| |
| |||||||
Log-Analyse und Auswertung: Windows 10: Trojaner Tnega!MSR kommt immer wieder - Teil IWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.02.2021, 21:48
| #1 |
| |  Windows 10: Trojaner Tnega!MSR kommt immer wieder - Teil I Hallo, schön, dass es euch gibt. Ich bin mir sicher, ihr könnt mir helfen. Seit einigen Tagen findet bei mir Windows Sicherheit bei jedem Start des PCs folgenden Trojaner: TrojanDropper:Win64/Tnega!MSR Windows Sicherheit hat gemeldet, dass die Bedrohung blockiert wurde und ich habe jedes Mal auf "Aktionen" "entfernen" geklickt. Trotzdem kommt der Trojaner immer wieder. Bisher habe ich nur den Windows Defender genutzt. Logfile FRST: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 17-02-2021 01
durchgeführt von Odfried (Administrator) auf GARFIELD (ASUS All Series) (18-02-2021 21:20:17)
Gestartet von C:\Users\Odfried\Downloads
Geladene Profile: Odfried
Platform: Windows 10 Pro Version 1909 18363.1379 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Idera, Inc. -> Embarcadero Technologies, Inc.) C:\Users\Odfried\AppData\Roaming\Odfried.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <24>
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2101.9-0\NisSrv.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <2>
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [snpstd3] => C:\WINDOWS\vsnpstd3.exe [835584 2007-05-10] (SONIX TECHNOLOGY CO. , LTD -> )
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7636696 2014-09-02] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM-x32\...\Run: [tsnpstd3] => C:\Windows\tsnpstd3.exe [270336 2007-04-21] () [Datei ist nicht signiert]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [PC Suite for Smartphones] => C:\Program Files (x86)\Sony Ericsson\Mobile4\Application Launcher\Application Launcher.exe [548864 2007-12-25] () [Datei ist nicht signiert]
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl) [Datei ist nicht signiert]
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [P17RunE] => C:\Windows\SysWOW64\P17RunE.dll [14848 2008-03-28] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646160 2019-12-11] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [OpenVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [643200 2017-09-26] (OpenVPN Technologies, Inc. -> )
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [Dropbox Update] => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [Opera Browser Assistant] => C:\Users\Odfried\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3154456 2020-11-25] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\Odfried\AppData\Local\WebEx\ciscowebexstart.exe [2499272 2021-02-05] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32440376 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\RunOnce: [Odfried] => powershell -Win Hi -Command "$r = [Environment]::GetEnvironmentVariable('Odfried', 'User').split();$p=$r[0];$r[0]='';Start-Process $p -ArgumentList ($r -join ' ') -Win Hi" <==== ACHTUNG
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\MountPoints2: {05c6e8b7-6ae7-11e7-8ff3-f07959620f10} - "H:\ting.exe"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\...\MountPoints2: {3d6c9de4-5921-11e3-88e0-00219b0a9324} - "D:\ting.exe"
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [38400 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2726028846-1901948702-833121358-1001\Environment: [Odfried] "powershell.exe" -windowstyle hidden -En "PAAjACAAdgBuAHYAZwBnAHcAaAB6AHQAIAAjAD4AJAB1AD0AJABlAG4AdgA6AFUAcwBlAHIATgBhAG0AZQA7AGYAbwByACAAKAAkAGkAPQAwADsAJABpACAALQBsAGUAIAAxADMAMAAwADs (Der Dateneintrag hat 1261 mehr Zeichen). <==== ACHTUNG
RegKey: [HKU\S-1-5-21-2726028846-1901948702-833121358-1001\Software\Odfried] <==== ACHTUNG
RegKey: [HKU\S-1-5-21-2726028846-1901948702-833121358-1001\Software\Odfried1] <==== ACHTUNG
HKLM\...\Windows x64\Print Processors\Canon MG6100 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAG.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\hpzpplhn: C:\Windows\System32\spool\prtprocs\x64\hpzpplhn.dll [100352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG6100 series: C:\Windows\system32\CNMLMAG.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\PCL hpz3llhn: C:\Windows\system32\hpz3llhn.dll [36352 2007-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\...\Print\Monitors\PCL hpz3lw71: C:\Windows\system32\hpz3lw71.dll [46080 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\88.0.4324.182\Installer\chrmstp.exe [2021-02-18] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WISO Mein Steuer-Sparbuch heute.lnk [2015-08-10]
