Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 10 - Link geklickt, Woche danach ein Account gehackt

Windows 10 - Link geklickt, Woche danach ein Account gehackt


Log-Analyse und Auswertung: Windows 10 - Link geklickt, Woche danach ein Account gehackt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Thema geschlossen
Alt 11.03.2021, 13:26   #1
TobiHobi
 
Windows 10 - Link geklickt, Woche danach ein Account gehackt - Standard

Windows 10 - Link geklickt, Woche danach ein Account gehackt


Liebe Board-Admins,

ich habe dummerweise im Uni-Email-Account in einer scheinbaren Uni-Mail auf ein Link geklickt. Nach ersten Blicken habe ich allerdings den Browser direkt geschlossen, da mir die folgende Seite nicht sicher aussah (ich weiß, muss noch nichts heißen...).
Am selben Tag kam von der Uni eine Nachricht, dass betrügerische Mails im Umlauf sind, die ein recht ähnliches Layout der Uni nutzten. Die Vorsicht, die ich im privaten Konto habe, hatte ich leider beim Uni-Mail-Konto nicht.

Heute hatte ich dann angeblich eine Ebay-Kleinanzeige inseriert. Diese direkt gelöscht und Ebay informiert.
(Seit längerer Zeit erhalte ich leider auch einiges an Spam, muss mir daher eh eine neue Mail zulegen).

Ich habe den Defender Offline Check laufen lassen, der meldete kein Befund.
Laut Addition ist der normale Quick Scan paar mal aabgebrochen.
Malwarebytes meldete ebenfalls nichts.
AdWCleaner schloss sich allen an.

Allerdings meldete mir der HPI Identity Leak Checker, dass im Jan 2019 meine Email mitsamt Passwort betroffen ist.
Betroffene Dienste: Combolist und Unknown (Collection #1-#5)
Da könnte Ebay bei gewesen sein. Ich habe daraufhin die Passwörter bei den wichtigsten Diensten geändert. Ebay-Kleinanzeigen könnte mir allerdings durch die Lappen gegangen sein (nutzte ich zu selten).

An dieser Stelle fehlt mir das nötige Wissen. Wenn ich davon ausgehen kann, dass alles nur mit den Infos von HPI Identiy Leak Checker zusammenhängt bin ich beruhigt. Danach hatte ich auch mein System komplett neu aufgesetzt (zuletzt letztes Jahr). Das einzige worüber ich mich wundern würde, dass erst 2 Jahre danach Auswirkungen auf mich zugekommen sind.

FRST SCAN

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2021
Ran by TobiHobi (administrator) on TOBISKASTEN (LENOVO 4282A23) (11-03-2021 12:44:07)
Running from C:\Users\TobiHobi\Desktop
Loaded Profiles: TobiHobi
Platform: Windows 10 Pro Version 20H2 19042.804 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(FOXIT SOFTWARE INC. -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(Lenovo -> Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.3-0\NisSrv.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <9>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe <2>
(Piriform Software Ltd -> Piriform Software Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated -> Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-572561850-1651613979-292581458-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [32726088 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
HKLM\...\Windows x64\Print Processors\Canon MX490 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCK.DLL [30208 2014-09-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX490 series: C:\Windows\system32\CNCALCK.DLL [303104 2014-09-22] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX490 series: C:\Windows\system32\CNMLMCK.DLL [406528 2014-09-10] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
AppInit_DLLs: C:\Windows\system32\DriverStore\FileRepository\nvlt.inf_amd64_d8048c8cf9921ace\nvinitx.dll => No File
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\system32\DriverStore\FileRepository\nvlt.inf_amd64_d8048c8cf9921ace\nvinit.dll => No File
AppInit_DLLs-x32: ,C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation PE Sign v2014 -> NVIDIA Corporation)

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {083FBC73-3876-40D7-804A-80AAE25DD0C2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {16455F88-6024-4E4D-953E-4DF00AD3B733} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145760 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {45E82CA7-B19D-4D65-922B-93B7C922C9AB} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {525438ED-793A-4346-9008-236ACA0003A8} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [684976 2021-03-05] (Piriform Software Ltd -> Piriform)
Task: {6287A835-8D72-481C-A833-2896F689A39F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5057968 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {681EEEBA-E8ED-4316-B3DF-367CEB8A5FFA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [27168840 2021-03-05] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {7E0BA4FE-3350-491B-96DA-D2CEF583E879} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [145760 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {8DFFF27D-1CED-4F28-9F60-90AB0A93CFA5} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1683344 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {8FF44B0D-1044-440A-BF47-6C0CC4A1F12F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {A49AA1FD-0002-4067-AEB4-CF6BAFD77FE2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [5057968 2021-02-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {B0F588C1-373D-4474-9D8F-ECF5D6EE1763} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {B6D6A465-E730-41E5-8438-006ABD7F8C04} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MpCmdRun.exe [566376 2021-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C5E07F4E-801F-45E1-A036-D8EE570C88F4} - System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2104760 2017-03-31] (NVIDIA Corporation -> )
Task: {DE037D8F-10DB-4FD2-B83B-CB46B029DF3D} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [694752 2021-02-25] (Mozilla Corporation -> Mozilla Foundation)
Task: {E94826ED-8E8C-4B68-897D-FE8DCD04A69C} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [112840 2020-12-20] (Lenovo -> Lenovo)
Task: {EA87167E-24CF-4ABE-940E-EB77F5B7DBE3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22763912 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {F415693F-BEC3-44D4-9CD1-97A383A9E25B} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\Windows\SysWOW64\PowerMgrInst.exe [62152 2020-12-20] (Lenovo -> )

