crx
CHR Extension: (Chrome Media Router) - C:\Users\Hold\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-07-29]hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Opera:
=======
OPR Profile: C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable [2023-06-13]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Avira Safe Shopping) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\dalelnnofafalcmkmnhdbigbjjkloabo [2023-03-20]hxxps://extension-updates.opera.com/api/omaha/update/
OPR Extension: (Rich Hints Agent) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2023-03-20]hxxps://extension-updates.opera.com/api/omaha/update/
OPR Extension: (Opera Wallet) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk [2023-04-25]hxxps://extension-updates.opera.com/api/omaha/update/
OPR Extension: (Amazon Assistant Promotion) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-12-04]hxxps://extension-updates.opera.com/api/omaha/update/
OPR Extension: (Opera AI Prompts) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\mljbnbeedpkgakdchcmfapkjhfcogaoc [2023-04-25]hxxps://extension-updates.opera.com/api/omaha/update/
OPR Extension: (Avira Password Manager) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\ngohaaocccbohaffogpbgfpmpgbcgccg [2023-04-25]hxxps://extension-updates.opera.com/api/omaha/update/
OPR Extension: (Free Avira Phantom VPN – Entsperrt Webseiten) - C:\Users\Hold\AppData\Roaming\Opera Software\Opera Stable\Extensions\pcgkmkjdikhiodinhloioejnpjgmfigd [2020-11-05]hxxps://extension-updates.opera.com/api/omaha/update/
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncHelper.exe [3533648 2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [236864 2022-06-24] (Huawei Technologies Co., Ltd. -> ) [Datei ist nicht signiert]
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9484384 2025-03-15] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2024-12-19] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MpDefenderCoreService.exe [1926976 2025-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.031.0217.0003\OneDriveUpdaterService.exe [3880256 2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
R2 PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [11323752 2023-01-19] (Palo Alto Networks -> Palo Alto Networks)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [18720560 2025-03-05] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 Unchecky; C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe [297240 2022-01-29] (Reason Software Company Inc. -> Reason Software Company Inc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\NisSrv.exe [4352456 2025-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25010.11-0\MsMpEng.exe [270056 2025-03-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 LibreOfficeMaintenance; "C:\Program Files\LibreOffice\program\update_service.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [54720 2022-10-21] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0390451.inf_amd64_39377efdd62734d1\B390182\amdkmdag.sys [94467928 2023-04-06] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R1 AsrAppCharger; C:\WINDOWS\System32\DRIVERS\AsrAppCharger.sys [17192 2011-05-10] (ASROCK Incorporation -> Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
S3 gpfltdrv; C:\WINDOWS\system32\DRIVERS\gpfltdrv.sys [114944 2023-01-19] (Palo Alto Networks -> Palo Alto Networks)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [278944 2025-03-06] (Microsoft Windows -> Microsoft Corporation)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [234072 2025-03-24] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [22120 2025-03-15] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2024-08-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 PanGpd; C:\WINDOWS\system32\DRIVERS\pangpd.sys [78712 2023-01-19] (Palo Alto Networks -> Palo Alto Networks Inc.)
R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2020-03-18] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [221824 2016-04-24] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 UimBus; C:\WINDOWS\System32\drivers\uimbus.sys [109504 2018-11-27] (Paragon Software GmbH -> Paragon Software GmbH)
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uimdevim.sys [46016 2018-11-27] (Paragon Software GmbH -> Paragon Software GmbH)
R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [701232 2015-08-26] (Paragon Software GmbH -> )
R1 Uim_VIM; C:\WINDOWS\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon Software GmbH -> Paragon)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Apple, Inc.) [Datei ist nicht signiert]
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [20016 2025-03-06] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [601520 2025-03-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100768 2025-03-06] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; kein ImagePath
