| Motortuning | 24.01.2024 19:03 |
Hallo,
hier die 2 Logdateien Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 24.01.2024
durchgeführt von Chef (Administrator) auf DESKTOP-AHLA76L (LENOVO 90J0008XGE) (24-01-2024 18:58:31)
Gestartet von C:\Users\rudi1\Downloads\FRST64.exe
Geladene Profile: Chef
Plattform: Microsoft Windows 11 Home Version 23H2 22631.3007 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.400.20.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\msedgewebview2.exe <6>
(DriverStore\FileRepository\u0377041.inf_amd64_fa8e32adc5b1fa25\B376743\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0377041.inf_amd64_fa8e32adc5b1fa25\B376743\atieclxx.exe
(explorer.exe ->) (Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (LITE-ON TECHNOLOGY CORP. -> Lenovo) C:\Program Files (x86)\Lenovo\Lenovo Calliope USB Keyboard\SklFundKb.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.246.1127.0002\Microsoft.SharePoint.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <2>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0377041.inf_amd64_fa8e32adc5b1fa25\B376743\atiesrxx.exe
(services.exe ->) (Firebird Project) [Datei ist nicht signiert] C:\Program Files\Firebird-2.5.2.26540-0_x64\bin\fb_inet_server.exe
(services.exe ->) (Firebird Project) [Datei ist nicht signiert] C:\Program Files\Firebird-2.5.2.26540-0_x64\bin\fbguard.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_e3f96af62737a898\RstMwService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(services.exe ->) (Wondershare Technology Group Co.,Ltd -> Wondershare) C:\Users\rudi1\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
(sihost.exe ->) (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe <5>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.400.20.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Lenovo Fundamental USB Keyboard] => C:\Program Files (x86)\Lenovo\Lenovo Calliope USB Keyboard\SklFundKb.exe [2644472 2017-04-10] (LITE-ON TECHNOLOGY CORP. -> Lenovo)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1084720 2020-05-07] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKU\S-1-5-21-1307044404-1397830751-1400323971-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2595344 2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1307044404-1397830751-1400323971-1001\...\Run: [HP ENVY 5530 series (NET)] => C:\Program Files\HP\HP ENVY 5530 series\Bin\ScanToPCActivationApp.exe [3421216 2013-08-13] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-1307044404-1397830751-1400323971-1001\...\Run: [vidnotifier.exe] => C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe (Keine Datei)
HKU\S-1-5-21-1307044404-1397830751-1400323971-1001\...\Run: [Opera Stable] => C:\Users\rudi1\AppData\Local\Programs\Opera\launcher.exe (Keine Datei)
HKU\S-1-5-21-1307044404-1397830751-1400323971-1001\...\Run: [MicrosoftEdgeAutoLaunch_293AA7D23F3243C993825FA9E28B2188] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854376 2024-01-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1307044404-1397830751-1400323971-1002\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2595344 2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1307044404-1397830751-1400323971-1002\...\Run: [MicrosoftEdgeAutoLaunch_88C0EC96917877AE2D4790E5854CEADD] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3854376 2024-01-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1307044404-1397830751-1400323971-1002\...\Run: [AviraBrowserAutoLaunch_8F29080FD0C4DE0D33133FEF95CA8A84] => "C:\Program Files\Avira\Browser\Application\AviraBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default" (Keine Datei)
HKU\S-1-5-21-1307044404-1397830751-1400323971-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [176128 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\...\Print\Monitors\HP C311 Status Monitor: C:\WINDOWS\system32\hpinkstsC311LM.dll [333496 2013-08-14] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 5530 series): C:\WINDOWS\system32\HPDiscoPMC311.dll [762400 2013-08-13] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {ED3C3386-29F5-4A2D-9307-E8EAFC7A20BC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-21] (Adobe Inc. -> Adobe Inc.)
Task: {37F85A04-2EDE-4C74-9705-67994242F046} - System32\Tasks\HPCustParticipation HP ENVY 5530 series => C:\Program Files\HP\HP ENVY 5530 series\Bin\HPCustPartic.exe [5642272 2013-08-13] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {EADEEDCC-74E9-47A2-AC9D-FFF0898503EA} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-06-09] () [Datei ist nicht signiert]
Task: {825A9C3C-4D21-4C24-B680-E5D15F513D0A} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {CEB515FA-71A5-471B-8C28-038E48097D96} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe DailyTelemetryTransmission (Keine Datei)
Task: {0F175DA9-1802-4B11-9FCD-FC0B68417400} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe VantageTelemetryAddinTask (Keine Datei)
Task: {DF9AB68F-6EA0-4E98-ADC9-27F67A0D86E0} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23570432 2023-12-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {2F3F7B33-7429-4869-97C1-4A2BFCC28481} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23570432 2023-12-21] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A326E02-D016-46AB-A3DE-46275D757B43} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe (Keine Datei)
Task: {FDB348B9-6A13-4904-B26E-C4F49FB28A52} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe /onlogon (Keine Datei)
Task: {0BB7A8A9-DAF7-4B51-B17D-D64DF51277D1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209384 2024-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4AF4F98-40F7-4DDA-ADF5-93245B936295} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2209384 2024-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {8942E942-1FD4-4D99-B0F2-E1A4103832C7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513936 2024-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {2F390E22-B814-4934-82B6-8075095E548A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [3513936 2024-01-12] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Keine Datei)
Task: {F334CABB-5D9B-4D2A-AC16-783E566A25E3} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (Keine Datei)
Task: {CC89BFC0-082C-4553-A980-3E48B2BB7CD4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (Keine Datei)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
Task: {4B138985-CE6B-4BDE-B3E7-EBD58268D35C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {24260BF9-7FD0-4BBA-B19C-2059EB4C5E50} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F0173179-0173-4138-ADDE-2F4FC04FF934} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {CC662454-911F-4EC1-9890-C61AC6E81C3B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {71AF02C7-B6FC-40BC-A1A2-D94E4EB6ABEB} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-01-23] (Mozilla Corporation -> Mozilla Foundation)
Task: {4D01D56B-BB09-4804-818C-05A4DED1A186} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {F609DC4D-016E-4C8F-905B-B6180A522C87} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1307044404-1397830751-1400323971-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {359F3ADD-772E-408B-AE09-9A359C558217} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1307044404-1397830751-1400323971-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130736 2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {7E1CA839-73A3-4EE0-BAEF-DF82A91EE4A6} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1307044404-1397830751-1400323971-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (Keine Datei)