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6d749ed1-933e-4e7d-b9bf-8dd0ee4e7d49}: [DhcpNameServer] 192.168.0.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\TobiHobi\AppData\Local\Microsoft\Edge\User Data\Default [2021-03-01]
Edge Extension: (Outlook) - C:\Users\TobiHobi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bjhmmnoficofgoiacjaajpkfndojknpb [2020-11-06]
Edge Extension: (Word) - C:\Users\TobiHobi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\hikhggiobiflkdfdgdajcfklmcibbopi [2020-11-06]
Edge Extension: (Excel) - C:\Users\TobiHobi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\leffmjdabcgaflkikcefahmlgpodjkdm [2020-11-06]
Edge Extension: (PowerPoint) - C:\Users\TobiHobi\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\opfacbhaojodjaojgocnibmklknchehf [2020-11-06]

FireFox:
========
FF DefaultProfile: 0yyk03xq.default
FF ProfilePath: C:\Users\TobiHobi\AppData\Roaming\Mozilla\Firefox\Profiles\0yyk03xq.default [2020-08-06]
FF ProfilePath: C:\Users\TobiHobi\AppData\Roaming\Mozilla\Firefox\Profiles\qt30k8ac.default-release [2021-03-11]
FF Extension: (Privacy Badger) - C:\Users\TobiHobi\AppData\Roaming\Mozilla\Firefox\Profiles\qt30k8ac.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2021-02-03]
FF Extension: (uBlock Origin) - C:\Users\TobiHobi\AppData\Roaming\Mozilla\Firefox\Profiles\qt30k8ac.default-release\Extensions\uBlock0@raymondhill.net.xpi [2021-02-02]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.cpdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-01-22] (Microsoft Corporation -> Microsoft Corporation)