S3 NTIOLib_DVDSetup; \??\E:\NTIOLib_X64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-03-24 19:05 - 2025-03-24 19:06 - 000040311 _____ C:\Users\Hold\Downloads\FRST.txt
2025-03-24 19:04 - 2025-03-24 19:04 - 002404352 _____ (Farbar) C:\Users\Hold\Downloads\FRST64(1).exe
2025-03-21 13:50 - 2025-03-21 23:34 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-03-21 09:09 - 2025-03-21 13:37 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2025-03-18 18:32 - 2025-03-19 17:07 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2025-03-18 18:32 - 2025-03-18 18:32 - 000000000 ____D C:\Program Files (x86)\Teams Installer
2025-03-14 08:48 - 2025-03-14 08:48 - 000687248 _____ C:\Users\Hold\Documents\IMG_20250314_0001.pdf
2025-03-13 16:36 - 2025-03-13 16:36 - 000129134 _____ C:\Users\Hold\Downloads\bill_2025-03_903920280325-1.pdf
2025-03-13 16:35 - 2025-03-13 16:35 - 000128565 _____ C:\Users\Hold\Downloads\bill_2025-02_903137950225.pdf
2025-03-13 16:34 - 2025-03-13 16:34 - 000129134 _____ C:\Users\Hold\Downloads\bill_2025-03_903920280325.pdf
2025-03-12 20:00 - 2025-03-12 20:00 - 000000000 ___HD C:\$WinREAgent
2025-02-28 10:30 - 2025-02-28 10:30 - 000002667 _____ C:\Users\Hold\Downloads\cpub-TSX-TSX-CmsRdsh(1).rdp
2025-02-28 06:46 - 2025-02-28 06:46 - 000002667 _____ C:\Users\Hold\Downloads\cpub-TSX-TSX-CmsRdsh.rdp
2025-02-27 10:35 - 2025-02-27 10:35 - 000001169 _____ C:\Users\Public\Desktop\LibreOffice.lnk
2025-02-27 10:35 - 2025-02-27 10:35 - 000000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice
2025-02-25 16:31 - 2025-02-25 16:31 - 000106478 _____ C:\Users\Hold\Downloads\00977833-Umsatzliste-20250225-1740497474518-AT751200010012802871.pdf
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-03-24 19:05 - 2023-05-18 11:14 - 000000000 ____D C:\Users\Hold\AppData\Local\Malwarebytes
2025-03-24 19:05 - 2023-05-06 19:35 - 000000000 ____D C:\FRST
2025-03-24 18:35 - 2020-10-18 16:26 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-03-24 18:05 - 2022-02-08 17:42 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-03-24 17:14 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-03-24 17:14 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-03-24 17:06 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-03-24 17:06 - 2018-05-09 22:09 - 000000000 ____D C:\Users\Hold\AppData\Local\D3DSCache
2025-03-24 16:50 - 2020-10-18 16:59 - 000004152 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{AD2B4477-891E-4F60-8EE5-9F132CEC2808}
2025-03-24 16:45 - 2020-10-18 16:43 - 001917508 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-03-24 16:45 - 2019-12-07 15:50 - 000820860 _____ C:\WINDOWS\system32\perfh007.dat
2025-03-24 16:45 - 2019-12-07 15:50 - 000177392 _____ C:\WINDOWS\system32\perfc007.dat
2025-03-24 16:45 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2025-03-24 16:42 - 2021-12-03 17:29 - 000000000 ____D C:\Users\Hold\AppData\Local\Chocolatey GUI
2025-03-24 16:41 - 2024-10-04 05:15 - 000003108 _____ C:\WINDOWS\system32\Tasks\AMDInstallLauncher
2025-03-24 16:41 - 2024-09-27 16:21 - 000003094 _____ C:\WINDOWS\system32\Tasks\AMDLinkUpdate
2025-03-24 16:41 - 2020-10-18 16:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-03-24 16:41 - 2020-10-18 16:26 - 000008192 ___SH C:\DumpStack.log.tmp
2025-03-24 16:41 - 2014-02-23 13:39 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2025-03-23 20:14 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2025-03-23 17:29 - 2021-12-15 11:45 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-03-22 23:36 - 2020-08-14 12:00 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-03-22 23:36 - 2020-08-14 12:00 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-03-21 23:34 - 2014-02-20 12:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-03-21 23:05 - 2023-05-14 11:51 - 000001785 _____ C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-03-21 23:05 - 2022-03-05 11:08 - 000001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-03-21 15:03 - 2019-04-10 17:27 - 000000000 ____D C:\Users\Hold\AppData\Roaming\PersBackup6
2025-03-21 09:33 - 2014-02-20 12:53 - 000001278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2025-03-18 18:22 - 2021-10-22 15:11 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-03-17 18:04 - 2021-12-13 19:44 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-856262021-2868319075-1551791506-1000
2025-03-17 18:04 - 2021-10-22 15:11 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-03-17 18:04 - 2021-10-22 15:11 - 000002148 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-03-16 20:12 - 2021-11-16 17:19 - 000000000 ____D C:\Users\Hold\AppData\Roaming\Sky Q
2025-03-16 12:27 - 2014-02-20 12:24 - 000000000 ____D C:\Users\Hold\AppData\Roaming\Microsoft\MMC
2025-03-15 11:59 - 2021-02-19 20:38 - 000022120 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2025-03-15 11:59 - 2020-10-29 23:24 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2025-03-15 11:59 - 2019-06-29 15:17 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2025-03-15 11:59 - 2018-03-30 09:53 - 000000000 ____D C:\Program Files\Malwarebytes
