| |
| |||||||
Log-Analyse und Auswertung: Gootkit lt. Telekom, wonach muss ich in den LogFiles suchenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
04.02.2021, 22:14
| #1 |
| |  Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen Laut Telekom soll auf einem unserer Rechner Gootkit sein. Leider machen die Datums-und Zeitangaben, die ich in einem Telefonanruf dann bekommen habe, keinen Sinn. Damit kann ich nur die Rechner der Reihe nach durchgehen. Auf allen Rechnern ist WIN10 drauf. Habe versucht, aus den geposteten Files was rauslesen zu können. Ist mir leider nicht gelungen. Da wir als große Familie auch ein paar mehr Rechner haben, und ich die Geschichte hier nicht ausarten lassen möchte, habe ich folgende Fragen. Kann mir jemand sagen, nach was ich in der frst.txt und addition.txt suchen muß? Was sind Hinweise auf einen Befall? Was passiert, wenn man einfach mal zur "Vorsicht" bei FRST auf Reparieren geht? Im Anhang mal noch von 2 Rechnern besagte Dateien. Wenn wirklich was drauf ist, habe ich eher den 1. Rechner im Verdacht, bin mir aber nicht sicher. Rechner 1: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 04-02-2021
durchgeführt von Katja (Administrator) auf DESKTOP-72DG63D (ASUSTeK COMPUTER INC. X550VXK) (04-02-2021 20:58:51)
Gestartet von D:\
Geladene Profile: Katja
Platform: Windows 10 Home Version 1909 18363.1316 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe <2>
(Adobe Systems Incorporated -> Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\AsBhcSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\BhcMgr.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(CyberLink Corp. -> ) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Discord Inc. -> Discord Inc.) C:\Users\Katja\AppData\Local\Discord\app-0.0.307\Discord.exe <3>
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(Epic Games Inc. -> Epic Games, Inc.) D:\Programme\Epic Games\Launcher\Engine\Binaries\Win64\EpicWebHelper.exe <2>
(Epic Games Inc. -> Epic Games, Inc.) D:\Programme\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(INMUSIC BRANDS INC -> M-Audio) C:\Program Files (x86)\M-Audio\M-Track 8X4M\AudioDevMon.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation -> Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxCUIService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\igfxEM.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHDCPSvc.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_9f310939ec1eebf9\IntelCpHeciSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avp.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avpui.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.2\ksde.exe
(Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.2\ksdeui.exe
(MAGIX AG) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Katja\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NCH Software, Inc. -> NCH Software) C:\Program Files (x86)\NCH Software\PhotoPad\photopad.exe
(Node.js Foundation -> Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Opera Software AS -> Opera Software) C:\Users\Katja\AppData\Local\Programs\Opera\assistant\browser_assistant.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wondershare Technology Co.,Ltd -> Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\wpscenter.exe
(Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd) C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\office6\wpscloudsvr.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1767944 2016-06-14] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation) [Datei ist nicht signiert]
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-11-24] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [U22_XT_USBPan.exe] => U22_XT_USBPan.exe
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409944 2018-06-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2133216 2017-03-23] (Wondershare Technology Co.,Ltd -> Wondershare)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ACHTUNG
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3411232 2020-12-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [EpicGamesLauncher] => D:\Programme\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32883768 2021-01-26] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [Discord] => C:\Users\Katja\AppData\Local\Discord\app-0.0.307\Discord.exe [91023672 2020-08-04] (Discord Inc. -> Discord Inc.)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\Run: [Opera Browser Assistant] => C:\Users\Katja\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Application Restart #5] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe --no-displaying-insecure-content --disable-devtools --disable-raf-throttling --user-data-dir="C:\Users\Katja\AppData\Local\ASUS GIFTBOX\User Data" (Der Dateneintrag hat 123 mehr Zeichen).
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Application Restart #3] => C:\Program Files (x86)\ASUS\Giftbox\Asusgiftbox.exe --no-displaying-insecure-content --disable-devtools --disable-raf-throttling --user-data-dir="C:\Users\Katja\AppData\Local\ASUS GIFTBOX\User Data" (Der Dateneintrag hat 123 mehr Zeichen).