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8854920 2021-02-05] (Microsoft Corporation -> Microsoft Corporation)
R2 FoxitReaderUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe [1995184 2020-07-08] (FOXIT SOFTWARE INC. -> Foxit Software Inc.)
S2 LPlatSvc; C:\Windows\System32\LPlatSvc.exe [892288 2019-12-11] (Lenovo -> Lenovo.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7456464 2020-12-26] (Malwarebytes Inc -> Malwarebytes)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [4174264 2017-03-31] (NVIDIA Corporation -> NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5198064 2021-01-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [12727576 2021-02-17] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\NisSrv.exe [2483624 2021-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.3-0\MsMpEng.exe [128392 2021-03-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppleLowerFilter; C:\Windows\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [220160 2020-12-26] (Malwarebytes Inc -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [19912 2020-12-26] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [248992 2021-02-20] (Malwarebytes Inc -> Malwarebytes)
R0 PMDRVS; C:\Windows\System32\drivers\pmdrvs.sys [38160 2019-12-11] (Lenovo -> Lenovo.)
R3 SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [292864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [1485312 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
R3 SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [740864 2019-12-07] (Microsoft Windows -> Conexant Systems, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [49544 2021-03-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [420088 2021-03-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-11 12:44 - 2021-03-11 12:44 - 000016131 _____ C:\Users\TobiHobi\Desktop\FRST.txt
2021-03-11 12:43 - 2021-03-11 12:44 - 000000000 ____D C:\FRST
2021-03-11 12:43 - 2021-03-11 12:43 - 002301440 _____ (Farbar) C:\Users\TobiHobi\Desktop\FRST64.exe
2021-03-02 22:07 - 2021-03-02 22:07 - 000000000 ____D C:\Users\TobiHobi\AppData\LocalLow\Clarus Victoria
2021-03-02 22:07 - 2021-03-02 22:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Predynastic Egypt [GOG.com]
2021-03-02 07:33 - 2021-03-02 07:33 - 091488256 _____ C:\Windows\system32\config\SOFTWARE
2021-03-02 07:30 - 2021-03-02 07:33 - 000000000 ____D C:\Windows\Microsoft Antimalware
2021-03-01 23:20 - 2021-03-01 23:21 - 000000000 ____D C:\AdwCleaner
2021-02-27 09:05 - 2021-02-27 09:05 - 000085772 _____ C:\Users\TobiHobi\Desktop\DxDiag.txt
2021-02-26 11:35 - 2021-02-26 11:35 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2021-02-25 23:12 - 2021-03-01 20:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2021-02-22 17:00 - 2021-02-22 17:00 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-02-20 10:15 - 2021-02-20 10:15 - 000248992 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2021-02-19 09:12 - 2021-02-19 09:12 - 000000000 ___HD C:\ProgramData\CanonIJFAX
2021-02-19 09:12 - 2021-02-19 09:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2021-02-19 09:12 - 2021-02-19 09:12 - 000000000 ____D C:\Program Files (x86)\Canon
2021-02-19 09:12 - 2014-08-18 08:59 - 000092928 _____ C:\Windows\SysWOW64\CNC1787D.TBL
2021-02-19 09:12 - 2014-07-08 11:09 - 000353792 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_CKL.dll
2021-02-19 09:12 - 2008-08-25 18:02 - 000015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2021-02-19 09:09 - 2021-02-19 09:09 - 000000000 ___HD C:\ProgramData\CanonBJ
2021-02-19 09:09 - 2015-01-29 18:41 - 000312832 _____ (CANON INC.) C:\Windows\system32\CNC_CKC.dll
2021-02-19 09:09 - 2015-01-29 18:41 - 000123392 _____ (CANON INC.) C:\Windows\system32\CNC_CKI.dll
2021-02-19 09:09 - 2014-09-22 06:00 - 000303104 _____ (CANON INC.) C:\Windows\system32\CNCALCK.DLL
2021-02-19 09:09 - 2014-09-10 05:00 - 000406528 _____ (CANON INC.) C:\Windows\system32\CNMLMCK.DLL
2021-02-19 09:09 - 2014-08-18 08:59 - 000092928 _____ C:\Windows\system32\CNC1787D.TBL
2021-02-19 09:09 - 2014-07-08 11:10 - 000387584 _____ (CANON INC.) C:\Windows\system32\CNC_CKL.dll
2021-02-19 09:09 - 2008-08-25 18:02 - 000017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2021-02-19 09:08 - 2021-02-19 09:09 - 000000000 ___HD C:\Program Files\CanonBJ
2021-02-18 23:26 - 2021-02-23 20:41 - 000000000 ____D C:\Users\TobiHobi\AppData\LocalLow\Black Eye Games
2021-02-17 16:27 - 2021-02-17 16:27 - 000000000 ____D C:\Users\TobiHobi\AppData\LocalLow\Lost Pilgrims Studio
2021-02-12 15:53 - 2021-02-12 15:53 - 002755584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2021-02-12 15:53 - 2021-02-12 15:53 - 002755584 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2021-02-12 15:53 - 2021-02-12 15:53 - 001314112 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2021-02-12 15:53 - 2021-02-12 15:53 - 000231232 _____ C:\Windows\system32\containerdevicemanagement.dll
2021-02-12 15:53 - 2021-02-12 15:53 - 000010892 _____ C:\Windows\system32\DrtmAuthTxt.wim