Task: {93EB3C06-9C42-44B2-8B13-EF3882C4174E} - System32\Tasks\Opera scheduled Autoupdate 1686995018 => C:\Users\rudi1\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Keine Datei)
Task: {2D2C2B0F-5B52-4182-AD3E-CD4FB1CF2002} - System32\Tasks\Opera scheduled Autoupdate 1702988032 => C:\Users\rudi1\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Keine Datei)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{15d28409-3a5e-4237-af42-9e81f8fb97a0}: [DhcpNameServer] 9.11.0.3
Tcpip\..\Interfaces\{749ffa5d-d30c-4c34-9507-3d1db323811d}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{749ffa5d-d30c-4c34-9507-3d1db323811d}: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{749ffa5d-d30c-4c34-9507-3d1db323811d}\64259445A51224F6870273539303021435: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{749ffa5d-d30c-4c34-9507-3d1db323811d}\64259445A51224F6870273539303021435: [DhcpDomain] fritz.box
Edge:
=======
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\rudi1\AppData\Local\Microsoft\Edge\User Data\Default [2024-01-24]
Edge HomePage: Default -> hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
Edge Extension: (Avira Safe Shopping) - C:\Users\rudi1\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2024-01-17]
Edge Extension: (Avira Password Manager) - C:\Users\rudi1\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle [2024-01-17]
Edge Extension: (Google Docs Offline) - C:\Users\rudi1\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-18]
Edge Extension: (Edge relevant text changes) - C:\Users\rudi1\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip]
Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle]
FireFox:
========
FF DefaultProfile: isefybcy.Rudi -1705859434081
FF ProfilePath: C:\Users\rudi1\AppData\Roaming\Mozilla\Firefox\Profiles\9398aw3h.Rudi 123 [2024-01-24]
FF Homepage: Mozilla\Firefox\Profiles\9398aw3h.Rudi 123 -> hxxps://www.google.de/?hl=de
FF ProfilePath: C:\Users\rudi1\AppData\Roaming\Mozilla\Firefox\Profiles\isefybcy.Rudi -1705859434081 [2024-01-21]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-04-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-01-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-04-26] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\rudi1\AppData\Local\Google\Chrome\User Data\Default [2024-01-18]
CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\rudi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2022-06-01]
CHR Extension: (Adobe Acrobat: Werkzeuge zum Bearbeiten, Konvertieren und Signieren von PDF-Dateien) - C:\Users\rudi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2022-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\rudi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-06-01]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\rudi1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-06-01]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
Opera:
=======
OPR DefaultProfile: Default
StartMenuInternet: (HKU\S-1-5-21-1307044404-1397830751-1400323971-1001) OperaStable - "C:\Users\rudi1\AppData\Local\Programs\Opera\Launcher.exe"
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-21] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9497576 2023-12-21] (Microsoft Corporation -> Microsoft Corporation)
S2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [26512 2023-11-06] (CHENGDU YIWO Tech Development Co., Ltd. -> )
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [1117008 2023-05-04] (Bayerisches Landesamt fuer Steuern -> )
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncHelper.exe [3514384 2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
R2 FirebirdGuardianDietrichsFirebird2_5_2; C:\Program Files\Firebird-2.5.2.26540-0_x64\bin\fbguard.exe [154112 2013-03-19] (Firebird Project) [Datei ist nicht signiert]
R3 FirebirdServerDietrichsFirebird2_5_2; C:\Program Files\Firebird-2.5.2.26540-0_x64\bin\fb_inet_server.exe [5689856 2013-03-19] (Firebird Project) [Datei ist nicht signiert]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-18] (Malwarebytes Inc. -> Malwarebytes)
R2 NativePushService; C:\Users\rudi1\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe [594320 2023-02-22] (Wondershare Technology Group Co.,Ltd -> Wondershare)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.246.1127.0002\OneDriveUpdaterService.exe [3851280 2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 amdfendrmgr; C:\WINDOWS\System32\drivers\amdfendrmgr.sys [58808 2022-02-25] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R3 amdwddmg; C:\WINDOWS\System32\DriverStore\FileRepository\u0377041.inf_amd64_fa8e32adc5b1fa25\B376743\amdkmdag.sys [82961352 2022-02-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [800672 2023-12-19] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2022-10-05] (Microsoft Corporation) [Datei ist nicht signiert]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [42616 2017-05-14] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2022-08-13] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-01-18] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 VClone; C:\WINDOWS\System32\drivers\VClone.sys [44544 2020-02-22] (Microsoft Windows Hardware Compatibility Publisher -> Elaborate Bytes AG)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-06] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-06] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-01-24 18:58 - 2024-01-24 18:59 - 000026254 _____ C:\Users\rudi1\Downloads\FRST.txt
2024-01-24 18:57 - 2024-01-24 18:58 - 000000000 ____D C:\FRST
2024-01-24 18:57 - 2024-01-24 18:57 - 002389504 _____ (Farbar) C:\Users\rudi1\Downloads\FRST64.exe
2024-01-23 20:33 - 2024-01-23 21:01 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-01-23 18:42 - 2024-01-23 18:42 - 002363152 _____ (kernel-panik) C:\Users\rudi1\Downloads\kprm_2.15(2).exe
2024-01-22 19:24 - 2024-01-22 19:24 - 000720948 _____ C:\WINDOWS\system32\perfh007.dat
2024-01-22 19:24 - 2024-01-22 19:24 - 000149040 _____ C:\WINDOWS\system32\perfc007.dat
2024-01-21 18:48 - 2024-01-24 18:51 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-01-21 18:48 - 2024-01-23 21:01 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-01-21 18:48 - 2024-01-23 21:01 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-01-21 18:48 - 2024-01-21 18:48 - 000002041 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Privater Modus.lnk
2024-01-21 18:48 - 2024-01-21 18:48 - 000001000 _____ C:\Users\Public\Desktop\Firefox.lnk
2024-01-21 17:30 - 2024-01-21 17:30 - 060316704 _____ (Mozilla) C:\Users\rudi1\Downloads\Firefox Setup 121.0.1(1).exe
2024-01-21 08:03 - 2024-01-21 08:03 - 060316704 _____ (Mozilla) C:\Users\rudi1\Downloads\Firefox Setup 121.0.1.exe
2024-01-19 16:23 - 2024-01-23 18:45 - 000000000 ____D C:\KPRM
2024-01-19 16:21 - 2024-01-19 16:21 - 002363152 _____ (kernel-panik) C:\Users\rudi1\Downloads\kprm_2.15(1).exe
2024-01-19 16:20 - 2024-01-19 16:20 - 002363152 _____ (kernel-panik) C:\Users\rudi1\Downloads\kprm_2.15.exe
2024-01-18 22:21 - 2024-01-23 19:22 - 000000000 ____D C:\Users\rudi1\Desktop\Bilder 1111
2024-01-18 22:11 - 2024-01-18 22:11 - 002606880 _____ (Malwarebytes) C:\Users\rudi1\Downloads\MBSetup(2).exe
2024-01-17 21:54 - 2024-01-17 21:54 - 000000000 ____D C:\Users\rudi1\AppData\Roaming\Microsoft\Excel
2024-01-17 17:35 - 2024-01-17 17:35 - 000000000 ____D C:\Users\Rudi\AppData\Local\INetHistory
2024-01-13 12:15 - 2024-01-13 12:15 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-01-12 08:28 - 2024-01-12 08:28 - 000176808 _____ C:\Users\Rudi\Downloads\20240112_0828_krankengeld_einwilligung_275_sgb_v.pdf