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Katja\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Katja\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Uninstall 20.201.1005.0009\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Katja\AppData\Local\Microsoft\OneDrive\20.201.1005.0009\amd64"
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\RunOnce: [Uninstall 20.201.1005.0009] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Katja\AppData\Local\Microsoft\OneDrive\20.201.1005.0009"
HKU\S-1-5-21-2081738662-375674699-890820183-1001\...\MountPoints2: {14fa7206-e242-11ea-a1a1-107b443602d0} - "F:\HiSuiteDownLoader.exe"
HKLM\...\Print\Monitors\ricu0olm: C:\Windows\system32\ricu0olm.dll [28160 2013-12-26] (Microsoft Windows Hardware Compatibility Publisher -> RICOH CO.,Ltd.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.146\Installer\chrmstp.exe [2021-02-04] (Google LLC -> Google LLC)
Startup: C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2019-06-13]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {15553461-2314-4A24-8313-64720A14A97F} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145768 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {193DA2E6-54EA-424B-AE52-56180AAF83F1} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1683352 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {21532607-F3D4-43B3-B4E4-D37D5E0641F3} - System32\Tasks\WpsUpdateTask_Katja => C:\Program Files (x86)\Kingsoft\WPS Office\10.2.0.7646\wtoolex\wpsupdate.exe [653992 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {26EA8E84-31FF-4A4F-8979-C943775CD602} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5057960 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {2DB6C0B4-139B-4E0F-B31B-AC8365E534F0} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [19786024 2016-08-24] (ASUSTeK COMPUTER INC. -> ASUSTek Computer Inc.)
Task: {309E3EF8-8C76-4B15-8BA2-267A6707F7A7} - System32\Tasks\WpsKtpcntrQingTask_Administrator => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exe [1531136 2016-11-11] (Zhuhai Kingsoft Office Software Co.,Ltd -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {389DC292-80F9-442C-9D2B-8D863F3BB0DA} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {48B71FCF-1E7C-475F-B4BB-0F13ECF34572} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {49667D5A-CD48-450C-8C02-0CC76DF53805} - System32\Tasks\WpsExternal_Katja_20200105153215 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [1285800 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {4A9E92C6-71BC-4D3A-A253-4E5BED30AB27} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {507EF729-A441-47D8-9406-67BAB2B275B8} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-72DG63D-Katja => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {514823E1-3CEB-4CF2-BB8E-247EF4F1BE96} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {526B461F-F78A-4DA3-BEE2-98A3AC71F919} - System32\Tasks\ASUSTek Computer Inc\ASUS GIFTBOX => C:\Program Files (x86)\ASUS\Giftbox\asusgiftbox.exe
Task: {530A2AED-1596-4E51-941E-50EC3AAE014A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {5EE08B53-5F87-4A5E-86DF-72BD5B745C05} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1578784 2016-07-07] (ASUSTeK Computer Inc. -> ASUSTek COMPUTER INC.) [Datei ist nicht signiert]
Task: {60BD2060-BA9B-4D8F-99AA-F6618286B46E} - System32\Tasks\Opera scheduled Autoupdate 1594114837 => C:\Users\Katja\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software)
Task: {700439AD-0AB3-4DD0-A72E-D2F57A21FF17} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16747008 2016-11-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {7490A73F-CAAF-4109-9752-D8B4EFE1497A} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
Task: {7D419AF6-982D-450D-AFA0-604D61AD674E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-05-14] (Google Inc -> Google Inc.)
Task: {8360F909-7D21-44F5-8E92-5C7FB75F3303} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {874E847A-2205-4D08-9C8D-503CC5084CB4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Zugriff verweigert)
Task: {88E1451A-F1C5-47BC-918C-B2CAED651BFD} - System32\Tasks\Opera scheduled assistant Autoupdate 1594114845 => C:\Users\Katja\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Katja\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {89A74F5F-6F3C-4F4F-BCEB-D5112F9F6805} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {984DAAFA-04CC-4CF7-9ED2-9765C6EC6DA7} - System32\Tasks\ASUS Battery Health Charging Notification => C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\BhcMgr.exe [2478776 2016-11-28] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {9AF5EFAF-9494-482F-8013-BBD24EEA707F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145768 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {A159E453-6C69-4E9C-BBC4-9DDFCA839196} - System32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\GFExperience.Deployer\NvNotifier.exe [2013264 2017-12-12] (NVIDIA Corporation -> )