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-03-11 12:38 - 2020-08-06 10:03 - 000000000 ____D C:\ProgramData\Mozilla
2021-03-11 12:37 - 2020-08-06 10:03 - 000000000 ____D C:\Users\TobiHobi\AppData\LocalLow\Mozilla
2021-03-11 12:37 - 2020-08-06 09:46 - 000000000 ____D C:\Windows\system32\SleepStudy
2021-03-11 12:37 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-03-11 09:51 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2021-03-11 09:22 - 2020-08-07 07:25 - 000000000 ____D C:\Users\TobiHobi\AppData\Local\Battle.net
2021-03-11 08:58 - 2020-08-06 13:02 - 000000000 ___HD C:\$WinREAgent
2021-03-11 08:55 - 2020-08-29 22:59 - 000000000 ____D C:\Program Files\CCleaner
2021-03-10 19:27 - 2020-10-15 21:07 - 000000000 ____D C:\Program Files (x86)\StarCraft II
2021-03-10 15:04 - 2020-08-07 07:25 - 000000000 ____D C:\Users\TobiHobi\AppData\Roaming\Battle.net
2021-03-10 14:51 - 2020-08-07 07:57 - 000000000 ____D C:\Program Files (x86)\Hearthstone
2021-03-10 14:50 - 2020-08-07 07:24 - 000000000 ____D C:\Program Files (x86)\Battle.net
2021-03-10 08:12 - 2020-08-08 06:52 - 000000000 ____D C:\Windows\system32\MRT
2021-03-10 08:11 - 2020-08-08 06:52 - 131005360 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2021-03-07 18:25 - 2020-08-06 09:46 - 000000000 ____D C:\Windows\system32\Drivers\wd
2021-03-07 18:23 - 2020-11-06 15:47 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-03-07 18:23 - 2020-08-29 22:59 - 000003936 _____ C:\Windows\system32\Tasks\CCleaner Update
2021-03-07 18:23 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-03-04 07:38 - 2020-11-06 15:46 - 000003480 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2021-03-04 07:38 - 2020-11-06 15:46 - 000003356 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2021-03-03 09:25 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2021-03-02 22:06 - 2020-08-07 12:45 - 000000000 ____D C:\GOG Games
2021-03-02 21:49 - 2020-10-11 11:59 - 000000000 ____D C:\Users\TobiHobi\AppData\Local\LarianLauncher
2021-03-02 18:23 - 2020-08-06 10:02 - 000000000 ____D C:\Users\TobiHobi\AppData\Local\PlaceholderTileLogoFolder
2021-03-01 22:38 - 2020-08-06 09:55 - 000840862 _____ C:\Windows\system32\PerfStringBackup.INI
2021-03-01 22:34 - 2021-02-08 19:22 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-03-01 22:33 - 2020-08-06 10:35 - 000000000 ____D C:\ProgramData\NVIDIA
2021-03-01 22:33 - 2020-08-06 09:46 - 000008192 ___SH C:\DumpStack.log.tmp
2021-03-01 22:33 - 2020-08-06 09:46 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2021-03-01 22:29 - 2019-12-07 10:03 - 000524288 _____ C:\Windows\system32\config\BBI
2021-03-01 20:59 - 2020-08-06 10:03 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2021-02-27 09:31 - 2020-08-07 12:51 - 000000000 ____D C:\ProgramData\Package Cache
2021-02-26 11:35 - 2020-08-06 10:03 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2021-02-25 19:06 - 2020-08-06 09:52 - 000000000 ____D C:\Users\TobiHobi\AppData\Local\Packages
2021-02-25 12:58 - 2020-08-06 10:24 - 000000000 ____D C:\Riot Games
2021-02-25 12:58 - 2020-08-06 10:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
2021-02-25 10:46 - 2020-08-06 10:24 - 000000000 ____D C:\ProgramData\Riot Games
2021-02-24 22:46 - 2020-08-06 11:02 - 000009808 _____ C:\Users\TobiHobi\Desktop\Boxes.xlsx
2021-02-20 11:06 - 2020-08-06 09:52 - 000000000 ____D C:\Users\TobiHobi
2021-02-19 22:57 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2021-02-19 09:12 - 2019-12-07 10:14 - 000000000 __RSD C:\Windows\Media
2021-02-18 18:51 - 2020-08-07 15:49 - 000000000 ____D C:\Program Files\Microsoft Office
2021-02-17 16:29 - 2021-02-08 19:22 - 000000000 ____D C:\Users\TobiHobi\AppData\Roaming\TeamViewer
2021-02-17 16:29 - 2020-10-22 19:54 - 000000000 ____D C:\Windows\Minidump
2021-02-17 16:29 - 2020-08-06 11:15 - 000000000 ____D C:\Users\TobiHobi\AppData\Local\CrashDumps
2021-02-17 16:29 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2021-02-13 00:04 - 2020-08-06 09:46 - 000441584 _____ C:\Windows\system32\FNTCACHE.DAT
2021-02-13 00:03 - 2019-12-07 10:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2021-02-13 00:03 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SysWOW64\Keywords
2021-02-13 00:03 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2021-02-13 00:03 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\oobe
2021-02-13 00:03 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\Keywords
2021-02-13 00:03 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\es-MX
2021-02-13 00:03 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\PolicyDefinitions
2021-02-13 00:03 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2021-02-13 00:03 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files\Common Files\System
2021-02-13 00:03 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\servicing
2021-02-12 15:53 - 2020-08-06 19:45 - 000413690 __RSH C:\bootmgr
2021-02-09 22:37 - 2020-10-16 21:31 - 000000000 ____D C:\Program Files (x86)\StarCraft

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
--- --- ---

--- --- ---

--- --- ---


Addition:
[CODE]Additional
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
scan result of Farbar Recovery Scan Tool (x64) Version: 28-02-2021
Ran by TobiHobi (11-03-2021 12:45:23)
Running from C:\Users\TobiHobi\Desktop
Windows 10 Pro Version 20H2 19042.804 (X64) (2020-08-06 08:48:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-572561850-1651613979-292581458-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-572561850-1651613979-292581458-503 - Limited - Disabled)
Guest (S-1-5-21-572561850-1651613979-292581458-501 - Limited - Disabled)
TobiHobi (S-1-5-21-572561850-1651613979-292581458-1001 - Administrator - Enabled) => C:\Users\TobiHobi
WDAGUtilityAccount (S-1-5-21-572561850-1651613979-292581458-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 20.02 alpha (x64) (HKLM\...\7-Zip) (Version: 20.02 alpha - Igor Pavlov)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.15.23 - Canon Inc.)
Canon MX490 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX490_series) (Version: 1.02 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.77 - Piriform)
Divinity: Original Sin 2 (HKLM-x32\...\1584823040_is1) (Version: 3.6.69.4648 - GOG.com)
Drakensang (HKLM-x32\...\1100566473_is1) (Version: 1.03 - GOG.com)
Excel (HKU\S-1-5-21-572561850-1651613979-292581458-1001\...\1fc5b090eab9aa41f8a2f5987367e6da) (Version: 1.0 - Excel)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 10.0.1.35811 - Foxit Software Inc.)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Malwarebytes version 4.3.0.98 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.3.0.98 - Malwarebytes)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.13127.21216 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 89.0.774.45 - Microsoft Corporation)
Microsoft Edge Update (HKLM-x32\...\Microsoft Edge Update) (Version: 1.3.141.63 - )
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 (HKLM-x32\...\{80586c77-db42-44bb-bfc8-7aebbb220c00}) (Version: 14.14.26429.4 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 (HKLM-x32\...\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}) (Version: 14.14.26429.4 - Microsoft Corporation)
Mozilla Firefox 86.0 (x64 de) (HKLM\...\Mozilla Firefox 86.0 (x64 de)) (Version: 86.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 79.0 - Mozilla)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA nView 148.47 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 148.47 - NVIDIA Corporation)
NVIDIA WMI 2.29.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.29.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.13127.21064 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.13127.21216 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.13127.21064 - Microsoft Corporation) Hidden
Outlook (HKU\S-1-5-21-572561850-1651613979-292581458-1001\...\6b0f23e57a39ebfbf2814acb1a24293d) (Version: 1.0 - Outlook)
PowerPoint (HKU\S-1-5-21-572561850-1651613979-292581458-1001\...\319814cb56b667dff88f54e08be8f51f) (Version: 1.0 - PowerPoint)
Predynastic Egypt (HKLM-x32\...\1542403976_is1) (Version: 1.0.10 - GOG.com)
StarCraft (HKLM-x32\...\StarCraft) (Version:  - Blizzard Entertainment)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.17.115 - Synaptics Incorporated)
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.3.0.13565 - Microsoft Corporation)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.15.5 - TeamViewer)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Word (HKU\S-1-5-21-572561850-1651613979-292581458-1001\...\1b837d0bf93d01407352736c91b7bf50) (Version: 1.0 - Word)
Worms 2 (HKLM-x32\...\GOGPACKWORMS2_is1) (Version: 2.0.0.23 - GOG.com)

Packages:
=========
Canon Inkjet Print Utility -> C:\Program Files\WindowsApps\34791E63.CanonInkjetPrintUtility_3.1.0.0_neutral__6e5tt8cgb93ep [2021-02-18] (Canon Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2020-08-07] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2020-08-07] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.9.1252.0_x64__8wekyb3d8bbwe [2021-02-01] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.39.4622.0_x64__8wekyb3d8bbwe [2021-03-05] (Microsoft Corporation) [Startup Task]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed]
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-17] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed]
ContextMenuHandlers5: [00nView] -> {1E9B04FB-F9E5-4718-997B-B8DA88302A48} => C:\Program Files\NVIDIA Corporation\nview\nvshell.dll [2017-03-31] (NVIDIA Corporation -> )
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-03-09] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-07-23] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2020-08-08] (Igor Pavlov) [File not signed]
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2020-11-17] (Malwarebytes Corporation -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\TobiHobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Excel.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=leffmjdabcgaflkikcefahmlgpodjkdm
ShortcutWithArgument: C:\Users\TobiHobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=bjhmmnoficofgoiacjaajpkfndojknpb
ShortcutWithArgument: C:\Users\TobiHobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=opfacbhaojodjaojgocnibmklknchehf
ShortcutWithArgument: C:\Users\TobiHobi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Word.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) ->  --profile-directory=Default --app-id=hikhggiobiflkdfdgdajcfklmcibbopi