2024-01-12 08:28 - 2024-01-12 08:28 - 000021315 _____ C:\Users\Rudi\Downloads\20240112_0828_quittungsdokument_vom_11.01.2024.pdf
2024-01-10 17:57 - 2024-01-10 17:57 - 000016720 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-01-10 17:14 - 2024-01-10 17:14 - 000074235 _____ C:\Users\Rudi\Downloads\Application-pdf-attachment.pdf
2024-01-09 17:33 - 2024-01-09 17:33 - 000000000 ____D C:\Users\rudi1\AppData\Local\CrashDumps
2024-01-09 16:12 - 2024-01-09 19:16 - 000000000 ____D C:\Program Files (x86)\Elaborate Bytes
2023-12-27 17:05 - 2023-12-27 17:05 - 000030260 _____ C:\Users\Rudi\Downloads\2023-12-27-RG.pdf
2023-12-25 16:02 - 2023-12-25 16:02 - 001452648 _____ (Adobe Inc) C:\Users\Rudi\Downloads\Reader_Install_Setup.exe
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-01-24 18:58 - 2022-06-02 21:03 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-01-24 18:57 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-01-24 18:52 - 2023-06-19 18:02 - 000000000 ____D C:\Users\rudi1\AppData\Local\Malwarebytes
2024-01-24 18:51 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-01-24 18:51 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-01-24 18:50 - 2023-05-12 04:04 - 000000000 ____D C:\Users\Rudi\AppData\Local\Malwarebytes
2024-01-24 18:49 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-01-24 18:49 - 2020-04-25 18:21 - 000000000 ___RD C:\Users\Rudi\OneDrive
2024-01-23 18:45 - 2020-08-24 07:28 - 000000000 ____D C:\Users\rudi1\AppData\Roaming\HpUpdate
2024-01-23 07:56 - 2022-10-05 10:09 - 000004170 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{0E0309E2-C5FA-4754-9C53-4EC73D4C6151}
2024-01-22 20:10 - 2022-10-05 10:04 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-01-22 19:24 - 2022-10-05 10:13 - 001662892 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-01-22 19:24 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2024-01-22 19:18 - 2022-10-05 10:09 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-01-22 19:18 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2024-01-22 19:18 - 2022-05-07 06:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-01-21 18:50 - 2023-06-21 17:40 - 000000000 ____D C:\Users\rudi1\Desktop\Alte Firefox-Daten
2024-01-21 18:44 - 2020-04-25 16:45 - 000000000 ____D C:\Users\rudi1\AppData\Local\Packages
2024-01-21 16:21 - 2020-04-25 18:19 - 000000000 ____D C:\Users\Rudi\AppData\Local\D3DSCache
2024-01-21 13:54 - 2020-04-25 16:45 - 000000000 ____D C:\Users\rudi1\AppData\Local\D3DSCache
2024-01-19 21:51 - 2022-10-05 10:05 - 000000000 ____D C:\Users\Rudi
2024-01-19 20:00 - 2020-04-25 22:14 - 000000000 ____D C:\Users\Rudi\AppData\Roaming\Microsoft\Word
2024-01-18 22:12 - 2022-08-13 08:14 - 000239576 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2024-01-18 22:12 - 2022-08-13 08:14 - 000002040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-01-18 22:12 - 2022-08-13 08:14 - 000002028 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-01-18 22:11 - 2022-08-13 08:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-01-18 22:11 - 2022-08-13 08:13 - 000000000 ____D C:\Program Files\Malwarebytes
2024-01-18 22:08 - 2020-08-03 18:39 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-01-18 22:08 - 2020-08-03 18:39 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-01-18 18:52 - 2020-08-26 17:21 - 000000000 ____D C:\Users\Rudi\AppData\LocalLow\Temp
2024-01-17 21:11 - 2020-08-03 18:45 - 000000000 ____D C:\Users\rudi1\AppData\LocalLow\Adobe
2024-01-17 20:18 - 2021-07-17 12:21 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2024-01-17 16:56 - 2020-04-26 08:19 - 000000000 ____D C:\Users\Rudi\AppData\Roaming\Microsoft\Excel
2024-01-16 17:03 - 2023-12-19 15:00 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-01-16 17:03 - 2023-12-19 14:59 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-01-16 17:03 - 2023-12-19 14:59 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-01-13 12:15 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-01-13 12:14 - 2020-03-05 00:52 - 000000000 ____D C:\Program Files\Microsoft Office
2024-01-13 12:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-01-12 08:40 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-01-12 08:34 - 2020-05-26 08:23 - 000918944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2024-01-12 08:29 - 2020-04-25 18:19 - 000000000 ____D C:\Users\Rudi\AppData\Local\Packages
2024-01-12 08:24 - 2022-10-05 10:04 - 000474256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-01-12 08:23 - 2023-09-27 08:05 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-01-12 08:23 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2024-01-12 08:23 - 2022-05-07 06:24 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-01-12 08:23 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-01-12 08:23 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-01-12 08:23 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-01-10 18:01 - 2020-04-25 19:52 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-01-10 17:59 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-01-10 17:59 - 2020-04-25 19:52 - 189718008 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-01-10 17:57 - 2022-10-05 10:04 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-01-09 19:15 - 2022-08-15 09:14 - 000000000 ____D C:\Users\Rudi\AppData\Local\CrashDumps
2024-01-09 16:51 - 2022-10-05 10:05 - 000000000 ____D C:\Users\rudi1
2024-01-09 16:38 - 2023-12-19 12:42 - 000000000 ____D C:\ProgramData\Wondershare
2024-01-09 16:38 - 2023-12-19 12:42 - 000000000 ____D C:\Program Files\Wondershare
2024-01-09 16:36 - 2022-04-26 22:01 - 000000000 ____D C:\Program Files\AMD
2023-12-25 16:03 - 2020-04-25 21:40 - 000000000 ____D C:\Users\rudi1\AppData\Local\Adobe
2023-12-25 16:03 - 2020-04-25 21:40 - 000000000 ____D C:\Users\Rudi\AppData\Local\Adobe
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ================
und Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 24.01.2024
durchgeführt von Chef (24-01-2024 18:59:41)
Gestartet von C:\Users\rudi1\Downloads
Microsoft Windows 11 Home Version 23H2 22631.3007 (X64) (2022-10-05 09:10:06)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-1307044404-1397830751-1400323971-500 - Administrator - Disabled)
Chef (S-1-5-21-1307044404-1397830751-1400323971-1001 - Administrator - Enabled) => C:\Users\rudi1
DefaultAccount (S-1-5-21-1307044404-1397830751-1400323971-503 - Limited - Disabled)
Gast (S-1-5-21-1307044404-1397830751-1400323971-501 - Limited - Disabled)
Rudi (S-1-5-21-1307044404-1397830751-1400323971-1002 - Limited - Enabled) => C:\Users\Rudi
WDAGUtilityAccount (S-1-5-21-1307044404-1397830751-1400323971-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 23.008.20470 - Adobe)
EaseUS Data Recovery Wizard (HKLM\...\EaseUS Data Recovery Wizard_is1) (Version: - EaseUS Data Recovery Wizard)
EaseUS Fixo (HKLM-x32\...\EaseUS Fixo_is1) (Version: - EaseUS Fixo)
ElsterFormular (HKLM-x32\...\{69228922-B681-4C45-8CCC-05DB0E82CC48}) (Version: 21.6.0 - Thüringer Landesamt für Finanzen)
HP ENVY 5530 series - Grundlegende Software für das Gerät (HKLM\...\{1F9EC87F-2A9B-4B0D-8F31-B753507DB3C7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
HP ENVY 5530 series Hilfe (HKLM-x32\...\{272E06A0-7B74-481F-BD50-C632D9CA81A3}) (Version: 30.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
K-Lite Codec Pack 17.6.6 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 17.6.6 - KLCP)
Lenovo Calliope USB Keyboard (HKLM\...\{520AA862-0064-4B41-B777-1FAFC1AD1293}) (Version: 1.12 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.7.19.0 - Lenovo Group Ltd.)
Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes)
Meine SBK-Authentifizierungsprogramm (HKU\S-1-5-21-1307044404-1397830751-1400323971-1001\...\{573c769d-dc33-4552-9a53-b7168f04bb2c}) (Version: 1.0.9.0 - SBK Siemens-Betriebskrankenkasse)
Meine SBK-Authentifizierungsprogramm (HKU\S-1-5-21-1307044404-1397830751-1400323971-1002\...\{2e76bf3e-d2c8-44fb-a089-07ba24f1f763}) (Version: 1.0.9.0 - SBK Siemens-Betriebskrankenkasse)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 120.0.2210.144 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 120.0.2210.144 - Microsoft Corporation)
Microsoft Office Standard 2019 - de-de (HKLM\...\Standard2019Volume - de-de) (Version: 16.0.10406.20006 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.246.1127.0002 - Microsoft Corporation)
Microsoft Support and Recovery Assistant (HKU\S-1-5-21-1307044404-1397830751-1400323971-1001\...\339020b868450372) (Version: 17.0.5057.11 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.34.31938 (HKLM-x32\...\{d92971ab-f030-43c8-8545-c66c818d0e05}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.34.31938 (HKLM-x32\...\{4f84f2dc-3f70-433a-8f50-8293e0089b0f}) (Version: 14.34.31938.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.34.31938 (HKLM\...\{7DA37AE3-D8AE-49B1-9BDC-23CA0AB9FF22}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.34.31938 (HKLM\...\{0AE39060-F209-4D05-ABC7-54B8F9CFA32E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.34.31938 (HKLM-x32\...\{080D8397-60F4-44B3-BB95-FBB950CB0B4E}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.34.31938 (HKLM-x32\...\{8DE5B0D4-A6D8-4F72-B8EF-28776A2EE5D5}) (Version: 14.34.31938 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 122.0 (x64 de)) (Version: 122.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 121.0.1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.10406.20006 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.10406.20006 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.10406.20006 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8781.1 - Realtek Semiconductor Corp.)
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 4.0 - )
Studie zur Verbesserung von HP ENVY 5530 series (HKLM\...\{8E32B2DA-C95D-41A1-8DB4-D1B213162F63}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)
WISO Steuer 2023 (HKLM-x32\...\{D018286B-2ACC-45BE-82E2-224A39F2A631}) (Version: 30.04.3320 - Buhl Data Service GmbH)
Wondershare NativePush(Build 1.0.0.7) (HKU\S-1-5-21-1307044404-1397830751-1400323971-1001\...\Wondershare NativePush_is1) (Version: - )
Packages:
=========
AMD Radeon™ Settings Lite -> C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.59462344778C5_10.19.10006.0_x64__0a9344xs7nr4m [2022-06-02] (Advanced Micro Devices Inc.)
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.900.374.0_x64__8wekyb3d8bbwe [2024-01-18] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_151.3.1092.0_x64__v10z8vjag6ke6 [2024-01-21] (HP Inc.)
Lenovo Companion -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2312.17.0_x64__k1h2ywk1493x8 [2024-01-17] (LENOVO INC.)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-12-16] (Microsoft Corp.)
Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-12-16] (Microsoft Corporation)
Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-01-17] (Microsoft Corporation)
Power2Go for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.Power2GoforLenovo_8.0.12518.0_x86__m916jedk64snt [2022-06-02] (CYBERLINKCOM CORPORATION) [Startup Task]
PowerDVD for Lenovo -> C:\Program Files\WindowsApps\CyberLinkCorp.th.PowerDVDforLenovo_14.2.4112.0_x86__m916jedk64snt [2022-06-02] (CYBERLINKCOM CORPORATION)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.11.217.0_x64__dt26b99r8h8gj [2022-06-02] (Realtek Semiconductor Corp)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.18.11020.0_x64__8wekyb3d8bbwe [2023-12-16] (Microsoft Studios) [MS Ad]
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-01-17] (Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1307044404-1397830751-1400323971-1001_Classes\CLSID\{14100442-9664-1407-2647-000000000000}\localserver32 -> C:\Users\rudi1\AppData\Local\Wondershare\Wondershare NativePush\WsToastNotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
CustomCLSID: HKU\S-1-5-21-1307044404-1397830751-1400323971-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-08] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.246.1127.0002\FileSyncShell64.dll [2023-12-23] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\WINDOWS\System32\atiacm64.dll [2022-02-25] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-03-08] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
Shortcut: C:\Users\rudi1\Documents\Documents (3)\Extras\Adobe Reader Download.lnk -> hxxp://get.adobe.com/reader
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2023-04-09 13:33 - 2013-03-19 10:21 - 000874496 _____ (Firebird Project) [Datei ist nicht signiert] C:\Program Files\Firebird-2.5.2.26540-0_x64\bin\fbclient.dll
2023-04-09 13:33 - 2013-03-19 10:09 - 001558016 _____ (IBM Corporation and others) [Datei ist nicht signiert] C:\Program Files\Firebird-2.5.2.26540-0_x64\bin\icudt30.dll
2023-04-09 13:33 - 2013-03-19 10:09 - 000935936 _____ (IBM Corporation and others) [Datei ist nicht signiert] C:\Program Files\Firebird-2.5.2.26540-0_x64\bin\icuuc30.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\Windows:CM_5d9848b1d7b8407441bbf723a5393eaff7ba64965e0f0d8199430252761b7742 [74]
AlternateDataStreams: C:\Windows:CM_e2cfdb4b8b28ea71a62fbe22e654fe641d063e05163abbd48f92f7c50caaaa9d [74]
AlternateDataStreams: C:\Windows:CM_e6755cfed2f90244901ca1a42a4a5bf160f6929e29aec60edbe6324f8dd1dce6 [74]
AlternateDataStreams: C:\Windows:CM_ed5d26453aa57e0500ffe32ffd1b2f3c7bcd345bf76e5b37d24c906a5259abf5 [74]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1307044404-1397830751-1400323971-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
HKU\S-1-5-21-1307044404-1397830751-1400323971-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1307044404-1397830751-1400323971-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com/
SearchScopes: HKU\S-1-5-21-1307044404-1397830751-1400323971-1001 -> DefaultScope {B8883A13-C649-49CA-8EE6-5399F7FC061E} URL =
SearchScopes: HKU\S-1-5-21-1307044404-1397830751-1400323971-1002 -> DefaultScope {B8883A13-C649-49CA-8EE6-5399F7FC061E} URL =
SearchScopes: HKU\S-1-5-21-1307044404-1397830751-1400323971-1002 -> {B8883A13-C649-49CA-8EE6-5399F7FC061E} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2020-04-26] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2024-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-20] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-09-20] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-09-20] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1307044404-1397830751-1400323971-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1307044404-1397830751-1400323971-1002\...\localhost -> localhost
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-03-19 05:49 - 2019-03-19 05:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
2020-04-29 18:03 - 2022-08-15 09:10 - 000000444 _____ C:\WINDOWS\system32\drivers\etc\hosts.ics
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1307044404-1397830751-1400323971-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rudi1\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1307044404-1397830751-1400323971-1002\Control Panel\Desktop\\Wallpaper -> c:\users\rudi\appdata\local\packages\microsoft.windows.photos_8wekyb3d8bbwe\localstate\photosappbackground\img_2865.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [UDP Query User{03AA6BF6-D20E-4A0D-AE2B-43563A84F793}C:\users\rudi\downloads\bmwdownloadmanager-windows32-offline.exe] => (Block) C:\users\rudi\downloads\bmwdownloadmanager-windows32-offline.exe => Keine Datei
FirewallRules: [TCP Query User{0F8A043E-332B-4475-8A26-A24B43405A8E}C:\users\rudi\downloads\bmwdownloadmanager-windows32-offline.exe] => (Block) C:\users\rudi\downloads\bmwdownloadmanager-windows32-offline.exe => Keine Datei
FirewallRules: [UDP Query User{1ADC9958-8DC0-430C-B961-7CF9441CB323}C:\users\rudi\appdata\roaming\jwrapper-bmwdownloadmanager\bmwdownloadmanagerwinlauncher.exe] => (Block) C:\users\rudi\appdata\roaming\jwrapper-bmwdownloadmanager\bmwdownloadmanagerwinlauncher.exe => Keine Datei
FirewallRules: [TCP Query User{2F88A130-2A4D-4366-9EFB-CB07581D70A1}C:\users\rudi\appdata\roaming\jwrapper-bmwdownloadmanager\bmwdownloadmanagerwinlauncher.exe] => (Block) C:\users\rudi\appdata\roaming\jwrapper-bmwdownloadmanager\bmwdownloadmanagerwinlauncher.exe => Keine Datei
FirewallRules: [{D2ADCBDD-914B-4BDD-B5F8-336EE88AE54F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{F72D7DA1-C388-4F00-965B-5B655A1DA0D1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{7EBEB48B-9932-4E9C-AED9-5A061B7EA5DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{6C62F5B2-9E0E-424B-A981-B0D312578FDD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.82.404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{FED8A2F8-BFE0-469B-9286-CFB1076C5330}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{7704A49F-B494-419E-86CB-DF256828A30D}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{11C8E572-22A0-4E14-B2FF-ADD919229934}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{C8F1CB18-D7ED-4B41-8135-00C577CCE889}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{D6AFD8C7-D213-45E1-90CB-7C6BD98663B2}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8F186733-7B9E-4465-8EDE-9462C34D4CB5}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\DeviceSetup.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{5B59A2AE-6A15-4428-BE25-B593E8F75A4E}] => (Allow) LPort=5357
FirewallRules: [{07CB8672-28C4-47CC-A776-BF2DBBF8D4F6}] => (Allow) C:\Program Files\HP\HP ENVY 5530 series\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{879405FD-F8EB-4480-9FC6-66C9F18E200A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.74.152.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{C2AD29B3-53AC-4563-A1D8-2AC8A33C95B9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.74.152.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{BDE90F58-7DF0-4901-ABB2-D8C2BCF85C62}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.74.152.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{CABE31F3-210B-4481-A81E-E00A0E5B64B3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.74.152.0_x86__kzf8qxf38zg5c\Skype\Skype.exe => Keine Datei
FirewallRules: [{F2219398-8F46-4DEC-BD9E-2833E43051A8}] => (Allow) C:\Users\rudi1\AppData\Local\Programs\Opera\99.0.4788.77\opera.exe => Keine Datei
FirewallRules: [{BB52D0CA-2033-4316-86A8-99CBAA35CEEC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BC5F1EE3-A5CB-4F4C-87E4-AE3B076E5751}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{94EAF45D-D3E8-4E99-A062-2B5B73428AD6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{BAFE02C4-F5BE-43C5-ABAC-BEB80995B722}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{21F82622-1B37-4035-BA89-14A544221CA3}] => (Allow) C:\Users\Rudi\OneDrive\Desktop\tenorshare-4ddig-for-windows.exe => Keine Datei
FirewallRules: [{94821578-3006-419A-9348-629C2CA3697C}] => (Allow) C:\Users\Rudi\OneDrive\Desktop\tenorshare-4ddig-for-windows.exe => Keine Datei
FirewallRules: [{2B8541BC-80E8-4A98-892B-1CA0E3A9182F}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe => Keine Datei
FirewallRules: [{833B9ABB-1380-4B54-9468-F954A607DA1F}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Tenorshare 4DDiG.exe => Keine Datei
FirewallRules: [{2FFB7A7B-E19C-4345-8D92-24AD7A893F29}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe => Keine Datei
FirewallRules: [{503FA985-8500-4360-935C-E4A29B1D100D}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NetFrameCheck.exe => Keine Datei
FirewallRules: [{D752C00F-B820-47D8-A973-7BC4DFA0B65A}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Monitor\Monitor.exe => Keine Datei
FirewallRules: [{4F220BF7-12E1-459E-9398-A79158F72BB1}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\Monitor\Monitor.exe => Keine Datei
FirewallRules: [{619ABC54-5900-43EB-81C2-DC63FC89084B}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\ParseRecord.exe => Keine Datei
FirewallRules: [{E6C6C128-EF88-45D7-8F9E-26B701E2FDEA}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\ParseRecord.exe => Keine Datei
FirewallRules: [{EE211606-4869-4388-8CB2-D7156A8645AF}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\UpdateService.exe => Keine Datei
FirewallRules: [{FD67D346-A211-4414-B8AD-FF687C730309}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\UpdateService.exe => Keine Datei
FirewallRules: [{2227F92C-4376-4046-A05C-7148BD7249F6}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\preuninstall.exe => Keine Datei
FirewallRules: [{1458FE45-99BB-40FB-BC78-DE25BBC8AB17}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\preuninstall.exe => Keine Datei
FirewallRules: [{AD57F9FA-8C1A-4261-B2BB-A972CCE946C3}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DeviceViewerService.exe => Keine Datei
FirewallRules: [{87B6B5A4-6E7D-43CD-B94A-18C92C21A672}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DeviceViewerService.exe => Keine Datei
FirewallRules: [{1C5621AA-47B3-4613-854A-55667AF92F5A}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NASConnecter.exe => Keine Datei
FirewallRules: [{AB6CE9BE-BA43-4678-8504-A76E3B33FB63}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\NASConnecter.exe => Keine Datei
FirewallRules: [{EC9471B9-AB08-4C27-B6EF-8F9EA89BFC0F}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataScanService.exe => Keine Datei
FirewallRules: [{6BC97A0E-D164-4869-9A9F-8C888B378EAD}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataScanService.exe => Keine Datei
FirewallRules: [{6D4F8FF5-DAFC-46F4-9B2E-715397BB8704}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataRecoveryService.exe => Keine Datei
FirewallRules: [{A3126352-2E53-4C44-86D6-647466F0398F}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\DataRecoveryService.exe => Keine Datei
FirewallRules: [{94507B06-94F6-44C2-A4F5-481A8929C6BB}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\MsgSupport\MsgSupportService.exe => Keine Datei
FirewallRules: [{0693FD5A-0E5F-4669-B61E-09B376F2BCA8}] => (Allow) C:\Program Files (x86)\Tenorshare\Tenorshare 4DDiG\MsgSupport\MsgSupportService.exe => Keine Datei
FirewallRules: [{0D40E2C8-B1CA-4495-8679-B8888243CD9F}] => (Allow) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{17610235-5D22-4BB5-B264-8F083AE25D0B}] => (Allow) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{BD6E3873-F9A7-438C-B92D-2F29E8A16F75}] => (Allow) LPort=57209
FirewallRules: [{73ADFDE1-0602-479E-93D7-E5F178AF9AFD}] => (Allow) LPort=57210
FirewallRules: [{3DA76EFB-40E1-4EA6-AFAC-974ABA8DD05A}] => (Allow) LPort=57211
FirewallRules: [{AC87479C-5A8E-47C9-A197-CDF460FE5804}] => (Allow) LPort=57212
FirewallRules: [{3978CA0A-B1EA-4567-8AF6-A894EEBF3672}] => (Allow) LPort=57213
FirewallRules: [{E22F6B99-33FF-41A2-ADD4-ABF0B8F26EB8}] => (Allow) LPort=57214
FirewallRules: [{303925DA-2565-4B27-BC1A-5A2A9866BEFC}] => (Allow) LPort=57215
FirewallRules: [{0C057DD4-1FD9-4D63-9111-EF7F82AEF5EA}] => (Allow) LPort=57216
FirewallRules: [{3F269353-3151-40B5-BACA-B48976F62355}] => (Allow) LPort=57217
FirewallRules: [{8F8F263D-FFBF-4C92-BA58-63EF6B4B1261}] => (Allow) LPort=57218
FirewallRules: [{6F812E6C-4E77-48A2-898E-1CE0D3296E5D}] => (Allow) LPort=57209
FirewallRules: [{3E0575E1-8BA5-42D8-9405-F256520A0872}] => (Allow) LPort=57210
FirewallRules: [{411AD994-54B3-474C-862A-61791251E64D}] => (Allow) LPort=57211
FirewallRules: [{810896B1-B8B5-4599-BD09-30C8E47BF230}] => (Allow) LPort=57212
FirewallRules: [{2E39D1BA-AEA6-4792-AF1C-CA27A5AAA96F}] => (Allow) LPort=57213
FirewallRules: [{0C2DD3FA-D216-4FD4-8A7B-5CF366736D57}] => (Allow) LPort=57214
FirewallRules: [{BCEFB6D9-F41F-4029-9FF5-33E9F6ECC447}] => (Allow) LPort=57215
FirewallRules: [{D40165F2-D532-45E7-A6F6-CA82DD93DA2C}] => (Allow) LPort=57216
FirewallRules: [{1B1415F4-9DB7-4828-A769-42F3FA8D9C95}] => (Allow) LPort=57217
FirewallRules: [{6BBB0B62-A4C2-4913-A8E4-6680A077684B}] => (Allow) LPort=57218
FirewallRules: [TCP Query User{E4AB6A82-EDAF-4A54-A214-1766BF785745}C:\users\rudi1\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe] => (Block) C:\users\rudi1\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
FirewallRules: [UDP Query User{474C7241-2D58-4975-AD63-A453A4C5D922}C:\users\rudi1\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe] => (Block) C:\users\rudi1\appdata\local\wondershare\wondershare nativepush\wstoastnotification.exe (Wondershare Technology Group Co.,Ltd -> Wondershare)
FirewallRules: [{8955A481-B327-4A25-A4F1-1E115548AD37}] => (Allow) LPort=23007
FirewallRules: [{F306BF67-74F6-47D9-A780-5D0354A4CF97}] => (Allow) LPort=23008
FirewallRules: [{F7CAFC14-365A-4BA9-80A6-236F2A31F441}] => (Allow) LPort=33009
FirewallRules: [{28DE9EE8-3E02-48F3-B3C3-71B897E11311}] => (Allow) LPort=33010
FirewallRules: [{64718096-69C5-42AD-B3BA-D5CE622C3EDA}] => (Allow) LPort=33011
FirewallRules: [{AA5A6A89-2B0D-4112-BC0A-06C77A889749}] => (Allow) LPort=43012
FirewallRules: [{5C48434E-B12D-4906-BD92-033B015D4A6D}] => (Allow) LPort=43013
FirewallRules: [{B6422DCD-A6FD-43F7-AE10-5B97F1140FDF}] => (Allow) LPort=53014
FirewallRules: [{02F1217E-0FF8-404A-B85A-90BBF06F3ED6}] => (Allow) LPort=53015
FirewallRules: [{BC9E4522-78CA-4EB6-B42C-99B2CEA1241F}] => (Allow) LPort=53016
FirewallRules: [{7E6A08E8-2B95-4AFF-AF65-472E074F68A8}] => (Allow) LPort=23007
FirewallRules: [{8F6F221E-765A-4C03-BE27-8FADDDFDE468}] => (Allow) LPort=23008
FirewallRules: [{C9EE5849-CCD9-4E36-875A-3BA26EEC74FD}] => (Allow) LPort=33009
FirewallRules: [{80AC0AC6-C680-46C9-BE62-7CD1686B2D01}] => (Allow) LPort=33010
FirewallRules: [{75013CD9-9E28-49DC-95E4-A33E0FE69178}] => (Allow) LPort=33011
FirewallRules: [{3DD92049-EC19-4467-8037-2731C5041F2B}] => (Allow) LPort=43012
FirewallRules: [{7CFCB6C4-6131-4B0E-96C6-ACF3108B413E}] => (Allow) LPort=43013
FirewallRules: [{83C9250A-3C04-414A-9A1A-A8E6EB2859F8}] => (Allow) LPort=53014
FirewallRules: [{B6DBEBE4-AEFD-45E4-8020-3D57326D3A66}] => (Allow) LPort=53015
FirewallRules: [{FC48265A-A95E-4F7A-8B35-E8D6DD6D827E}] => (Allow) LPort=53016
FirewallRules: [{2B618A1C-4A25-4040-95B7-46406DCD88DE}] => (Allow) LPort=50053