2025-03-15 11:59 - 2015-11-10 20:14 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-03-13 09:08 - 2020-10-18 16:26 - 000664520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-03-13 09:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-03-13 09:07 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-03-13 09:04 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-03-13 08:50 - 2022-01-29 13:17 - 000001186 _____ C:\Users\Hold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo.lnk
2025-03-12 22:13 - 2020-11-05 18:48 - 000000000 ____D C:\Users\Hold\AppData\Local\CrashDumps
2025-03-11 18:48 - 2022-04-14 22:24 - 009566696 _____ (Malwarebytes) C:\Users\Hold\Desktop\adwcleaner.exe
2025-03-07 09:30 - 2020-10-18 16:59 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-03-07 09:30 - 2020-10-18 16:59 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-03-06 17:44 - 2018-05-09 16:29 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-03-01 14:37 - 2021-12-03 17:28 - 000000000 ____D C:\ProgramData\chocolatey
2025-02-28 10:31 - 2019-12-07 15:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2025-02-27 10:35 - 2024-05-20 11:24 - 000000000 ____D C:\Program Files\LibreOffice
2025-02-26 18:08 - 2019-12-07 15:51 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2025-02-26 18:08 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-02-26 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-02-26 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-02-26 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-02-26 18:08 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-02-26 18:08 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2025-02-26 17:42 - 2020-10-18 16:30 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-02-24 18:24 - 2025-02-18 19:11 - 000003546 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-856262021-2868319075-1551791506-1000
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2015-11-08 16:47 - 2015-11-08 16:47 - 000003904 _____ () C:\Users\Hold\AppData\Local\recently-used.xbel
2016-05-14 21:18 - 2016-05-14 21:18 - 000000017 _____ () C:\Users\Hold\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 24-03-2025
durchgeführt von Hold (24-03-2025 19:07:36)
Gestartet von C:\Users\Hold\Downloads
Microsoft Windows 10 Home Version 22H2 19045.5608 (X64) (2020-10-18 16:00:58)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-856262021-2868319075-1551791506-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-856262021-2868319075-1551791506-503 - Limited - Disabled)
Gast (S-1-5-21-856262021-2868319075-1551791506-501 - Limited - Disabled)
Hold (S-1-5-21-856262021-2868319075-1551791506-1000 - Administrator - Enabled) => C:\Users\Hold
WDAGUtilityAccount (S-1-5-21-856262021-2868319075-1551791506-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.12 - Adobe Systems Incorporated)
AMD Chipset Software (HKLM-x32\...\AMD_Chipset_IODrivers) (Version: 2.05.04.352 - Advanced Micro Devices, Inc.)
AMD GPIO2 Driver (HKLM-x32\...\{E9DD399F-21A3-479E-A7DF-D6CF4B2ADBF3}) (Version: 2.2.0.126 - Advanced Micro Devices, Inc.) Hidden
AMD PSP Driver (HKLM-x32\...\{988F14B8-79A8-475D-BAC7-83F96AD3D821}) (Version: 4.13.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD Ryzen Balanced Driver (HKLM-x32\...\{A171D320-C42C-4F3B-A2D8-C6A09F6788CC}) (Version: 5.0.0.0 - Advanced Micro Devices, Inc.) Hidden
AMD SBxxx SMBus Driver Alpha (HKLM-x32\...\{AAE0E27D-C88A-49BA-8715-77ADCD4286A3}) (Version: 5.12.0.38 - Advanced Micro Devices, Inc.) Hidden
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 20.10.20 - Advanced Micro Devices, Inc.)
AMD_Chipset_Drivers (HKLM-x32\...\{810a2b63-212d-4a59-bfb5-f2d575cd44f0}) (Version: 2.05.04.352 - Advanced Micro Devices, Inc.) Hidden
ANT Drivers Installer x64 (HKLM\...\{FD1A4C7D-D35E-4742-BCEB-1E1104D103C4}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{C56BA005-F02C-461B-ACA5-A0CE3E32578F}) (Version: 6.5 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{C8087B7C-8496-45BE-92FB-91D31EB73969}) (Version: 6.5 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.4.000 - Asmedia Technology)
ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.)
AutoHotkey (HKLM\...\AutoHotkey) (Version: 2.0.19 - AutoHotkey Foundation LLC)
BIPA FotoShop (HKLM-x32\...\BIPA FotoShop) (Version: 5.1.7 - CEWE Stiftung u Co. KGaA)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon Easy-PhotoPrint Editor (HKLM-x32\...\Canon Easy-PhotoPrint Editor) (Version: 1.9.0 - Canon Inc.)
Canon IJ Printer Assistant Tool (HKLM-x32\...\Canon IJ Printer Assistant Tool) (Version: 1.30.1.52 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.5.5.3 - Canon Inc.)
Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - )
Canon MG6800 series On-screen Manual (HKLM-x32\...\Canon MG6800 series On-screen Manual) (Version: 7.8.0 - Canon Inc.)
Canon TS5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_TS5300_series) (Version: 1.04 - Canon Inc.)
CDBurnerXP (64 bit) (HKLM\...\{99A4E14B-FC7B-4CB4-B3EC-76E014558D29}) (Version: 4.5.8.7128 - Canneverbe Limited)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)
Chocolatey GUI (HKLM-x32\...\{56844CFD-8859-4F3B-9ED7-5C778CC43F33}) (Version: 2.1.1.0 - Chocolatey)
Citrix Online Plug-in - Web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
Citrix Online Plug-in (DV) (HKLM-x32\...\{CF53CF7C-D996-43EB-9904-DBED57C25625}) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (HDX) (HKLM-x32\...\{812424AC-A8B5-44E6-8D48-07E939D1AD9A}) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (USB) (HKLM-x32\...\{55392E52-1AAD-44C4-BE49-258FFE72434F}) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix Online Plug-in (Web) (HKLM-x32\...\{0BCA9EFD-F2D6-4638-B053-8693BA0404BE}) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Client (HKLM-x32\...\{BAB4AAD2-93A4-11D4-A165-00508B67A692}) (Version: 5.50.000 - BMD Systemhaus GesmbH)
CoolUtils Mail Viewer (HKLM-x32\...\CoolUtils Mail Viewer_is1) (Version: 2.5 - Softplicity, Inc.)
CrystalDiskInfo 8.9.0a (HKLM\...\CrystalDiskInfo_is1) (Version: 8.9.0a - Crystal Dew World)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.)
Elevated Installer (HKLM-x32\...\{164C7EA9-EFD3-4DCE-A297-FFB72D12E457}) (Version: 7.24.0.0 - Garmin Ltd or its subsidiaries) Hidden
Facebook Gameroom 1.23.7426.18586 (HKLM-x32\...\{58E3FB73-8B88-4807-A803-79B5ADA0136F}) (Version: 1.23.7426.18586 - Facebook)
Garmin Express (HKLM-x32\...\{206c32b6-b534-4c0c-a074-df1ca53e6e3e}) (Version: 7.24.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{50EE2113-6BB9-466F-A71B-FE40DB3139A4}) (Version: 7.24.0.0 - Garmin Ltd or its subsidiaries) Hidden
GlobalProtect (HKLM\...\{10DB4861-4D29-4014-961A-3F0127DD464B}) (Version: 6.0.5 - Palo Alto Networks)
HiSuite (HKLM-x32\...\Hi Suite) (Version: 11.0.0.650 - Huawei Technologies Co., Ltd.)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{7224B7CE-196C-4E2A-A1AE-1D7BF259FD36}) (Version: 3.4.1942 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}) (Version: 1.24.738.1 - Intel Corporation) Hidden
LibreOffice 25.2.0.3 (HKLM\...\{E38AFCD6-BF08-4ECA-AAFF-D6D57FAC1A3A}) (Version: 25.2.0.3 - The Document Foundation)
Malwarebytes version 5.2.8.173 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.8.173 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (DEU) (HKLM\...\{1DB0C90B-2A9F-3A1E-B1DF-616C5A2A1417}) (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{26784146-6E05-3FF9-9335-786C7C0FB5BE}) (Version: 4.5.51209 - Microsoft Corporation) Hidden
Microsoft DVD App Installation for Microsoft.WindowsDVDPlayer_2019.6.13291.0_neutral_~_8wekyb3d8bbwe (x64) (HKLM\...\{25E80DAA-FD87-DCE5-202C-CC02F6673002}) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Edge (HKLM-x32\...\{9DD52253-EDC7-3161-B3DA-31127669C901}) (Version: 134.0.3124.83 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 134.0.3124.83 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.031.0217.0003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\Teams) (Version: 1.4.00.4167 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23026 (HKLM\...\{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}) (Version: 14.0.23026 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23026 (HKLM\...\{0D3E9E15-DE7A-300B-96F1-B4AF12B96488}) (Version: 14.0.23026 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.23.27820 (HKLM-x32\...\{45231ab4-69fd-486a-859d-7a59fcd11013}) (Version: 14.23.27820.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.23.27820 (HKLM-x32\...\{86BE78D9-65A1-4E69-86F8-C1F5281F8553}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.23.27820 (HKLM-x32\...\{00AC3934-26B4-406E-807C-1692AC7329EC}) (Version: 14.23.27820 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}) (Version: 10.0.50908 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 136.0.2 (x64 de)) (Version: 136.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 128.7.1 - Mozilla)
Mozilla Thunderbird (x86 de) (HKLM-x32\...\Mozilla Thunderbird 128.8.1 (x86 de)) (Version: 128.8.1 - Mozilla)
MyHarmony (HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Paragon Backup & Recovery™ 17 CE (HKLM\...\{505143F0-48A3-4ABD-A1FE-F77425BFBF66}) (Version: 17.9.3.4927 - Paragon Software) Hidden
Paragon Backup & Recovery™ 17 CE (HKLM-x32\...\{37102375-99b6-4ec1-af7d-ec77bb61cd49}) (Version: 17.9.3.4927 - Paragon Software GmbH)
Paragon UIM (HKLM\...\{49AED3CA-E137-4E65-9555-D05C60281BAC}) (Version: 24.60.0.460 - Paragon Software) Hidden
PerformanceTest v10.0 (HKLM\...\PerformanceTest 10_is1) (Version: 10.0.1010.0 - Passmark Software)
Personal Backup 6.2.37.0 (32-bit) (HKLM-x32\...\Personal Backup 6_is1) (Version: 6.2.37.0 - Dr. J. Rathlev)
Promontory_GPIO Driver (HKLM-x32\...\{B5512BCC-F4CD-4159-86A4-B2AD7D38FFA9}) (Version: 2.0.1.0 - Advanced Micro Devices, Inc.) Hidden
Realtek Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8960.1 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.38.1118.2019 - Realtek)
Sky X 25.1.2.0 (HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\com.bskyb.skyxplayer_is1) (Version: 25.1.2.0 - Sky)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.8.0.6262 - Microsoft Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.63.5 - TeamViewer)
Unchecky v1.2 (HKLM-x32\...\Unchecky) (Version: 1.2 - Reason Software Company Inc.)
Update for x64-based Windows Systems (KB5001716) (HKLM\...\{DA80A019-4C3B-4DAA-ACA1-6937D7CAAF9E}) (Version: 8.94.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.21 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
Windows Live ID Sign-in Assistant (HKLM\...\{CE52672C-A0E9-4450-8875-88A221D5CD50}) (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows-PC-Integritätsprüfung (HKLM\...\{63EFBDB5-01B0-4614-BE9F-7F1908E42275}) (Version: 3.1.2109.29003 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM\...\{E06F96B5-4369-4BDC-B64D-2A8A02FE069B}) (Version: 4.0.2410.23001 - Microsoft Corporation)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Winmail Opener 1.7 (HKLM-x32\...\Winmail Opener) (Version: 1.7 - Eolsoft)
Packages:
=========
AMD Radeon Software -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.20.10028.0_x64__0a9344xs7nr4m [2024-05-23] (Advanced Micro Devices Inc.) [Startup Task]
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_4.9.1.0_x64__kgqvnymyfvs32 [2025-03-05] (king.com)
Candy Crush Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSaga_1.2982.2.0_x64__kgqvnymyfvs32 [2025-03-17] (king.com)
Candy Crush Soda Saga -> C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.288.300.0_x64__kgqvnymyfvs32 [2025-03-07] (king.com)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-12] (Microsoft Corporation)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12136.1.3022.0_x64__nzyj5cx40ttqa [2025-03-07] (Apple Inc.) [Startup Task]
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-09-24] (Microsoft Corporation)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-17] (Microsoft Corporation) [MS Ad]
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.12.219.0_x64__dt26b99r8h8gj [2020-12-26] (Realtek Semiconductor Corp)
Twitter -> C:\Program Files\WindowsApps\9E2F88E3.TWITTER_7.0.1.0_neutral__wgeqdkkx372wm [2021-06-11] (Twitter Inc.)
WindowsDVDPlayer -> C:\Program Files\WindowsApps\Microsoft.WindowsDVDPlayer_3.6.13291.0_x64__8wekyb3d8bbwe [2016-05-14] (Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-856262021-2868319075-1551791506-1000_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Hold\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.20289.5\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-856262021-2868319075-1551791506-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel(R) pGFX -> Intel Corporation)
CustomCLSID: HKU\S-1-5-21-856262021-2868319075-1551791506-1000_Classes\CLSID\{CB965DF1-B8EA-49C7-BDAD-5457FDC1BF92}\InprocServer32 -> C:\Users\Hold\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.19350.3\x64\Microsoft.Teams.AddinLoader.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-856262021-2868319075-1551791506-1000_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\Hold\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncShell64.dll [2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncShell64.dll [2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncShell64.dll [2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncShell64.dll [2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncShell64.dll [2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncShell64.dll [2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncShell64.dll [2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncShell64.dll [2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncShell64.dll [2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncShell64.dll [2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncShell64.dll [2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncShell64.dll [2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncShell64.dll [2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncShell64.dll [2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncShell64.dll [2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-12-04] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncShell64.dll [2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.031.0217.0003\FileSyncShell64.dll [2025-03-17] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => -> Keine Datei
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} => -> Keine Datei
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-12-04] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2016-10-15 21:30 - 2010-04-24 04:00 - 000336896 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNMLM9Z.DLL
2016-05-14 18:36 - 2012-03-14 05:00 - 000385024 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNMLMAT.DLL
2014-02-20 14:32 - 2011-02-01 09:23 - 000355840 _____ (CANON INC.) [Datei ist nicht signiert] C:\WINDOWS\System32\CNMN6PPM.DLL
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
Da befinden sich 7940 mehr Seiten.
IE trusted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\secunia.com. -> hxxps://secunia.com.
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\123simsen.com -> www.123simsen.com
Da befinden sich 7945 mehr Seiten.
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2018-04-12 00:38 - 2025-03-24 16:41 - 000003384 _____ C:\WINDOWS\system32\drivers\etc\hosts
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 rp.yefeneri2.com
0.0.0.0 os.yefeneri2.com
0.0.0.0 os2.yefeneri2.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\;C:\ProgramData\chocolatey\bin;
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\Control Panel\Desktop\\Wallpaper -> D:\Fotos\Koh Samui 2020\20200220_100155.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (Keine Datei)
ist aktiviert.
Network Binding:
=============
Ethernet: Phantom TAP-Windows Adapter V9 -> phantomtap.sys
Ethernet 4: PANGP Virtual Ethernet Adapter Secure -> pangpd.sys
Bluetooth-Netzwerkverbindung 4: Bluetooth Device (Personal Area Network) #3 -> bthpan.sys
Ethernet 3: Realtek PCIe GbE Family Controller #2 -> rt640x64.sys
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Secunia PSI Tray.lnk => C:\Windows\pss\Secunia PSI Tray.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
HKLM\...\StartupApproved\StartupFolder: => "Secunia PSI Tray.lnk"
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "IgfxTray"
HKLM\...\StartupApproved\Run32: => "ConnectionCenter"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\StartupFolder: => "Facebook Gameroom.lnk"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\StartupFolder: => "Avira.lnk"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\StartupFolder: => "An OneNote senden.lnk"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "GarminExpress"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "Opera Browser Assistant"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "Windows Defender"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "Opera Stable"
HKU\S-1-5-21-856262021-2868319075-1551791506-1000\...\StartupApproved\Run: => "AmazonMP3DownloaderHelper"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{4CE991B2-B38A-43BC-BAB1-9203556C713F}C:\users\hold\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\hold\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{D84E05FD-2312-4DC4-8075-9A1916BD56AF}C:\users\hold\appdata\local\microsoft\teams\current\teams.exe] => (Allow) C:\users\hold\appdata\local\microsoft\teams\current\teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{F73053EF-6862-458C-BC42-D4B98A11B16D}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [TCP Query User{BE532A11-CF89-4BBB-90B7-8DDD768F6477}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe (VideoLAN -> VideoLAN)
FirewallRules: [{FD9B3171-81C7-44F3-B314-5DCD5059D0C5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{11F4409C-2B7C-45FA-8E05-B139C11B6B98}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{34E1B575-13A3-4AE6-A311-70E0FFA0746D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{497899E9-744A-4864-9C97-DE2B8CDE2DE7}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{67213130-5D65-4419-B5DE-56A61D621311}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{9A510696-5EF3-4BDB-A2D0-B6538A8A3C36}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{A647EC86-C8D9-40AF-8EDC-B4B7F2D227B3}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe => Keine Datei
FirewallRules: [{7A9271F6-8ACF-4503-AB5C-0430A89C1329}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{1D867D88-4276-4F0B-B1D5-4A023DC12A7E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{2D4B8EEF-015B-4FFD-AA9D-8283BAD2191A}] => (Allow) C:\Users\Hold\AppData\Local\Programs\Opera\99.0.4788.47\opera.exe => Keine Datei
FirewallRules: [{35AC5939-98DA-4AC4-994D-B53B5AD498E9}] => (Allow) C:\Users\Hold\AppData\Local\Programs\Opera\99.0.4788.65\opera.exe => Keine Datei
FirewallRules: [{20FC5E8D-5FD6-436C-A284-D47EB4F09DF8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{FDAF1717-3441-4B9F-9D5B-77CF2EB88E84}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4D36B36F-E1FA-4F54-A9D1-DFC3D16C449B}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4C60A116-855E-4EF6-A0E9-A15596C1B3FF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{1FA9B8AA-AE5C-4170-BBC4-B64E23225106}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12136.1.3022.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{8E0C45D6-16DF-421E-B1AA-C2BFD67C30C6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12136.1.3022.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{FD9FA92F-B216-425F-8DA1-5E00679D3A3A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12136.1.3022.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{B6733A82-3CA2-4440-9299-41EDEE65226D}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12136.1.3022.0_x64__nzyj5cx40ttqa\iTunes.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{CF51FA59-46B0-484C-A659-72B74CDD1635}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12136.1.3022.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{2B23E76B-79A4-484A-BEFD-E9E9A0EE3D87}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12136.1.3022.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{1A50AD2D-55B3-4878-A12B-DE8D9A8CCA52}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12136.1.3022.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{AE6E7690-32CC-456A-B8ED-A4D9BF944C23}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12136.1.3022.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe (5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.)
FirewallRules: [{9275D8FA-7CB8-4EE0-9BB1-2F626F8779BC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{58F3F745-0656-4BBF-AB50-A2CEBFF39F00}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{A4981160-E51C-4B62-845D-2ECE311883EA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{4382C9C4-F5CA-4FA0-AED3-81444F175B83}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{070F7AAB-82CF-4627-A2C7-78B4054440B0}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\134.0.3124.83\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{000DF576-5092-4474-ABFF-4BC056406201}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{54652262-4BCB-4ECA-B755-2E4F1DD1FA46}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D251A0B4-226B-421A-8CD1-1882AA114CE5}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{13DBDB5B-AE27-41A3-AC4F-43CF7F078DFE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.138.3211.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Wiederherstellungspunkte =========================
05-03-2025 19:11:16 Geplanter Prüfpunkt
13-03-2025 08:57:09 Windows Modules Installer
21-03-2025 09:04:46 Geplanter Prüfpunkt
==================== Fehlerhafte Geräte im Gerätemanager ============
Name: PANGP Virtual Ethernet Adapter Secure
Description: PANGP Virtual Ethernet Adapter Secure
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: PaloAltoNetworks
Service: PanGpd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (03/24/2025 04:43:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 11.6.0.1030, Zeitstempel: 0x5042b0f0
Name des fehlerhaften Moduls: IAStorUtil.ni.dll, Version: 11.6.0.1030, Zeitstempel: 0x5042b0eb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000305e5
ID des fehlerhaften Prozesses: 0x18ec
Startzeit der fehlerhaften Anwendung: 0x01db9cd377b09f04
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\e8939a1ddef377c0fe75371b584b7363\IAStorUtil.ni.dll
Berichtskennung: 15563593-cd86-469a-8534-a6e9047c4d99
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/24/2025 04:43:23 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IAStorDataMgrSvc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
bei IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
bei IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
bei IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (03/23/2025 05:32:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 11.6.0.1030, Zeitstempel: 0x5042b0f0
Name des fehlerhaften Moduls: IAStorUtil.ni.dll, Version: 11.6.0.1030, Zeitstempel: 0x5042b0eb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000305e5
ID des fehlerhaften Prozesses: 0x24d0
Startzeit der fehlerhaften Anwendung: 0x01db9c111dd10212
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\e8939a1ddef377c0fe75371b584b7363\IAStorUtil.ni.dll
Berichtskennung: f586e594-a9b8-4217-812c-902a4ca48970
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/23/2025 05:32:10 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IAStorDataMgrSvc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
bei IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
bei IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
bei IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (03/23/2025 12:20:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 11.6.0.1030, Zeitstempel: 0x5042b0f0
Name des fehlerhaften Moduls: IAStorUtil.ni.dll, Version: 11.6.0.1030, Zeitstempel: 0x5042b0eb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000305e5
ID des fehlerhaften Prozesses: 0x2bb8
Startzeit der fehlerhaften Anwendung: 0x01db9be5853f73a9
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\e8939a1ddef377c0fe75371b584b7363\IAStorUtil.ni.dll
Berichtskennung: ac12ca64-8d40-4d36-afc8-021e50531bc7
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/23/2025 12:20:06 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IAStorDataMgrSvc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
bei IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
bei IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
bei IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Error: (03/22/2025 11:29:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 11.6.0.1030, Zeitstempel: 0x5042b0f0
Name des fehlerhaften Moduls: IAStorUtil.ni.dll, Version: 11.6.0.1030, Zeitstempel: 0x5042b0eb
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000305e5
ID des fehlerhaften Prozesses: 0x1450
Startzeit der fehlerhaften Anwendung: 0x01db9b79e106ecc6
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\IAStorUtil\e8939a1ddef377c0fe75371b584b7363\IAStorUtil.ni.dll
Berichtskennung: d27d243f-1715-4615-b0e3-2e102961d5ef
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (03/22/2025 11:29:34 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: IAStorDataMgrSvc.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.NullReferenceException
bei IAStorUtil.SystemDataModelListener.ProcessSystemDataModelChanges()
bei IAStorUtil.SystemDataModelListener.LoadSavedSystemState()
bei IAStorDataMgr.EventRelay.<Start>b__0(System.Object)
bei System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
bei System.Threading.ThreadPoolWorkQueue.Dispatch()
bei System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
Systemfehler:
=============
Error: (03/24/2025 04:43:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage-Technologie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/24/2025 04:43:20 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Broker für Laufzeitüberwachung der Systemüberwachung" wurde mit folgendem Fehler beendet:
%%3489660935
Error: (03/24/2025 04:41:36 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200b fehlgeschlagen: Canon - Printer - 8/24/2018 12:00:00 AM - 2.90.2.20
Error: (03/24/2025 04:41:21 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Es ist ein Initialisierungsfehler aufgetreten, da der Treiber nicht erstellt werden konnte.
Verwenden Sie die Zeichenfolge "025041000001", um die Schnittstelle zu identifizieren, die nicht initialisiert werden
konnte. Sie stellt die MAC-Adresse der Schnittstelle mit dem Initialisierungsfehler oder die
GUID (Globally Unique Interface Identifier) dar, wenn NetBT keine Zuordnung
von der GUID zur MAC-Adresse herstellen konnte. Wenn weder die MAC-Adresse noch die GUID verfügbar
waren, dann stellt die Zeichenfolge einen Clustergerätenamen dar.
Error: (03/24/2025 04:41:21 PM) (Source: NetBT) (EventID: 4311) (User: )
Description: Es ist ein Initialisierungsfehler aufgetreten, da der Treiber nicht erstellt werden konnte.
Verwenden Sie die Zeichenfolge "025041000001", um die Schnittstelle zu identifizieren, die nicht initialisiert werden
konnte. Sie stellt die MAC-Adresse der Schnittstelle mit dem Initialisierungsfehler oder die
GUID (Globally Unique Interface Identifier) dar, wenn NetBT keine Zuordnung
von der GUID zur MAC-Adresse herstellen konnte. Wenn weder die MAC-Adresse noch die GUID verfügbar
waren, dann stellt die Zeichenfolge einen Clustergerätenamen dar.
Error: (03/24/2025 04:41:17 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten.
Error: (03/24/2025 04:41:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AMD Crash Defender Service" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.
Error: (03/24/2025 04:41:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (45000 ms) wurde beim Verbindungsversuch mit dem Dienst AMD Crash Defender Service erreicht.
Windows Defender:
================
Date: 2025-03-22 11:25:54
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-03-22 11:12:27
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-03-17 18:20:02
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-03-11 18:00:12
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Date: 2025-03-10 18:13:27
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Event[0]:
Date: 2024-01-29 12:54:23
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.403.2882.0
Update Source: Microsoft Update-Server
Security intelligence Type: AntiVirus
Update Type: Voll
Current Engine Version:
Previous Engine Version: 1.1.23110.2
Error code: 0x8024001e
Error description: Unerwartetes Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates oder zur Problembehandlung finden Sie unter "Hilfe und Support".
CodeIntegrity:
===============
Date: 2025-03-24 18:48:49
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. M.70 06/17/2020
Hauptplatine: Micro-Star International Co., Ltd B450-A PRO MAX (MS-7B86)
Prozessor: AMD Ryzen 5 3400G with Radeon Vega Graphics
Prozentuale Nutzung des RAM: 38%
Installierter physikalischer RAM: 14282.68 MB
Verfügbarer physikalischer RAM: 8838.54 MB
Summe virtueller Speicher: 28618.68 MB
Verfügbarer virtueller Speicher: 21797.25 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:359.24 GB) (Free:165.58 GB) (Model: KINGSTON SA400S37480G) NTFS
Drive d: (Volume) (Fixed) (Total:87.79 GB) (Free:27.97 GB) (Model: KINGSTON SA400S37480G) NTFS
Drive f: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) (Model: KINGSTON SA400S37480G) NTFS ==>[System mit Startkomponenten (eingeholt von Laufwerk)]
Drive g: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:441.08 GB) (Model: TOSHIBA External USB 3.0 USB Device) NTFS
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 447.1 GB) (Disk ID: 624A1F8B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=87.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=359.2 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: CED0B5E5)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt =======================
|
|
25.03.2025, 08:57
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Malwarebytes FundeZitat:
Die Dinger sehen aber ziemlch alt aus. Machst du denn auch regelmäßig Updates mit chocolatey? Code:
ATTFilter choco upgrade all -y
__________________ |
|
25.03.2025, 09:03
| #3 |
| | Malwarebytes Funde Updates mit choco upgrade all -y mache ich mehr oder weniger regelmäßig (funktioniert aber nicht alles, kommen auch Fehlermeldungen).
__________________Der 4. Fundort war in C:users\hold\appdata\roaming\microsoft\windows\recent\autohotkey.install.1.1.35.00.nupkg.ink. Kann (soll) ich alle 4 Funde wieder zurück holen? LG Geändert von Klopfer60 (25.03.2025 um 09:53 Uhr) |
|
26.03.2025, 18:15
| #4 |
| /// TB-Ausbilder | Malwarebytes Funde Ja, hol sie zurück. |
|
26.03.2025, 23:09
| #5 |
| | Malwarebytes Funde Danke für die Hilfe |
|
| Themen zu Malwarebytes Funde |
| antivirus, bonjour, desktop, firefox, google, home, homepage, installation, internet, internet explorer, mozilla, netstat, port, prozesse, realtek, registry, rundll, scan, security, services.exe, software, system, udp, updates, windows |
Linear-Darstellung