==================== Loaded Modules (Whitelisted) =============


==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2021-01-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2021-01-22] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-572561850-1651613979-292581458-1001\...\sharepoint.com -> hxxps://unisiegende-files.sharepoint.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-572561850-1651613979-292581458-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B9C17573-5C8C-4A9A-B359-8B68479FF711}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{882D57BE-4727-4E68-A398-F4676ED37743}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{AE906909-6CD0-484E-B118-1962DF9E1186}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [UDP Query User{9F8D0C22-757C-44BD-A88A-0E99257159CF}C:\program files (x86)\hearthstone\hearthstone.exe] => (Allow) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{85A18539-8849-4187-AD4C-95765723B1B4}] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{72FED1CE-00DF-40EA-B87F-F30428584654}] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe (Blizzard Entertainment, Inc. -> )
FirewallRules: [{278E4EE7-1B3D-4072-910C-59BB62C8BE9B}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{59CF55D4-5C16-4427-B2BD-377E84D1A8D5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EF6DC15E-A845-4885-A5E5-0F54F8AACAEE}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D2E7C3DE-F619-4D4E-86CC-032F735B6FF3}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{9DBCD6B4-836A-43A6-B2E7-4B52B629C7A3}C:\gog games\worms 2\frontend.exe] => (Block) C:\gog games\worms 2\frontend.exe (Team17 Software Ltd) [File not signed]
FirewallRules: [UDP Query User{3FFDEF19-2EBA-4816-B363-1B2CCC5BA68E}C:\gog games\worms 2\frontend.exe] => (Block) C:\gog games\worms 2\frontend.exe (Team17 Software Ltd) [File not signed]
FirewallRules: [TCP Query User{C3CBB1F8-FE67-40DB-A372-E1216E3F6D4B}C:\gog games\divinity - original sin 2\defed\bin\eocapp.exe] => (Block) C:\gog games\divinity - original sin 2\defed\bin\eocapp.exe () [File not signed]
FirewallRules: [UDP Query User{CD741FCC-783F-40E9-A745-9CCCF4A47965}C:\gog games\divinity - original sin 2\defed\bin\eocapp.exe] => (Block) C:\gog games\divinity - original sin 2\defed\bin\eocapp.exe () [File not signed]
FirewallRules: [TCP Query User{BFAC4120-1D50-42DA-809C-A77952F37F63}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{E4AD3488-CA94-4EFA-A52D-1DBCAEF4E03A}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{0BF8900A-93DF-4338-8993-FC268CE88F72}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C02E4A81-8FFB-42DE-B743-0AEF7F0D32A9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{037E5D9D-9FA5-4384-95BD-56C8CA15B944}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{438370DC-58D8-4572-8820-7B1C4E78D96B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2073A028-2784-468B-A243-8627B65397A4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D08FE512-BBC0-44A3-93F5-F1C3533D1883}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{FCE01AB7-D82C-4F2F-86E6-50B295CB447D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{5C61CF0B-C883-4043-B5C6-072690518DF3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{3D966350-185D-4036-886D-E473BE959AE5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [TCP Query User{0CFF0D42-05ED-4EF3-B735-B390ABA03707}C:\program files (x86)\starcraft ii\versions\base83830\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base83830\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [UDP Query User{EC5A1CF0-BE82-4D65-B966-0CEBA5A91C2D}C:\program files (x86)\starcraft ii\versions\base83830\sc2_x64.exe] => (Allow) C:\program files (x86)\starcraft ii\versions\base83830\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{769273DC-AE5C-4C1D-BE4F-AA9B14BD3848}] => (Block) C:\program files (x86)\starcraft ii\versions\base83830\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)
FirewallRules: [{0DB15530-0A9A-4EE8-AEF9-9CC106B71089}] => (Block) C:\program files (x86)\starcraft ii\versions\base83830\sc2_x64.exe (Blizzard Entertainment, Inc. -> Blizzard Entertainment, Inc.)

==================== Restore Points =========================

24-02-2021 20:50:36 Installed DirectX
05-03-2021 09:46:49 Scheduled Checkpoint

==================== Faulty Device Manager Devices ============

Name: Generic Bluetooth Adapter
Description: Generic Bluetooth Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: GenericAdapter
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: PCI Serial Port
Description: PCI Serial Port
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Integrated Camera
Description: USB Video Device
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: ========================

Application errors:
==================
Error: (03/07/2021 06:25:07 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/20/2021 10:15:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamtray.exe, version: 4.0.0.897, time stamp: 0x6019d411
Faulting module name: Qt5Core.dll, version: 5.14.1.0, time stamp: 0x5f84e8d4
Exception code: 0xc0000005
Fault offset: 0x0000000000219dc5
Faulting process id: 0x790
Faulting application start time: 0x01d70768dff0dff6
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
Faulting module path: C:\Program Files\Malwarebytes\Anti-Malware\Qt5Core.dll
Report Id: 32aaa254-4c3d-4e9e-8786-43f8c307a651
Faulting package full name: 
Faulting package-relative application ID:

Error: (02/19/2021 10:50:45 PM) (Source: Firefox Default Browser Agent) (EventID: 12007) (User: )
Description: Event-ID 12007

Error: (02/19/2021 10:50:45 PM) (Source: Firefox Default Browser Agent) (EventID: 0) (User: )
Description: Event-ID 0

Error: (02/17/2021 04:29:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Vagrus.exe version 2019.2.9.52813 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 24f8

Start Time: 01d70541af779e93

Termination Time: 5

Application Path: C:\GOG Games\Vagrus - The Riven Realms Prologue\Vagrus.exe

Report Id: 85730612-1ed0-4f49-b339-663fb4bce212

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Unknown

Error: (02/17/2021 04:28:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Vagrus.exe version 2019.2.9.52813 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 5bc

Start Time: 01d70541827a306d

Termination Time: 4

Application Path: C:\GOG Games\Vagrus - The Riven Realms Prologue\Vagrus.exe

Report Id: dabc80e8-1ad1-46fe-95fc-44741ca031f7

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Unknown

Error: (02/17/2021 04:28:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Vagrus.exe version 2019.2.9.52813 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2960

Start Time: 01d7054173ba7204

Termination Time: 3

Application Path: C:\GOG Games\Vagrus - The Riven Realms Prologue\Vagrus.exe

Report Id: 054b764a-0961-41be-91f3-1f8a95421230

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Unknown

Error: (02/17/2021 04:27:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Vagrus.exe version 2019.2.9.52813 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 25bc

Start Time: 01d70541606dffb1

Termination Time: 3

Application Path: C:\GOG Games\Vagrus - The Riven Realms Prologue\Vagrus.exe

Report Id: 8adf8ac6-ba03-4231-aa94-8821860e0e97

Faulting package full name: 

Faulting package-relative application ID: 

Hang type: Unknown


System errors:
=============
Error: (03/10/2021 03:57:51 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/09/2021 06:08:19 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/04/2021 07:46:23 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/03/2021 10:41:08 AM) (Source: Schannel) (EventID: 4103) (User: NT AUTHORITY)
Description: A fatal error occurred while creating a TLS client credential. The internal error state is 10013.

Error: (03/02/2021 07:02:17 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/01/2021 10:56:59 PM) (Source: DCOM) (EventID: 10000) (User: TOBISKASTEN)
Description: Unable to start a DCOM Server: {0358B920-0AC7-461F-98F4-58E32CD89148}. The error:
"2147942767"
Happened while starting this command:
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}

Error: (03/01/2021 09:40:47 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/01/2021 08:59:27 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1115" attempting to start the service wuauserv with arguments "Unavailable" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}


Windows Defender:
================
Date: 2021-03-11 09:19:54
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-03-09 19:53:02
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-03-08 18:35:44
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-03-05 10:34:53
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-03-04 10:46:32
Description: 
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2021-02-04 17:01:26
Description: 
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version: 
Previous security intelligence Version: 1.331.193.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.17800.5
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 

==================== Memory info =========================== 

BIOS: LENOVO 8BET62WW (1.42 ) 07/26/2013
Motherboard: LENOVO 4282A23
Processor: Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz
Percentage of memory in use: 26%
Total physical RAM: 16267.23 MB
Available physical RAM: 11881.23 MB
Total Virtual: 18699.23 MB
Available Virtual: 14202.42 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:155.67 GB) (Free:32.06 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Eigene Dateien) (Fixed) (Total:67.32 GB) (Free:25.27 GB) NTFS

\\?\Volume{c6c33a46-0000-0000-0000-c0ea26000000}\ () (Fixed) (Total:0.58 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: C6C33A46)
Partition 1: (Active) - (Size=155.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=595 MB) - (Type=27)
Partition 3: (Not Active) - (Size=67.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt =======================
--- --- ---

--- --- ---

--- --- ---


Malwarebyte
Code:
ATTFilter
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 3/11/21
Scan Time: 9:22 AM
Log File: ee7581f4-8242-11eb-a141-3c970e058e14.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1173
Update Package Version: 1.0.37987
License: Free

-System Information-
OS: Windows 10 (Build 19042.804)
CPU: x64
File System: NTFS
User: TobisKasten\TobiHobi

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 277899
Threats Detected: 0
Threats Quarantined: 0
Time Elapsed: 3 min, 9 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 0
(No malicious items detected)

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
ADWCLeaner
Code:
ATTFilter
# -------------------------------
# Malwarebytes AdwCleaner 8.1.0.0
# -------------------------------
# Build:    02-15-2021
# Database: 2021-01-26.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    03-01-2021
# Duration: 00:00:22
# OS:       Windows 10 Pro
# Scanned:  3061
# Detected: 2


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.LenovoPowerManager   Folder   C:\Windows\SysWOW64\LENOVO\POWERMGR 
Preinstalled.LenovoPowerManager   Folder   C:\Windows\System32\LENOVO\POWERMGR 



########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Nachtrag:
CCleaner wird deinstalliert. Nutzte es nur zur Bereinigung der Browser-Caches etc.
Geändert von TobiHobi (11.03.2021 um 13:49 Uhr)

Alt 11.03.2021, 17:23   #2
M-K-D-B
/// TB-Ausbilder
 
Windows 10 - Link geklickt, Woche danach ein Account gehackt - Standard

Windows 10 - Link geklickt, Woche danach ein Account gehackt






deine Logdateien sehen gut aus, keine Malware zu sehen.




Zitat:
Das einzige worüber ich mich wundern würde, dass erst 2 Jahre danach Auswirkungen auf mich zugekommen sind.
Ist aber wahrscheinlich in der Tat so... wer weiß, wer diese Daten von vom gekauft und ggf. wieder weiter verkauft hat...





Dann wären wir durch!
Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.


Abschließend bitte noch einen Cleanup mit unserem TBCleanUpTool durchführen und unbedingt die Sicherheitsmaßnahmen lesen und umsetzen - beides ist in folgendem Lesestoff verlinkt:

Lesestoff:
Anleitung: Cleanup & Maßnahmen zur Absicherung des Rechners




Wenn Du möchtest, kannst Du hier sagen, ob du mit mir und meiner Hilfe zufrieden warst...
Vielleicht möchtest du das Forum mit einer kleinen Spende unterstützen.


Hinweis:
Bitte gib mir eine kurze Rückmeldung, sobald du die oben verlinkten Informationen gelesen hast, alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________
Alt 11.03.2021, 20:36   #3
TobiHobi
 
Windows 10 - Link geklickt, Woche danach ein Account gehackt - Standard

Windows 10 - Link geklickt, Woche danach ein Account gehackt


Hi,
vielen Dank für die Antwort.
Dann hab ich mal wieder was neues dazu gelernt.
Hab es zwar schon geahnt, aber bei diesem Thema geh ich lieber auf Nummer sicher.
Hab alle Links gelesen, kann geschlossen und de-aboniert werden.

Den Dank schreib ich hier (hoffe ist halbwegs okay). Vielen Dank.
Der letzte Link deines Posts wurde erfolgreich umgesetzt.
__________________
Alt 11.03.2021, 21:20   #4
M-K-D-B
/// TB-Ausbilder
 
Windows 10 - Link geklickt, Woche danach ein Account gehackt - Standard

Windows 10 - Link geklickt, Woche danach ein Account gehackt


Wir sind froh, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus unseren Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema.

Jeder andere bitte hier klicken und ein eigenes Thema erstellen.

Thema geschlossen

Themen zu Windows 10 - Link geklickt, Woche danach ein Account gehackt
administrator, adware, antivirus, browser, canon, cpu, defender, excel, explorer, firefox, firewall, generic, hängt, internet, internet explorer, leak checker, microsoft, mozilla, nvidia, phisching mail, registry, scan, security, software, spam, system, udp, windows


« Setup mit Malware/Adware ausgeführt, seitdem ärger | Windows 10: Zip Datei mit Viren runtergeladen, Sicherheitsalarm »


Ähnliche Themen: Windows 10 - Link geklickt, Woche danach ein Account gehackt


  1. Windows 7 (64 bit) - EBAY - Account gehackt
    Log-Analyse und Auswertung - 14.07.2019 (5)
  2. Auf falschen Link geklickt
    Mülltonne - 28.08.2018 (0)
  3. Windows 10 Baidu-Link geklickt
    Log-Analyse und Auswertung - 28.09.2017 (3)
  4. Windows 10: Mail Account gehackt - Trojaner?
    Log-Analyse und Auswertung - 09.06.2016 (6)
  5. Windows 7: Mail-Account gehackt, Avast zeigt Trojaner an
    Log-Analyse und Auswertung - 06.06.2016 (11)
  6. Windows 10, paypal phishing, link geklickt
    Log-Analyse und Auswertung - 12.01.2016 (7)
  7. Phishing Link geklickt
    Plagegeister aller Art und deren Bekämpfung - 19.09.2015 (8)
  8. Spam Mail vom eigenen Yahoo Account erhalten - Account gehackt?
    Log-Analyse und Auswertung - 28.08.2015 (8)
  9. Windows 7: Ich habe blöderweise auf einen Link in einer gefälschten DHL Mail geklickt und bin auf website umgeleitet worden...
    Plagegeister aller Art und deren Bekämpfung - 08.06.2015 (10)
  10. DHL Link geklickt, Windows 8.1. Firefox, Zip Download weggeklickt
    Log-Analyse und Auswertung - 12.03.2015 (11)
  11. Windows 7: DHL-Phishing-Mail geöffnet, auf den Link geklickt, .zip-File nicht heruntergeladen
    Log-Analyse und Auswertung - 10.03.2015 (13)
  12. (iPhone) Geklickt: Link geklickt
    Smartphone, Tablet & Handy Security - 15.11.2014 (2)
  13. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  14. Auf seltsamen Link geklickt
    Plagegeister aller Art und deren Bekämpfung - 04.06.2013 (23)
  15. Dummerweise auf MSN Link geklickt
    Plagegeister aller Art und deren Bekämpfung - 24.08.2009 (6)
  16. Auf einen Link geklickt ...
    Mülltonne - 06.07.2008 (0)
  17. In MSN auf Link geklickt und nun Schwierigkeiten
    Plagegeister aller Art und deren Bekämpfung - 30.07.2007 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 10 - Link geklickt, Woche danach ein Account gehackt - Liebe Board-Admins, ich habe dummerweise im Uni-Email-Account in einer scheinbaren Uni-Mail auf ein Link geklickt. Nach ersten Blicken habe ich allerdings den Browser direkt geschlossen, da mir die folgende Seite - Windows 10 - Link geklickt, Woche danach ein Account gehackt...
Archiv
Du betrachtest: Windows 10 - Link geklickt, Woche danach ein Account gehackt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130