Task: {AE9450CD-A96E-484A-A097-91A71670044F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5057960 2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
Task: {AF13C45B-52CE-454F-B936-433171A8EDC4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {B5C781C4-C567-437B-8A6D-32E069B44BFF} - System32\Tasks\AdwCleaner_onReboot => //SRV-DC01/Setups/Virenscanner/adwcleaner_8.0.9.1(1).exe [8457584 2021-01-27] (Malwarebytes Inc -> Malwarebytes)
Task: {C4C864FF-EBB4-4E60-AE3B-61195E0EC7DE} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [677344 2021-01-28] (Mozilla Corporation -> Mozilla Foundation)
Task: {D031EDA3-3A4E-4F06-9E36-A621F355BD99} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {D22A7074-279B-4B0A-9ADC-2FC199E12731} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Zugriff verweigert)
Task: {D402CBA4-84F3-46B8-8E45-2BADCA602FA1} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe
Task: {E29396D1-54EA-4339-B0AD-04F1569B63DA} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantWakeupRun => C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe [0 0000-00-00] (Microsoft Corporation) (Zugriff verweigert)
Task: {E39B04FB-3166-494E-B519-06F60D7B1BBC} - System32\Tasks\WpsExternal_20161111081738 => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe [1285800 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {EB155E2A-DE4D-4BD6-97F5-07FD98330620} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [122008 2015-09-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
Task: {F74A871A-865E-43E3-ABBC-DA125CD0410D} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1472000 2016-11-25] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\WpsExternal_20161111081738.job => C:\Program Files (x86)\Kingsoft\WPS Office\ksolaunch.exe
Task: C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job => C:\Program Files (x86)\Kingsoft\WPS Office\10.1.0.5644\office6\ktpcntr.exeÃqing 10.1.0.5644 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 10.11.100.12
Tcpip\..\Interfaces\{534d5b2c-e792-4b93-a565-cef7f7cdc6cf}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{b9c5cc92-b6cb-46af-8f47-f62d5468f69a}: [DhcpNameServer] 10.11.100.12
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\cId=128000000001363769&path= [2020-08-26] <==== ACHTUNG
Edge Profile: C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-01]
Edge Extension: (Kaspersky Protection) - C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2021-01-28]
Edge Extension: (Citavi Picker) - C:\Users\Katja\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mielbhbkcliienpdicphhecpodcaeefg [2021-01-06]
Edge HKU\S-1-5-21-2081738662-375674699-890820183-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm]
Edge HKLM-x32\...\Edge\Extension: [mielbhbkcliienpdicphhecpodcaeefg]
FireFox:
========
FF DefaultProfile: x11q7e72.default-1575375523631
FF ProfilePath: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 [2021-02-04]
FF Homepage: Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 -> hxxps://www.google.com/
FF NewTab: Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 -> hxxps://myfiresearch.com/homepage?hp=1&bitmask=9996&pId=CH180901FF&iDate=2018-11-09 05:55:56&bName=
FF Session Restore: Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 -> ist aktiviert.
FF Notifications: Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631 -> hxxps://adshield.me; hxxps://studip.sw.eah-jena.de
FF Extension: (AdShield) - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\Extensions\{32d829ea-7c44-4510-b199-a212400315c5}.xpi [2020-01-01] [UpdateUrl:hxxps://cdn.adshield-cdn.co/xpi/adshield/data/1219/updates.json]
FF Extension: (Citavi Picker) - C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\Extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2021-01-05]
FF SearchPlugin: C:\Users\Katja\AppData\Roaming\Mozilla\Firefox\Profiles\x11q7e72.default-1575375523631\searchplugins\My Firefox Search.xml [2020-11-22]
FF Extension: (Citavi Picker) - C:\Program Files\Mozilla Firefox\distribution\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}.xpi [2020-10-27]
FF HKLM\...\Firefox\Extensions: [nickrr878@gmail.com] - C:\Program Files (x86)\Vondos\amadello-1.0.3-fx.xpi => nicht gefunden
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\FFExt\light_plugin_firefox\addon.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [nickrr878@gmail.com] - C:\Program Files (x86)\Vondos\amadello-1.0.3-fx.xpi => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\FFExt\light_plugin_firefox\addon.xpi => nicht gefunden
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-01-26] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.10 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.11 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-06-22] (Adobe Systems Incorporated -> Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2021-01-28] <==== ACHTUNG (Zeigt auf eine *.cfg Datei)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2021-01-28] <==== ACHTUNG
Chrome:
=======
CHR Profile: C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default [2020-12-06]
CHR HomePage: Default -> hxxp://www.google.com
CHR DefaultSearchURL: Default -> hxxps://de.search.yahoo.com/search?fr=mcafee&type=E210DE91212G0&p={searchTerms}
CHR DefaultSearchKeyword: Default -> McAfee
CHR DefaultSuggestURL: Default -> hxxps://de.search.yahoo.com/sugg/gossip/gossip-de-partner?output=fxjson&appid=mca&source=yahoo_mcafee_searchassist&command={searchTerms}
CHR Extension: (Docs) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-08]
CHR Extension: (Google Drive) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-06-08]
CHR Extension: (YouTube) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-06-08]
CHR Extension: (Tabellen) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-14]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2020-07-23]
CHR Extension: (Google Docs Offline) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-07-23]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-07-23]
CHR Extension: (Google Mail) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-21]
CHR Extension: (Chrome Media Router) - C:\Users\Katja\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-07-23]
CHR HKLM\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ahkjpbeeocnddjkakilopmfdlnjdpcdm] - hxxps://chrome.google.com/webstore/detail/kaspersky-protection/ahkjpbeeocnddjkakilopmfdlnjdpcdm
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn]
Opera:
=======
OPR Profile: C:\Users\Katja\AppData\Roaming\Opera Software\Opera Stable [2021-02-02]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.com/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-06-22] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AsBhcService; C:\Program Files (x86)\ASUS\ASUS Battery Health Charging\AsBhcSrv.exe [114360 2016-10-20] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 AVP21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\avp.exe [381928 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8854920 2021-01-10] (Microsoft Corporation -> Microsoft Corporation)
S2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [11963616 2020-05-09] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
S3 klvssbridge64_21.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.2\x64\vssbridge64.exe [467352 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 kpm_launch_service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 9.0.2\kpm_service.exe [351424 2021-01-18] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 KSDE5.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.2\ksde.exe [644264 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R2 MTrack8X4MAudioDevMon; C:\Program Files (x86)\M-Audio\M-Track 8X4M\AudioDevMon.exe [289880 2018-06-07] (INMUSIC BRANDS INC -> M-Audio)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] (CyberLink Corp. -> )
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [524512 2020-05-09] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\NisSrv.exe [3004048 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1909.6-0\MsMpEng.exe [103384 2019-10-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wpscloudsvr; C:\Program Files (x86)\Kingsoft\WPS Office\wpscloudsvr.exe [244392 2020-01-05] (Zhuhai Kingsoft Office Software Co., Ltd. -> Zhuhai Kingsoft Office Software Co.,Ltd)
S3 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare UniConverter (Desktop Deutsch)\Transfer\DriverInstall.exe [112560 2020-04-21] (Wondershare Technology Co.,Ltd -> Wondershare)
S3 DevActSvc; C:\Program Files (x86)\ASUS\ASUS Device Activation\DevActSvc.exe [X]
S4 mccspsvc; "C:\Program Files\Common Files\McAfee\CSP\2.9.126.0\\McCSPServiceHost.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AiCharger; C:\WINDOWS\system32\DRIVERS\AiCharger.sys [29312 2016-08-24] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R3 AsusTP; C:\WINDOWS\System32\drivers\AsusTP.sys [98784 2016-09-01] (ASUSTeK Computer Inc. -> ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [20096 2015-05-08] (Microsoft Windows Hardware Compatibility Publisher -> ASUSTek Computer Inc.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [251608 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 cpuz143; C:\WINDOWS\temp\cpuz143\cpuz143_x64.sys [48960 2021-01-27] (CPUID -> CPUID)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsRadioControl.sys [32680 2019-08-07] (ASUSTek Computer Inc. -> ASUS)
S3 iobit_monitor_server; C:\Program Files (x86)\IObit\Advanced SystemCare\drivers\Monitor_win10_x64.sys [24056 2017-07-19] (IObit Information Technology -> IObit)
R1 klbackupdisk; C:\WINDOWS\system32\DRIVERS\klbackupdisk.sys [110392 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [212280 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [127288 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [37496 2020-10-21] (Microsoft Windows Early Launch Anti-Malware Publisher -> AO Kaspersky Lab)
R1 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [523576 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klgse; C:\WINDOWS\System32\DRIVERS\klgse.sys [659768 2020-12-25] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\system32\DRIVERS\klhk.sys [1341232 2020-12-25] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP21.2\Bases\klids.sys [244784 2021-01-28] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1025336 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klim6; C:\WINDOWS\system32\DRIVERS\klim6.sys [95544 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [113464 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [113464 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [85288 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [97080 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [55592 2020-10-21] (AnchorFree Inc -> The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [257208 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [99152 2021-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [310232 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [116888 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [207352 2021-01-27] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [153400 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [250168 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [300856 2020-10-21] (Kaspersky Lab JSC -> AO Kaspersky Lab)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46688 2019-10-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [350136 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [54200 2019-10-02] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-04 20:43 - 2021-02-04 20:59 - 000000000 ____D C:\FRST
2021-02-01 09:13 - 2021-02-01 09:13 - 000003208 _____ C:\WINDOWS\system32\Tasks\AdwCleaner_onReboot
2021-02-01 09:11 - 2021-02-01 09:13 - 000000000 ____D C:\AdwCleaner
2021-01-28 20:57 - 2021-01-28 20:57 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-01-28 10:10 - 2021-02-01 09:13 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-01-28 07:57 - 2021-01-28 07:57 - 000001221 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoPad Foto-Editor.lnk
2021-01-28 07:57 - 2021-01-28 07:57 - 000001209 _____ C:\Users\Public\Desktop\PhotoPad Foto-Editor.lnk
2021-01-28 07:57 - 2021-01-28 07:57 - 000001209 _____ C:\ProgramData\Desktop\PhotoPad Foto-Editor.lnk
2021-01-28 07:57 - 2021-01-28 07:57 - 000000000 ____D C:\Users\Katja\NCH Software Produktpalette
2021-01-27 12:45 - 2021-01-27 12:45 - 000310232 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2021-01-27 12:45 - 2021-01-27 12:45 - 000001229 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk
2021-01-27 12:45 - 2021-01-27 12:45 - 000001229 _____ C:\ProgramData\Desktop\Kaspersky Password Manager.lnk
2021-01-27 12:45 - 2021-01-27 12:45 - 000000000 ____D C:\Users\Katja\AppData\Local\Kaspersky Lab
2021-01-27 12:44 - 2021-01-27 12:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager
2021-01-27 12:43 - 2021-01-27 12:43 - 000257208 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000207352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000116888 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000099152 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2021-01-27 12:43 - 2021-01-27 12:43 - 000001165 _____ C:\Users\Public\Desktop\Kaspersky VPN.lnk
2021-01-27 12:43 - 2021-01-27 12:43 - 000001165 _____ C:\ProgramData\Desktop\Kaspersky VPN.lnk
2021-01-27 12:43 - 2021-01-27 12:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN
2021-01-27 12:43 - 2021-01-27 12:43 - 000000000 ____D C:\Program Files\Common Files\AV
2021-01-27 12:42 - 2021-01-27 12:44 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2021-01-27 12:42 - 2021-01-27 12:44 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab
2021-01-27 12:42 - 2021-01-27 12:42 - 000002150 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk
2021-01-27 12:42 - 2021-01-27 12:42 - 000002150 _____ C:\ProgramData\Desktop\Kaspersky Anti-Virus.lnk
2021-01-27 12:42 - 2021-01-27 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus
2021-01-27 12:42 - 2020-10-21 23:12 - 000110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2021-01-27 12:42 - 2020-10-21 23:11 - 001025336 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2021-01-27 12:42 - 2020-10-21 23:11 - 000523576 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2021-01-26 17:40 - 2021-01-26 17:40 - 000002395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-01-13 16:58 - 2021-01-13 16:58 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2021-01-13 16:58 - 2021-01-13 16:58 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2021-01-13 16:58 - 2021-01-13 16:58 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2021-01-13 16:58 - 2021-01-13 16:58 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2021-01-13 16:58 - 2021-01-13 16:58 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\VBICodec.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VBICodec.ax
2021-01-13 16:58 - 2021-01-13 16:58 - 000094720 _____ C:\WINDOWS\system32\VirtualMonitorManager.dll
2021-01-13 16:58 - 2021-01-13 16:58 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2021-01-13 16:58 - 2021-01-13 16:58 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2021-01-13 16:58 - 2021-01-13 16:58 - 000067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2021-01-13 16:58 - 2021-01-13 16:58 - 000053248 _____ C:\WINDOWS\SysWOW64\BWContextHandler.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 001101312 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000696832 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2021-01-13 16:57 - 2021-01-13 16:57 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-01-13 16:57 - 2021-01-13 16:57 - 000331264 _____ C:\WINDOWS\SysWOW64\ssdm.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000208384 _____ C:\WINDOWS\SysWOW64\HeatCore.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2021-01-13 16:57 - 2021-01-13 16:57 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2021-01-13 16:57 - 2021-01-13 16:57 - 000067072 _____ C:\WINDOWS\system32\BWContextHandler.dll
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-01-13 16:57 - 2021-01-13 16:57 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-01-13 16:56 - 2021-01-13 16:56 - 002590720 _____ C:\WINDOWS\system32\dwmscene.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 001841152 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2021-01-13 16:56 - 2021-01-13 16:56 - 000540672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-01-13 16:56 - 2021-01-13 16:56 - 000266752 _____ C:\WINDOWS\system32\HeatCore.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2021-01-13 16:56 - 2021-01-13 16:56 - 000186368 _____ C:\WINDOWS\system32\BthpanContextHandler.dll
2021-01-13 16:56 - 2021-01-13 16:56 - 000164864 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-01-13 16:56 - 2021-01-13 16:56 - 000061440 _____ C:\WINDOWS\system32\rdsxvmaudio.dll
2021-01-13 16:55 - 2021-01-13 16:56 - 000453632 _____ C:\WINDOWS\system32\ssdm.dll
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-04 20:58 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-04 20:43 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-04 20:41 - 2019-09-16 17:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-04 19:52 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-04 19:52 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-04 19:51 - 2018-05-14 15:25 - 000002295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-04 19:51 - 2018-05-14 15:25 - 000002254 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-02-04 19:51 - 2018-05-14 15:25 - 000002254 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2021-02-04 19:50 - 2020-11-04 13:03 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2021-02-04 19:50 - 2020-04-08 08:24 - 000000000 ____D C:\Program Files\CCleaner
2021-02-04 19:50 - 2019-09-16 17:19 - 000003376 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2081738662-375674699-890820183-1001
2021-02-04 19:50 - 2019-09-16 17:12 - 000002381 _____ C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-04 19:50 - 2018-02-20 22:32 - 000000000 ___RD C:\Users\Katja\OneDrive
2021-02-02 12:51 - 2018-02-21 10:21 - 000000000 ____D C:\Users\Katja\AppData\LocalLow\Mozilla
2021-02-02 12:50 - 2020-04-28 11:44 - 000000000 ____D C:\Program Files (x86)\Steam
2021-02-02 12:48 - 2018-02-20 22:30 - 000000000 __SHD C:\Users\Katja\IntelGraphicsProfiles
2021-02-02 12:48 - 2017-07-20 17:25 - 000000000 ____D C:\ProgramData\NVIDIA
2021-02-01 09:18 - 2019-09-16 17:20 - 001725108 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-01 09:18 - 2019-03-19 13:16 - 000746614 _____ C:\WINDOWS\system32\perfh007.dat
2021-02-01 09:18 - 2019-03-19 13:16 - 000150886 _____ C:\WINDOWS\system32\perfc007.dat
2021-02-01 09:13 - 2019-09-16 17:19 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-01 09:13 - 2019-03-19 05:37 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\Users\Katja\AppData\Roaming\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\Users\Katja\AppData\Local\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\ProgramData\Lavasoft
2021-02-01 09:13 - 2018-11-09 18:55 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2021-02-01 09:13 - 2018-02-21 14:25 - 000000995 _____ C:\Users\Katja\Desktop\Firefox.lnk
2021-02-01 09:13 - 2018-02-21 13:44 - 000000000 ____D C:\Users\Katja\AppData\LocalLow\IObit
2021-02-01 09:13 - 2018-02-21 13:43 - 000000000 ____D C:\Users\Katja\AppData\Roaming\IObit
2021-02-01 09:13 - 2018-02-21 13:43 - 000000000 ____D C:\ProgramData\IObit
2021-02-01 09:13 - 2018-02-20 16:14 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-01 09:13 - 2018-02-20 16:14 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-01 09:13 - 2016-11-11 09:17 - 000000000 ____D C:\Program Files (x86)\ASUS
2021-02-01 09:10 - 2018-02-20 22:33 - 000000200 _____ C:\Users\Katja\AppData\Roaming\sp_data.sys
2021-01-31 15:55 - 2020-08-23 18:23 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-01-31 15:55 - 2020-08-23 18:23 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-01-31 15:55 - 2020-08-23 18:23 - 000002276 _____ C:\ProgramData\Desktop\Microsoft Edge.lnk
2021-01-28 07:57 - 2020-11-04 13:03 - 000000000 ____D C:\Users\Katja\AppData\Roaming\NCH Software
2021-01-28 07:57 - 2020-11-04 13:03 - 000000000 ____D C:\ProgramData\NCH Software
2021-01-28 07:57 - 2020-11-04 13:03 - 000000000 ____D C:\Program Files (x86)\NCH Software
2021-01-28 07:57 - 2019-09-16 17:12 - 000000000 ____D C:\Users\Katja
2021-01-28 07:53 - 2018-03-05 15:15 - 000000000 ____D C:\Users\Katja\AppData\Local\Packages
2021-01-27 12:53 - 2018-04-18 15:26 - 000000000 ____D C:\ProgramData\Updater
2021-01-27 12:42 - 2019-03-19 05:52 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-01-27 12:42 - 2019-03-19 05:37 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-01-27 12:37 - 2018-02-20 16:15 - 000000000 ____D C:\ProgramData\AVAST Software
2021-01-27 12:37 - 2016-11-11 09:17 - 000000742 _____ C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job
2021-01-27 12:37 - 2016-11-11 09:17 - 000000448 _____ C:\WINDOWS\Tasks\WpsExternal_20161111081738.job
2021-01-27 12:34 - 2018-04-23 10:23 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-26 17:40 - 2019-01-14 20:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-01-26 17:40 - 2018-03-23 10:43 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-01-26 17:40 - 2017-07-20 17:41 - 000000000 ____D C:\Program Files\Microsoft Office
2021-01-26 17:36 - 2018-02-21 13:44 - 000000000 ____D C:\ProgramData\ProductData
2021-01-26 12:54 - 2020-08-23 18:22 - 000003628 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-01-26 12:54 - 2020-08-23 18:22 - 000003404 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-01-26 12:54 - 2020-07-07 10:40 - 000003854 _____ C:\WINDOWS\system32\Tasks\Opera scheduled assistant Autoupdate 1594114845
2021-01-26 12:54 - 2020-07-07 10:40 - 000003622 _____ C:\WINDOWS\system32\Tasks\Opera scheduled Autoupdate 1594114837
2021-01-26 12:54 - 2020-04-08 08:25 - 000002988 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-01-26 12:54 - 2020-01-05 15:32 - 000002938 _____ C:\WINDOWS\system32\Tasks\WpsExternal_Katja_20200105153215
2021-01-26 12:54 - 2019-12-12 19:46 - 000002666 _____ C:\WINDOWS\system32\Tasks\WpsUpdateTask_Katja
2021-01-26 12:54 - 2019-10-06 14:52 - 000002612 _____ C:\WINDOWS\system32\Tasks\AdobeGCInvoker-1.0
2021-01-26 12:54 - 2019-09-16 17:19 - 000003558 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-01-26 12:54 - 2019-09-16 17:19 - 000003334 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-01-26 12:54 - 2019-09-16 17:19 - 000003266 _____ C:\WINDOWS\system32\Tasks\WpsKtpcntrQingTask_Administrator
2021-01-26 12:54 - 2019-09-16 17:19 - 000003118 _____ C:\WINDOWS\system32\Tasks\Intel PTT EK Recertification
2021-01-26 12:54 - 2019-09-16 17:19 - 000003024 _____ C:\WINDOWS\system32\Tasks\WpsExternal_20161111081738
2021-01-26 12:54 - 2019-09-16 17:19 - 000002968 _____ C:\WINDOWS\system32\Tasks\Update Checker
2021-01-26 12:54 - 2019-09-16 17:19 - 000002924 _____ C:\WINDOWS\system32\Tasks\ATK Package 36D18D69AFC3
2021-01-26 12:54 - 2019-09-16 17:19 - 000002798 _____ C:\WINDOWS\system32\Tasks\NvNotifier_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-26 12:54 - 2019-09-16 17:19 - 000002770 _____ C:\WINDOWS\system32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-72DG63D-Katja
2021-01-26 12:54 - 2019-09-16 17:19 - 000002562 _____ C:\WINDOWS\system32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2021-01-26 12:54 - 2019-09-16 17:19 - 000002346 _____ C:\WINDOWS\system32\Tasks\RtHDVBg_ListenToDevice
2021-01-26 12:54 - 2019-09-16 17:19 - 000002340 _____ C:\WINDOWS\system32\Tasks\ASUS USB Charger Plus
2021-01-26 12:54 - 2019-09-16 17:19 - 000002330 _____ C:\WINDOWS\system32\Tasks\ASUS Battery Health Charging Notification
2021-01-26 12:54 - 2019-09-16 17:19 - 000002280 _____ C:\WINDOWS\system32\Tasks\RTKCPL
2021-01-26 12:54 - 2019-09-16 17:19 - 000002214 _____ C:\WINDOWS\system32\Tasks\ATK Package A22126881260
2021-01-26 09:45 - 2018-06-26 14:08 - 000000000 ____D C:\Users\Katja\AppData\Local\AVAST Software
2021-01-21 20:53 - 2020-04-08 08:25 - 000002234 _____ C:\WINDOWS\system32\Tasks\CCleanerSkipUAC
2021-01-21 07:52 - 2020-07-07 10:40 - 000001407 _____ C:\Users\Katja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2021-01-16 18:40 - 2018-11-09 17:01 - 000000000 ____D C:\Users\Katja\AppData\Local\Bitwig Studio
2021-01-13 17:12 - 2019-09-16 17:09 - 000568528 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-01-13 17:12 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2021-01-13 17:12 - 2018-03-05 15:31 - 000000000 ___RD C:\Users\Katja\3D Objects
2021-01-13 17:12 - 2017-07-20 17:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2021-01-13 17:11 - 2019-03-19 13:18 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2021-01-13 17:11 - 2019-03-19 13:18 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\UNP
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\F12
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\PerceptionSimulation
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\setup
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Com
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\Provisioning
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\IME
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-01-13 17:11 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Windows Defender
2021-01-13 17:05 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-01-13 17:04 - 2018-02-22 12:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-01-13 17:01 - 2018-02-22 12:39 - 135062968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-01-13 16:55 - 2019-09-16 17:10 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-01-12 08:58 - 2019-09-16 17:12 - 000000000 ____D C:\Users\defaultuser0
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2002-09-11 13:33 - 2001-12-08 18:58 - 000133200 _____ (Europress Software) C:\Users\Katja\cncs.dll
2002-09-11 13:33 - 2001-12-08 18:58 - 000280064 _____ () C:\Users\Katja\cncs232.dll
2002-09-11 13:33 - 2001-12-08 18:58 - 000172032 _____ (Europress Software) C:\Users\Katja\cncs32.dll
2020-05-09 09:27 - 2020-05-09 09:36 - 000037998 _____ () C:\Users\Katja\Uninstal.exe
2018-11-09 17:48 - 2018-11-09 17:48 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P10804_GK Amplification 2 LE_log.inTone2Log
2018-11-10 09:48 - 2018-11-10 09:48 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P13568_ampLion Free_log.inTone2Log
2018-11-10 09:45 - 2018-11-10 09:45 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P14776_GK Amplification 2 LE_log.inTone2Log
2018-11-10 15:20 - 2018-11-10 15:20 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P15472_GK Amplification 2 LE_log.inTone2Log
2020-11-05 16:01 - 2020-11-05 16:01 - 000003820 _____ () C:\Users\Katja\AppData\Roaming\P15960_ampLion Free_log.inTone2Log
2019-01-17 16:09 - 2019-01-17 16:09 - 000003631 _____ () C:\Users\Katja\AppData\Roaming\P16284_GK Amplification 2 LE_log.inTone2Log
2018-11-09 19:16 - 2018-11-09 19:16 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P16504_GK Amplification 2 LE_log.inTone2Log
2018-11-10 10:01 - 2018-11-10 10:01 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P16824_GK Amplification 2 LE_log.inTone2Log
2018-11-10 13:21 - 2018-11-10 13:21 - 000003620 _____ () C:\Users\Katja\AppData\Roaming\P17308_GK Amplification 2 LE_log.inTone2Log
2018-11-10 10:01 - 2018-11-10 10:01 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P17920_ampLion Free_log.inTone2Log
2018-11-10 15:20 - 2018-11-10 15:20 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P19080_ampLion Free_log.inTone2Log
2018-11-10 13:20 - 2018-11-10 13:20 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P3408_ampLion Free_log.inTone2Log
2018-11-09 17:35 - 2018-11-09 17:35 - 000003568 _____ () C:\Users\Katja\AppData\Roaming\P3784_ampLion Free_log.inTone2Log
2018-11-09 16:42 - 2018-11-09 16:42 - 000003755 _____ () C:\Users\Katja\AppData\Roaming\P4268_GK Amplification 2 LE_log.inTone2Log
2018-11-09 16:45 - 2018-11-09 16:45 - 000003616 _____ () C:\Users\Katja\AppData\Roaming\P4708_ampLion Free_log.inTone2Log
2018-11-09 17:23 - 2018-11-09 17:23 - 000030467 _____ () C:\Users\Katja\AppData\Roaming\P7612_inTone2 ESI Edition_log.inTone2Log
2018-11-09 17:35 - 2018-11-09 17:35 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P7732_GK Amplification 2 LE_log.inTone2Log
2018-11-09 19:10 - 2018-11-09 19:10 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P7752_GK Amplification 2 LE_log.inTone2Log
2018-11-09 19:47 - 2018-11-09 19:47 - 000003707 _____ () C:\Users\Katja\AppData\Roaming\P9936_GK Amplification 2 LE_log.inTone2Log
2018-02-20 22:33 - 2021-02-01 09:10 - 000000200 _____ () C:\Users\Katja\AppData\Roaming\sp_data.sys
2018-10-02 11:46 - 2018-10-02 11:46 - 000000000 _____ () C:\Users\Katja\AppData\Local\oobelibMkey.log
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Die 2. Datei im nächsten Beitrag, da für diesen schon zu groß. Geändert von FSP (04.02.2021 um 22:26 Uhr) |
| Themen zu Gootkit lt. Telekom, wonach muss ich in den LogFiles suchen |
| .dll, administrator, adobe, avast, cid, computer, cs3, defender, firefox, frage, google, home, homepage, kaspersky, mozilla, nvidia, prozesse, realtek, registry, scan, server, software, temp, webadvisor, windows, zugriff verweigert |
Baum-Darstellung