ShortcutTarget: WISO Mein Steuer-Sparbuch heute.lnk -> C:\Program Files (x86)\WISO\Steuersoftware 2014\mshaktuell.exe (Buhl Data Service GmbH -> )
Startup: C:\Users\Odfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2021-02-05]
ShortcutTarget: Dropbox.lnk -> C:\Users\Odfried\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {02F16EF5-DA89-4C74-9F91-B445DA3E783A} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
Task: {05FCEBC4-A202-409F-9F5C-66793028EB4F} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {0FA8CCB1-19BA-49E6-9775-501FA81B9ECE} - System32\Tasks\Opera scheduled Autoupdate 1554660614 => C:\Users\Odfried\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software)
Task: {11AF8D37-58C4-4EA5-8443-7FE8BC43950E} - System32\Tasks\Microsoft\Windows\End Of Support\Notify2 => C:\WINDOWS\system32\sipnotify.exe
Task: {12D27C9A-BE70-4026-A661-DE7D774D1FDA} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {16DF50F4-806C-4034-BF5B-C8D083C373A4} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {18789C37-5759-4B90-8E98-84C109E73459} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {22DD9189-E11D-4663-B309-C3245CCD7825} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {237AC49C-DA6C-4E70-ACC5-7B68320C8B28} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4f47-879B-29A80C355D61}
Task: {243A36D8-C397-4D18-A651-33C5D4D58FA0} - System32\Tasks\Opera scheduled assistant Autoupdate 1556059648 => C:\Users\Odfried\AppData\Local\Programs\Opera\launcher.exe [1776280 2021-01-14] (Opera Software AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Odfried\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {24635473-8EB8-411A-9325-9E7FE2779A9C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1557200 2021-01-25] (Adobe Inc. -> Adobe Inc.)
Task: {24D34A48-3892-4B8E-9743-985D9C68924A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {27AA67FB-FE5D-4637-9E55-257F55BA18E0} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [1487568 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {2F6D73C1-E4F7-4341-A6AE-7F85E3CEAA8E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {36D1B2E5-EA06-40E8-A631-D8EE48A1CF7A} - System32\Tasks\{E40A1890-E2CC-4608-9D46-3AC5F98A605B} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {3D56BF8A-244B-4C77-93C9-B7B17DDF893F} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {3FDA2CC5-528C-49CC-94A5-F3AB1EA036AC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4081750C-925B-4545-95C4-2F857C231373} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {45EB8795-8535-422F-82AB-C36BCBFDFE1D} - \Microsoft\Windows\Setup\EOSNotify -> Keine Datei <==== ACHTUNG
Task: {465EB530-CC48-4D84-8129-4B220AEE6711} - System32\Tasks\{A60F6C2A-9D6F-46CF-97DC-5C4FE0E4B1A2} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {46E22D31-6554-488D-852F-CB1A361C50D8} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2118352 2014-03-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {47595455-0496-41A1-9B92-84F6EC0F9F2B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47c2-B62A-B7C4CED925CB}
Task: {4B3C1AC7-62C5-46D0-8C1D-1EA96F241576} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {4CA78609-8915-4631-9236-CF4F0780F9F4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [142216 2021-02-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {4DAEA773-B9BE-428A-BE0F-05EA40B43037} - System32\Tasks\{1E1E9B51-1923-4F42-A29D-1A4772FE7542} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {511BDB6F-D447-4C31-B23A-372D09CC879A} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {5189F503-B5C4-4310-9357-E43F857F6A34} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {565B10CF-9FF9-43BD-8A7A-EC8E09511D72} - System32\Tasks\{EBF172FD-0BAA-42AF-88F2-9166E166AEB1} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5D22340B-4E4A-49E8-BB83-77823B58C717} - System32\Tasks\{76BEFD47-23C8-47B7-A1D9-0FD4EFE7201F} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {633B1526-1E3E-4431-9616-706DE6876574} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {657EC7F2-E145-402E-8DB4-8A64795B840B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-18] (Google Inc -> Google Inc.)
Task: {770D324A-DA2F-4F90-A3CB-9251B223B511} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {78D52AA8-0E3A-4B19-A6C2-CDC8C73AB176} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {83B1D6D6-CE7B-4C8D-B420-C3DA25B9B446} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001UA1d5d6e686e592d1 => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {844AD169-9956-4A09-B7AF-B23BF411E026} - System32\Tasks\Digital Sites => C:\Users\Odfried\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ACHTUNG
Task: {85D6AEEC-BD54-40B7-86EF-5F8E0C3830D5} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDfE067B1}
Task: {88584F67-F850-4681-96FF-4B3DF5E1D43E} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {8AA5ADBC-1412-423F-91E3-3077D3DC2E34} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [1134752 2014-03-25] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.) [Datei ist nicht signiert]
Task: {8CD52123-AF76-4018-959A-D57CF46FB158} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8F9D11D4-DB81-437E-B865-31E8BBB979EF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {918D1FBD-F26A-42F8-866F-21154646E19C} - System32\Tasks\{F4AC3217-7AA7-4DF2-866F-F6AA758A2B1B} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.59.124/de/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {97B4B1AA-14F5-4F6F-AE2C-221D976C6FEC} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [677344 2021-02-08] (Mozilla Corporation -> Mozilla Foundation)
Task: {98997B55-CBCC-4230-ABF1-70A0B7F84F55} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [686384 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {A3FE64E2-40E8-4A99-B576-DC5C0632588E} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {A7F7D24E-64CB-485F-A927-936D664F4CBA} - System32\Tasks\{6AB72824-5BE2-4ED1-9D81-4BC62E506490} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {A9D85489-5A0A-4A6D-8B96-4A55E1635F82} - System32\Tasks\{662BE1F1-2EB0-49D4-B3DC-E8B861B34561} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {AEDBFB8E-8D04-4C15-9218-BBF3A4D61D7F} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {B0AE2568-3D92-40AE-9FF2-3AC43CCA8226} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22993800 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40b4-8963-D3C761B18371}
Task: {B1E811CC-575A-4452-9C20-F8BB40FF56EC} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B218DDBC-F035-472C-A46D-8DC8CE24B112} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MpCmdRun.exe [562240 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B2B53B78-00E4-468D-B90A-6D184568B2B0} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B2BC6668-1903-48DC-A818-E6D2D1CDC918} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {B3B7B085-3ABB-4131-9CA8-DDF7B9602E79} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {B52E1054-CBAA-4186-8030-7241D19D8246} - \Microsoft\Windows\Setup\EOSNotify2 -> Keine Datei <==== ACHTUNG
Task: {B60D549B-FD6B-454A-BEFE-6929A10CBD90} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [26913848 2021-01-06] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {BA566C26-280D-4AE6-BA13-4DDB8CB0EEFB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD701784-6CBB-4B62-9C91-140066EEB9F7} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BFDDF7E0-7363-4D50-8806-4E633D8E5BA3} - System32\Tasks\{B1B76516-D9B3-468D-A754-2E1B55C3989E} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {CA09EA7E-DCA4-4766-8C24-A33A9304AC3F} - System32\Tasks\{755E9608-94CD-4E91-B7DE-29DCEC3FA01D} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {D04CFDF6-EFA9-4A44-992E-E1BB36E508E1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D48B5812-B46E-4069-B2B7-2EBF5B632B26} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2211024 2014-03-19] (Microsoft Corporation -> Microsoft)
Task: {D7EE41C8-9231-41C5-9A9D-86CBCD8F34F4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {DA7FD33A-A65A-4D7F-B775-F66E56B8BABD} - System32\Tasks\{9AE08988-8A99-4777-80FD-FB009CD6424A} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {DAA9A05C-5C19-402D-962B-A93139CCD392} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001Core1d5d6e686de6c49 => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc -> Dropbox, Inc.)
Task: {DB8AA674-A0AD-451E-94C0-A18A841A397B} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {DCEB16B9-FC07-4BFE-B66F-158EA7708F1C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {E4899B01-B0F4-4695-BCEA-F9B8C655C5BE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {E5D8AD48-FFE4-4970-B39A-02CF85D1281B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {E89DC814-B895-4D44-9915-14567BF9DC21} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2017-08-18] (Google Inc -> Google Inc.)
Task: {EB1F8FC0-D572-40DD-BF85-47EA8D1B9C40} - System32\Tasks\{A1ECF503-D185-4A59-BC6C-B2C1AD3F6C18} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {ECD8C33D-8C4C-4A76-AB31-809F1AFC5995} - System32\Tasks\{8D406AE9-20B6-410C-826C-6FFA1E851313} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.124/de/go/help.faq.installer?LastError=1603
Task: {ED19018D-65D5-49A5-86DD-F27C47FF5B97} - System32\Tasks\{202118AC-06CA-4AA7-8A0C-2DEF6AB0437E} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/5.5.0.119/de/go/help.faq.installer?LastError=1603
Task: {EE7762D2-A6F1-4B6E-BF19-71419769D68C} - System32\Tasks\Microsoft\Windows\End Of Support\Notify1 => C:\WINDOWS\system32\sipnotify.exe
Task: {F00B6CD5-62A6-4012-A3A5-E1264B85C382} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F044645E-4034-41C9-A2CB-389B653EEEA2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5199792 2021-02-11] (Microsoft Corporation -> Microsoft Corporation)
Task: {F1A53E80-3616-4324-BFDE-199889475F5E} - System32\Tasks\{94182C64-7217-48F2-9968-DCC433EC4249} => C:\Windows\system32\pcalua.exe -a "D:\Documents\!Gym\!01 zu sortieren\!NEU - CD Kopien vom IGV\Klett\Mediothek\Menschenkunde III\SETUP.EXE" -d "D:\Documents\!Gym\!01 zu sortieren\!NEU - CD Kopien vom IGV\Klett\Mediothek\Menschenkunde III"
Task: {F7BB771D-81D7-4997-8FAD-B6643946B176} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Digital Sites.job => C:\Users\Odfried\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ACHTUNG
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001Core1d5d6e686de6c49.job => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001UA1d5d6e686e592d1.job => C:\Users\Odfried\AppData\Local\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6680B1A0-F27B-4FB0-B8A7-2007C656A238}: [DhcpNameServer] 10.16.1.1 10.16.1.1
Tcpip\..\Interfaces\{94625661-2794-475A-BC2F-F61267FD981A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{992E0AA0-DDED-47C6-A988-6D4E10461D3A}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{A3B9A9AD-A5F1-4192-88EA-91FE1B634007}: [DhcpNameServer] 192.168.2.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Odfried\AppData\Local\Microsoft\Edge\User Data\Default [2021-02-18]
Edge Notifications: Default -> hxxps://teams.microsoft.com
Edge Extension: (Cisco Webex Extension) - C:\Users\Odfried\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cmihkeafcknlomclapaddfljaeegfbdl [2020-12-21]
Edge Extension: (Tab Group) - C:\Users\Odfried\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gjgjkhbmehogehkdnoooeihkipifimme [2020-08-29]
Edge HKLM-x32\...\Edge\Extension: [cmihkeafcknlomclapaddfljaeegfbdl]
FireFox:
========
FF DefaultProfile: j4ybr3md.default-1367272240666-1613676244687
FF ProfilePath: C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\j4ybr3md.default-1367272240666-1613676244687 [2021-02-18]
FF Extension: (Cisco Webex Extension) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\j4ybr3md.default-1367272240666-1613676244687\Extensions\ciscowebexstart1@cisco.com.xpi [2021-02-18]
FF Extension: (Reset Search Defaults) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\j4ybr3md.default-1367272240666-1613676244687\features\{e38ca9f2-84e6-4d43-ad62-e4c1b7512267}\reset-search-defaults@mozilla.com.xpi [2021-02-18]
FF ProfilePath: C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906 [2021-02-14]
FF user.js: detected! => C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\user.js [2013-11-20]
FF Homepage: Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906 -> hxxps://www.google.com/calendar/render?tab=wc
FF NewTab: Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906 -> hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=GB&userid=b747fc85-80a9-4ede-8369-c52165bfcf75&searchtype=nt&fr=linkury-tb&installDate={installDate}&type=hp1000
FF Session Restore: Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906 -> ist aktiviert.
FF Extension: (FabTabs) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\Extensions\fabtab@captaincaveman.nl.xpi [2013-03-14] [] [ist nicht signiert]
FF Extension: (Search and New Tab by Yahoo) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2017-05-16] []
FF Extension: (Download Statusbar) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2013-05-07] [] [ist nicht signiert]
FF Extension: (Tab Mix Plus) - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\5vxs6zl8.default-1367272190906\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-04-20] [] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Odfried\AppData\Roaming\Mozilla\Firefox\Profiles\nn0tegko.default-1367272240666\extensions\sweetsearch@gmail.com => nicht gefunden
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.) [Datei ist nicht signiert]
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\dtplugin\npDeployJava1.dll [2020-02-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.241.2 -> C:\Program Files (x86)\Java\jre1.8.0_241\bin\plugin2\npjp2.dll [2020-02-09] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-02-02] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.12 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin-x32: @webex.com/npatgpc -> C:\Program Files (x86)\Webex\npatgpc.dll [2020-12-11] (Cisco WebEx LLC -> Cisco WebEx LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2021-02-15] (Adobe Inc. -> Adobe Systems Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default [2021-02-18]
CHR Session Restore: Default -> ist aktiviert.
CHR Extension: (Google Drive) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (YouTube) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-09]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Google Mail) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-27]
CHR Extension: (Chrome Media Router) - C:\Users\Odfried\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-02-05]
CHR HKU\S-1-5-21-2726028846-1901948702-833121358-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [jlhmfgmfgeifomenelglieieghnjghma]
Opera:
=======
OPR Profile: C:\Users\Odfried\AppData\Roaming\Opera Software\Opera Stable [2021-02-14]
OPR DefaultSuggestURL: Opera Stable -> hxxps://www.google.de/complete/search?client=opera&q={searchTerms}&ie={inputEncoding}&oe={outputEncoding}
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169672 2021-01-25] (Adobe Inc. -> Adobe Inc.)
S4 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] (ASUSTeK Computer Inc. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8905608 2021-02-03] (Microsoft Corporation -> Microsoft Corporation)
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-09-14] (Creative Labs) [Datei ist nicht signiert]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [Datei ist nicht signiert]
S4 hasplms; C:\Windows\system32\hasplms.exe [3500552 2018-07-18] (SafeNet Canada, Inc. -> SafeNet, Inc.)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [Datei ist nicht signiert]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [Datei ist nicht signiert]
S4 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [15872 2016-11-25] () [Datei ist nicht signiert]
S4 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73856 2017-09-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S4 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [73856 2017-09-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S4 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek) [Datei ist nicht signiert]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [6264144 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155520 2015-06-10] (Sony Mobile Communications AB -> Avanquest Software) [Datei ist nicht signiert]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\NisSrv.exe [2462960 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WebexService; C:\Program Files (x86)\Webex\Webex\Applications\WebExService.exe [146240 2020-12-11] (Cisco WebEx LLC -> Cisco WebEx LLC)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2101.9-0\MsMpEng.exe [128376 2021-02-12] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] (ASUSTeK Computer Inc. -> )
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [1971208 2018-07-18] (SafeNet Canada, Inc. -> SafeNet, Inc.)
R3 P17; C:\WINDOWS\system32\drivers\P17.sys [1309696 2009-10-16] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Ltd.)
R3 seehcri; C:\WINDOWS\System32\drivers\seehcri.sys [34032 2008-01-09] (Sony Ericsson Mobile Communications AB -> Sony Ericsson Mobile Communications)
S3 SNPSTD3; C:\WINDOWS\system32\DRIVERS\snpstd3.sys [10693120 2007-10-16] (SONIX TECHNOLOGY CO. , LTD -> Sonix Co. Ltd.)
S3 SNPSTD3; C:\Windows\SysWOW64\DRIVERS\snpstd3.sys [10376576 2007-10-16] (SONIX TECHNOLOGY CO. , LTD -> Sonix Co. Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R1 Uim_DEVIM; C:\WINDOWS\System32\DRIVERS\uim_devim.sys [25992 2014-05-19] (Paragon Software GmbH -> )
R1 Uim_IM; C:\WINDOWS\System32\DRIVERS\uim_im.sys [700296 2014-05-19] (Paragon Software GmbH -> )
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [50176 2019-03-19] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49552 2021-02-12] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [419040 2021-02-12] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [71912 2021-02-12] (Microsoft Windows -> Microsoft Corporation)
R3 zebrceb; C:\WINDOWS\System32\drivers\zebrceb.sys [81280 2008-01-15] (MCCI Corporation -> MCCI)
S3 ALSysIO; \??\C:\Users\Odfried\AppData\Local\Temp\ALSysIO64.sys [X] <==== ACHTUNG
U3 idsvc; kein ImagePath
S2 MBAMChameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-18 21:20 - 2021-02-18 21:20 - 000040065 _____ C:\Users\Odfried\Downloads\FRST.txt
2021-02-18 21:19 - 2021-02-18 21:20 - 000000000 ____D C:\FRST
2021-02-18 21:18 - 2021-02-18 21:19 - 002298368 _____ (Farbar) C:\Users\Odfried\Downloads\FRST64.exe
2021-02-18 20:35 - 2021-02-18 20:35 - 000001225 _____ C:\ProgramData\Desktop\Firefox.lnk
2021-02-18 20:35 - 2021-02-18 20:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2021-02-18 20:34 - 2021-02-18 20:34 - 000333112 _____ (Mozilla) C:\Users\Odfried\Downloads\Firefox Installer.exe
2021-02-18 20:24 - 2021-02-18 20:24 - 000000000 ____D C:\Users\Odfried\Desktop\Alte Firefox-Daten
2021-02-18 19:13 - 2021-02-18 19:13 - 000002271 _____ C:\Users\Odfried\Desktop\nacl_synthese_anim - Verknüpfung.lnk
2021-02-18 19:13 - 2021-02-18 19:13 - 000002143 _____ C:\Users\Odfried\Desktop\VIDEO - NaCl Synthese - Verknüpfung.lnk
2021-02-18 19:12 - 2021-02-18 19:12 - 000000000 ____D C:\Users\Odfried\Desktop\Mo 22.02
2021-02-18 15:24 - 2021-02-18 15:24 - 000059910 _____ C:\Users\Odfried\Downloads\klassenliste.pdf
2021-02-17 15:33 - 2021-02-17 15:33 - 000129490 _____ C:\Users\Odfried\Downloads\Ausschreibung_Mitarbeiter_im_Direktorat_-_Gymnasien_Alle_staatlichen_Gymnasien_und_staatlichen_Fach-_und_Berufsoberschulen_(per_OWA).pdf
2021-02-17 15:32 - 2021-02-17 15:32 - 000133157 _____ C:\Users\Odfried\Downloads\Ausschreibung_Ständige_Stellvertretung_im_Bereich_der_Gymnasien_Alle_staatlichen_Gymnasien_und_staatlichen_Fach-_und_Berufsoberschulen_(per_OWA).pdf
2021-02-14 17:42 - 2021-02-14 17:42 - 001369279 _____ C:\Users\Odfried\Downloads\stromleitung.zip
2021-02-14 17:42 - 2021-02-14 17:42 - 000000000 ____D C:\Users\Odfried\Downloads\stromleitung
2021-02-14 17:31 - 2021-02-14 17:42 - 000000000 ____D C:\Users\Odfried\Downloads\redox
2021-02-14 17:31 - 2021-02-14 17:31 - 001275659 _____ C:\Users\Odfried\Downloads\redox.zip
2021-02-14 17:28 - 2021-02-14 17:30 - 000000000 ____D C:\Users\Odfried\Downloads\oberflaeche
2021-02-14 17:28 - 2021-02-14 17:28 - 002671735 _____ C:\Users\Odfried\Downloads\oberflaeche.zip
2021-02-14 16:11 - 2021-02-14 16:11 - 000294912 _____ C:\Users\Odfried\Downloads\WVZ 2021.xls
2021-02-14 12:17 - 2021-02-14 12:17 - 030584912 _____ (Piriform Software Ltd) C:\Users\Odfried\Downloads\ccsetup576.exe
2021-02-14 11:02 - 2021-02-18 20:55 - 131858432 _____ C:\WINDOWS\system32\config\SOFTWARE
2021-02-12 10:05 - 2021-02-12 10:05 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2021-02-12 10:05 - 2021-02-12 10:05 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2021-02-12 10:05 - 2021-02-12 10:05 - 000232752 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth9.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth8.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth7.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth6.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth5.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth4.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth3.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth2.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth18.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth17.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth16.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth15.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth12.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth11.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth10.bin
2021-02-12 10:05 - 2021-02-12 10:05 - 000000315 _____ C:\WINDOWS\system32\DrtmAuth1.bin
2021-02-12 08:17 - 2021-02-12 08:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2021-02-10 21:34 - 2021-02-14 11:02 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2021-02-10 09:18 - 2021-02-10 09:18 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\Odfried\AppData\Roaming\Odfried.exe
2021-02-10 09:15 - 2021-02-10 09:15 - 000001885 _____ C:\Users\Odfried\Downloads\hp_scan_software_download_kostenlos.zip
2021-02-05 10:24 - 2021-02-05 10:24 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2021-01-31 19:04 - 2021-01-31 19:04 - 000114117 _____ C:\Users\Odfried\Downloads\Pinguin_Vorlage.pdf
2021-01-31 19:01 - 2021-01-31 19:01 - 000455871 _____ C:\Users\Odfried\Downloads\ios_U8aM06FJfh8H3K3O.pdf
2021-01-31 19:01 - 2021-01-31 19:01 - 000189665 _____ C:\Users\Odfried\Downloads\fetch (3).pdf
2021-01-31 19:00 - 2021-01-31 19:00 - 000136722 _____ C:\Users\Odfried\Downloads\kindergedichte_morgenstern_diedreispatzen.pdf
2021-01-31 18:58 - 2021-01-31 18:58 - 000212367 _____ C:\Users\Odfried\Downloads\fetch (2).pdf
2021-01-31 18:58 - 2021-01-31 18:58 - 000059212 _____ C:\Users\Odfried\Downloads\ios_ZCH7mlpZ2PQdRYgB.pdf
2021-01-31 18:55 - 2021-01-31 18:55 - 000258529 _____ C:\Users\Odfried\Downloads\fetch (1).pdf
2021-01-31 18:54 - 2021-01-31 18:54 - 000273197 _____ C:\Users\Odfried\Downloads\Unbestimmter_Artikel.pdf
2021-01-31 18:52 - 2021-01-31 18:52 - 000097018 _____ C:\Users\Odfried\Downloads\fetch.pdf
2021-01-31 18:51 - 2021-01-31 18:51 - 000396875 _____ C:\Users\Odfried\Downloads\BESTIMMTER_ARTIKEL.pdf
2021-01-31 18:48 - 2021-01-31 18:48 - 003193217 _____ C:\Users\Odfried\Downloads\Fitnessplan1.pdf
2021-01-31 14:55 - 2021-01-31 14:55 - 000001114 _____ C:\Users\Odfried\Desktop\Paint.lnk
2021-01-31 14:52 - 2021-01-31 14:53 - 000000000 ____D C:\Users\Odfried\AppData\Local\paint.net
2021-01-31 14:52 - 2021-01-31 14:52 - 012712515 _____ C:\Users\Odfried\Downloads\paint.net.4.2.15.install.zip
2021-01-31 14:52 - 2021-01-31 14:52 - 000001169 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2021-01-31 14:52 - 2021-01-31 14:52 - 000001157 _____ C:\ProgramData\Desktop\paint.net.lnk
2021-01-31 14:52 - 2021-01-31 14:52 - 000000000 ____D C:\Program Files\paint.net
2021-01-27 19:52 - 2021-01-27 19:52 - 000083288 _____ (Zoom Video Communications, Inc.) C:\Users\Odfried\Downloads\Zoom_cm_fo42anktZ9vvrZo4_msdjsfll6lM3t7XjJbsV8mPRVMf9T7JxZJZ3J@lF8vKQNYov0iPiAK_kb61b781a5a9e0565_.exe
2021-01-24 19:33 - 2021-01-24 19:34 - 000012534 _____ C:\Users\Odfried\Downloads\Padlet - 2c Padlet 2501.xlsx
2021-01-23 12:26 - 2021-01-23 12:26 - 000218106 _____ C:\Users\Odfried\Downloads\LW2.pdf
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-02-18 21:20 - 2019-03-19 05:52 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-02-18 21:01 - 2019-12-30 15:08 - 001932080 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-02-18 21:01 - 2019-03-19 13:16 - 000821584 _____ C:\WINDOWS\system32\perfh007.dat
2021-02-18 21:01 - 2019-03-19 13:16 - 000183320 _____ C:\WINDOWS\system32\perfc007.dat
2021-02-18 21:01 - 2019-03-19 05:50 - 000000000 ____D C:\WINDOWS\INF
2021-02-18 20:57 - 2013-04-29 21:57 - 000000000 ____D C:\Program Files\CCleaner
2021-02-18 20:56 - 2016-11-19 13:52 - 000000000 ____D C:\Users\Odfried\AppData\LocalLow\Mozilla
2021-02-18 20:56 - 2012-04-25 12:30 - 000000000 ____D C:\ProgramData\Mozilla
2021-02-18 20:55 - 2019-12-30 15:10 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-02-18 20:55 - 2019-03-19 05:37 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-02-18 20:55 - 2013-04-29 22:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-18 20:48 - 2017-12-09 22:57 - 000002302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-02-18 20:35 - 2020-04-16 07:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2021-02-18 20:35 - 2013-04-29 22:32 - 000001237 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-18 20:29 - 2020-05-18 09:46 - 000000000 ____D C:\Users\Odfried\AppData\Local\CrashDumps
2021-02-18 19:59 - 2019-12-30 15:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-02-18 19:26 - 2011-10-10 21:25 - 000000000 ____D C:\ProgramData\HP
2021-02-18 18:11 - 2021-01-14 11:09 - 000002412 _____ C:\Users\Odfried\Desktop\Microsoft Teams.lnk
2021-02-18 17:42 - 2019-12-30 15:11 - 000000000 ____D C:\Users\Odfried\AppData\Local\Packages
2021-02-18 17:27 - 2011-04-16 11:25 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\vlc
2021-02-18 15:06 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\NDF
2021-02-17 23:24 - 2015-07-21 15:46 - 000002145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2021-02-15 12:23 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-02-14 16:02 - 2019-12-30 15:05 - 000575536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-02-14 12:27 - 2020-01-10 22:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-02-14 12:23 - 2012-07-28 13:48 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\Amazon
2021-02-14 12:23 - 2012-07-28 13:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2021-02-14 12:23 - 2012-07-28 13:47 - 000000000 ____D C:\Program Files (x86)\Amazon
2021-02-14 12:18 - 2020-01-19 20:20 - 000003936 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2021-02-14 12:18 - 2013-04-29 21:57 - 000000872 _____ C:\ProgramData\Desktop\CCleaner.lnk
2021-02-13 17:53 - 2019-03-19 05:52 - 000000000 ___HD C:\Program Files\WindowsApps
2021-02-13 07:34 - 2020-04-19 11:00 - 000002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-02-12 14:26 - 2019-12-30 15:11 - 000000000 ___RD C:\Users\Odfried\3D Objects
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\SystemResources
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\ShellExperiences
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-02-12 12:27 - 2019-03-19 05:52 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-12 10:07 - 2019-03-19 13:19 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\OEMDefaultAssociations.dll
2021-02-12 10:07 - 2019-03-19 13:19 - 000019469 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2021-02-12 10:07 - 2019-03-19 05:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-02-12 08:17 - 2021-01-14 10:40 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002410 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2021-02-12 08:17 - 2021-01-14 10:40 - 000002402 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk
2021-02-12 08:16 - 2011-09-13 11:06 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-12 02:59 - 2019-12-30 15:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-02-11 20:40 - 2021-01-14 11:09 - 000002420 _____ C:\Users\Odfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams.lnk
2021-02-11 13:03 - 2019-12-30 15:10 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-02-11 05:28 - 2020-04-19 11:00 - 000003700 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-02-11 05:28 - 2020-04-19 11:00 - 000003576 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-02-10 22:58 - 2011-03-22 07:27 - 000000000 ____D C:\Users\Odfried\AppData\Local\ElevatedDiagnostics
2021-02-10 21:53 - 2011-03-22 08:08 - 130141752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-02-10 21:18 - 2020-12-21 11:35 - 000000000 ____D C:\Users\Odfried\AppData\Local\WebEx
2021-02-10 09:17 - 2020-12-21 11:35 - 000000000 ____D C:\Users\Odfried\AppData\LocalLow\WebEx
2021-02-09 21:03 - 2013-08-18 02:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-02-09 10:46 - 2020-09-30 09:14 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\BiBox 2.0
2021-02-08 09:05 - 2020-01-02 10:50 - 000003368 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2726028846-1901948702-833121358-1001
2021-02-08 09:05 - 2020-01-02 10:50 - 000000000 ___RD C:\Users\Odfried\OneDrive
2021-02-08 09:05 - 2019-12-30 15:08 - 000002431 _____ C:\Users\Odfried\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-02-06 09:54 - 2019-12-30 15:10 - 000003630 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-02-06 09:54 - 2019-12-30 15:10 - 000003506 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-02-05 10:24 - 2011-09-15 16:38 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\Dropbox
2021-02-04 08:52 - 2011-12-22 18:23 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\MediaMonkey
2021-02-04 07:52 - 2017-04-02 12:43 - 000000000 ____D C:\Users\Odfried\AppData\Local\Spotify
2021-02-04 07:00 - 2017-04-02 12:43 - 000000000 ____D C:\Users\Odfried\AppData\Roaming\Spotify
2021-02-01 12:43 - 2012-12-04 20:20 - 000000646 _____ C:\Users\Odfried\Desktop\Total Commander 64 bit.lnk
2021-01-27 11:47 - 2017-07-26 11:40 - 000001424 _____ C:\Users\Odfried\Desktop\ting - Verknüpfung.lnk
2021-01-24 20:21 - 2020-01-29 21:56 - 000001250 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001UA1d5d6e686e592d1.job
2021-01-24 20:21 - 2020-01-29 21:56 - 000001198 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001Core1d5d6e686de6c49.job
2021-01-22 10:07 - 2011-03-22 07:36 - 000799104 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-01-22 08:59 - 2020-01-29 21:56 - 000004402 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001UA1d5d6e686e592d1
2021-01-22 08:59 - 2020-01-29 21:56 - 000004026 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskUserS-1-5-21-2726028846-1901948702-833121358-1001Core1d5d6e686de6c49
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2021-02-10 09:18 - 2021-02-10 09:18 - 000039800 _____ (Embarcadero Technologies, Inc.) C:\Users\Odfried\AppData\Roaming\Odfried.exe
2014-01-16 19:07 - 2014-02-24 00:12 - 000000184 _____ () C:\Users\Odfried\AppData\Roaming\WB.CFG
2014-01-16 19:07 - 2014-01-29 20:07 - 000000005 _____ () C:\Users\Odfried\AppData\Roaming\WBPU-TTL.DAT
2011-12-10 14:40 - 2018-07-16 20:07 - 000005632 _____ () C:\Users\Odfried\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-11-19 23:32 - 2011-11-19 23:32 - 000000600 _____ () C:\Users\Odfried\AppData\Local\PUTTY.RND
2013-05-01 18:26 - 2019-05-14 16:25 - 000007657 _____ () C:\Users\Odfried\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
|
| Themen zu Windows 10: Trojaner Tnega!MSR kommt immer wieder - Teil I |
| administrator, adobe, antivirus, blockiert, browser, canon, computer, cpu, defender, desktop, entfernen, error, explorer, firefox, firewall, google, help, homepage, internet, internet explorer, mozilla, neustart, opera, prozesse, realtek, registry, scan, security, server, sicherheit, software, sparbuch, svchost, tcp, temp, tnega!msr, total commander, trojaner, udp, usb, windows, wiso, wmi |
Baum-Darstellung