FirewallRules: [{9199C32E-E7B8-4B9D-9E04-EA1C38449EC2}] => (Allow) LPort=50053
FirewallRules: [{85161EDB-1BD0-4B8B-8008-05CCB5FCACE1}] => (Allow) C:\Users\rudi1\AppData\Local\Programs\Opera\105.0.4970.48\opera.exe => Keine Datei
FirewallRules: [{55B4250D-4FBE-4979-B819-7FBE436C520F}] => (Allow) LPort=57209
FirewallRules: [{B22D6D03-B5B4-4C38-87C1-B67A9BC7B0AE}] => (Allow) LPort=57210
FirewallRules: [{38A6C9CE-1878-4590-9CCC-C4C684C75D71}] => (Allow) LPort=57211
FirewallRules: [{A44C0476-7405-4CA7-BCB7-AE1A3EFD09BA}] => (Allow) LPort=57212
FirewallRules: [{72FDA706-04BA-4F14-A70F-6DEA2CC24CC0}] => (Allow) LPort=57213
FirewallRules: [{A4C7A19A-5885-4CB0-8E5A-EAD92F61B27F}] => (Allow) LPort=57214
FirewallRules: [{6954B6A6-9B79-4081-AD84-AA7104132669}] => (Allow) LPort=57215
FirewallRules: [{CDCA2908-416B-4985-902C-9D023DA74F86}] => (Allow) LPort=57216
FirewallRules: [{F4E34107-6D49-4265-BFAE-2563963D6230}] => (Allow) LPort=57217
FirewallRules: [{4EA349BB-A928-4A95-BC53-6C5F4334E1F9}] => (Allow) LPort=57218
FirewallRules: [{2A9BE60F-7B91-42C1-955B-81DB7708F99F}] => (Allow) LPort=57209
FirewallRules: [{79C88067-3AF4-49E3-8141-CB7AE3714B86}] => (Allow) LPort=57210
FirewallRules: [{D52C9D80-42FC-4991-817D-EAFC9609FF8B}] => (Allow) LPort=57211
FirewallRules: [{50D51C3E-2C68-4E74-83E4-16095D1AB4B6}] => (Allow) LPort=57212
FirewallRules: [{ED228A2F-DC7B-4E31-B56A-1AFE26BF58F1}] => (Allow) LPort=57213
FirewallRules: [{B93A2A5C-4548-4AF8-8C43-535CCBF07027}] => (Allow) LPort=57214
FirewallRules: [{C060D6EB-D7E5-4D18-9850-1409A8794C19}] => (Allow) LPort=57215
FirewallRules: [{80736B46-80D6-4096-8CFA-494A6CA447D3}] => (Allow) LPort=57216
FirewallRules: [{06B448CE-C706-4393-8956-557FA00F477C}] => (Allow) LPort=57217
FirewallRules: [{18AC0A21-090B-45D5-9F92-1D71042461A7}] => (Allow) LPort=57218
FirewallRules: [{F843F9DD-1430-4919-83D2-2322D7362BEF}] => (Allow) LPort=23007
FirewallRules: [{4B759A88-3AAA-472E-9A3D-15E7C28024E8}] => (Allow) LPort=23008
FirewallRules: [{64A33EDA-4DB9-46B0-972F-1682B0CACBB3}] => (Allow) LPort=33009
FirewallRules: [{69D02EE5-6948-4D12-A124-85C05FA251E2}] => (Allow) LPort=33010
FirewallRules: [{73009E22-082F-4D83-BD25-307ACAA26E5D}] => (Allow) LPort=33011
FirewallRules: [{270DC634-02BC-4C68-A2CD-5300D1C213D2}] => (Allow) LPort=43012
FirewallRules: [{E894BBC2-FEED-4E9E-93FC-5D12857EB470}] => (Allow) LPort=43013
FirewallRules: [{5637149F-10C0-4078-9005-6F523F6B7FC9}] => (Allow) LPort=53014
FirewallRules: [{E312B1CC-C2A4-437E-ACA4-C36FEBE49425}] => (Allow) LPort=53015
FirewallRules: [{191139B6-A64D-4822-BFBA-73D74CDE4A93}] => (Allow) LPort=53016
FirewallRules: [{61C5F0B9-6CC7-46CA-800D-D4F54062A5AE}] => (Allow) LPort=23007
FirewallRules: [{44F108E4-78E3-4E8E-B777-84E1D6F234F6}] => (Allow) LPort=23008
FirewallRules: [{76494407-C4D8-4760-8660-75DE1FCB5522}] => (Allow) LPort=33009
FirewallRules: [{5801CFB9-EA34-4968-BCC5-836C2151C354}] => (Allow) LPort=33010
FirewallRules: [{5D419A50-9112-4C51-A10C-114D206379F5}] => (Allow) LPort=33011
FirewallRules: [{B4C96378-9FD0-4E99-A4BC-CD599C5C6CB3}] => (Allow) LPort=43012
FirewallRules: [{9363E477-AE71-4E67-8BF6-32DDFC6D506B}] => (Allow) LPort=43013
FirewallRules: [{EDEFB382-BE73-4DE1-983D-5D98656CDE1F}] => (Allow) LPort=53014
FirewallRules: [{41127705-C64D-499C-9846-AD86EC224A09}] => (Allow) LPort=53015
FirewallRules: [{DA7228B3-1FF1-4DF3-B1CC-98DB39A1456A}] => (Allow) LPort=53016
FirewallRules: [{A86E115E-28B4-41C8-8A1A-EDC9C6FCDE8F}] => (Allow) LPort=50053
FirewallRules: [{D8081DC5-3389-43FF-A37E-6E61D41F649C}] => (Allow) LPort=50053
FirewallRules: [{80ABE278-BA81-4976-B548-E8B620FC5074}] => (Allow) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{66257266-E65D-4195-B36B-52BC6E94002D}] => (Allow) C:\Program Files (x86)\EaseUS\Fixo\Fixo.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{02537184-8288-4CD1-AD68-10AC7D778D06}] => (Allow) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{0A0E8816-845B-4702-B53C-89EA067CF407}] => (Allow) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{2AD86020-90E7-4029-90A4-F9138809E854}] => (Allow) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{2A437E47-8D67-4999-851D-2CE054538245}] => (Allow) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{19EBF6B7-7850-48AD-A070-7B62EB96DC7F}] => (Allow) C:\Program Files\EaseUS\EaseUS Data Recovery Wizard\DRWUI.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{95D980B7-E09A-4E4D-9F01-6878CB62BECE}] => (Allow) C:\Program Files (x86)\EaseUS\Fixo\Fixo.exe (CHENGDU YIWO Tech Development Co., Ltd. -> CHENGDU YIWO Tech Development Co., Ltd)
FirewallRules: [{E5D5A65E-CFB2-4965-BC2D-1AE426BD28DF}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23335.242.2641.4129_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{46EF92E2-89A6-41F2-AE7F-36AE38B74F0C}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23335.242.2641.4129_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{514C3037-6FDD-4941-B8C5-964DAD7863F7}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\120.0.2210.144\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{4A5D2D1D-2C6A-4CD4-9E54-37F8ECA7BB14}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
==================== Wiederherstellungspunkte =========================
22-01-2024 19:17:42 ERstellen 1
23-01-2024 18:53:15 Windows-Sicherung
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (01/24/2024 06:49:59 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-AHLA76L)
Description: C:\Users\Rudi\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfigMicrosoftTeams_8wekyb3d8bbwe-2147024894
Error: (01/24/2024 07:34:40 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-AHLA76L)
Description: C:\Users\Rudi\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfigMicrosoftTeams_8wekyb3d8bbwe-2147024894
Error: (01/24/2024 07:26:11 AM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Name der fehlerhaften Anwendung: ensserver.exe, Version: 0.0.0.0, Zeitstempel: 0x622838d2
Name des fehlerhaften Moduls: ucrtbase.dll, Version: 10.0.22621.2506, Zeitstempel: 0xac92626e
Ausnahmecode: 0xc0000409
Fehleroffset: 0x0009e34b
ID des fehlerhaften Prozesses: 0x0x1268
Startzeit der fehlerhaften Anwendung: 0x0x1da4d5f7648d2ca
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\ucrtbase.dll
Berichtskennung: d9fc3b2a-f60c-4bf7-af6d-84a4e23ca373
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (01/23/2024 08:04:22 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-AHLA76L)
Description: C:\Users\Rudi\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfigMicrosoftTeams_8wekyb3d8bbwe-2147024894
Error: (01/23/2024 07:50:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: DESKTOP-AHLA76L)
Description: C:\Users\Rudi\AppData\Local\Publishers\8wekyb3d8bbwe\TeamsSharedConfigMicrosoftTeams_8wekyb3d8bbwe-2147024894
Error: (01/23/2024 06:58:40 PM) (Source: COM) (EventID: 10031) (User: )
Description: Eine das Marshalling aufhebende Richtlinienprüfung wurde ausgeführt, als das Marshalling eines benutzerdefinierten gemarshallten Objekts aufgehoben wurde. Die Klasse "{BE88F957-42CC-4DA7-92CF-9BC35C5D5EE2}" wurde abgelehnt.
Error: (01/23/2024 06:58:39 PM) (Source: COM) (EventID: 10031) (User: )
Description: Eine das Marshalling aufhebende Richtlinienprüfung wurde ausgeführt, als das Marshalling eines benutzerdefinierten gemarshallten Objekts aufgehoben wurde. Die Klasse "{BE88F957-42CC-4DA7-92CF-9BC35C5D5EE2}" wurde abgelehnt.
Error: (01/23/2024 06:58:38 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: Der Vorgang konnte nicht erfolgreich abgeschlossen werden, da die Datei einen Virus oder möglicherweise unerwünschte Software enthält. (0x800700E1).
Systemfehler:
=============
Error: (01/24/2024 06:52:57 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AHLA76L)
Description: Der Server "{8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (01/24/2024 07:26:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "EaseUS UPDATE SERVICE" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/23/2024 07:51:50 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AHLA76L)
Description: Der Server "Microsoft.Windows.ContentDeliveryManager_10.0.22621.2506_neutral_neutral_cw5n1h2txyewy!App.AppXw3qcpc7p849541dp39vvqd01bn7z9ybh.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (01/23/2024 08:06:46 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AHLA76L)
Description: Der Server "{8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (01/22/2024 07:18:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ImControllerService" wurde aufgrund folgenden Fehlers nicht gestartet:
Das System kann die angegebene Datei nicht finden.
Error: (01/22/2024 07:15:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "EaseUS UPDATE SERVICE" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/22/2024 07:12:57 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AHLA76L)
Description: Der Server "{8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (01/22/2024 06:38:10 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-AHLA76L)
Description: Der Server "{8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Windows Defender:
================
Date: 2024-01-23 21:36:18
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {AD16CE49-7C09-4FD1-AFC2-85EBD68A65DA}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-01-23 20:28:22
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {59843D6A-A7E2-42D9-A8B7-B3597AC1CCB2}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Benutzerdefinierte Überprüfung
Benutzer: DESKTOP-AHLA76L\Rudi
Date: 2024-01-23 20:27:53
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {FDA7BF01-F6DA-4794-9F26-2850DD12F159}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Benutzerdefinierte Überprüfung
Benutzer: DESKTOP-AHLA76L\Rudi
Date: 2024-01-23 18:56:48
Description:
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:HTML/Phish!pz&threatid=2147888341&enterprise=0
Name: Trojan:HTML/Phish!pz
Schweregrad: Schwerwiegend
Kategorie: Trojaner
Pfad: file:_\Device\HarddiskVolumeShadowCopy19\Users\Rudi\AppData\Local\Mozilla\Firefox\Profiles\yljotkfd.default-release\cache2\entries\B13A4EF5ABB28A1149196FFA9F19EE0E03A80C14
Erkennungsursprung: Unbekannt
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: NT-AUTORITÄT\SYSTEM
Prozessname: C:\Windows\System32\svchost.exe
Sicherheitsversion: AV: 1.403.2557.0, AS: 1.403.2557.0, NIS: 1.403.2557.0
Modulversion: AM: 1.1.23110.2, NIS: 1.1.23110.2
Date: 2024-01-22 20:01:36
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {473E34DB-633A-4353-BBA5-318921CB882C}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
CodeIntegrity:
===============
Date: 2024-01-10 17:55:29
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\fcon.dll because the set of per-page image hashes could not be found on the system.
Date: 2024-01-10 17:55:28
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SystemSettings.DataModel.dll because the set of per-page image hashes could not be found on the system.
Date: 2023-12-22 19:21:04
Description:
Windows blocked file \Device\HarddiskVolume3\Windows\System32\scrobj.dll which has been disallowed for protected processes.
Date: 2023-12-19 13:13:14
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Avira\Endpoint Protection SDK\amsi\x64\avamsi.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
BIOS: LENOVO O4DKT35A 12/30/2019
Hauptplatine: LENOVO 3706
Prozessor: AMD Ryzen 3 3200G with Radeon Vega Graphics
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 14265.89 MB
Verfügbarer physikalischer RAM: 9422.21 MB
Summe virtueller Speicher: 14777.89 MB
Verfügbarer virtueller Speicher: 9895.16 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:475.69 GB) (Free:340.84 GB) (Model: INTEL SSDPEKNU512G8L) NTFS
Drive d: (Data) (Fixed) (Total:931.39 GB) (Free:611.87 GB) (Model: ST1000DM003-1SB102) NTFS
\\?\Volume{b51edd77-a9d0-45c7-88f4-9abfa0c38d90}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.28 GB) NTFS
\\?\Volume{d74557de-2d44-4644-b5d2-18cb2692ad02}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2719B10A)
Partition: GPT.
==========================================================
Disk: 1 (Size: 476.9 GB) (Disk ID: 2719B1D4)
Partition: GPT.
==================== Ende von Addition.txt =======================
Danke für die Hilfe.
Gruß Rudi |
Lesestoff: