| juergen007 | 23.11.2021 01:21 |
Ja ich hatte jdownloader mal genutzt und c..e,to Code:
Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 14-11-2021
durchgeführt von System_X (23-11-2021 00:39:43) Run:1
Gestartet von C:\Users\System_X\Desktop
Geladene Profile: System_X
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
SystemRestore: On
CreateRestorePoint:
CloseProcesses:
CMD: reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender"
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG
Unlock: C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\avtxbt0o.default\user.js
CMD: type "C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\avtxbt0o.default\user.js"
VirusTotal: C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\avtxbt0o.default\user.js
C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\avtxbt0o.default\user.js
Unlock: C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\w6ywzn9z.default-release\user.js
CMD: type "C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\w6ywzn9z.default-release\user.js"
VirusTotal: C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\w6ywzn9z.default-release\user.js
C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\w6ywzn9z.default-release\user.js
CMD: type "C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\avtxbt0o.default\prefs.js"
CMD: type "C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\w6ywzn9z.default-release\prefs.js"
S4 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S4 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
S3 DRHARD; \??\C:\WINDOWS\system32\DRIVERS\DRHARD.SYS [X]
S3 GPU-Z-v2; \??\C:\Users\System_X\AppData\Local\Temp\GPU-Z-v2.sys [X] <==== ACHTUNG
U3 idsvc; kein ImagePath
Task: {BF439720-ADEF-4777-BC72-CC3D8395C6F2} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (Keine Datei)
Task: {1137CB67-D7A2-4AEE-9BB9-8D7C9C1C2718} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (Keine Datei)
Unlock: C:\ProgramData\UpdateLock-F5BE94A0743D7D60
VirusTotal: C:\ProgramData\UpdateLock-F5BE94A0743D7D60
C:\ProgramData\UpdateLock-F5BE94A0743D7D60
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Keine Datei
VirusTotal: C:\Program Files\Mozilla Firefox\zlib1.dll
C:\Program Files\Mozilla Firefox\zlib1.dll
C:\Users\ProgramData\AppData\Roaming\npm
C:\Users\Default\AppData\Roaming\npm
C:\Users\Public\AppData\Roaming\npm
C:\Users\System_X\AppData\Roaming\npm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js
C:\Program Files (x86)\nodejs
DeleteKey: HKLM\SOFTWARE\Node.js
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Node.js
DeleteKey: HKLM\SOFTWARE\Classes\Installer\Products\4D45993E1218CF443A3DFD6652D48B19
DeleteKey: HKLM\SOFTWARE\Classes\Installer\Products\27AC50E0DD8DF2342ACC8800434A5877
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4D45993E1218CF443A3DFD6652D48B19
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\27AC50E0DD8DF2342ACC8800434A5877
DeleteKey: HKU\.DEFAULT\Software\Node.js
DeleteKey: HKCU\SOFTWARE\Node.js
DeleteKey: HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E39954D4-8121-44FC-A3D3-DF66254DB891}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{77754e9b-264b-4d8d-b981-e4135c1ecb0c}
DeleteKey: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{793c9b44-3d6b-4f57-b5d7-4ff80adcf9a2}
DeleteKey: HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{793c9b44-3d6b-4f57-b5d7-4ff80adcf9a2}
CMD: dir "%windir%\installer\*.xpi" /S
CMD: dir "%windir%\installer\c*rx" /S
CMD: dir "%windir%\installer\x*ml" /S
CMD: dir "%windir%\installer\{*-*-*-*-*}" /S
CMD: dir "%ProgramData%\Package Cache\{*-*-*-*-*}" /S
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: Bitsadmin /Reset /Allusers
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
CMD: "%WINDIR%\SYSTEM32\lodctr.exe" /R
CMD: "%WINDIR%\SysWOW64\lodctr.exe" /R
powershell: Set-MpPreference -PUAProtection Enabled
powershell: Set-MpPreference -DisableScanningNetworkFiles 0
Hosts:
RemoveProxy:
EmptyTemp:
*****************
SystemRestore: On => abgeschlossen
Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozesse erfolgreich geschlossen.
========= reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" =========
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Spynet
========= Ende von CMD: =========
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\{503739d0-4c5e-4cfd-b3ba-d881334f0df2}" => erfolgreich entfernt
C:\ProgramData\NTUSER.pol => erfolgreich verschoben
HKLM\SOFTWARE\Policies\Google => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Microsoft\Edge => erfolgreich entfernt
"C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\avtxbt0o.default\user.js" => wurde entsperrt
========= type "C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\avtxbt0o.default\user.js" =========
user_pref("app.update.auto", false);
user_pref("app.update.enabled", false);
user_pref("app.update.service.enabled", false);
========= Ende von CMD: =========
VirusTotal: C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\avtxbt0o.default\user.js => https://www.virustotal.com/gui/file/c1f9c926a24ce662e9e66c19f1f8b970372066690002b1dea4df4fb89a7763c0/detection/f-c1f9c926a24ce662e9e66c19f1f8b970372066690002b1dea4df4fb89a7763c0-1621357253
C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\avtxbt0o.default\user.js => erfolgreich verschoben
"C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\w6ywzn9z.default-release\user.js" => wurde entsperrt
========= type "C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\w6ywzn9z.default-release\user.js" =========
user_pref("app.update.auto", false);
user_pref("app.update.enabled", false);
user_pref("app.update.service.enabled", false);
========= Ende von CMD: =========
VirusTotal: C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\w6ywzn9z.default-release\user.js => https://www.virustotal.com/gui/file/c1f9c926a24ce662e9e66c19f1f8b970372066690002b1dea4df4fb89a7763c0/detection/f-c1f9c926a24ce662e9e66c19f1f8b970372066690002b1dea4df4fb89a7763c0-1621357253
C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\w6ywzn9z.default-release\user.js => erfolgreich verschoben
========= type "C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\avtxbt0o.default\prefs.js" =========
user_pref("browser.startup.homepage", "https://www.google.com/");
user_pref("devtools.onboarding.telemetry.logged", false);
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.telemetry", false);
user_pref("browser.ping-centre.telemetry", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.enabled", false);
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.hybridContent.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.sessions.current.clean", true);
user_pref("toolkit.telemetry.server", "");
user_pref("app.shield.optoutstudies.enabled", false);
user_pref("browser.discovery.enabled", false);
user_pref("breakpad.reportURL", "");
user_pref("browser.tabs.crashReporting.sendReport", false);
user_pref("browser.crashReports.unsubmittedCheck.enabled", false);
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
user_pref("app.normandy.enabled", false);
user_pref("app.normandy.api_url", "");
user_pref("extensions.systemAddon.update.enabled", false);
user_pref("extensions.systemAddon.update.url", "");
user_pref("extensions.screenshots.disabled", true);
========= Ende von CMD: =========
========= type "C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\w6ywzn9z.default-release\prefs.js" =========
// Mozilla User Preferences
// DO NOT EDIT THIS FILE.
//
// If you make changes to this file while the application is running,
// the changes will be overwritten when the application exits.
//
// To change a preference value, you can either:
// - modify it via the UI (e.g. via about:config in the browser); or
// - set it within a user.js file in your profile.
user_pref("accessibility.typeaheadfind.flashBar", 0);
user_pref("app.normandy.api_url", "");
user_pref("app.normandy.enabled", false);
user_pref("app.normandy.first_run", false);
user_pref("app.normandy.migrationsApplied", 12);
user_pref("app.normandy.user_id", "b4aef47b-0350-4a78-939c-01a1e1bf3ecb");
user_pref("app.shield.optoutstudies.enabled", false);
user_pref("app.update.auto", false);
user_pref("app.update.auto.migrated", true);
user_pref("app.update.background.previous.reasons", "[\"app.update.background.enabled=false\"]");
user_pref("app.update.download.attempts", 0);
user_pref("app.update.elevate.attempts", 0);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1637598532);
user_pref("app.update.lastUpdateTime.background-update-timer", 1637624332);
user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1637623949);
user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1620492777);
user_pref("app.update.lastUpdateTime.region-update-timer", 1637040175);
user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1620492537);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1637624212);
user_pref("app.update.lastUpdateTime.services-settings-poll-changes", 1637598292);
user_pref("app.update.lastUpdateTime.telemetry_modules_ping", 1620045647);
user_pref("app.update.lastUpdateTime.telemetry_untrustedmodules_ping", 1620487233);
user_pref("app.update.lastUpdateTime.xpi-signature-verification", 1637598652);
user_pref("app.update.migrated.updateDir2.308046B0AF4A39CB", true);
user_pref("app.update.service.enabled", false);
user_pref("app.update.service.errors", 1);
user_pref("breakpad.reportURL", "");
user_pref("browser.bookmarks.defaultLocation", "unfiled");
user_pref("browser.bookmarks.editDialog.confirmationHintShowCount", 3);
user_pref("browser.bookmarks.restore_default_bookmarks", false);
user_pref("browser.contentblocking.category", "custom");
user_pref("browser.contentblocking.cfr-milestone.milestone-achieved", 5000);
user_pref("browser.contentblocking.cfr-milestone.milestone-shown-time", "1623057555861");
user_pref("browser.ctrlTab.sortByRecentlyUsed", true);
user_pref("browser.discovery.enabled", false);
user_pref("browser.download.dir", "F:\\backupMaxtor80gb\\data\\installationen");
user_pref("browser.download.folderList", 2);
user_pref("browser.download.lastDir", "F:\\backupMaxtor80gb\\htmlDateien");
user_pref("browser.download.panel.shown", true);
user_pref("browser.download.save_converter_index", 0);
user_pref("browser.download.viewableInternally.typeWasRegistered.avif", true);
user_pref("browser.download.viewableInternally.typeWasRegistered.svg", true);
user_pref("browser.download.viewableInternally.typeWasRegistered.webp", true);
user_pref("browser.download.viewableInternally.typeWasRegistered.xml", true);
user_pref("browser.eme.ui.firstContentShown", true);
user_pref("browser.engagement.ctrlTab.has-used", true);
user_pref("browser.engagement.downloads-button.has-used", true);
user_pref("browser.engagement.fxa-toolbar-menu-button.has-used", true);
user_pref("browser.laterrun.bookkeeping.profileCreationTime", 1606399529);
user_pref("browser.laterrun.bookkeeping.sessionCount", 33);
user_pref("browser.launcherProcess.enabled", true);
user_pref("browser.migration.version", 119);
user_pref("browser.newtabpage.activity-stream.discoverystream.rec.impressions", "{\"111621\":1637597554888,\"111625\":1637602260874,\"111673\":1637518869218,\"111701\":1637577690699,\"111709\":1637587135017,\"111713\":1637577690697,\"111721\":1637591085282,\"111725\":1637597554898,\"111729\":1637594589695,\"111733\":1637577690695,\"111741\":1637602260907,\"111745\":1637619099851,\"111749\":1637587135023,\"111753\":1637587135012,\"111757\":1637592680433,\"111761\":1637593739294,\"111765\":1637593739296,\"111769\":1637594167478,\"111773\":1637619099862,\"111777\":1637619099857,\"111781\":1637619099864,\"111785\":1637619103207,\"111789\":1637619103212,\"111797\":1637624020281}");
user_pref("browser.newtabpage.activity-stream.discoverystream.spoc.impressions", "{\"78083883\":[1637619099858,1637619103210]}");
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
user_pref("browser.newtabpage.activity-stream.impressionId", "{0625572e-4d76-4485-a00c-d1ad95a8f3eb}");
user_pref("browser.newtabpage.activity-stream.improvesearch.topSiteSearchShortcuts.havePinned", "google");
user_pref("browser.newtabpage.activity-stream.telemetry", false);
user_pref("browser.newtabpage.pinned", "[null,{\"url\":\"https://google.com\",\"label\":\"@google\",\"searchTopSite\":true,\"baseDomain\":\"google.com\"}]");
user_pref("browser.newtabpage.storageVersion", 1);
user_pref("browser.pageActions.persistedActions", "{\"version\":1,\"ids\":[\"bookmark\"],\"idsInUrlbar\":[\"bookmark\"],\"idsInUrlbarPreProton\":[\"pocket\",\"bookmark\"]}");
user_pref("browser.pagethumbnails.storage_version", 3);
user_pref("browser.ping-centre.telemetry", false);
user_pref("browser.proton.toolbar.version", 3);
user_pref("browser.region.update.updated", 1637040176);
user_pref("browser.rights.3.shown", true);
user_pref("browser.safebrowsing.provider.google4.lastupdatetime", "1637623929327");
user_pref("browser.safebrowsing.provider.google4.nextupdatetime", "1637625737327");
user_pref("browser.safebrowsing.provider.mozilla.lastupdatetime", "1637623932191");
user_pref("browser.safebrowsing.provider.mozilla.nextupdatetime", "1637645532191");
user_pref("browser.search.hiddenOneOffs", "Amazon.de,Bing,Ecosia,My Firefox Search");
user_pref("browser.search.region", "DE");
user_pref("browser.sessionstore.upgradeBackup.latestBuildID", "20211119140621");
user_pref("browser.shell.didSkipDefaultBrowserCheckOnFirstRun", true);
user_pref("browser.shell.mostRecentDateSetAsDefault", "1637623924");
user_pref("browser.slowStartup.averageTime", 2069);
user_pref("browser.slowStartup.samples", 1);
user_pref("browser.startup.couldRestoreSession.count", 1);
user_pref("browser.startup.homepage", "https://www.google.com/");
user_pref("browser.startup.homepage_override.buildID", "20211119140621");
user_pref("browser.startup.homepage_override.mstone", "94.0.2");
user_pref("browser.startup.lastColdStartupCheck", 1637623922);
user_pref("browser.startup.page", 3);
user_pref("browser.startup.upgradeDialog.version", 94);
user_pref("browser.tabs.crashReporting.sendReport", false);
user_pref("browser.uiCustomization.state", "{\"placements\":{\"widget-overflow-fixed-list\":[],\"nav-bar\":[\"back-button\",\"forward-button\",\"stop-reload-button\",\"home-button\",\"customizableui-special-spring1\",\"urlbar-container\",\"customizableui-special-spring2\",\"save-to-pocket-button\",\"downloads-button\",\"fxa-toolbar-menu-button\",\"jid1-oy8xu5bskzqa6a_jetpack-browser-action\",\"jid1-niffy2ca8fy1tg_jetpack-browser-action\",\"jid1-zadieub7xozojw_jetpack-browser-action\",\"_ff4c3ef4-7337-4e7f-aa99-77ed911ef8b1_-browser-action\",\"_242af0bb-db11-4734-b7a0-61cb8a9b20fb_-browser-action\"],\"toolbar-menubar\":[\"menubar-items\"],\"TabsToolbar\":[\"tabbrowser-tabs\",\"new-tab-button\",\"alltabs-button\"],\"PersonalToolbar\":[\"personal-bookmarks\"]},\"seen\":[\"developer-button\",\"jid1-oy8xu5bskzqa6a_jetpack-browser-action\",\"jid1-niffy2ca8fy1tg_jetpack-browser-action\",\"save-to-pocket-button\",\"jid1-zadieub7xozojw_jetpack-browser-action\",\"_ff4c3ef4-7337-4e7f-aa99-77ed911ef8b1_-browser-action\",\"_242af0bb-db11-4734-b7a0-61cb8a9b20fb_-browser-action\"],\"dirtyAreaCache\":[\"nav-bar\",\"toolbar-menubar\",\"TabsToolbar\",\"PersonalToolbar\"],\"currentVersion\":17,\"newElementCount\":2}");
user_pref("browser.urlbar.placeholderName", "Google");
user_pref("browser.urlbar.quicksuggest.migrationVersion", 1);
user_pref("browser.urlbar.quicksuggest.scenario", "history");
user_pref("browser.urlbar.resultBuckets", "{\"children\":[{\"maxResultCount\":1,\"children\":[{\"group\":\"heuristicTest\"},{\"group\":\"heuristicExtension\"},{\"group\":\"heuristicSearchTip\"},{\"group\":\"heuristicOmnibox\"},{\"group\":\"heuristicUnifiedComplete\"},{\"group\":\"heuristicAutofill\"},{\"group\":\"heuristicTokenAliasEngine\"},{\"group\":\"heuristicFallback\"}]},{\"group\":\"extension\",\"maxResultCount\":5},{\"flexChildren\":true,\"children\":[{\"flexChildren\":true,\"children\":[{\"flex\":2,\"group\":\"formHistory\"},{\"flex\":4,\"group\":\"remoteSuggestion\"},{\"flex\":0,\"group\":\"tailSuggestion\"}],\"flex\":2},{\"group\":\"general\",\"flex\":1}]}]}");
user_pref("browser.urlbar.resultGroups", "{\"children\":[{\"maxResultCount\":1,\"children\":[{\"group\":\"heuristicTest\"},{\"group\":\"heuristicExtension\"},{\"group\":\"heuristicSearchTip\"},{\"group\":\"heuristicOmnibox\"},{\"group\":\"heuristicEngineAlias\"},{\"group\":\"heuristicBookmarkKeyword\"},{\"group\":\"heuristicAutofill\"},{\"group\":\"heuristicPreloaded\"},{\"group\":\"heuristicTokenAliasEngine\"},{\"group\":\"heuristicFallback\"}]},{\"group\":\"extension\",\"availableSpan\":5},{\"flexChildren\":true,\"children\":[{\"children\":[{\"flexChildren\":true,\"children\":[{\"flex\":2,\"group\":\"formHistory\"},{\"flex\":4,\"group\":\"remoteSuggestion\"}]},{\"group\":\"tailSuggestion\"}],\"flex\":2},{\"group\":\"generalParent\",\"children\":[{\"availableSpan\":3,\"group\":\"inputHistory\"},{\"flexChildren\":true,\"children\":[{\"flex\":1,\"group\":\"remoteTab\"},{\"flex\":2,\"group\":\"general\"},{\"flex\":2,\"group\":\"aboutPages\"},{\"flex\":1,\"group\":\"preloaded\"}]},{\"group\":\"inputHistory\"}],\"flex\":1}]}]}");
user_pref("browser.urlbar.tabToSearch.onboard.interactionsLeft", 0);
user_pref("browser.urlbar.tabToSearch.onboard.maxShown", 0);
user_pref("browser.urlbar.tipShownCount.searchTip_onboard", 4);
user_pref("browser.urlbar.tipShownCount.searchTip_redirect", 4);
user_pref("browser.urlbar.tipShownCount.tabToSearch", 15);
user_pref("datareporting.healthreport.uploadEnabled", false);
user_pref("datareporting.policy.dataSubmissionEnabled", false);
user_pref("datareporting.policy.dataSubmissionPolicyAcceptedVersion", 2);
user_pref("datareporting.policy.dataSubmissionPolicyNotifiedTime", "1606399531866");
user_pref("datareporting.sessions.current.clean", true);
user_pref("devtools.everOpened", true);
user_pref("devtools.netmonitor.columnsData", "[{\"name\":\"status\",\"minWidth\":30,\"width\":5.56},{\"name\":\"method\",\"minWidth\":30,\"width\":5.56},{\"name\":\"domain\",\"minWidth\":30,\"width\":11.11},{\"name\":\"file\",\"minWidth\":30,\"width\":27.78},{\"name\":\"url\",\"minWidth\":30,\"width\":25},{\"name\":\"initiator\",\"minWidth\":30,\"width\":11.11},{\"name\":\"type\",\"minWidth\":30,\"width\":5.56},{\"name\":\"transferred\",\"minWidth\":30,\"width\":11.11},{\"name\":\"contentSize\",\"minWidth\":30,\"width\":5.56},{\"name\":\"waterfall\",\"minWidth\":150,\"width\":16.67}]");
user_pref("devtools.netmonitor.msg.visibleColumns", "[\"data\",\"time\"]");
user_pref("devtools.onboarding.telemetry.logged", false);
user_pref("devtools.toolbox.footer.height", 29);
user_pref("devtools.toolbox.splitconsoleEnabled", true);
user_pref("devtools.toolsidebar-height.inspector", 350);
user_pref("devtools.toolsidebar-width.inspector", 700);
user_pref("devtools.toolsidebar-width.inspector.splitsidebar", 350);
user_pref("devtools.webextensions.jid1-NIfFY2CA8fy1tg@jetpack.enabled", true);
user_pref("distribution.iniFile.exists.appversion", "94.0.2");
user_pref("distribution.iniFile.exists.value", false);
user_pref("doh-rollout.balrog-migration-done", true);
user_pref("doh-rollout.doneFirstRun", true);
user_pref("doh-rollout.home-region", "DE");
user_pref("dom.push.userAgentID", "a50d9d0a249444469f9072c9b01164c0");
user_pref("extensions.activeThemeID", "default-theme@mozilla.org");
user_pref("extensions.blocklist.pingCountVersion", -1);
user_pref("extensions.databaseSchema", 33);
user_pref("extensions.getAddons.cache.lastUpdate", 1637598533);
user_pref("extensions.getAddons.databaseSchema", 6);
user_pref("extensions.incognito.migrated", true);
user_pref("extensions.lastAppBuildId", "20211119140621");
user_pref("extensions.lastAppVersion", "94.0.2");
user_pref("extensions.lastPlatformVersion", "94.0.2");
user_pref("extensions.pendingOperations", true);
user_pref("extensions.pictureinpicture.enable_picture_in_picture_overrides", true);
user_pref("extensions.pocket.settings.test.panelSignUp", "control");
user_pref("extensions.reset_default_search.runonce.1", true);
user_pref("extensions.reset_default_search.runonce.3", false);
user_pref("extensions.screenshots.disabled", true);
user_pref("extensions.systemAddon.update.enabled", false);
user_pref("extensions.systemAddon.update.url", "");
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"addons\":{}}");
user_pref("extensions.ui.dictionary.hidden", true);
user_pref("extensions.ui.extension.hidden", false);
user_pref("extensions.ui.lastCategory", "addons://list/extension");
user_pref("extensions.ui.locale.hidden", true);
user_pref("extensions.webcompat.enable_picture_in_picture_overrides", true);
user_pref("extensions.webcompat.enable_shims", true);
user_pref("extensions.webcompat.perform_injections", true);
user_pref("extensions.webcompat.perform_ua_overrides", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.jid1-NIfFY2CA8fy1tg@jetpack", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.jid1-OY8Xu5BsKZQa6A@jetpack", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.jid1-ZAdIEUB7XOzOJw@jetpack", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.screenshots@mozilla.org", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.{242af0bb-db11-4734-b7a0-61cb8a9b20fb}", true);
user_pref("extensions.webextensions.ExtensionStorageIDB.migrated.{ff4c3ef4-7337-4e7f-aa99-77ed911ef8b1}", true);
user_pref("extensions.webextensions.uuids", "{\"doh-rollout@mozilla.org\":\"3f061df6-e158-43c4-a083-1fc3a2218f70\",\"formautofill@mozilla.org\":\"c90c5076-2fe5-4261-a858-9e7c398e6d9d\",\"screenshots@mozilla.org\":\"f7d44e3f-0958-4474-b943-56a524b1a04a\",\"webcompat-reporter@mozilla.org\":\"e3e0aa87-0183-4bf2-b950-6f6379309f93\",\"webcompat@mozilla.org\":\"c718d77b-717c-49e6-9082-50b7ee2a5e0d\",\"default-theme@mozilla.org\":\"ee66d443-99dd-47b6-8040-cbba676a327e\",\"google@search.mozilla.org\":\"9e59f026-aca6-4bf3-8507-89145f992224\",\"leo_ende_de@search.mozilla.org\":\"6234fcd0-3cf0-450e-be48-faee5a3822d0\",\"ecosia@search.mozilla.org\":\"d0d693b9-1d14-4752-a211-b4b94f3f038e\",\"wikipedia@search.mozilla.org\":\"66c8fe2f-a789-4715-8471-be7f37fc8baa\",\"bing@search.mozilla.org\":\"875f4fce-a414-44f0-8773-06044d3906e6\",\"amazon@search.mozilla.org\":\"03212eb2-97cc-4af5-a3d9-aee31d6778b4\",\"ddg@search.mozilla.org\":\"2f0fa006-4f57-486a-8069-cb80cc4f5e4c\",\"ebay@search.mozilla.org\":\"c9d43d22-a63a-4cba-b04f-312cb59e0cae\",\"jid1-OY8Xu5BsKZQa6A@jetpack\":\"421c2621-7430-4c07-a961-de1941f0d96c\",\"jid1-NIfFY2CA8fy1tg@jetpack\":\"9aa61fa7-4de4-4dbc-b094-f96ef62d7189\",\"reset-search-defaults@mozilla.com\":\"556ab987-1a5b-4982-8e96-40cec7723d39\",\"pictureinpicture@mozilla.org\":\"d6f8907e-ad47-4bab-a4a0-b5df80a1c38b\",\"tagsearch@com\":\"3bab5d81-d9c2-4501-b1fb-1b7991ce8d08\",\"jid1-ZAdIEUB7XOzOJw@jetpack\":\"cd399b12-07fb-41c6-85aa-f299bebea86c\",\"proxy-failover@mozilla.com\":\"19483dbc-4c38-47d6-ab89-4120f932c90c\",\"{B0A88BA0-6B78-426A-BE8E-571E7D259955}\":\"4c325f70-3a5e-47b4-96ad-5c2d072397e7\",\"{ff4c3ef4-7337-4e7f-aa99-77ed911ef8b1}\":\"887585da-35fc-44ad-98ef-22b2fb9f388c\",\"{242af0bb-db11-4734-b7a0-61cb8a9b20fb}\":\"7ff7a7d1-1f9a-4c22-be7e-f6edb4472c9b\"}");
user_pref("findbar.highlightAll", true);
user_pref("fission.experiment.max-origins.last-disqualified", 1636914340);
user_pref("fission.experiment.max-origins.last-qualified", 1637519212);
user_pref("fission.experiment.max-origins.qualified", true);
user_pref("font.internaluseonly.changed", false);
user_pref("gfx-shader-check.build-version", "20211119140621");
user_pref("gfx-shader-check.device-id", "0x964a");
user_pref("gfx-shader-check.driver-version", "15.201.1151.0");
user_pref("gfx-shader-check.ptr-size", 8);
user_pref("gfx.crash-guard.d3d11layers.appVersion", "83.0");
user_pref("gfx.crash-guard.d3d11layers.deviceID", "0x964a");
user_pref("gfx.crash-guard.d3d11layers.driverVersion", "8.947.0.0");
user_pref("gfx.crash-guard.d3d11layers.feature-d2d", true);
user_pref("gfx.crash-guard.d3d11layers.feature-d3d11", true);
user_pref("gfx.crash-guard.status.d3d11layers", 2);
user_pref("gfx.crash-guard.status.wmfvpxvideo", 2);
user_pref("gfx.crash-guard.wmfvpxvideo.appVersion", "87.0");
user_pref("gfx.crash-guard.wmfvpxvideo.deviceID", "0x964a");
user_pref("gfx.crash-guard.wmfvpxvideo.driverVersion", "8.947.0.0");
user_pref("identity.fxaccounts.toolbar.accessed", true);
user_pref("idle.lastDailyNotification", 1637620613);
user_pref("java", true);
user_pref("layers.mlgpu.sanity-test-failed", true);
user_pref("media.gmp-gmpopenh264.abi", "x86_64-msvc-x64");
user_pref("media.gmp-gmpopenh264.lastUpdate", 1606400463);
user_pref("media.gmp-gmpopenh264.version", "1.8.1.1");
user_pref("media.gmp-manager.buildID", "20211103134640");
user_pref("media.gmp-manager.lastCheck", 1637608738);
user_pref("media.gmp-widevinecdm.abi", "x86_64-msvc-x64");
user_pref("media.gmp-widevinecdm.lastUpdate", 1637252937);
user_pref("media.gmp-widevinecdm.version", "4.10.2391.0");
user_pref("media.gmp.storage.version.observed", 1);
user_pref("media.hardware-video-decoding.failed", false);
user_pref("media.videocontrols.picture-in-picture.video-toggle.has-used", true);
user_pref("network.trr.blocklist_cleanup_done", true);
user_pref("pdfjs.enabledCache.state", false);
user_pref("pdfjs.migrationVersion", 2);
user_pref("places.database.lastMaintenance", 1637620615);
user_pref("places.history.expiration.transient_current_max_pages", 86612);
user_pref("pref.privacy.disable_button.view_passwords", false);
user_pref("privacy.cpd.downloads", false);
user_pref("privacy.cpd.formdata", false);
user_pref("privacy.cpd.history", false);
user_pref("privacy.cpd.offlineApps", true);
user_pref("privacy.cpd.sessions", false);
user_pref("privacy.purge_trackers.date_in_cookie_database", "1636483938484001");
user_pref("privacy.purge_trackers.last_purge", "1636539456423");
user_pref("privacy.sanitize.pending", "[{\"id\":\"newtab-container\",\"itemsToClear\":[],\"options\":{}}]");
user_pref("privacy.sanitize.timeSpan", 2);
user_pref("sanity-test.advanced-layers", false);
user_pref("sanity-test.device-id", "0x964a");
user_pref("sanity-test.driver-version", "15.201.1151.0");
user_pref("sanity-test.running", false);
user_pref("sanity-test.version", "20211119140621");
user_pref("sanity-test.webrender.force-disabled", false);
user_pref("security.remote_settings.crlite_filters.checked", 1636142841);
user_pref("security.remote_settings.intermediates.checked", 1636137773);
user_pref("security.sandbox.content.tempDirSuffix", "{a33d2528-1b41-49d8-ae3b-a7d3463905e8}");
user_pref("security.sandbox.plugin.tempDirSuffix", "{3a38644b-c9c2-4110-ad5e-78fabff8777e}");
user_pref("services.blocklist.addons-mlbf.checked", 1636137773);
user_pref("services.blocklist.gfx.checked", 1636137773);
user_pref("services.blocklist.pinning.checked", 1626871565);
user_pref("services.blocklist.plugins.checked", 1622655329);
user_pref("services.settings.clock_skew_seconds", 1145);
user_pref("services.settings.last_etag", "\"1636142572938\"");
user_pref("services.settings.last_update_seconds", 1636142907);
user_pref("services.settings.main.anti-tracking-url-decoration.last_check", 1636137773);
user_pref("services.settings.main.cfr-fxa.last_check", 1634288633);
user_pref("services.settings.main.cfr.last_check", 1636137773);
user_pref("services.settings.main.doh-config.last_check", 1636137773);
user_pref("services.settings.main.doh-providers.last_check", 1636137773);
user_pref("services.settings.main.fxmonitor-breaches.last_check", 1636137773);
user_pref("services.settings.main.hijack-blocklists.last_check", 1636137773);
user_pref("services.settings.main.language-dictionaries.last_check", 1636137773);
user_pref("services.settings.main.message-groups.last_check", 1636137773);
user_pref("services.settings.main.nimbus-desktop-experiments.last_check", 1636137773);
user_pref("services.settings.main.normandy-recipes-capabilities.last_check", 1636137773);
user_pref("services.settings.main.partitioning-exempt-urls.last_check", 1636137773);
user_pref("services.settings.main.password-recipes.last_check", 1636137773);
user_pref("services.settings.main.password-rules.last_check", 1636137773);
user_pref("services.settings.main.personality-provider-models.last_check", 1636137773);
user_pref("services.settings.main.personality-provider-recipe.last_check", 1636137773);
user_pref("services.settings.main.pioneer-study-addons-v1.last_check", 1636137773);
user_pref("services.settings.main.public-suffix-list.last_check", 1636137773);
user_pref("services.settings.main.query-stripping.last_check", 1636137773);
user_pref("services.settings.main.search-config.last_check", 1636137773);
user_pref("services.settings.main.search-default-override-allowlist.last_check", 1636137773);
user_pref("services.settings.main.search-telemetry.last_check", 1636137773);
user_pref("services.settings.main.sites-classification.last_check", 1636137773);
user_pref("services.settings.main.tippytop.last_check", 1636137773);
user_pref("services.settings.main.top-sites.last_check", 1636137773);
user_pref("services.settings.main.url-classifier-skip-urls.last_check", 1636137773);
user_pref("services.settings.main.websites-with-shared-credential-backends.last_check", 1636137773);
user_pref("services.settings.main.whats-new-panel.last_check", 1636137773);
user_pref("services.settings.security.onecrl.checked", 1636137773);
user_pref("services.sync.clients.lastSync", "0");
user_pref("services.sync.declinedEngines", "");
user_pref("services.sync.globalScore", 0);
user_pref("services.sync.nextSync", 0);
user_pref("services.sync.tabs.lastSync", "0");
user_pref("signon.suggestImportCount", 1);
user_pref("signon.usage.hasEntry", true);
user_pref("signon.usage.lastUsed", 1608472775);
user_pref("storage.vacuum.last.index", 1);
user_pref("storage.vacuum.last.places.sqlite", 1636921979);
user_pref("toolkit.startup.last_success", 1637623917);
user_pref("toolkit.telemetry.archive.enabled", false);
user_pref("toolkit.telemetry.bhrPing.enabled", false);
user_pref("toolkit.telemetry.cachedClientID", "67e551d3-c539-4e87-b1ee-70399c53e7c3");
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
user_pref("toolkit.telemetry.hybridContent.enabled", false);
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
user_pref("toolkit.telemetry.pioneer-new-studies-available", true);
user_pref("toolkit.telemetry.previousBuildID", "20210504152106");
user_pref("toolkit.telemetry.reportingpolicy.firstRun", false);
user_pref("toolkit.telemetry.server", "");
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
user_pref("toolkit.telemetry.unified", false);
user_pref("toolkit.telemetry.updatePing.enabled", false);
user_pref("trailhead.firstrun.didSeeAboutWelcome", true);
user_pref("ui.osk.debug.keyboardDisplayReason", "IKPOS: Touch screen not found.");
========= Ende von CMD: =========
HKLM\System\CurrentControlSet\Services\edgeupdate => erfolgreich entfernt
edgeupdate => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\edgeupdatem => erfolgreich entfernt
edgeupdatem => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\DRHARD => erfolgreich entfernt
DRHARD => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\GPU-Z-v2 => erfolgreich entfernt
GPU-Z-v2 => Dienst erfolgreich entfernt
HKLM\System\CurrentControlSet\Services\idsvc => erfolgreich entfernt
idsvc => Dienst erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF439720-ADEF-4777-BC72-CC3D8395C6F2}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF439720-ADEF-4777-BC72-CC3D8395C6F2}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftEdgeUpdateTaskMachineUA" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1137CB67-D7A2-4AEE-9BB9-8D7C9C1C2718}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1137CB67-D7A2-4AEE-9BB9-8D7C9C1C2718}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MicrosoftEdgeUpdateTaskMachineCore" => erfolgreich entfernt
"C:\ProgramData\UpdateLock-F5BE94A0743D7D60" => wurde entsperrt
VirusTotal: C:\ProgramData\UpdateLock-F5BE94A0743D7D60 => <==== ACHTUNG (Null Byte Datei/Ordner)
C:\ProgramData\UpdateLock-F5BE94A0743D7D60 => erfolgreich verschoben
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => erfolgreich entfernt
VirusTotal: C:\Program Files\Mozilla Firefox\zlib1.dll => https://www.virustotal.com/gui/file/f077a5eaeae13b8f6d776cf2c3608ce0873c2decc15b9807e4f9cda4fc763812/detection/f-f077a5eaeae13b8f6d776cf2c3608ce0873c2decc15b9807e4f9cda4fc763812-1637590381
C:\Program Files\Mozilla Firefox\zlib1.dll => erfolgreich verschoben
"C:\Users\ProgramData\AppData\Roaming\npm" => nicht gefunden
"C:\Users\Default\AppData\Roaming\npm" => nicht gefunden
"C:\Users\Public\AppData\Roaming\npm" => nicht gefunden
C:\Users\System_X\AppData\Roaming\npm => erfolgreich verschoben
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Node.js => erfolgreich verschoben
C:\Program Files (x86)\nodejs => erfolgreich verschoben
HKLM\SOFTWARE\Node.js => nicht gefunden
HKLM\SOFTWARE\WOW6432Node\Node.js => erfolgreich entfernt
HKLM\SOFTWARE\Classes\Installer\Products\4D45993E1218CF443A3DFD6652D48B19 => nicht gefunden
HKLM\SOFTWARE\Classes\Installer\Products\27AC50E0DD8DF2342ACC8800434A5877 => erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4D45993E1218CF443A3DFD6652D48B19 => nicht gefunden
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\27AC50E0DD8DF2342ACC8800434A5877 => erfolgreich entfernt
HKU\.DEFAULT\Software\Node.js => nicht gefunden
HKCU\SOFTWARE\Node.js => erfolgreich entfernt
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E39954D4-8121-44FC-A3D3-DF66254DB891} => nicht gefunden
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{77754e9b-264b-4d8d-b981-e4135c1ecb0c} => erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{793c9b44-3d6b-4f57-b5d7-4ff80adcf9a2} => erfolgreich entfernt
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\_V2Providers\{793c9b44-3d6b-4f57-b5d7-4ff80adcf9a2} => nicht gefunden
========= dir "%windir%\installer\*.xpi" /S =========
Datenträger in Laufwerk C: ist SSD_SYSTEM
Volumeseriennummer: 66D5-E6B6
Datei nicht gefunden
========= Ende von CMD: =========
========= dir "%windir%\installer\c*rx" /S =========
Datenträger in Laufwerk C: ist SSD_SYSTEM
Volumeseriennummer: 66D5-E6B6
Datei nicht gefunden
========= Ende von CMD: =========
========= dir "%windir%\installer\x*ml" /S =========
Datenträger in Laufwerk C: ist SSD_SYSTEM
Volumeseriennummer: 66D5-E6B6
Datei nicht gefunden
========= Ende von CMD: =========
========= dir "%windir%\installer\{*-*-*-*-*}" /S =========
Datenträger in Laufwerk C: ist SSD_SYSTEM
Volumeseriennummer: 66D5-E6B6
Verzeichnis von C:\WINDOWS\installer
05.12.2020 03:30 <DIR> {0278BF5A-9384-168E-1E6B-B2001330E3BD}
28.11.2020 18:04 <DIR> {0A857356-9808-40CF-B943-44993F46D2B9}
05.12.2020 03:30 <DIR> {0AA46057-F78E-6D7A-CA34-ED735024598D}
15.08.2021 18:33 <DIR> {0AF3B52A-F38D-4D63-9F72-73623C601CD9}
15.10.2021 18:14 <DIR> {0E05CA72-D8DD-432F-A2CC-880034A48577}
09.05.2021 13:58 <DIR> {0E1BA7B8-38C7-7C07-5A30-C36C2D4987B4}
27.05.2021 18:06 <DIR> {11087D24-567D-7D88-69C6-D7A08B5F4C47}
09.05.2021 13:58 <DIR> {1AAD994E-2A06-3F04-A7DD-8C8AE98ECB32}
26.11.2020 15:29 <DIR> {1B7710D4-9D75-D5E5-4B6D-40F471E70398}
28.11.2020 18:04 <DIR> {1B8ADD7C-3399-4530-8B06-B9553FBC1922}
05.12.2020 03:30 <DIR> {1DA4C3E6-F7FD-9185-288F-2C062F3B68FB}
04.09.2021 16:55 <DIR> {1E0D5689-40F1-4E46-ABBB-EAAC68B5CD89}
14.07.2021 09:20 <DIR> {1E93452B-BA3E-7375-958C-EBC5E8672A5E}
05.12.2020 03:30 <DIR> {1F860683-D89C-6544-1A8D-3E6180802AE8}
09.05.2021 13:58 <DIR> {236120EE-D0C5-E909-191C-CC321B15269A}
05.12.2020 03:30 <DIR> {23ED8C7D-7C45-0AED-692B-0AA6EE336368}
09.05.2021 13:58 <DIR> {2865326D-9A90-C0E3-2A54-C55E9C3E9945}
05.12.2020 03:30 <DIR> {2AFA1D1A-3366-3013-CDC7-030A8F56A632}
14.07.2021 09:21 <DIR> {2B642F70-BA82-5E78-41CE-BDFFD5C37530}
05.12.2020 03:30 <DIR> {2E843199-715F-7570-A520-7DEF7DB33290}
14.07.2021 09:21 <DIR> {2EA40F3D-0D93-A391-F383-6F1C708B80BF}
14.07.2021 09:20 <DIR> {3310DD5A-3695-3390-6F38-2B93D862FE02}
14.07.2021 09:21 <DIR> {36FAF585-3D08-3D84-8330-4D048F4B6CE6}
19.02.2021 16:46 <DIR> {3B47BDC5-99BF-4F5C-A303-1F0F9DBC74F6}
09.05.2021 13:58 <DIR> {3C0237F9-A94D-B08F-00E5-D47E6EAE2FBA}
14.07.2021 09:21 <DIR> {3C7B5C75-FD82-BC1F-F148-89A3189EF385}
09.05.2021 13:58 <DIR> {41042F55-42EC-90CD-FEF3-26741B73E546}
09.05.2021 13:58 <DIR> {4642052A-C2D4-541B-AC98-3F494682D51E}
09.05.2021 13:58 <DIR> {4860E1E1-0860-3A85-4C5E-F4E009138F93}
05.12.2020 03:30 <DIR> {4A1C1C93-B8B7-0F62-3B41-C44DF58F24F4}
05.12.2020 03:30 <DIR> {4C3FDDAD-18ED-93E1-5CB1-269DFF85E731}
14.07.2021 09:20 <DIR> {4D72F94C-95A5-AA85-E75B-A1A1CB8FCE7A}
28.11.2020 18:04 <DIR> {4fedae1b-6980-4848-9ba0-229c946a3dac}
09.05.2021 13:58 <DIR> {503CDCAD-100E-5F9A-F15C-0EDDA1460071}
26.11.2020 15:24 <DIR> {503F672D-6C84-448A-8F8F-4BC35AC83441}
14.07.2021 09:20 <DIR> {5644668B-04A5-68F6-0AA9-03255877C58F}
05.12.2020 03:30 <DIR> {56C81D9B-B5AA-52A7-424F-FA6BB9E51F0F}
18.09.2021 18:43 <DIR> {5A9673DB-4BBE-4FEA-8AB6-840C89E79913}
09.05.2021 13:58 <DIR> {5CAE7D98-7D67-3121-AE6F-30831D109286}
14.07.2021 09:21 <DIR> {5DA870C0-BC5C-BE96-5045-BD429959C0D3}
14.07.2021 09:21 <DIR> {5F3182EE-2532-3B96-2BBB-03B87F574E76}
09.05.2021 13:58 <DIR> {60D8228D-16E5-29A0-87DA-8070AF5DE35E}
09.05.2021 13:58 <DIR> {610FE6C7-A37E-AE3A-31BD-4663976116D8}
05.12.2020 03:30 <DIR> {62C4BF95-C301-E84A-87B8-068EA233D1E3}
28.03.2021 16:07 <DIR> {64D5A142-BD50-726E-ED9E-D2508D2A17E2}
05.12.2020 03:30 <DIR> {64D7E8C8-C4E2-DAA0-73E5-DEF88C99E270}
29.05.2021 12:03 <DIR> {66AFB595-BC05-2913-7696-6D58F9B733E1}
03.11.2021 15:29 <DIR> {68C9C2A4-C212-4310-AB68-12F97050A416}
14.07.2021 09:21 <DIR> {6953ECF8-0B1B-FBD7-0DDB-84C82FBBC2F4}
15.08.2021 18:33 <DIR> {6D0FC687-BA41-4DFD-80B4-3469E567AA0F}
14.07.2021 09:21 <DIR> {6D7A146A-BD56-8EE1-FCC7-BE02013ACE36}
14.07.2021 09:21 <DIR> {71971AE8-C8F3-3C62-FB89-AC41A96761AB}
05.12.2020 03:30 <DIR> {7416D1B0-2497-45CF-9260-530E48A89AB7}
09.05.2021 13:58 <DIR> {78DC2EB8-2609-BA11-25AA-2CADD8D70A4E}
05.12.2020 03:30 <DIR> {7A4F8267-3150-5C8B-2C0A-D32EE6B4CE78}
05.12.2020 03:30 <DIR> {7B9A2CB5-C0D3-769A-C186-1E4359159338}
14.07.2021 09:20 <DIR> {7D94356D-48E0-DE1A-423C-67A363C13771}
14.07.2021 09:21 <DIR> {7DE27D8A-1D73-61EB-86F1-079AF7E55C3A}
14.07.2021 09:20 <DIR> {7E0B1563-7607-00D7-21CE-7DAFA6FF009C}
14.07.2021 09:21 <DIR> {7F8B68A2-0CD0-7DAF-8955-1419C60886D3}
26.11.2020 15:29 <DIR> {86E42509-8029-7678-F522-0636D80CD277}
14.07.2021 09:21 <DIR> {87006B27-A5A6-9EF1-BA04-CD7284462419}
09.05.2021 13:58 <DIR> {8871FE83-B6A4-45AC-257F-1082F42466BC}
14.07.2021 09:21 <DIR> {947E1256-258E-60A2-7331-44D09E61CF99}
07.06.2021 22:42 <DIR> {97DEC5D6-2BE9-45BB-BFC5-274B851B486B}
04.10.2021 17:34 <DIR> {99719382-D7A9-4DC2-BF0C-C23B730A313D}
09.05.2021 13:58 <DIR> {9E9E775E-DA39-B534-DB4C-AA16CA3FD189}
05.12.2020 03:30 <DIR> {9FD3F49E-E424-48F8-D8DF-89CEAD2C7C08}
14.07.2021 09:21 <DIR> {A3168DE0-479A-D5EC-59C4-0278C7DEC11C}
09.05.2021 13:58 <DIR> {A467B938-9780-978E-0397-CEB7A827B446}
09.05.2021 13:58 <DIR> {AA144318-60C2-24EB-7563-DE1B0D13CCC9}
14.07.2021 09:21 <DIR> {AAAE97DA-1E8B-C0E9-F0E3-5481A09F97C8}
28.11.2020 18:04 <DIR> {AAE0E27D-C88A-49BA-8715-77ADCD4286A3}
14.07.2021 09:21 <DIR> {AFDFBED8-CC9A-8E00-015D-845F0BF9D1E1}
09.05.2021 13:58 <DIR> {BB4B2A48-8A24-2F68-93BE-E21C22829F02}
07.06.2021 22:42 <DIR> {BD0E4F38-D3F6-452D-A32E-B14D721839AC}
15.08.2021 18:33 <DIR> {BF16A1DB-06A6-4A8E-B7A8-61F1F9C9FBA3}
05.12.2020 03:30 <DIR> {BF440043-CCDB-4579-843F-5DF3DF36AFEA}
14.07.2021 09:21 <DIR> {BF44ADDF-E927-4B66-E829-4AF27BF6A58B}
05.12.2020 03:30 <DIR> {C3C292D9-6DFB-C262-B1F6-C678D80350A3}
05.12.2020 03:30 <DIR> {C3D791F1-31E0-212A-EEB8-54D9A11AC179}
14.07.2021 09:21 <DIR> {C3EAC1D2-A492-7B08-A9D5-15EDD5EA1A89}
09.05.2021 13:58 <DIR> {CA9C83CD-2712-2AEC-BF09-4FDB86B38FFD}
28.11.2020 18:04 <DIR> {CD10AEAF-D753-4495-A6B7-38E07BC22A83}
29.12.2020 08:58 <DIR> {ce89e6b4-2dbf-11eb-99d1-54bf64a63c26}
09.05.2021 13:58 <DIR> {D1469C7F-7AA2-1691-7071-64BAA5DFF58E}
09.05.2021 13:58 <DIR> {D3E1F3C6-3FB9-A5CA-B99C-A7BFA220E22C}
09.05.2021 13:58 <DIR> {D404B889-DA48-2679-BDB9-7EF7F713793F}
08.08.2021 19:34 <DIR> {D7CFB911-B864-484F-9C88-D31AE0CC6FD5}
14.07.2021 09:20 <DIR> {D7D20EB4-BD89-05C0-05C6-33E5B762989E}
05.12.2020 03:30 <DIR> {D8BD2F49-2558-E6BF-34BA-3D428A493403}
09.05.2021 13:58 <DIR> {D94BE2C8-8669-855D-BE73-EBDBA25ABBFE}
05.12.2020 03:30 <DIR> {D9B1C189-ADDC-E581-1564-95CE5F56B326}
14.07.2021 09:21 <DIR> {D9C2E250-17A1-0D68-CB41-83232EC31C2C}
05.12.2020 03:29 <DIR> {DD562794-C098-A1E5-66ED-10E8BD1C84C5}
09.05.2021 13:57 <DIR> {DD86C046-D5AB-954F-EBB7-592EB36BD196}
05.12.2020 03:30 <DIR> {E0FCEA95-485B-127A-3453-976F36E005B5}
05.12.2020 03:30 <DIR> {E356DB05-7557-51B2-64EE-4584AC4B5623}
05.12.2020 03:30 <DIR> {EACD7899-2684-76DB-9938-070752F75021}
09.05.2021 13:58 <DIR> {EC949E53-E0D0-8CC2-E315-5688675425A7}
09.05.2021 13:58 <DIR> {ECB5BACC-2C32-5CF4-7541-F18080CC352E}
05.12.2020 03:30 <DIR> {F37C2617-044C-46AA-9992-D507DD1B64A5}
30.05.2021 18:04 <DIR> {F389A14F-B924-E628-4E4F-8D93AFB0215F}
09.05.2021 13:58 <DIR> {F3E3E7AA-BAD5-FE05-5665-8C2AB3F79AB2}
14.07.2021 09:21 <DIR> {F6860530-9733-0BB2-9C09-F25101076E78}
05.12.2020 03:30 <DIR> {F8ADD904-A41F-7E1B-C8CF-113F157A5A83}
05.12.2020 03:30 <DIR> {FC59EADD-4ED7-0868-7BE5-BAE799C840D6}
0 Datei(en), 0 Bytes
Anzahl der angezeigten Dateien:
0 Datei(en), 0 Bytes
107 Verzeichnis(se), 124.869.599.232 Bytes frei
========= Ende von CMD: =========
========= dir "%ProgramData%\Package Cache\{*-*-*-*-*}" /S =========
Datenträger in Laufwerk C: ist SSD_SYSTEM
Volumeseriennummer: 66D5-E6B6
Verzeichnis von C:\ProgramData\Package Cache
29.05.2021 12:03 <DIR> {050d4fc8-5d48-4b8f-8972-47c82c46020f}
15.10.2021 18:13 <DIR> {0E05CA72-D8DD-432F-A2CC-880034A48577}
28.03.2021 16:07 <DIR> {15134cb0-b767-4960-a911-f2d16ae54797}
28.03.2021 16:07 <DIR> {22154f09-719a-4619-bb71-5b3356999fbf}
15.08.2021 18:37 <DIR> {295d1583-fdb9-414b-a4c8-da539362a26b}
15.08.2021 18:33 <DIR> {38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}
15.08.2021 18:40 <DIR> {4591faf1-a2db-4a3d-bfda-aa5a4ebb1587}
0 Datei(en), 0 Bytes
Anzahl der angezeigten Dateien:
0 Datei(en), 0 Bytes
7 Verzeichnis(se), 124.869.627.904 Bytes frei
========= Ende von CMD: =========
========= ipconfig /flushdns =========
Windows-IP-Konfiguration
Der DNS-Auflsungscache wurde geleert.
========= Ende von CMD: =========
========= netsh winsock reset catalog =========
Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.
========= Ende von CMD: =========
========= netsh advfirewall reset =========
OK.
========= Ende von CMD: =========
========= netsh advfirewall set allprofiles state ON =========
OK.
========= Ende von CMD: =========
========= Bitsadmin /Reset /Allusers =========
BITSADMIN version 3.0
BITS administration utility.
(C) Copyright Microsoft Corp.
Unable to cancel {FEF136F0-EF9A-4A15-B039-B8B51C3BD3A9}.
0 out of 1 jobs canceled.
========= Ende von CMD: =========
========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========
========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========
========= "%WINDIR%\SYSTEM32\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========
========= "%WINDIR%\SysWOW64\lodctr.exe" /R =========
Info: Die Leistungsindikatoreinstellung konnte erfolgreich aus dem Systemsicherungsspeicher neu erstellt werden.
========= Ende von CMD: =========
========= Set-MpPreference -PUAProtection Enabled =========
========= Ende von Powershell: =========
========= Set-MpPreference -DisableScanningNetworkFiles 0 =========
========= Ende von Powershell: =========
C:\Windows\System32\Drivers\etc\hosts => erfolgreich verschoben
Hosts erfolgreich wiederhergestellt.
========= RemoveProxy: =========
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
"HKU\S-1-5-21-2965983169-4173802632-674656348-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings" => erfolgreich entfernt
"HKU\S-1-5-21-2965983169-4173802632-674656348-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings" => erfolgreich entfernt
========= Ende von RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 78243755 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 17490287 B
Edge => 0 B
Chrome => 0 B
Firefox => 1191162752 B
Opera => 350210793 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 66410 B
NetworkService => 416636 B
System_X => 1956494129 B
RecycleBin => 906348095 B
EmptyTemp: => 4.2 GB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 01:15:57 ====
FRST Logfile: Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 14-11-2021
durchgeführt von System_X (Administrator) auf SYSTEM_X-PC (MSI MS-7695) (22-11-2021 23:14:45)
Gestartet von C:\Users\System_X\Desktop
Geladene Profile: System_X
Plattform: Microsoft Windows 10 Pro Version 21H1 19043.1348 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
() [Datei ist nicht signiert] C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices, Inc.) [Datei ist nicht signiert] C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe
(AppEx Networks Corporation -> AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Audible Inc) C:\Program Files\WindowsApps\AudibleInc.AudibleforWindowsPhone_10.5.67.0_x64__xns73kv1ymhp2\AudibleRT.WindowsPhone.exe
(Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDFUpdateService.exe
(FOXIT SOFTWARE INC. -> Foxit Software Inc.) F:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(Ghisler Software GmbH -> Ghisler Software GmbH) F:\totalcmd\TOTALCMD.EXE
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Cortana.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2110.13603.0_x64__8wekyb3d8bbwe\Win32Bridge.Server.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe <2>
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <11>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Mozilla Corporation -> Mozilla Corporation) F:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe <3>
(nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\NordVPN.exe
(nordvpn s.a. -> TEFINCOM S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Tim Kosse -> FileZilla Project) C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe
(VLC Mobile Remote) [Datei ist nicht signiert] C:\Program Files (x86)\VMR Connect\VMRHub.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [FileZilla Server Interface] => C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe [2770088 2017-02-08] (Tim Kosse -> FileZilla Project)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-2965983169-4173802632-674656348-1000\...\Run: [VMR Connect] => C:\Program Files (x86)\VMR Connect\VMRHub.exe [242688 2021-05-22] (VLC Mobile Remote) [Datei ist nicht signiert]
HKU\S-1-5-21-2965983169-4173802632-674656348-1000\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [488640 2015-04-06] (AppEx Networks Corporation -> AppEx Networks Corporation)
HKU\S-1-5-21-2965983169-4173802632-674656348-1000\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [280440 2021-06-06] (nordvpn s.a. -> TEFINCOM S.A.)
HKU\S-1-5-21-2965983169-4173802632-674656348-1000\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [114017640 2021-08-10] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2965983169-4173802632-674656348-1000\...\Run: [Opera Browser Assistant] => C:\Users\System_X\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [4105424 2021-10-14] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2965983169-4173802632-674656348-1000\...\MountPoints2: {d62f0a54-3559-11eb-9d61-8c89a53586cf} - "J:\DTLplus_Launcher.exe"
HKLM\...\Windows x64\Print Processors\Canon TS700 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDFD.DLL [482816 2018-09-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS700 series: C:\WINDOWS\system32\CNMLMFD.DLL [910848 2018-09-09] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0A984834-D009-41B3-9957-6A95DDE8B87D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (Keine Datei)
Task: {1137CB67-D7A2-4AEE-9BB9-8D7C9C1C2718} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (Keine Datei)
Task: {199FA3DE-B9A0-4364-90E9-E4A9E3DB7FA7} - System32\Tasks\Opera scheduled assistant Autoupdate 1606677923 => C:\Users\System_X\AppData\Local\Programs\Opera\launcher.exe [2265296 2021-11-17] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\System_X\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {3382EAF8-E4C8-4687-BE24-A488BE2F89E7} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe -LogonOrUnlock (Keine Datei)
Task: {33FBF0D8-5ADE-471B-BED2-AF1B04A92CB5} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {340A1493-5406-498D-94EF-90D8DB5C40B7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (Keine Datei)
Task: {3A97BF76-9D66-44F9-9CC4-DB27F4CA3747} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (Keine Datei)
Task: {4321C5C0-ADD4-44A3-82DE-16B45FAB1D3B} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {48D095EE-D533-4ECA-B321-19714981E5CE} - System32\Tasks\Microsoft\VisualStudio\Updates\BackgroundDownload => C:\Program Files (x86)\Microsoft Visual Studio\Installer\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe [65448 2021-08-15] (Microsoft Corporation -> Microsoft)
Task: {5091D259-3F74-443A-BEB2-35CA187779D2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (Keine Datei)
Task: {59D8B55B-306C-43FD-9599-49C382F2D4C8} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (Keine Datei)
Task: {59F85656-A527-4D2B-9E75-1F5ADDAD7211} - System32\Tasks\Opera scheduled Autoupdate 1632150877 => C:\Users\System_X\AppData\Local\Programs\Opera\launcher.exe [2265296 2021-11-17] (Opera Software AS -> Opera Software)
Task: {5A38F845-D5F0-4380-AA12-4FBCA1B9E536} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5AF599F0-AA7E-4A5C-8A42-722A8BC61A98} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (Keine Datei)
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {64CD4591-8EB0-4DF9-94AA-073F5155298E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (Keine Datei)
Task: {691DE101-A7AB-4F9F-9D2D-C8C167EC01F3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (Keine Datei)
Task: {838E21D7-D24B-4BA1-9764-100706BCFC11} - System32\Tasks\Opera scheduled assistant Autoupdate 1632150902 => C:\Users\System_X\AppData\Local\Programs\Opera\launcher.exe [2265296 2021-11-17] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\System_X\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {863256B1-F406-4F2F-B5A9-6C54148173E3} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {88C4F2D3-C9E0-4050-AA65-FA8E617F0F64} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {907E0625-B84C-49E3-BA4E-B30A51DAF844} - System32\Tasks\Opera scheduled Autoupdate 1606677923 => C:\Users\System_X\AppData\Local\Programs\Opera\launcher.exe [2265296 2021-11-17] (Opera Software AS -> Opera Software)
Task: {913F802F-78E4-450A-89C1-AE381D3A18F1} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (Keine Datei)
Task: {A0CD771A-0858-4EE9-A7A3-16ABB77187A4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (Keine Datei)
Task: {A1522808-0229-4A44-B21E-CA519029ACE2} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (Keine Datei)
Task: {A3510081-EC92-4B1E-B414-E33168FAD994} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (Keine Datei)
Task: {A354C02A-B276-4D0D-A937-76AE142A38AA} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (Keine Datei)
Task: {AAE250E8-2F44-4F4A-A416-3F682C1492EA} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {ABCBA117-4A6F-4E81-906D-C68663EC0846} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (Keine Datei)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B10D0B96-ED6A-4AA8-9938-F55140C4B876} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe -Daily (Keine Datei)
Task: {B36237EB-5AE1-498B-8333-C4535D78B16E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B7107D6F-22C8-40F0-AC2A-2EB02F024C05} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MpCmdRun.exe [901056 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BBD5EC7A-C32F-408B-99A3-692A4C3A73C1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (Keine Datei)
Task: {BF439720-ADEF-4777-BC72-CC3D8395C6F2} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (Keine Datei)
Task: {C0E34E4F-931B-4697-BF4E-8B9C66E77A1F} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [682936 2021-11-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {C4B471D5-D41B-45F4-ABE8-1BF468B7D8A4} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {C5A8994C-A705-4DA2-8431-16F886BD50A2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (Keine Datei)
Task: {C8488067-87F4-4BBC-9883-B2067827F866} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (Keine Datei)
Task: {CF785A90-CA7C-4665-A2A8-541FDE58FE36} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (Keine Datei)
Task: {DD258411-0DE9-4708-BD0E-E8A8DD92911A} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (Keine Datei)
Task: {E788E000-AD0F-41EF-B237-6EE8C5E355BA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (Keine Datei)
Task: {FCA58B57-E2BA-43BE-82A4-38DB5CAC7BC8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (Keine Datei)
Task: {FF7F4CF0-F051-4A62-8B81-7413F247FB48} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [10219208 2016-02-26] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{7372BD0F-B956-43F7-AAD3-3B12560909F5}: [NameServer] 1.1.1.1,8.8.8.8
Tcpip\..\Interfaces\{7372BD0F-B956-43F7-AAD3-3B12560909F5}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\System_X\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-22]
Edge Notifications: Default -> hxxps://www.facebook.com
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\System_X\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ihcjicgdanjaechkgeegckofjjedodee [2021-11-18]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: avtxbt0o.default
FF ProfilePath: C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\avtxbt0o.default [2021-11-21]
FF user.js: detected! => C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\avtxbt0o.default\user.js [2021-11-21]
FF Homepage: Mozilla\Firefox\Profiles\avtxbt0o.default -> hxxps://www.google.com/
FF ProfilePath: C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\w6ywzn9z.default-release [2021-11-22]
FF user.js: detected! => C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\w6ywzn9z.default-release\user.js [2021-11-21]
FF DownloadDir: F:\backupMaxtor80gb\data\installationen
FF Homepage: Mozilla\Firefox\Profiles\w6ywzn9z.default-release -> hxxps://www.google.com/
FF Session Restore: Mozilla\Firefox\Profiles\w6ywzn9z.default-release -> ist aktiviert.
FF Notifications: Mozilla\Firefox\Profiles\w6ywzn9z.default-release -> hxxps://www.waz.de; hxxps://www.wetter.com; hxxps://www.finanztrends.de; hxxps://www.instagram.com; hxxps://otupia.de; hxxps://deno-licina.com; hxxps://get-huusk.com; hxxps://www.chess.com; hxxps://tours.comewithyou.com; hxxps://www.francesoir.fr; hxxps://www.giga.de; hxxps://web.whatsapp.com; hxxps://tinder.com; hxxps://lichess.org; hxxps://www.braunschweiger-zeitung.de
FF Extension: (AdBlock* der beste Ad-Blocker) - C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\w6ywzn9z.default-release\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2021-10-28]
FF Extension: (MyJDownloader Browser Erweiterung) - C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\w6ywzn9z.default-release\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2021-06-25] [UpdateUrl:hxxps://my.jdownloader.org/extensions/firefox.json]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\w6ywzn9z.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2021-10-02]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\w6ywzn9z.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2021-11-22]
FF Extension: (Tab Slideshow WE) - C:\Users\System_X\AppData\Roaming\Mozilla\Firefox\Profiles\w6ywzn9z.default-release\Extensions\{ff4c3ef4-7337-4e7f-aa99-77ed911ef8b1}.xpi [2021-11-09]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> F:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> F:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> F:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> F:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> F:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.14 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-05-10] (VideoLAN -> VideoLAN)
Chrome:
=======
CHR Profile: C:\Users\System_X\AppData\Local\Google\Chrome\User Data\Default [2021-08-11]
CHR Extension: (Foxit PDF Creator) - C:\Users\System_X\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2021-04-06]
CHR Extension: (Cookie Watch) - C:\Users\System_X\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmogeohlpljgihhbafbnincahfmafbfn [2021-05-28]
CHR Extension: (AD&POP Block) - C:\Users\System_X\AppData\Local\Google\Chrome\User Data\Default\Extensions\mknlngfeicgfpljigaaeohppjdiaalid [2021-06-02]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\System_X\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-01]
CHR Extension: (Chrome Media Router) - C:\Users\System_X\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-08-03]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2020-11-23]
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2020-11-23]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
Opera:
=======
OPR Profile: C:\Users\System_X\AppData\Roaming\Opera Software\Opera Stable [2021-11-15]
OPR Notifications: Opera Stable -> hxxps://mugrikees.com; hxxps://www.facebook.com; hxxps://www.giga.de; hxxps://www.youtube.com
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
OPR Extension: (Rich Hints Agent) - C:\Users\System_X\AppData\Roaming\Opera Software\Opera Stable\Extensions\enegjkbbakeegngfapepobipndnebkdk [2021-11-14]
OPR Extension: (Amazon Assistant Promotion) - C:\Users\System_X\AppData\Roaming\Opera Software\Opera Stable\Extensions\kbmoiomgmchbpihhdpabemajcbjpcijk [2021-09-20]
OPR Extension: (Amazon Assistant für Opera) - C:\Users\System_X\AppData\Roaming\Opera Software\Opera Stable\Extensions\mmmbddcnnndpbdflpccgcknaaabgldak [2021-09-20]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AMD FUEL Service; C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-03] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [242176 2009-08-07] () [Datei ist nicht signiert]
R2 FileZilla Server; C:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [859304 2017-02-08] (Tim Kosse -> FileZilla Project)
R2 FoxitPhantomPDFUpdateService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDFUpdateService.exe [2357936 2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 FoxitReaderUpdateService; F:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [2357936 2020-11-23] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [445432 2021-04-19] (Canon Inc. -> )
S3 LxssManagerUser; C:\WINDOWS\system32\lxss\wslclient.dll [304640 2021-11-12] (Microsoft Windows -> Microsoft Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7901368 2021-11-21] (Malwarebytes Inc -> Malwarebytes)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [280440 2021-06-06] (nordvpn s.a. -> TEFINCOM S.A.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6103464 2021-11-12] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12757520 2020-12-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [147392 2019-04-30] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\NisSrv.exe [2872024 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.6-0\MsMpEng.exe [128376 2021-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S4 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation -> AppEx Networks Corporation)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R2 DRHARD64; C:\WINDOWS\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Peter A. Gebhard Softwareentwicklung -> Licensed for Gebhard Software)
R2 DRHMSR64; C:\WINDOWS\system32\drivers\DRHMSR64.sys [13760 2013-07-21] (Peter A. Gebhard Softwareentwicklung -> )
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210352 2021-11-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-08-11] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-08-13] (Malwarebytes Inc -> Malwarebytes)
R2 NDivert; C:\WINDOWS\System32\drivers\NDivert.sys [105184 2021-05-17] (TEFINCOM S.A. -> )
S3 nlwt; C:\WINDOWS\system32\DRIVERS\nlwt.sys [39360 2021-06-07] (TEFINCOM S.A. -> WireGuard LLC)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [38608 2020-12-14] (TEFINCOM S.A. -> TEFINCOM S.A.)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [167280 2020-11-11] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [44896 2020-06-09] (TEFINCOM S.A. -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48520 2021-11-02] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [435424 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86240 2021-11-02] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2021-10-07] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 DRHARD; \??\C:\WINDOWS\system32\DRIVERS\DRHARD.SYS [X]
S3 GPU-Z-v2; \??\C:\Users\System_X\AppData\Local\Temp\GPU-Z-v2.sys [X] <==== ACHTUNG
U3 idsvc; kein ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-11-22 20:07 - 2021-11-22 20:07 - 000004437 _____ C:\Users\System_X\Desktop\mbam22112.txt
2021-11-22 20:06 - 2021-11-22 20:06 - 000000022 _____ C:\WINDOWS\S.dirmngr
2021-11-22 19:58 - 2021-11-22 19:58 - 000004437 _____ C:\Users\System_X\Desktop\mbam2211.txt
2021-11-21 21:54 - 2021-11-21 21:54 - 000007385 _____ C:\Users\System_X\Desktop\mbam1.txt
2021-11-21 21:37 - 2021-11-21 21:37 - 000210352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-11-21 21:26 - 2021-11-21 21:27 - 000000000 ____D C:\AdwCleaner
2021-11-21 21:25 - 2021-11-21 21:24 - 008553680 _____ (Malwarebytes) C:\Users\System_X\Desktop\adwcleaner_8.3.0(1).exe
2021-11-21 21:19 - 2021-11-21 21:18 - 002101944 _____ (Malwarebytes) C:\Users\System_X\Desktop\MBSetup(1).exe
2021-11-21 19:58 - 2021-11-21 19:58 - 000000002 _____ C:\Users\System_X\Desktop\ytzlssovxvj.txt
2021-11-21 19:53 - 2021-11-21 19:53 - 000061554 _____ C:\Users\System_X\Desktop\Shortcut.txt
2021-11-21 19:49 - 2021-11-22 20:14 - 000079657 _____ C:\Users\System_X\Desktop\Addition.txt
2021-11-21 19:46 - 2021-11-22 23:16 - 000029540 _____ C:\Users\System_X\Desktop\FRST.txt
2021-11-21 19:38 - 2021-11-21 19:36 - 002311680 _____ (Farbar) C:\Users\System_X\Desktop\FRST64(1).exe
2021-11-12 15:17 - 2021-11-12 15:17 - 000151352 _____ C:\WINDOWS\system32\nmscrub.exe
2021-11-12 15:16 - 2021-11-12 15:16 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-11-12 15:16 - 2021-11-12 15:16 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2021-11-12 15:16 - 2021-11-12 15:16 - 000011363 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-11-12 15:15 - 2021-11-12 15:15 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-11-12 14:06 - 2021-11-12 14:06 - 000000000 ___HD C:\$WinREAgent
2021-11-10 12:43 - 2021-11-10 12:45 - 000000000 ____D C:\abc
2021-11-06 13:46 - 2021-11-06 13:46 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-11-05 19:24 - 2021-11-22 20:06 - 000000306 __RSH C:\ProgramData\ntuser.pol
2021-11-04 16:58 - 2021-11-04 16:59 - 101470711 _____ C:\Users\System_X\Ich bleib so scheiße, wie ich binteil2.rar
2021-11-03 15:29 - 2021-11-03 15:29 - 000001156 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk
2021-11-03 15:29 - 2021-11-03 15:29 - 000000000 ____D C:\Program Files\PCHealthCheck
2021-11-02 21:34 - 2021-11-21 21:51 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-10-31 11:51 - 2021-10-31 11:51 - 000000000 _____ C:\ProgramData\UpdateLock-F5BE94A0743D7D60
2021-10-30 20:48 - 2021-10-30 20:48 - 000001120 _____ C:\Users\Public\Desktop\AAX Audio Converter.lnk
2021-10-30 20:48 - 2021-10-30 20:48 - 000000000 ____D C:\Users\System_X\AppData\Local\audiamus
2021-10-30 20:48 - 2021-10-30 20:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\audiamus
2021-10-30 20:48 - 2021-10-30 20:48 - 000000000 ____D C:\Program Files\audiamus
2021-10-30 20:45 - 2021-10-30 20:45 - 000000000 ____D C:\Users\System_X\Documents\MiniTool uTube Downloader
2021-10-30 20:45 - 2021-10-30 20:45 - 000000000 ____D C:\Users\System_X\AppData\Local\MiniTool uTube Downloader
2021-10-30 20:39 - 2021-10-30 20:42 - 000000000 ____D C:\Users\System_X\AppData\Roaming\QtProject
2021-10-30 20:38 - 2021-10-30 20:38 - 000001318 _____ C:\Users\Public\Desktop\MiniTool Video Converter.lnk
2021-10-30 20:38 - 2021-10-30 20:38 - 000000000 ____D C:\Users\System_X\Documents\MiniTool Video Converter
2021-10-30 20:38 - 2021-10-30 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Video Converter
2021-10-30 20:37 - 2021-10-30 20:45 - 000000000 ____D C:\Users\System_X\AppData\Local\MiniTool Video Converter
2021-10-30 20:37 - 2021-10-30 20:38 - 000000000 ____D C:\Program Files (x86)\MiniTool Video Converter
2021-10-30 20:37 - 2021-08-11 07:23 - 097788240 _____ (MiniTool ) C:\Users\System_X\Downloads\vc-free.exe
2021-10-30 20:04 - 2021-10-30 20:04 - 000000000 ____D C:\Users\System_X\Documents\Audible
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-11-22 23:15 - 2021-09-23 14:52 - 000000000 ____D C:\FRST
2021-11-22 20:22 - 2020-11-26 15:05 - 000000000 ____D C:\ProgramData\Mozilla
2021-11-22 20:21 - 2020-11-26 15:05 - 000000000 ____D C:\Users\System_X\AppData\LocalLow\Mozilla
2021-11-22 20:21 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-11-22 20:12 - 2021-03-28 16:09 - 001930124 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-11-22 20:12 - 2019-12-07 15:51 - 000821510 _____ C:\WINDOWS\system32\perfh007.dat
2021-11-22 20:12 - 2019-12-07 15:51 - 000183344 _____ C:\WINDOWS\system32\perfc007.dat
2021-11-22 20:12 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2021-11-22 20:06 - 2021-03-28 16:16 - 000000000 ___RD C:\Users\System_X\OneDrive
2021-11-22 20:06 - 2020-12-23 21:17 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-11-22 20:05 - 2021-09-04 11:07 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2021-11-22 20:05 - 2021-03-28 16:05 - 000008192 ___SH C:\DumpStack.log.tmp
2021-11-22 20:05 - 2020-11-19 00:51 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-11-22 20:05 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-11-22 18:35 - 2021-10-22 20:18 - 000000000 ____D C:\Users\System_X\AppData\Roaming\WhatsApp
2021-11-22 16:08 - 2020-11-18 23:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-11-22 14:21 - 2021-03-28 16:10 - 000000000 ____D C:\Users\System_X
2021-11-22 00:32 - 2021-06-02 16:02 - 000000000 ____D C:\Users\System_X\AppData\Roaming\vlc
2021-11-22 00:28 - 2021-08-18 13:03 - 000000000 ____D C:\Users\System_X\AppData\Local\CrashDumps
2021-11-21 21:55 - 2020-11-28 18:03 - 000000000 ____D C:\ProgramData\Package Cache
2021-11-21 21:30 - 2021-08-11 12:07 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-11-21 21:30 - 2021-08-11 12:07 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-11-21 21:29 - 2021-08-11 12:07 - 000000000 ____D C:\ProgramData\Malwarebytes
2021-11-21 21:29 - 2021-08-11 12:06 - 000000000 ____D C:\Program Files\Malwarebytes
2021-11-21 21:22 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-11-21 21:20 - 2021-08-11 12:07 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-11-21 20:31 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-11-21 20:31 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-11-21 20:10 - 2021-10-22 20:17 - 000000000 ____D C:\Users\System_X\AppData\Local\WhatsApp
2021-11-20 16:49 - 2021-03-28 16:16 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2965983169-4173802632-674656348-1000
2021-11-20 16:49 - 2021-03-28 16:10 - 000002414 _____ C:\Users\System_X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-11-18 20:11 - 2020-11-19 00:54 - 000000000 ____D C:\ProgramData\Packages
2021-11-18 15:29 - 2021-09-20 16:15 - 000004232 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1632150877
2021-11-18 15:29 - 2021-09-20 16:14 - 000001424 _____ C:\Users\System_X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2021-11-15 17:34 - 2020-11-18 23:50 - 000301024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-11-15 17:32 - 2021-09-04 11:06 - 000000000 ___SD C:\WINDOWS\SysWOW64\lxss
2021-11-15 17:32 - 2021-09-04 11:06 - 000000000 ___SD C:\WINDOWS\system32\lxss
2021-11-15 17:32 - 2019-12-07 15:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2021-11-15 17:32 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-11-15 17:32 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-11-15 17:32 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-11-15 17:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-11-15 17:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-11-15 17:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-11-15 17:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-11-15 17:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-11-15 17:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-11-15 17:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-11-15 17:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-11-15 17:32 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-11-15 17:32 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\servicing
2021-11-12 15:22 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-11-10 08:24 - 2020-11-27 21:11 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-11-10 08:18 - 2020-11-27 21:11 - 141529560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-11-08 17:13 - 2020-11-26 15:05 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-11-06 13:46 - 2020-11-26 15:05 - 000000936 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-11-05 19:24 - 2020-11-19 00:53 - 000003688 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-11-05 19:24 - 2020-11-19 00:53 - 000003464 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-11-05 19:24 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-11-05 19:24 - 2009-07-14 04:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-11-02 20:49 - 2020-11-19 00:51 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-10-31 10:39 - 2020-11-19 00:53 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-10-31 10:39 - 2020-11-19 00:53 - 000002284 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-10-30 19:37 - 2021-03-31 16:08 - 000000000 ____D C:\Users\System_X\AppData\Local\PlaceholderTileLogoFolder
2021-10-30 19:37 - 2021-03-28 16:13 - 000000000 ____D C:\Users\System_X\AppData\Local\Packages
2021-10-26 17:26 - 2021-06-08 17:22 - 000000000 ____D C:\Users\System_X\AppData\Roaming\TS3Client
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2021-09-04 16:38 - 2021-09-13 10:09 - 000000128 _____ () C:\Users\System_X\AppData\Roaming\winscp.rnd
2021-09-04 16:56 - 2021-09-13 10:21 - 000000128 _____ () C:\Users\System_X\AppData\Local\PUTTY.RND
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
--- --- --- |
Lesestoff: