| |
| |||||||
Log-Analyse und Auswertung: Phishing SMS nach OnlinebankingWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.10.2022, 08:18
| #1 |
 |  Phishing SMS nach Onlinebanking Guten Morgen zusammen, nachdem ich eine Überweisung per Onlinebanking getätigt habe, bekam ich auf mein Handy eine Phishing SMS wo ich einige Daten über mein Konto angeben sollte. Ich muss dazu sagen das ich über die Banking App auf meinem Handy die Überweisung noch bestätigen muss. Kann natürlich reiner Zufall gewesen sein das ich genau in dem Moment eine SMS bekommen habe. Ich habe darüber mit meiner Bank geredet und deren IT Abteilung ist der Meinung das das Telefon oder der Laptop mit einer Schadsoftware infiziert ist. Ich habe Norton Security Deluxe auf dem Rechner installiert. Der hat bei einem Komplett Scan nix gefunden. Danach habe ich ein Scan mit dem ESEt Online Scanner gemacht. Hier die Logdatei: Code:
ATTFilter 25.10.2022 14:54:55
Geprüfte Dateien: 793811
Erkannte Dateien: 1
Gesäuberte Dateien: 1
Prüfdauer gesamt 01:04:40
Prüfstatus: Abgeschlossen
C:\Users\uh-sh\Downloads\JAP - Installer _0q5u.exe eine Variante von Win32/SoftonicDownloader.J potenziell unerwünschte Anwendung durch Löschen gesäubert
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-10-2022
durchgeführt von uh-sh (Administrator) auf LAPTOP-G9EUU80D (Acer Aspire A317-51) (26-10-2022 08:32:58)
Gestartet von C:\Users\uh-sh\Downloads
Geladene Profile: uh-sh
Plattform: Microsoft Windows 10 Home Version 22H2 19045.2130 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(C:\Program Files (x86)\Garmin\Express\express.exe ->) (The CefSharp Authors) [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe <2>
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxCUIService.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxEM.exe
(explorer.exe ->) (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <15>
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe
(services.exe ->) (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(services.exe ->) (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(services.exe ->) (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(services.exe ->) (devolo AG -> devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_553b9a82ff9cf770\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2b7bcff446ea567f\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2b7bcff446ea567f\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_225ceea266d51cd2\RstMwService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.22.9.11\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.22.9.11\nsWscSvc.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe
(svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(svchost.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxext.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22082.119.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (SweetLabs Inc -> SweetLabs, Inc) C:\Users\uh-sh\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321112 2019-06-28] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1138992 2020-08-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\Run: [MicrosoftEdgeAutoLaunch_188D618001D97FF9308576AE61889BA3] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3852232 2022-10-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31297304 2022-09-20] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\107.0.5304.63\Installer\chrmstp.exe [2022-10-26] (Google LLC -> Google LLC)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {09B0054A-69B6-440D-937C-0891A571A76F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2353000 2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {0EDE71DC-A76E-46E1-A6E6-82D63AA1114F} - System32\Tasks\Oem\wlanBrokerTask => C:\Program Files (x86)\Acer\ExpressVPN\wlanBroker.exe [17688 2019-11-16] (Acer Incorporated -> )
Task: {112D7772-4A30-4576-B5A6-8242C2DA33E4} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4794672 2019-04-22] (Acer Incorporated -> )
Task: {190F9DE4-BE89-44B1-BB72-88D450332586} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {197762AE-78B3-40F0-B487-00D5E59C53B2} - System32\Tasks\GoogleUpdateTaskMachineCore{A8E4C759-B94D-445B-8C41-389291D22C0C} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-20] (Google LLC -> Google LLC)
Task: {2C7B859F-E3E6-48B3-9126-65A1F646FD51} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [446624 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {375DB2AD-4E10-4982-8B2C-58E4A8C824FD} - System32\Tasks\Norton Security Ultra\Norton Security Ultra Autofix => C:\Program Files\Norton Security\Engine\22.20.1.69\SymErr.exe /ui (Keine Datei)
Task: {37E3D3EF-8440-4FCB-BBC4-E4FC02B3F201} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41776 2019-04-22] (Acer Incorporated -> )
Task: {3F54D0BC-C11B-4712-A220-B6AC1F7AB822} - System32\Tasks\CareCenter\1013268F08166E907EB03C619157FCD238B2D833._service_run_Reg_HKCURun_S-1-5-21-568082222-3395335121-1670124993-1001 => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [3852232 2022-10-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {4964CD46-68C8-4BB4-9361-42DF21AB6827} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.22.9.11\WSCStub.exe [646520 2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {4E12590A-495C-4C88-AFEC-B8A53F5E3EA6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {59FA9758-689D-4A1A-9C79-90C63F786285} - System32\Tasks\App Explorer => C:\Users\uh-sh\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7900704 2022-09-13] (SweetLabs Inc -> SweetLabs, Inc) <==== ACHTUNG
Task: {6D151AB8-B798-4523-A945-33295FDE8593} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26165176 2022-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {6E978709-4758-46EF-B52E-25D1A457FBD0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143232 2022-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {6EB23526-5511-4CFC-BC67-F4C176EE7C56} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26165176 2022-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {7CD24B9F-D276-4413-AA49-F0E5D1CD5EAF} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2935088 2019-04-22] (Acer Incorporated -> )
Task: {89ED22C5-FC8A-4BFF-9D97-6E63D96D1681} - System32\Tasks\GoogleUpdateTaskMachineUA{DE28F7B9-20A5-42CD-B0A5-F786D860170F} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-20] (Google LLC -> Google LLC)
Task: {9A9BE7BE-7BB1-4C39-94A4-276586548B9F} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.22.9.11\SymErr.exe [379024 2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {A0574253-0519-4329-A911-CF98D6EDA163} - System32\Tasks\Norton Security Ultra\Norton Security Ultra Error Analyzer => C:\Program Files\Norton Security\Engine\22.20.1.69\SymErr.exe /analyze (Keine Datei)
Task: {B75FEE74-129A-4409-925A-397A2B95F6FA} - System32\Tasks\AcerCMUpdateTask2.5.22250 => C:\Program Files (x86)\Acer\Amundsen\2.5.22250\awc.exe [96904 2022-09-25] (Acer Incorporated -> )
Task: {C51304F4-16FB-4195-8FAA-C353B3D3EC81} - System32\Tasks\Norton Security Ultra\Norton Security Ultra Error Processor => C:\Program Files\Norton Security\Engine\22.20.1.69\SymErr.exe /submit (Keine Datei)
Task: {C5C7B78F-C18D-4CAF-A3FA-68717A316204} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [65448 2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {D183EB79-6E56-40B5-A130-9306927F6AB2} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.22.9.11\SymErr.exe [379024 2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {D76ECA7B-AFD0-46ED-8E5D-B0BFF5B65A85} - System32\Tasks\UEIPInvitation => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UEIPOOBECheck.exe [2211136 2019-01-09] (Acer Incorporated -> Acer Incorporated)
Task: {DF60A18C-C318-4169-AEDF-DE01089FE714} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\TriggerFramework.exe [268096 2019-01-09] (Acer Incorporated -> Acer Incorporated)
Task: {E26363C5-9466-4158-B720-35B0CBE4B0E0} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.22.9.11\SymErr.exe [379024 2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {E2CB4EFB-95A8-4295-AFFA-1B6E3E53F394} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [29464 2022-09-20] (Garmin International, Inc. -> )
Task: {E4840122-7E50-4ED7-80CB-EBF7E6ED04C0} - System32\Tasks\Power Button => C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe [2771616 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {E591BC4B-3AF0-4391-9163-8C2090F9C00F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143232 2022-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {F9BE3D0D-8643-43BC-B90C-184590946C02} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [70792 2022-08-15] (Acer Incorporated -> )
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 10.0.3.1 10.0.3.2
Tcpip\..\Interfaces\{4bb4cf8c-7dbf-4de7-aba9-d60be4adbc1e}: [DhcpNameServer] 10.0.3.1 10.0.3.2
Tcpip\..\Interfaces\{780540a4-858e-4639-927a-563f5c2691cd}: [DhcpNameServer] 192.168.178.1
Edge:
=======
DownloadDir: C:\Users\uh-sh\Downloads
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Norton Password Manager) -> EdgeExtension_SymantecCorporation5478111E43ACF_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.5478111E43ACF_6.7.4.0_neutral__v68kp9n051hdp [nicht gefunden]
Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.11.5.0_neutral__v68kp9n051hdp [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-19]
Edge StartupUrls: Default -> "hxxp://www.google.de/"
Edge Extension: (Norton Safe Web) - C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2021-09-08]
Edge Extension: (Norton Password Manager) - C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimkankpnkg [2021-09-11]
Edge Profile: C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-10-18]
Edge Extension: (Norton Safe Web) - C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2022-06-19]
FireFox:
========
FF DefaultProfile: 09g39tl6.default
FF ProfilePath: C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default [2022-10-26]
FF Extension: (German Dictionary, extended for Austria) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\de-AT@dictionaries.addons.mozilla.org.xpi [2020-07-07]
FF Extension: (German Dictionary (Switzerland)) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\de-CH@dictionaries.addons.mozilla.org.xpi [2020-07-07]
FF Extension: (German Dictionary) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\de-DE@dictionaries.addons.mozilla.org.xpi [2020-07-07]
FF Extension: (German dictionary (de_DE)) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\de_DE@dicts.j3e.de.xpi [2020-01-06]
FF Extension: (Norton Password Manager) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\idsafe@norton.com.xpi [2022-10-25]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2022-10-25]
FF Extension: (Norton Safe Search) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2022-10-25] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds_modified/updates.json]
FF Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2021-06-27] [UpdateUrl:hxxps://tools.google.com/service/update2/ff?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\uh-sh\AppData\Local\Google\Chrome\User Data\Default [2022-10-26]
CHR StartupUrls: Default -> "hxxps://webmail.htp.net/appsuite/ui#!!&app=io.ox/mail&folder=default1/INBOX","hxxps://email.t-online.de/em"
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?FORM=XCSRDF&q={searchTerms}&PC=XC03
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}
CHR Extension: (Norton Password Manager) - C:\Users\uh-sh\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2022-09-15]
CHR Extension: (Norton Safe Web) - C:\Users\uh-sh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2022-10-26]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\uh-sh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-20]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [300336 2019-04-22] (Acer Incorporated -> Acer Incorporated)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12477344 2022-10-15] (Microsoft Corporation -> Microsoft Corporation)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [6108344 2021-07-13] (devolo AG -> devolo AG)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.22.9.11\NortonSecurity.exe [344888 2022-10-03] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.22.9.11\nsWscSvc.exe [1059176 2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
S3 QALSvc; C:\Program Files\Acer\Quick Access Service\QALSvc.exe [466080 2022-01-03] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [504480 2022-01-03] (Acer Incorporated -> Acer Incorporated)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe [305984 2019-01-10] (Acer Incorporated -> Acer Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
R1 avm_nwim; C:\WINDOWS\system32\DRIVERS\avmnwim.sys [396088 2017-03-17] (WDKTestCert shuebner,130916460956458304 -> AVM)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\BASHDefs\20221024.011\BHDrvx64.sys [1705040 2022-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\ccSetx64.sys [198288 2022-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [527864 2022-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [159720 2022-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\IPSDefs\20221024.061\IDSvia64.sys [1526776 2022-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [36496 2021-07-13] (devolo AG -> Riverbed Technology, Inc.)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\nsvst.sys [57104 2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\SRTSP64.SYS [956048 2022-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\SRTSPX64.SYS [52872 2022-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\SYMEFASI64.SYS [2092696 2022-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\SymELAM.sys [36048 2022-10-03] (Microsoft Windows Early Launch Anti-Malware Publisher -> Broadcom)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100320 2022-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.5.39\SymPlatform\SymEvnt.sys [722400 2022-07-11] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\Ironx64.SYS [306832 2022-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\symnets.sys [490664 2022-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-03-31] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [420072 2021-03-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-31] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\wpCtrlDrv.sys [1016792 2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-10-26 08:32 - 2022-10-26 08:33 - 000026876 _____ C:\Users\uh-sh\Downloads\FRST.txt
2022-10-26 08:32 - 2022-10-26 08:33 - 000000000 ____D C:\FRST
2022-10-26 08:32 - 2022-10-26 08:32 - 002373632 _____ (Farbar) C:\Users\uh-sh\Downloads\FRST64.exe
2022-10-25 15:00 - 2022-10-25 15:00 - 078858285 _____ C:\Users\uh-sh\Downloads\Acer Care Center_Acer_4.00.3042_W10x64_A.zip
2022-10-25 15:00 - 2022-10-25 15:00 - 000096096 _____ C:\Users\uh-sh\Downloads\SerialNumberDetectionTool.exe
2022-10-25 14:55 - 2022-10-25 14:55 - 000000608 _____ C:\Users\uh-sh\Desktop\eset.txt
2022-10-25 14:30 - 2022-10-25 13:35 - 000000000 ____D C:\Windows.old
2022-10-25 14:21 - 2022-10-25 14:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2022-10-25 13:45 - 2022-10-25 13:48 - 000000674 _____ C:\Users\uh-sh\Desktop\ESET Online Scanner.lnk
2022-10-25 13:45 - 2022-10-25 13:45 - 014562400 _____ (ESET spol. s r.o.) C:\Users\uh-sh\Downloads\ESETOnlineScanner_DEU.exe
2022-10-25 13:45 - 2022-10-25 13:45 - 000000773 _____ C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-10-25 13:45 - 2022-10-25 13:45 - 000000000 ____D C:\Users\uh-sh\AppData\Local\ESET
2022-10-25 13:44 - 2022-10-25 13:44 - 000002224 _____ C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2022-10-25 13:44 - 2022-10-25 13:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-10-25 13:38 - 2022-10-25 13:48 - 001722998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-25 13:38 - 2022-10-25 13:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-10-25 13:38 - 2022-10-25 13:38 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-10-25 13:37 - 2022-10-25 13:37 - 000000020 ___SH C:\Users\uh-sh\ntuser.ini
2022-10-25 13:35 - 2022-10-25 13:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Security
2022-10-25 13:35 - 2022-10-25 13:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-25 13:35 - 2022-10-25 13:35 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2022-10-25 13:35 - 2022-10-25 13:35 - 000007623 _____ C:\WINDOWS\diagerr.xml
2022-10-25 13:35 - 2022-10-25 13:35 - 000004302 _____ C:\WINDOWS\system32\Tasks\Software Update Application
2022-10-25 13:35 - 2022-10-25 13:35 - 000003852 _____ C:\WINDOWS\system32\Tasks\ACCAgent
2022-10-25 13:35 - 2022-10-25 13:35 - 000003684 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-10-25 13:35 - 2022-10-25 13:35 - 000003682 _____ C:\WINDOWS\system32\Tasks\AcerCMUpdateTask2.5.22250
2022-10-25 13:35 - 2022-10-25 13:35 - 000003636 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{DE28F7B9-20A5-42CD-B0A5-F786D860170F}
2022-10-25 13:35 - 2022-10-25 13:35 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-10-25 13:35 - 2022-10-25 13:35 - 000003412 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{A8E4C759-B94D-445B-8C41-389291D22C0C}
2022-10-25 13:35 - 2022-10-25 13:35 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-568082222-3395335121-1670124993-1001
2022-10-25 13:35 - 2022-10-25 13:35 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-568082222-3395335121-1670124993-1001
2022-10-25 13:35 - 2022-10-25 13:35 - 000002852 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-568082222-3395335121-1670124993-500
2022-10-25 13:35 - 2022-10-25 13:35 - 000002782 _____ C:\WINDOWS\system32\Tasks\UbtFrameworkService
2022-10-25 13:35 - 2022-10-25 13:35 - 000002730 _____ C:\WINDOWS\system32\Tasks\ACC
2022-10-25 13:35 - 2022-10-25 13:35 - 000002712 _____ C:\WINDOWS\system32\Tasks\UEIPInvitation
2022-10-25 13:35 - 2022-10-25 13:35 - 000002702 _____ C:\WINDOWS\system32\Tasks\GarminUpdaterTask
2022-10-25 13:35 - 2022-10-25 13:35 - 000002612 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration
2022-10-25 13:35 - 2022-10-25 13:35 - 000002408 _____ C:\WINDOWS\system32\Tasks\App Explorer
2022-10-25 13:35 - 2022-10-25 13:35 - 000002328 _____ C:\WINDOWS\system32\Tasks\ACCBackgroundApplication
2022-10-25 13:35 - 2022-10-25 13:35 - 000002296 _____ C:\WINDOWS\system32\Tasks\Power Button
2022-10-25 13:35 - 2022-10-25 13:35 - 000002222 _____ C:\WINDOWS\system32\Tasks\Quick Access
2022-10-25 13:35 - 2022-10-25 13:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Oem
2022-10-25 13:35 - 2022-10-25 13:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Security Ultra
2022-10-25 13:35 - 2022-10-25 13:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2022-10-25 13:35 - 2022-10-25 13:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\CareCenter
2022-10-25 13:30 - 2022-10-25 14:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-25 13:30 - 2022-10-25 13:30 - 000437344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-25 13:18 - 2022-10-25 14:30 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-10-25 13:17 - 2022-10-25 13:37 - 000000000 ____D C:\Users\uh-sh
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Vorlagen
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Startmenü
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Netzwerkumgebung
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Lokale Einstellungen
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Eigene Dateien
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Druckumgebung
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Documents\Eigene Videos
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Documents\Eigene Musik
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Documents\Eigene Bilder
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\AppData\Local\Verlauf
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\AppData\Local\Anwendungsdaten
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Anwendungsdaten
2022-10-25 13:17 - 2019-12-07 11:10 - 000001105 _____ C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-25 13:16 - 2022-10-25 13:18 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-10-25 13:11 - 2022-10-25 13:11 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-10-25 13:11 - 2022-10-25 13:11 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-10-25 13:11 - 2022-10-25 13:11 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-25 13:11 - 2022-10-25 13:11 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-10-25 13:11 - 2022-10-25 13:11 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-10-25 13:11 - 2022-10-25 13:11 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-10-25 13:11 - 2022-10-25 13:11 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-25 13:03 - 2022-10-25 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2022-10-25 13:03 - 2022-10-25 13:03 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-10-25 13:03 - 2022-10-25 13:03 - 000000000 ____D C:\Program Files\MSBuild
2022-10-25 13:03 - 2022-10-25 13:03 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-10-25 13:03 - 2022-10-25 13:03 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-10-25 13:00 - 2022-10-25 13:00 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-10-25 12:55 - 2022-10-25 13:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-10-25 12:55 - 2022-10-25 13:37 - 000000000 ___DC C:\WINDOWS\Panther
2022-10-25 12:53 - 2022-10-25 12:55 - 000000036 _____ C:\WINDOWS\progress.ini
2022-10-25 12:50 - 2022-10-25 12:53 - 000000000 ___HD C:\$GetCurrent
2022-10-25 12:50 - 2022-10-25 12:53 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2022-10-15 17:08 - 2022-10-25 14:30 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2022-10-15 16:10 - 2022-10-15 16:10 - 000000000 ___HD C:\$WinREAgent
2022-10-11 17:43 - 2022-10-11 17:43 - 000272595 _____ C:\Users\uh-sh\Downloads\Simulationsrechnung_1665503007320.pdf
2022-10-11 17:08 - 2022-10-11 17:08 - 000272292 _____ C:\Users\uh-sh\Downloads\Marktwertermittlung_Finke.pdf
2022-10-09 14:48 - 2022-10-09 14:48 - 000062291 _____ C:\Users\uh-sh\Downloads\Quartalsauszug 3. Quartal 2022 _ UnionDepot 20261608_2285448845.pdf
2022-10-05 18:33 - 2022-10-05 18:33 - 000077242 _____ C:\Users\uh-sh\Downloads\63109204_2022_Mitteilung_vom_04.10.2022_20221005183332.pdf
2022-10-05 18:33 - 2022-10-05 18:33 - 000076498 _____ C:\Users\uh-sh\Downloads\6310920400_2022_Mitteilung_vom_30.09.2022_20221005183323.pdf
2022-10-03 12:12 - 2022-10-03 12:12 - 000098627 _____ C:\Users\uh-sh\Downloads\393621000_2022_Nr.009_Kontoauszug_vom_30.09.2022_20221003121209.pdf
2022-10-03 12:09 - 2022-10-03 12:09 - 000331158 _____ C:\Users\uh-sh\Downloads\3936210_2022_AGB- und Sonderbedingungen Anschreiben_vom_27.09.2022_20221003120851.pdf
2022-10-03 12:08 - 2022-10-03 12:08 - 000098627 _____ C:\Users\uh-sh\Downloads\393621000_2022_Nr.009_Kontoauszug_vom_30.09.2022_20221003120753.pdf
2022-09-28 16:40 - 2022-09-28 16:40 - 000331158 _____ C:\Users\uh-sh\Downloads\3936210_2022_AGB- und Sonderbedingungen Anschreiben_vom_27.09.2022_20220928164034.pdf
2022-09-27 18:14 - 2022-09-27 18:14 - 000001967 _____ C:\Users\Public\Desktop\Garmin Express.lnk
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-10-26 08:29 - 2020-01-04 22:23 - 000000000 ____D C:\Users\uh-sh\AppData\Local\PlaceholderTileLogoFolder
2022-10-26 08:29 - 2020-01-04 22:21 - 000000000 ____D C:\Users\uh-sh\AppData\Local\Packages
2022-10-26 08:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-26 08:27 - 2022-03-20 11:21 - 000000000 ____D C:\Program Files (x86)\Google
2022-10-26 08:27 - 2020-01-04 23:26 - 000000000 ____D C:\Users\uh-sh\AppData\LocalLow\Mozilla
2022-10-26 08:27 - 2020-01-04 22:13 - 000000000 ____D C:\Users\uh-sh\AppData\Local\Host App Service
2022-10-26 08:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat
2022-10-26 08:26 - 2022-03-20 11:22 - 000002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-10-26 08:26 - 2022-03-20 11:22 - 000002202 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-10-26 08:24 - 2020-01-04 22:21 - 000000000 __SHD C:\Users\uh-sh\IntelGraphicsProfiles
2022-10-25 14:58 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-25 14:30 - 2022-09-04 09:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Acer
2022-10-25 14:30 - 2021-11-08 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
2022-10-25 14:30 - 2021-05-30 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2022-10-25 14:30 - 2020-09-03 19:40 - 000000000 ____D C:\Program Files\UNP
2022-10-25 14:30 - 2020-07-10 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo
2022-10-25 14:30 - 2020-06-07 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-10-25 14:30 - 2020-03-15 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2022-10-25 14:30 - 2020-01-30 21:03 - 000000000 ____D C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky Ticket
2022-10-25 14:30 - 2020-01-05 15:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-25 14:30 - 2020-01-05 04:04 - 000000000 ____D C:\WINDOWS\oem
2022-10-25 14:30 - 2019-12-07 11:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-10-25 14:30 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-10-25 14:30 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-10-25 14:30 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\spool
2022-10-25 14:30 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-10-25 14:30 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-10-25 14:30 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-10-25 14:30 - 2019-10-27 01:46 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 14
2022-10-25 14:30 - 2019-10-27 01:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2022-10-25 14:30 - 2019-10-27 01:21 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2022-10-25 14:30 - 2019-10-27 01:01 - 000000000 ____D C:\Program Files\Intel
2022-10-25 14:30 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-10-25 14:05 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2022-10-25 13:48 - 2019-12-07 16:50 - 000744794 _____ C:\WINDOWS\system32\perfh007.dat
2022-10-25 13:48 - 2019-12-07 16:50 - 000150180 _____ C:\WINDOWS\system32\perfc007.dat
2022-10-25 13:44 - 2022-02-13 15:54 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-10-25 13:44 - 2021-08-28 10:39 - 000000000 ____D C:\Users\uh-sh\AppData\LocalLow\Norton
2022-10-25 13:44 - 2019-10-27 01:40 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-10-25 13:44 - 2019-10-27 01:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-10-25 13:41 - 2021-02-28 12:49 - 000008192 ___SH C:\DumpStack.log.tmp
2022-10-25 13:41 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-10-25 13:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-25 13:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-10-25 13:41 - 2019-10-27 00:54 - 000000000 ___HD C:\Intel
2022-10-25 13:40 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-10-25 13:39 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-25 13:37 - 2020-01-04 22:21 - 000000000 ___RD C:\Users\uh-sh\3D Objects
2022-10-25 13:37 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-10-25 13:37 - 2019-10-27 00:57 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-10-25 13:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-25 13:35 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows NT
2022-10-25 13:35 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-10-25 13:35 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-10-25 13:32 - 2019-12-07 11:14 - 000000000 __RSD C:\WINDOWS\Media
2022-10-25 13:31 - 2019-10-27 01:32 - 000000000 ____D C:\WINDOWS\system32\Intel
2022-10-25 13:30 - 2020-06-21 11:52 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-10-25 13:27 - 2019-12-07 11:18 - 000000000 ____D C:\WINDOWS\Setup
2022-10-25 13:25 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-10-25 13:24 - 2019-12-07 11:14 - 000000000 __RHD C:\Users\Public\Libraries
2022-10-25 13:18 - 2019-10-27 01:32 - 000000000 ____D C:\WINDOWS\system32\cAVS
2022-10-25 13:17 - 2022-05-26 10:25 - 000000000 ____D C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sena Technologies
2022-10-25 13:17 - 2022-01-24 13:12 - 000000000 ____D C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-25 13:13 - 2019-12-07 11:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-25 13:13 - 2019-12-07 11:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-25 13:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2022-10-25 13:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2022-10-18 09:17 - 2022-01-24 13:12 - 000000000 ____D C:\Users\uh-sh\AppData\Local\Ubisoft Game Launcher
2022-10-18 09:12 - 2020-02-11 19:02 - 000000000 ____D C:\Users\uh-sh\Documents\Mrowka
2022-10-16 17:34 - 2022-05-26 10:49 - 000007683 _____ C:\Users\uh-sh\AppData\Local\resmon.resmoncfg
2022-10-16 17:11 - 2019-10-27 01:01 - 000000000 ____D C:\ProgramData\Package Cache
2022-10-16 11:31 - 2020-01-04 22:48 - 000000000 ____D C:\Program Files\Common Files\AV
2022-10-15 17:08 - 2021-02-18 21:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2022-10-15 16:07 - 2020-01-05 15:01 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-10-15 15:35 - 2022-08-13 15:03 - 000000000 ____D C:\Users\uh-sh\Documents\Steuer ELSTER
2022-10-15 15:20 - 2019-10-27 01:41 - 000000000 ____D C:\Program Files\Microsoft Office
2022-10-13 16:03 - 2022-03-20 11:22 - 000000000 ____D C:\Program Files\Google
2022-10-09 17:43 - 2021-11-21 13:06 - 000000000 ____D C:\Users\uh-sh\Desktop\Zum Dienst
2022-10-09 17:03 - 2020-03-15 12:54 - 000000000 ____D C:\Users\uh-sh\AppData\Roaming\Garmin
2022-10-05 18:44 - 2019-10-27 01:46 - 000000000 ____D C:\ProgramData\Norton
2022-10-05 17:57 - 2019-10-27 01:37 - 000000000 ____D C:\Program Files (x86)\Acer
2022-09-28 17:35 - 2021-06-13 17:14 - 000000000 ____D C:\Users\uh-sh\AppData\Local\CrashDumps
2022-09-28 17:29 - 2021-01-30 18:35 - 000000000 ____D C:\Users\uh-sh\AppData\Local\D3DSCache
2022-09-27 18:15 - 2020-01-05 13:08 - 000000000 ____D C:\ProgramData\Garmin
2022-09-27 18:14 - 2020-01-05 13:08 - 000000000 ____D C:\Program Files (x86)\Garmin
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2022-05-26 10:49 - 2022-10-16 17:34 - 000007683 _____ () C:\Users\uh-sh\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-10-2022
durchgeführt von uh-sh (26-10-2022 08:33:49)
Gestartet von C:\Users\uh-sh\Downloads
Microsoft Windows 10 Home Version 22H2 19045.2130 (X64) (2022-10-25 11:35:51)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-568082222-3395335121-1670124993-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-568082222-3395335121-1670124993-503 - Limited - Disabled)
Gast (S-1-5-21-568082222-3395335121-1670124993-501 - Limited - Disabled)
uh-sh (S-1-5-21-568082222-3395335121-1670124993-1001 - Administrator - Enabled) => C:\Users\uh-sh
WDAGUtilityAccount (S-1-5-21-568082222-3395335121-1670124993-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Norton Security (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Norton Security Ultra (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AV: Norton Security (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton Security Ultra (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton Security (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton Security (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
FW: Norton Security (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Configuration Manager (HKLM-x32\...\{8CB1A03C-9849-4744-AD56-341A18F9E3E2}) (Version: 2.5.22250 - Acer)
Acer Jumpstart (HKLM-x32\...\{0C5ED25A-B8D1-4E71-BFCB-6B370A4EA19C}) (Version: 3.5.22220.20 - Acer)
ANT Drivers Installer x64 (HKLM\...\{4F35B8FF-E00B-42BB-A6D4-6174BAB0404A}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.273.3.150 - SweetLabs) <==== ACHTUNG
App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.273.3.150 - SweetLabs) <==== ACHTUNG
App Explorer (HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\Host App Service) (Version: 0.273.4.565 - SweetLabs) <==== ACHTUNG
Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3042 - Acer Incorporated)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.8904.02 - CyberLink Corp.)
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 5.1.7.638 - devolo AG)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated)
Elevated Installer (HKLM-x32\...\{5383BE8D-5852-4FE5-A290-1B231C4A322C}) (Version: 7.14.0.0 - Garmin Ltd or its subsidiaries) Hidden
ExpressVPN (HKLM-x32\...\{878F6EB4-73BF-4A1E-9A92-6DDF9EDC8A8B}) (Version: 2.2.19325.10 - Acer)
Forge of Empires (HKLM-x32\...\{39D43D1E-8661-4990-9D01-2C1F593CC8C3}) (Version: 3.1.19223.4 - Acer)
FRITZ!Fernzugang (HKLM\...\{DD57CC22-8864-4CCA-94D4-600D024C1207}) (Version: 1.4.1 - AVM Berlin)
Garmin BaseCamp (HKLM-x32\...\{a7339a73-aef7-4ce1-963f-e7396ba18511}) (Version: 4.7.4.0 - Garmin Ltd or its subsidiaries)
Garmin BaseCamp (HKLM-x32\...\{B48BC415-D96D-4676-BAB5-66EFDA0D8D7B}) (Version: 4.7.4.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin City_Navigator_Europe_NTU_2020_30 (HKLM-x32\...\{BEE5950B-8A67-4ACB-A391-77D5F440DC71}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City_Navigator_Europe_NTU_2021_30 (HKLM-x32\...\{DE52C2E9-2116-452F-A2D4-2AD963C7B236}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5bc116de-415f-4087-a55b-ffa07751c0d1}) (Version: 7.14.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{BB1DCEBC-FD41-4EA7-8F74-168B91D032F1}) (Version: 7.14.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{4e365b8d-ed6f-4316-a1b8-f8762eaed5a0}) (Version: 2.5.8 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{9644C9A2-DB70-40B2-9CD3-E025F9CD867D}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.63 - Google LLC)
Intel(R) Chipset Device Software (HKLM\...\{351A0D24-F6F1-4105-AA50-5D2CCC71E0DD}) (Version: 10.1.18019.8144 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1924.14.0.1295 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{3978C240-E168-423F-828F-FACD27C87200}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{4C474EBC-96D2-4273-A465-34BA6EB9B50F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{3489EF28-7347-4779-9701-FD81E898870C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.6911 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{31E11FD7-9921-48E4-AAFC-FD25A0051994}) (Version: 17.5.1.1021 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.5.1.1021 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.55.66.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.55.66.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{1fec26b5-eeec-4604-877a-44f1843ae9d4}) (Version: 1.55.66.0 - Intel Corporation) Hidden
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{1AC25CEA-DED2-4D31-AE36-A9CBD5B85B67}) (Version: 17.5.1.1021 - Intel Corporation)
Microsoft Edge (HKLM-x32\...\{2D52B6E4-968B-39B1-A00F-4F12269DA6B2}) (Version: 106.0.1370.52 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 106.0.1370.52 - Microsoft Corporation)
Microsoft Office Home and Student 2019 - de-de (HKLM\...\HomeStudent2019Retail - de-de) (Version: 16.0.15629.20208 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\OneDriveSetup.exe) (Version: 22.207.1002.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{722855E9-F981-4436-A979-32E0C5A09918}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{3EB42C92-1F2D-4D47-B12C-E9F5A9CD55F0}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30139 (HKLM-x32\...\{8d5fdf81-7022-423f-bd8b-b513a1050ae1}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30139 (HKLM-x32\...\{1AEA8854-7597-4CD3-948F-8DE364D94E07}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30139 (HKLM-x32\...\{1679EF65-55F3-4248-B91E-6B3BE1A69CDF}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 106.0.1 (x64 en-US)) (Version: 106.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 105.0.3 - Mozilla)
Norton Security (HKLM-x32\...\NGC) (Version: 22.22.9.11 - NortonLifeLock Inc)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15629.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15629.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.15629.20118 - Microsoft Corporation) Hidden
Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3038 - Acer Incorporated)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.35.510.2019 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8710.1 - Realtek Semiconductor Corp.)
Sena Bluetooth Device Manager 4.3.3 (HKLM-x32\...\Sena Bluetooth Device Manager) (Version: 4.3.3 - Copyright (C) 2012 ~ 2022 Sena Technologies Inc.)
Sky Ticket 8.10.0.0 (HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\com.bskyb.skyticket_is1) (Version: 8.10.0.0 - Sky Ticket)
thesettlers (HKLM-x32\...\Uplay Install 11662) (Version: - Ubisoft)
thesettlers2 (HKLM-x32\...\Uplay Install 11783) (Version: - Ubisoft)
thesettlers3 (HKLM-x32\...\Uplay Install 11784) (Version: - Ubisoft)
thesettlers4 (HKLM-x32\...\Uplay Install 11785) (Version: - Ubisoft)
theSettlers5 (HKLM-x32\...\Uplay Install 11786) (Version: - )
thesettlers6 (HKLM-x32\...\Uplay Install 11787) (Version: - Ubisoft)
thesettlers7 (HKLM-x32\...\Uplay Install 11788) (Version: - Ubisoft)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 68.0 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
User Experience Improvement Program Service (HKLM\...\{E9495FD3-F73D-4D33-A104-047F9E8BE6C7}) (Version: 4.00.3106 - Acer Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
Windows 10-Update-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.2183 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows-Treiberpaket - Cambridge Silicon Radio Ltd. (CSRBC) USB (11/27/2020 2.5.5.9) (HKLM\...\6A50C99E75CE49370D2FB6BD3959E25A02A0751A) (Version: 11/27/2020 2.5.5.9 - Cambridge Silicon Radio Ltd.)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Packages:
=========
Acer Collection S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCollectionS_1.0.3004.0_x64__48frkmn4z8aw4 [2021-11-21] (Acer Incorporated)
Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3040.0_x64__48frkmn4z8aw4 [2022-10-11] (Acer Incorporated)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.90.2.0_x64__kgqvnymyfvs32 [2022-10-11] (king.com)
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3042.0_x64__48frkmn4z8aw4 [2022-10-25] (Acer Incorporated)
Dropbox-Sonderaktion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_22.4.18.0_x64__xbfy0k16fey96 [2022-09-07] (Dropbox Inc.)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.89.8.0_x64__kgqvnymyfvs32 [2022-10-15] (king.com)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation)
GoTrust ID -> C:\Program Files\WindowsApps\GOTrustTechnologyInc.GO-TrustAuthenticator_3.1.21.0_x64__0r04f53sqacg6 [2020-12-03] (GoTrustID Inc.)
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.13.101.0_x64__kx24dqmazqk8j [2022-10-08] (Random Salad Games LLC)
Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-04-22] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-19] (INTEL CORP)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2020-01-12] (LinkedIn)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-12] (Microsoft Corporation)
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2022-10-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2022-10-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-10-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-10-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-09-17] (Microsoft Studios) [MS Ad]
Movie & Audio Studio -> C:\Program Files\WindowsApps\MAGIXSoftwareGmbH.MovieAudioStudio_1.1.4.0_x64__awcgk3qbzve1y [2019-10-27] (MAGIX Software GmbH)
MPEG-2-Videoerweiterung -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-02] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-20] (Netflix, Inc.)
Norton Password Manager -> C:\Program Files\WindowsApps\SymantecCorporation.5478111E43ACF_7.2.1.0_neutral__v68kp9n051hdp [2021-06-13] (NortonLifeLock Inc.)
Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.14.3.0_neutral__v68kp9n051hdp [2021-03-11] (NortonLifeLock Inc.)
ntv Nachrichten -> C:\Program Files\WindowsApps\n-tvNachrichtenfernsehenG.n-tvNachrichten_2.8.0.0_x64__hf9cm24zcg85p [2020-01-05] (n-tv Nachrichtenfernsehen GmbH)
PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292 [2019-10-27] (CYBERLINK COM CORP)
PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2019-10-27] (CYBERLINK COM CORP)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3038.0_x64__48frkmn4z8aw4 [2022-02-11] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.14.226.0_x64__dt26b99r8h8gj [2020-09-22] (Realtek Semiconductor Corp)
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_6.3.81.0_x64__kx24dqmazqk8j [2022-10-25] (Random Salad Games LLC)
Solitär -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.14.0_x64__kx24dqmazqk8j [2022-10-25] (Random Salad Games LLC)
Spades -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.Spades_6.1.120.0_x64__kx24dqmazqk8j [2022-10-03] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0 [2022-10-15] (Spotify AB) [Startup Task]
User Experience Improvement Program -> C:\Program Files\WindowsApps\AcerIncorporated.UserExperienceImprovementProgram_4.0.3106.0_x64__48frkmn4z8aw4 [2019-10-27] (Acer Incorporated)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-568082222-3395335121-1670124993-1001_Classes\CLSID\{E1159E6E-9613-4159-BCB9-7174056EE486}\InprocServer32 -> C:\Program Files\Mozilla Firefox\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-06-20] (Intel(R) Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.9.11\buShell.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.9.11\buShell.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.9.11\buShell.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.9.11\buShell.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.9.11\buShell.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.9.11\buShell.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.9.11\buShell.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.9.11\NavShExt.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.9.11\NavShExt.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-06-20] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.9.11\buShell.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.9.11\NavShExt.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\uh-sh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Profil 2 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2020-11-27 04:38 - 2020-11-27 04:38 - 000961536 _____ () [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll
2020-11-27 04:38 - 2020-11-27 04:38 - 001446400 _____ () [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2022-09-20 09:35 - 2022-09-20 09:35 - 000073216 _____ () [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2020-11-18 10:14 - 2020-11-18 10:14 - 117340672 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\libcef.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 000323072 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\libegl.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 005441536 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\libglesv2.dll
2022-09-20 09:35 - 2022-09-20 09:35 - 001976832 _____ (Apache Software Foundation) [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2022-09-20 09:41 - 2022-09-20 09:41 - 000234496 _____ (Dynastream Innovations Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2022-09-20 09:35 - 2022-09-20 09:35 - 002711552 _____ (Garmin International) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000343552 _____ (Garmin International, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2022-09-20 09:35 - 2022-09-20 09:35 - 000425472 _____ (Garmin) [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2022-09-20 09:39 - 2022-09-20 09:39 - 000090112 _____ (Silicon Laboratories, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2020-11-18 08:39 - 2020-11-18 08:39 - 000843264 _____ (The Chromium Authors) [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-568082222-3395335121-1670124993-1001 -> DefaultScope {EB9EE7C9-E85E-4C04-AF17-4C336F1E187A} URL =
SearchScopes: HKU\S-1-5-21-568082222-3395335121-1670124993-1001 -> {EB9EE7C9-E85E-4C04-AF17-4C336F1E187A} URL =
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.22.9.11\coIEPlg.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.22.9.11\coIEPlg.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.22.9.11\coIEPlg.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.22.9.11\coIEPlg.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\uh-sh\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\IMG_20210527_115333_HDR.jpg
DNS Servers: 10.0.3.1 - 10.0.3.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
Network Binding:
=============
WLAN: AVM VPN NDIS 6 Driver -> avm_nwim (enabled)
Ethernet: AVM VPN NDIS 6 Driver -> avm_nwim (enabled)
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\StartupApproved\Run: => "GarminExpress"
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_188D618001D97FF9308576AE61889BA3"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{63E32948-C136-4C8D-A2B6-D77BAD96C100}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\106.0.1370.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C48DF7B4-F4EF-4A69-A545-E502BDE40998}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DB1382C9-3C31-438D-A99D-ECA7DFDE40B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B81C8B33-674B-42C9-BE38-F0CB10B05CFE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FAB68B6F-2EDC-419B-B62D-9E286DD6A371}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5930ADDD-F81D-471C-94E9-48E440804473}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{583F828E-ADFE-4F05-9A81-87B947241DA8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{09B5D30A-BA69-468B-A4BB-65E023646B04}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0315E634-162A-403E-A72A-6833D0C3CBBA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1FFC9FB8-EA25-488B-A5AE-5ECE9E6E7359}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{67232343-84E2-4C71-95B9-56D47450B334}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{95DDF05D-31E2-4B25-B0B2-64D34DF1BC09}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A12B2912-BBA5-46A2-9D08-72B0495DAF72}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EB32C0EE-DB16-478D-BFAD-AFD3487AB14C}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{76175A68-2EBA-46AA-B56A-1EAB931DA9B3}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{6AA611C6-BC30-4566-919D-CA5CFCB41CEA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{88BD4A24-27B8-4072-8611-121A6EFC167B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{10D75891-9BF1-4CD9-B84B-6D14B6635AFD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{E67DCF11-AF86-4CC1-BC53-CB7634B23795}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => Keine Datei
FirewallRules: [{996E76A9-8AD3-4449-B35E-4859AD72690F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => Keine Datei
FirewallRules: [{EB56911A-3FAA-4787-B897-A4E099D790EE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [TCP Query User{518CB87B-3049-4A02-BB01-08787706AF53}C:\users\uh-sh\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\uh-sh\appdata\roaming\spotify\spotify.exe => Keine Datei
FirewallRules: [UDP Query User{03BA1F8C-DF95-412C-9A2B-7D46AA20AC5B}C:\users\uh-sh\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\uh-sh\appdata\roaming\spotify\spotify.exe => Keine Datei
FirewallRules: [{9CA8C1E7-01BC-4F1E-B42C-8A5EB45C10B8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Wiederherstellungspunkte =========================
25-10-2022 13:39:04 Windows Modules Installer
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (10/25/2022 01:30:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -1409.
Systemfehler:
=============
Error: (10/25/2022 01:50:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (10/25/2022 01:50:07 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\uh-sh\AppData\Local\Temp\ehdrv.sys
Error: (10/25/2022 01:50:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (10/25/2022 01:50:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\uh-sh\AppData\Local\Temp\ehdrv.sys
Error: (10/25/2022 01:50:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (10/25/2022 01:50:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\uh-sh\AppData\Local\Temp\ehdrv.sys
Error: (10/25/2022 01:50:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (10/25/2022 01:50:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\uh-sh\AppData\Local\Temp\ehdrv.sys
CodeIntegrity:
===============
Date: 2022-10-26 08:31:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Mozilla Firefox\mozavcodec.dll that did not meet the Microsoft signing level requirements.
Date: 2022-10-26 08:31:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Mozilla Firefox\mozavutil.dll that did not meet the Microsoft signing level requirements.
Date: 2022-10-26 08:25:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.22.9.11\symamsi.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
BIOS: Insyde Corp. V1.05 09/05/2019
Hauptplatine: CML Dopey_WC
Prozessor: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz
Prozentuale Nutzung des RAM: 70%
Installierter physikalischer RAM: 8023.05 MB
Verfügbarer physikalischer RAM: 2356.3 MB
Summe virtueller Speicher: 9303.05 MB
Verfügbarer virtueller Speicher: 2949.39 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:475.83 GB) (Free:177.75 GB) (Model: WDC PC SN520 SDAPNUW-512G-1014) NTFS
Drive d: (The Settlers History Edition) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
\\?\Volume{dfc3fb7b-15dd-4953-9871-4d6591573a2c}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.42 GB) NTFS
\\?\Volume{93bf6021-1beb-4e50-b38c-2f2cbc23b483}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partitionstabelle ====================
==================== Ende von Addition.txt =======================
Grüße Jens |
|
26.10.2022, 08:30
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Phishing SMS nach Onlinebanking Edit: diesen Schrott von Norton bitte umgehend deinstallieren. Windows 10 hat bereits alles dabei: Windows Defender und Windows Firewall.
__________________Und bitte mal den Zusammenhang zwischen Phone und Rechner erklären.
__________________ |
|
26.10.2022, 08:43
| #3 |
| | Phishing SMS nach Onlinebanking Zusammenhang zwischen Phone und Rechner ist das Push Tan verfahren. Ich mache sozusagen Onlinebanking am Rechner und gebe die Überweisung dann am Smartphone frei.
__________________Ok, werde Norton deinstallieren. Hatte jetzt nicht gedacht das es so ein schlechtes Programm ist. Gruß Jens |
|
26.10.2022, 09:16
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Phishing SMS nach Onlinebanking Ich weiß nicht ob das so clever ist, das über ein Smartphone zu machen. Die Dinger sind aus meiner Sicht zu komplex und daher nicht wirklich für Sicherheit geeignet. Ich nehm lieber "einfache" Geräte wie TAN-Generatoren für das Smart-TAN-Optic Verfahren. Man macht dabei ganz normal Onlinebanking im Browser und logt sich ein, macht die Überweisung, aber die TAN erzeugt man, indem man dieses Gerät auf dem Flackercode auf dem Bildschirm hält. Darin wird nochmal IBAN und Geldbetrag angezeigt und dann die TAN errechnet. Übrigens ist nicht nur Norton ein schlechtes Programm. Über viele Jahre hat sich immer wieder herausgestellt, dass Programme wie Norton, Kaspersky oder Avast/Avira völlig unnötig bis kontraproduktiv sind. Und was mich immer besonders stört: es wird immer so getan als wenn man nur eins dieser Programme installieren müsse damit man dann fortan hirnlos am PC arbeiten und auf alles klicken kann was nicht bei drei aufm Baum ist  Natürlich schützt auch nicht der Windows Defender vor alles. Das kann prinzipbedingt KEIN Virenscanner. Aber der Windows Defender ist bestens in Windows von Microsoft eingebaut und macht am wenigsten Probleme. Bitte auch noch das hier deinstallieren: Acer Configuration Manager Acer Jumpstart App Explorer Google Chrome (durch Firefox ersetzen)
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.10.2022, 09:56
| #5 |
| | Phishing SMS nach Onlinebanking Habe die Programme deinstalliert. Das Pushtan Verfahren wurde mir so von meiner Bank vorgeschlagen. Früher hatte ich auch ein Tan Generator. Werde mal nachfragen ob ich wieder einen bekommen kann. Aus Fehlern soll man ja schließlich lernen.  Das diese Antiviren Programme so ein schlechten ruf haben wusste ich nicht. Ich hatte gedacht ich tue mir damit was gutes.  |
|
26.10.2022, 09:58
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Phishing SMS nach Onlinebanking adwCleaner Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags. adwcleaner bitte wiederholen falls es Funde gab.
__________________ --> Phishing SMS nach Onlinebanking |
|
26.10.2022, 10:34
| #7 |
| | Phishing SMS nach Onlinebanking Hier dier ersten beiden Logs. Scan Log: Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-26-2022
# Duration: 00:00:03
# OS: Windows 10 (Build 19045.2130)
# Scanned: 32076
# Detected: 36
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
Adware.pokki C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Adware.pokki C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service
***** [ Files ] *****
Adware.pokki C:\Windows\System32\Tasks_Migrated\App Explorer
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
Adware.pokki HKU\S-1-5-19\Software\Host App Service
Adware.pokki HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki HKU\S-1-5-20\Software\Host App Service
Adware.pokki HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
PUP.Optional.Legacy HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.AcerCareCenter Folder C:\Program Files (x86)\ACER\CARE CENTER
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37E3D3EF-8440-4FCB-BBC4-E4FC02B3F201}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{112D7772-4A30-4576-B5A6-8242C2DA33E4}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37E3D3EF-8440-4FCB-BBC4-E4FC02B3F201}
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent
Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication
Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AFB52E98-7597-4484-9202-58F0FD3512ED}
Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCAGENT
Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION
Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C7B859F-E3E6-48B3-9126-65A1F646FD51}
Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4840122-7E50-4ED7-80CB-EBF7E6ED04C0}
Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Power Button
Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Quick Access
Preinstalled.AcerQuickAccess Task C:\Windows\System32\Tasks\POWER BUTTON
Preinstalled.AcerQuickAccess Task C:\Windows\System32\Tasks\QUICK ACCESS
Preinstalled.AcerQuickAccessService Folder C:\Program Files\ACER\QUICK ACCESS SERVICE
Preinstalled.AcerQuickAccessService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AB25551C-74EF-4BAB-9989-891517FCF9FF}
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D76ECA7B-AFD0-46ED-8E5D-B0BFF5B65A85}
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF60A18C-C318-4169-AEDF-DE01089FE714}
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UEIPInvitation
Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService
Preinstalled.AcerUEIPFramework Task C:\Windows\System32\Tasks\UBTFRAMEWORKSERVICE
Preinstalled.AcerUEIPFramework Task C:\Windows\System32\Tasks\UEIPINVITATION
Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER
Preinstalled.UserExperienceImprovementProgramService Folder C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM SERVICE\FRAMEWORK
Preinstalled.UserExperienceImprovementProgramService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9495FD3-F73D-4D33-A104-047F9E8BE6C7}
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-26-2022
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.2130)
# Cleaned: 10
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Deleted C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service
***** [ Files ] *****
Deleted C:\Windows\System32\Tasks_Migrated\App Explorer
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
Deleted HKLM\Software\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKLM\Software\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Deleted HKU\S-1-5-19\Software\Host App Service
Deleted HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Deleted HKU\S-1-5-20\Software\Host App Service
Deleted HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
No Preinstalled Software cleaned.
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [5571 octets] - [26/10/2022 11:05:36]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Scan Log: Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 10-26-2022
# Duration: 00:00:03
# OS: Windows 10 (Build 19045.2130)
# Scanned: 32081
# Detected: 0
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
AdwCleaner[S00].txt - [5571 octets] - [26/10/2022 11:05:36]
AdwCleaner[C00].txt - [2360 octets] - [26/10/2022 11:09:43]
AdwCleaner[S01].txt - [4758 octets] - [26/10/2022 11:15:28]
AdwCleaner[S02].txt - [4819 octets] - [26/10/2022 11:21:28]
AdwCleaner[C02].txt - [5345 octets] - [26/10/2022 11:22:02]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S03].txt ##########
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-26-2022
# Duration: 00:00:01
# OS: Windows 10 (Build 19045.2130)
# Cleaned: 26
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
No malicious folders cleaned.
***** [ Files ] *****
No malicious files cleaned.
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
No malicious tasks cleaned.
***** [ Registry ] *****
No malicious registry entries cleaned.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.AcerCareCenter Folder C:\Program Files (x86)\ACER\CARE CENTER
Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37E3D3EF-8440-4FCB-BBC4-E4FC02B3F201}
Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{112D7772-4A30-4576-B5A6-8242C2DA33E4}
Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37E3D3EF-8440-4FCB-BBC4-E4FC02B3F201}
Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCAgent
Deleted Preinstalled.AcerCareCenter Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ACCBackgroundApplication
Deleted Preinstalled.AcerCareCenter Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AFB52E98-7597-4484-9202-58F0FD3512ED}
Deleted Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCAGENT
Deleted Preinstalled.AcerCareCenter Task C:\Windows\System32\Tasks\ACCBACKGROUNDAPPLICATION
Deleted Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C7B859F-E3E6-48B3-9126-65A1F646FD51}
Deleted Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4840122-7E50-4ED7-80CB-EBF7E6ED04C0}
Deleted Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Power Button
Deleted Preinstalled.AcerQuickAccess Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Quick Access
Deleted Preinstalled.AcerQuickAccess Task C:\Windows\System32\Tasks\POWER BUTTON
Deleted Preinstalled.AcerQuickAccess Task C:\Windows\System32\Tasks\QUICK ACCESS
Deleted Preinstalled.AcerQuickAccessService Folder C:\Program Files\ACER\QUICK ACCESS SERVICE
Deleted Preinstalled.AcerQuickAccessService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AB25551C-74EF-4BAB-9989-891517FCF9FF}
Deleted Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D76ECA7B-AFD0-46ED-8E5D-B0BFF5B65A85}
Deleted Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF60A18C-C318-4169-AEDF-DE01089FE714}
Deleted Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UEIPInvitation
Deleted Preinstalled.AcerUEIPFramework Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UbtFrameworkService
Deleted Preinstalled.AcerUEIPFramework Task C:\Windows\System32\Tasks\UBTFRAMEWORKSERVICE
Deleted Preinstalled.AcerUEIPFramework Task C:\Windows\System32\Tasks\UEIPINVITATION
Deleted Preinstalled.AcerUpdater Folder C:\ProgramData\ACER\ACER UPDATER
Deleted Preinstalled.UserExperienceImprovementProgramService Folder C:\Program Files\ACER\USER EXPERIENCE IMPROVEMENT PROGRAM SERVICE\FRAMEWORK
Deleted Preinstalled.UserExperienceImprovementProgramService Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E9495FD3-F73D-4D33-A104-047F9E8BE6C7}
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
AdwCleaner[S00].txt - [5571 octets] - [26/10/2022 11:05:36]
AdwCleaner[C00].txt - [2360 octets] - [26/10/2022 11:09:43]
AdwCleaner[S01].txt - [4758 octets] - [26/10/2022 11:15:28]
AdwCleaner[S02].txt - [4819 octets] - [26/10/2022 11:21:28]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
Jens |
|
26.10.2022, 10:39
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Phishing SMS nach Onlinebanking Findet adwCleaner jetzt noch was?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.10.2022, 11:01
| #9 |
| | Phishing SMS nach Onlinebanking Nein, nachdem ich auch die Vorinstallierten Programme in die Quarantäne verschoben habe findet er nix mehr. Sorry etwas unübersichtlich durch meine ganzen Scan und Clean Logs. Gruß Jens |
|
26.10.2022, 11:31
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Phishing SMS nach Onlinebanking Dann bitte jetzt ne neue Addition.txt und FRST.txt
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.10.2022, 11:55
| #11 |
| | Phishing SMS nach Onlinebanking FRST Log: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-10-2022
durchgeführt von uh-sh (Administrator) auf LAPTOP-G9EUU80D (Acer Aspire A317-51) (26-10-2022 12:35:00)
Gestartet von C:\Users\uh-sh\Downloads
Geladene Profile: uh-sh
Plattform: Microsoft Windows 10 Home Version 22H2 19045.2130 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
() <==== ACHTUNG [Null Byte Datei/Ordner] C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe#2260DB8D655AA06F
() <==== ACHTUNG [Null Byte Datei/Ordner] C:\Program Files\Acer\Quick Access Service\QAAgent.exe#8CE0E0F2CA818898
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <13>
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(sihost.exe ->) (Acer Incorporated) C:\Program Files\WindowsApps\AcerIncorporated.AcerCollectionS_1.0.3004.0_x64__48frkmn4z8aw4\DesktopApp\ACEStd.exe
(svchost.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxext.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321112 2019-06-28] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1138992 2020-08-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\Run: [MicrosoftEdgeAutoLaunch_188D618001D97FF9308576AE61889BA3] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3852232 2022-10-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31297304 2022-09-20] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {190F9DE4-BE89-44B1-BB72-88D450332586} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {21236DC1-D4F4-4B77-8934-32CEAFECC589} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {375DB2AD-4E10-4982-8B2C-58E4A8C824FD} - System32\Tasks\Norton Security Ultra\Norton Security Ultra Autofix => C:\Program Files\Norton Security\Engine\22.20.1.69\SymErr.exe /ui (Keine Datei)
Task: {3F54D0BC-C11B-4712-A220-B6AC1F7AB822} - System32\Tasks\CareCenter\1013268F08166E907EB03C619157FCD238B2D833._service_run_Reg_HKCURun_S-1-5-21-568082222-3395335121-1670124993-1001 => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [3852232 2022-10-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {435BE798-D706-468E-AA70-06F88ABCB344} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4C60E4B7-A209-488F-B9FC-F3C2C1AA584F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4E12590A-495C-4C88-AFEC-B8A53F5E3EA6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {6D151AB8-B798-4523-A945-33295FDE8593} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26165176 2022-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {6E978709-4758-46EF-B52E-25D1A457FBD0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143232 2022-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {6EB23526-5511-4CFC-BC67-F4C176EE7C56} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26165176 2022-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {7CD24B9F-D276-4413-AA49-F0E5D1CD5EAF} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto (Keine Datei)
Task: {A0574253-0519-4329-A911-CF98D6EDA163} - System32\Tasks\Norton Security Ultra\Norton Security Ultra Error Analyzer => C:\Program Files\Norton Security\Engine\22.20.1.69\SymErr.exe /analyze (Keine Datei)
Task: {C3DBB666-F4B8-4ABF-BEA6-5C9D013659FC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MpCmdRun.exe [1348368 2022-10-26] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C51304F4-16FB-4195-8FAA-C353B3D3EC81} - System32\Tasks\Norton Security Ultra\Norton Security Ultra Error Processor => C:\Program Files\Norton Security\Engine\22.20.1.69\SymErr.exe /submit (Keine Datei)
Task: {C5C7B78F-C18D-4CAF-A3FA-68717A316204} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [65448 2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {E2CB4EFB-95A8-4295-AFFA-1B6E3E53F394} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [29464 2022-09-20] (Garmin International, Inc. -> )
Task: {E591BC4B-3AF0-4391-9163-8C2090F9C00F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143232 2022-10-15] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 10.0.3.1 10.0.3.2
Tcpip\..\Interfaces\{4bb4cf8c-7dbf-4de7-aba9-d60be4adbc1e}: [DhcpNameServer] 10.0.3.1 10.0.3.2
Tcpip\..\Interfaces\{780540a4-858e-4639-927a-563f5c2691cd}: [DhcpNameServer] 192.168.178.1
Edge:
=======
DownloadDir: C:\Users\uh-sh\Downloads
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Norton Password Manager) -> EdgeExtension_SymantecCorporation5478111E43ACF_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.5478111E43ACF_6.7.4.0_neutral__v68kp9n051hdp [nicht gefunden]
Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.11.5.0_neutral__v68kp9n051hdp [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-19]
Edge StartupUrls: Default -> "hxxp://www.google.de/"
Edge Extension: (Norton Safe Web) - C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2021-09-08]
Edge Extension: (Norton Password Manager) - C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimkankpnkg [2021-09-11]
Edge Profile: C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-10-26]
Edge Extension: (Norton Safe Web) - C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2022-10-26]
FireFox:
========
FF DefaultProfile: 09g39tl6.default
FF ProfilePath: C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default [2022-10-26]
FF Extension: (German Dictionary, extended for Austria) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\de-AT@dictionaries.addons.mozilla.org.xpi [2020-07-07]
FF Extension: (German Dictionary (Switzerland)) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\de-CH@dictionaries.addons.mozilla.org.xpi [2020-07-07]
FF Extension: (German Dictionary) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\de-DE@dictionaries.addons.mozilla.org.xpi [2020-07-07]
FF Extension: (German dictionary (de_DE)) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\de_DE@dicts.j3e.de.xpi [2020-01-06]
FF Extension: (Norton Password Manager) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\idsafe@norton.com.xpi [2022-10-25]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2022-10-25]
FF Extension: (Norton Safe Search) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2022-10-25] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds_modified/updates.json]
FF Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2021-06-27] [UpdateUrl:hxxps://tools.google.com/service/update2/ff?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\uh-sh\AppData\Local\Google\Chrome\User Data\Default [2022-10-26]
CHR StartupUrls: Default -> "hxxps://webmail.htp.net/appsuite/ui#!!&app=io.ox/mail&folder=default1/INBOX","hxxps://email.t-online.de/em"
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?FORM=XCSRDF&q={searchTerms}&PC=XC03
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}
CHR Extension: (Norton Password Manager) - C:\Users\uh-sh\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2022-09-15]
CHR Extension: (Norton Safe Web) - C:\Users\uh-sh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2022-10-26]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\uh-sh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-20]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
S2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12477344 2022-10-15] (Microsoft Corporation -> Microsoft Corporation)
S2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [6108344 2021-07-13] (devolo AG -> devolo AG)
S2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe [3170576 2022-10-26] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe [133584 2022-10-26] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 ACCSvc; "C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe" [X]
S3 QALSvc; "C:\Program Files\Acer\Quick Access Service\QALSvc.exe" [X]
S3 QASvc; "C:\Program Files\Acer\Quick Access Service\QASvc.exe" [X]
S3 UEIPSvc; "C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
R1 avm_nwim; C:\WINDOWS\system32\DRIVERS\avmnwim.sys [396088 2017-03-17] (WDKTestCert shuebner,130916460956458304 -> AVM)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R3 MpKsl64cc0261; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{10DB87AA-C415-4E74-8342-7C2047175C8D}\MpKslDrv.sys [228632 2022-10-26] (Microsoft Windows -> Microsoft Corporation)
R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [36496 2021-07-13] (devolo AG -> Riverbed Technology, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49616 2022-10-26] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [455968 2022-10-26] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-10-26] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-10-26 12:34 - 2022-10-26 12:34 - 002373632 _____ (Farbar) C:\Users\uh-sh\Downloads\FRST64(1).exe
2022-10-26 11:10 - 2022-10-26 11:10 - 000002360 _____ C:\Users\uh-sh\Desktop\AdwCleaner[C00].txt
2022-10-26 11:04 - 2022-10-26 11:09 - 000000000 ____D C:\AdwCleaner
2022-10-26 11:04 - 2022-10-26 11:04 - 008791352 _____ (Malwarebytes) C:\Users\uh-sh\Downloads\adwcleaner.exe
2022-10-26 11:03 - 2022-10-26 11:03 - 000009042 _____ C:\Users\uh-sh\Desktop\bookmarks_26.10.22.html
2022-10-26 10:28 - 2022-10-26 10:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Oem
2022-10-26 09:26 - 2022-10-26 10:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2022-10-26 09:17 - 2022-10-26 09:24 - 000085301 _____ C:\Users\uh-sh\Desktop\Neues Textdokument.txt
2022-10-26 08:38 - 2022-10-26 08:38 - 000038206 _____ C:\Users\uh-sh\Desktop\Addition.txt
2022-10-26 08:37 - 2022-10-26 08:37 - 000045815 _____ C:\Users\uh-sh\Desktop\FRST.txt
2022-10-26 08:33 - 2022-10-26 08:34 - 000038206 _____ C:\Users\uh-sh\Downloads\Addition.txt
2022-10-26 08:32 - 2022-10-26 12:35 - 000017917 _____ C:\Users\uh-sh\Downloads\FRST.txt
2022-10-26 08:32 - 2022-10-26 12:35 - 000000000 ____D C:\FRST
2022-10-26 08:32 - 2022-10-26 08:32 - 002373632 _____ (Farbar) C:\Users\uh-sh\Downloads\FRST64.exe
2022-10-25 15:00 - 2022-10-25 15:00 - 078858285 _____ C:\Users\uh-sh\Downloads\Acer Care Center_Acer_4.00.3042_W10x64_A.zip
2022-10-25 15:00 - 2022-10-25 15:00 - 000096096 _____ C:\Users\uh-sh\Downloads\SerialNumberDetectionTool.exe
2022-10-25 14:55 - 2022-10-25 14:55 - 000000608 _____ C:\Users\uh-sh\Desktop\eset.txt
2022-10-25 14:30 - 2022-10-25 13:35 - 000000000 ____D C:\Windows.old
2022-10-25 13:45 - 2022-10-25 13:45 - 014562400 _____ (ESET spol. s r.o.) C:\Users\uh-sh\Downloads\ESETOnlineScanner_DEU.exe
2022-10-25 13:45 - 2022-10-25 13:45 - 000000773 _____ C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-10-25 13:45 - 2022-10-25 13:45 - 000000000 ____D C:\Users\uh-sh\AppData\Local\ESET
2022-10-25 13:44 - 2022-10-25 13:44 - 000002224 _____ C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2022-10-25 13:44 - 2022-10-25 13:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-10-25 13:38 - 2022-10-26 11:16 - 001722998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-25 13:38 - 2022-10-25 13:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-10-25 13:38 - 2022-10-25 13:38 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-10-25 13:37 - 2022-10-25 13:37 - 000000020 ___SH C:\Users\uh-sh\ntuser.ini
2022-10-25 13:35 - 2022-10-26 11:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-25 13:35 - 2022-10-25 13:35 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2022-10-25 13:35 - 2022-10-25 13:35 - 000007623 _____ C:\WINDOWS\diagerr.xml
2022-10-25 13:35 - 2022-10-25 13:35 - 000004302 _____ C:\WINDOWS\system32\Tasks\Software Update Application
2022-10-25 13:35 - 2022-10-25 13:35 - 000003684 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-10-25 13:35 - 2022-10-25 13:35 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-10-25 13:35 - 2022-10-25 13:35 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-568082222-3395335121-1670124993-1001
2022-10-25 13:35 - 2022-10-25 13:35 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-568082222-3395335121-1670124993-1001
2022-10-25 13:35 - 2022-10-25 13:35 - 000002852 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-568082222-3395335121-1670124993-500
2022-10-25 13:35 - 2022-10-25 13:35 - 000002730 _____ C:\WINDOWS\system32\Tasks\ACC
2022-10-25 13:35 - 2022-10-25 13:35 - 000002702 _____ C:\WINDOWS\system32\Tasks\GarminUpdaterTask
2022-10-25 13:35 - 2022-10-25 13:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Security Ultra
2022-10-25 13:35 - 2022-10-25 13:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2022-10-25 13:35 - 2022-10-25 13:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\CareCenter
2022-10-25 13:30 - 2022-10-26 12:33 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-25 13:30 - 2022-10-25 13:30 - 000437344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-25 13:18 - 2022-10-25 14:30 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-10-25 13:17 - 2022-10-25 13:37 - 000000000 ____D C:\Users\uh-sh
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Vorlagen
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Startmenü
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Netzwerkumgebung
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Lokale Einstellungen
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Eigene Dateien
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Druckumgebung
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Documents\Eigene Videos
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Documents\Eigene Musik
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Documents\Eigene Bilder
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\AppData\Local\Verlauf
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\AppData\Local\Anwendungsdaten
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Anwendungsdaten
2022-10-25 13:17 - 2019-12-07 11:10 - 000001105 _____ C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-25 13:16 - 2022-10-25 13:18 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-10-25 13:11 - 2022-10-25 13:11 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-10-25 13:11 - 2022-10-25 13:11 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-10-25 13:11 - 2022-10-25 13:11 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-25 13:11 - 2022-10-25 13:11 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-10-25 13:11 - 2022-10-25 13:11 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-10-25 13:11 - 2022-10-25 13:11 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-10-25 13:11 - 2022-10-25 13:11 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-25 13:03 - 2022-10-25 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2022-10-25 13:03 - 2022-10-25 13:03 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-10-25 13:03 - 2022-10-25 13:03 - 000000000 ____D C:\Program Files\MSBuild
2022-10-25 13:03 - 2022-10-25 13:03 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-10-25 13:03 - 2022-10-25 13:03 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-10-25 13:00 - 2022-10-25 13:00 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-10-25 12:55 - 2022-10-26 10:33 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-10-25 12:55 - 2022-10-25 13:37 - 000000000 ___DC C:\WINDOWS\Panther
2022-10-25 12:53 - 2022-10-25 12:55 - 000000036 _____ C:\WINDOWS\progress.ini
2022-10-15 16:10 - 2022-10-15 16:10 - 000000000 ___HD C:\$WinREAgent
2022-10-11 17:43 - 2022-10-11 17:43 - 000272595 _____ C:\Users\uh-sh\Downloads\Simulationsrechnung_1665503007320.pdf
2022-10-11 17:08 - 2022-10-11 17:08 - 000272292 _____ C:\Users\uh-sh\Downloads\Marktwertermittlung_Finke.pdf
2022-10-09 14:48 - 2022-10-09 14:48 - 000062291 _____ C:\Users\uh-sh\Downloads\Quartalsauszug 3. Quartal 2022 _ UnionDepot 20261608_2285448845.pdf
2022-10-05 18:33 - 2022-10-05 18:33 - 000077242 _____ C:\Users\uh-sh\Downloads\63109204_2022_Mitteilung_vom_04.10.2022_20221005183332.pdf
2022-10-05 18:33 - 2022-10-05 18:33 - 000076498 _____ C:\Users\uh-sh\Downloads\6310920400_2022_Mitteilung_vom_30.09.2022_20221005183323.pdf
2022-10-03 12:12 - 2022-10-03 12:12 - 000098627 _____ C:\Users\uh-sh\Downloads\393621000_2022_Nr.009_Kontoauszug_vom_30.09.2022_20221003121209.pdf
2022-10-03 12:09 - 2022-10-03 12:09 - 000331158 _____ C:\Users\uh-sh\Downloads\3936210_2022_AGB- und Sonderbedingungen Anschreiben_vom_27.09.2022_20221003120851.pdf
2022-10-03 12:08 - 2022-10-03 12:08 - 000098627 _____ C:\Users\uh-sh\Downloads\393621000_2022_Nr.009_Kontoauszug_vom_30.09.2022_20221003120753.pdf
2022-09-28 16:40 - 2022-09-28 16:40 - 000331158 _____ C:\Users\uh-sh\Downloads\3936210_2022_AGB- und Sonderbedingungen Anschreiben_vom_27.09.2022_20220928164034.pdf
2022-09-27 18:14 - 2022-09-27 18:14 - 000001967 _____ C:\Users\Public\Desktop\Garmin Express.lnk
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-10-26 12:33 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-26 11:23 - 2020-01-04 23:26 - 000000000 ____D C:\Users\uh-sh\AppData\LocalLow\Mozilla
2022-10-26 11:22 - 2019-10-27 01:40 - 000000000 ____D C:\Program Files\Acer
2022-10-26 11:22 - 2019-10-27 01:37 - 000000000 ____D C:\ProgramData\Acer
2022-10-26 11:22 - 2019-10-27 01:37 - 000000000 ____D C:\Program Files (x86)\Acer
2022-10-26 11:22 - 2019-10-27 00:54 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2022-10-26 11:16 - 2019-12-07 16:50 - 000744794 _____ C:\WINDOWS\system32\perfh007.dat
2022-10-26 11:16 - 2019-12-07 16:50 - 000150180 _____ C:\WINDOWS\system32\perfc007.dat
2022-10-26 11:16 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2022-10-26 11:12 - 2021-02-28 12:49 - 000008192 ___SH C:\DumpStack.log.tmp
2022-10-26 11:12 - 2020-01-04 22:21 - 000000000 __SHD C:\Users\uh-sh\IntelGraphicsProfiles
2022-10-26 11:12 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-10-26 11:12 - 2019-10-27 00:54 - 000000000 ___HD C:\Intel
2022-10-26 11:11 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-10-26 11:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-10-26 11:03 - 2022-03-20 11:21 - 000000000 ____D C:\Program Files (x86)\Google
2022-10-26 10:43 - 2021-03-31 19:22 - 000803176 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2022-10-26 10:33 - 2019-10-27 01:46 - 000000000 ____D C:\ProgramData\Norton
2022-10-26 10:33 - 2019-10-27 01:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-10-26 10:32 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-10-26 10:20 - 2020-01-04 22:26 - 000000000 ____D C:\Users\uh-sh\AppData\Local\OEM
2022-10-26 08:29 - 2020-01-04 22:23 - 000000000 ____D C:\Users\uh-sh\AppData\Local\PlaceholderTileLogoFolder
2022-10-26 08:29 - 2020-01-04 22:21 - 000000000 ____D C:\Users\uh-sh\AppData\Local\Packages
2022-10-26 08:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-26 08:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat
2022-10-25 14:30 - 2021-11-08 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
2022-10-25 14:30 - 2021-05-30 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2022-10-25 14:30 - 2020-09-03 19:40 - 000000000 ____D C:\Program Files\UNP
2022-10-25 14:30 - 2020-07-10 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo
2022-10-25 14:30 - 2020-06-07 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-10-25 14:30 - 2020-03-15 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2022-10-25 14:30 - 2020-01-30 21:03 - 000000000 ____D C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky Ticket
2022-10-25 14:30 - 2020-01-05 15:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-25 14:30 - 2020-01-05 04:04 - 000000000 ____D C:\WINDOWS\oem
2022-10-25 14:30 - 2019-12-07 11:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-10-25 14:30 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-10-25 14:30 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\spool
2022-10-25 14:30 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-10-25 14:30 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-10-25 14:30 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-10-25 14:30 - 2019-10-27 01:46 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 14
2022-10-25 14:30 - 2019-10-27 01:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2022-10-25 14:30 - 2019-10-27 01:21 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2022-10-25 14:30 - 2019-10-27 01:01 - 000000000 ____D C:\Program Files\Intel
2022-10-25 14:30 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-10-25 13:44 - 2022-02-13 15:54 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-10-25 13:44 - 2021-08-28 10:39 - 000000000 ____D C:\Users\uh-sh\AppData\LocalLow\Norton
2022-10-25 13:44 - 2019-10-27 01:40 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-10-25 13:41 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-10-25 13:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-25 13:39 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-25 13:37 - 2020-01-04 22:21 - 000000000 ___RD C:\Users\uh-sh\3D Objects
2022-10-25 13:37 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-10-25 13:37 - 2019-10-27 00:57 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-10-25 13:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-25 13:35 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows NT
2022-10-25 13:35 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-10-25 13:32 - 2019-12-07 11:14 - 000000000 __RSD C:\WINDOWS\Media
2022-10-25 13:31 - 2019-10-27 01:32 - 000000000 ____D C:\WINDOWS\system32\Intel
2022-10-25 13:30 - 2020-06-21 11:52 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-10-25 13:27 - 2019-12-07 11:18 - 000000000 ____D C:\WINDOWS\Setup
2022-10-25 13:25 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-10-25 13:24 - 2019-12-07 11:14 - 000000000 __RHD C:\Users\Public\Libraries
2022-10-25 13:18 - 2019-10-27 01:32 - 000000000 ____D C:\WINDOWS\system32\cAVS
2022-10-25 13:17 - 2022-05-26 10:25 - 000000000 ____D C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sena Technologies
2022-10-25 13:17 - 2022-01-24 13:12 - 000000000 ____D C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-25 13:13 - 2019-12-07 11:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-25 13:13 - 2019-12-07 11:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-25 13:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2022-10-25 13:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2022-10-18 09:17 - 2022-01-24 13:12 - 000000000 ____D C:\Users\uh-sh\AppData\Local\Ubisoft Game Launcher
2022-10-18 09:12 - 2020-02-11 19:02 - 000000000 ____D C:\Users\uh-sh\Documents\Mrowka
2022-10-16 17:34 - 2022-05-26 10:49 - 000007683 _____ C:\Users\uh-sh\AppData\Local\resmon.resmoncfg
2022-10-16 17:11 - 2019-10-27 01:01 - 000000000 ____D C:\ProgramData\Package Cache
2022-10-16 11:31 - 2020-01-04 22:48 - 000000000 ____D C:\Program Files\Common Files\AV
2022-10-15 16:07 - 2020-01-05 15:01 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-10-15 15:35 - 2022-08-13 15:03 - 000000000 ____D C:\Users\uh-sh\Documents\Steuer ELSTER
2022-10-15 15:20 - 2019-10-27 01:41 - 000000000 ____D C:\Program Files\Microsoft Office
2022-10-13 16:03 - 2022-03-20 11:22 - 000000000 ____D C:\Program Files\Google
2022-10-09 17:43 - 2021-11-21 13:06 - 000000000 ____D C:\Users\uh-sh\Desktop\Zum Dienst
2022-10-09 17:03 - 2020-03-15 12:54 - 000000000 ____D C:\Users\uh-sh\AppData\Roaming\Garmin
2022-09-28 17:35 - 2021-06-13 17:14 - 000000000 ____D C:\Users\uh-sh\AppData\Local\CrashDumps
2022-09-28 17:29 - 2021-01-30 18:35 - 000000000 ____D C:\Users\uh-sh\AppData\Local\D3DSCache
2022-09-27 18:15 - 2020-01-05 13:08 - 000000000 ____D C:\ProgramData\Garmin
2022-09-27 18:14 - 2020-01-05 13:08 - 000000000 ____D C:\Program Files (x86)\Garmin
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2022-05-26 10:49 - 2022-10-16 17:34 - 000007683 _____ () C:\Users\uh-sh\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Addition Log: Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-10-2022
durchgeführt von uh-sh (26-10-2022 12:36:13)
Gestartet von C:\Users\uh-sh\Downloads
Microsoft Windows 10 Home Version 22H2 19045.2130 (X64) (2022-10-25 11:35:51)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-568082222-3395335121-1670124993-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-568082222-3395335121-1670124993-503 - Limited - Disabled)
Gast (S-1-5-21-568082222-3395335121-1670124993-501 - Limited - Disabled)
uh-sh (S-1-5-21-568082222-3395335121-1670124993-1001 - Administrator - Enabled) => C:\Users\uh-sh
WDAGUtilityAccount (S-1-5-21-568082222-3395335121-1670124993-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Norton Security (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Norton Security Ultra (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton Security Ultra (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton Security (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton Security (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
ANT Drivers Installer x64 (HKLM\...\{4F35B8FF-E00B-42BB-A6D4-6174BAB0404A}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.8904.02 - CyberLink Corp.)
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 5.1.7.638 - devolo AG)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated)
Elevated Installer (HKLM-x32\...\{5383BE8D-5852-4FE5-A290-1B231C4A322C}) (Version: 7.14.0.0 - Garmin Ltd or its subsidiaries) Hidden
Forge of Empires (HKLM-x32\...\{39D43D1E-8661-4990-9D01-2C1F593CC8C3}) (Version: 3.1.19223.4 - Acer)
FRITZ!Fernzugang (HKLM\...\{DD57CC22-8864-4CCA-94D4-600D024C1207}) (Version: 1.4.1 - AVM Berlin)
Garmin BaseCamp (HKLM-x32\...\{a7339a73-aef7-4ce1-963f-e7396ba18511}) (Version: 4.7.4.0 - Garmin Ltd or its subsidiaries)
Garmin BaseCamp (HKLM-x32\...\{B48BC415-D96D-4676-BAB5-66EFDA0D8D7B}) (Version: 4.7.4.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin City_Navigator_Europe_NTU_2020_30 (HKLM-x32\...\{BEE5950B-8A67-4ACB-A391-77D5F440DC71}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City_Navigator_Europe_NTU_2021_30 (HKLM-x32\...\{DE52C2E9-2116-452F-A2D4-2AD963C7B236}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5bc116de-415f-4087-a55b-ffa07751c0d1}) (Version: 7.14.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{BB1DCEBC-FD41-4EA7-8F74-168B91D032F1}) (Version: 7.14.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{4e365b8d-ed6f-4316-a1b8-f8762eaed5a0}) (Version: 2.5.8 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{9644C9A2-DB70-40B2-9CD3-E025F9CD867D}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Hidden
Intel(R) Chipset Device Software (HKLM\...\{351A0D24-F6F1-4105-AA50-5D2CCC71E0DD}) (Version: 10.1.18019.8144 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1924.14.0.1295 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{3978C240-E168-423F-828F-FACD27C87200}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{4C474EBC-96D2-4273-A465-34BA6EB9B50F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{3489EF28-7347-4779-9701-FD81E898870C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.6911 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{31E11FD7-9921-48E4-AAFC-FD25A0051994}) (Version: 17.5.1.1021 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.5.1.1021 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.55.66.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.55.66.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{1fec26b5-eeec-4604-877a-44f1843ae9d4}) (Version: 1.55.66.0 - Intel Corporation) Hidden
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{1AC25CEA-DED2-4D31-AE36-A9CBD5B85B67}) (Version: 17.5.1.1021 - Intel Corporation)
Microsoft Edge (HKLM-x32\...\{2D52B6E4-968B-39B1-A00F-4F12269DA6B2}) (Version: 106.0.1370.52 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 106.0.1370.52 - Microsoft Corporation)
Microsoft Office Home and Student 2019 - de-de (HKLM\...\HomeStudent2019Retail - de-de) (Version: 16.0.15629.20208 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\OneDriveSetup.exe) (Version: 22.207.1002.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{722855E9-F981-4436-A979-32E0C5A09918}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{3EB42C92-1F2D-4D47-B12C-E9F5A9CD55F0}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30139 (HKLM-x32\...\{8d5fdf81-7022-423f-bd8b-b513a1050ae1}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30139 (HKLM-x32\...\{1AEA8854-7597-4CD3-948F-8DE364D94E07}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30139 (HKLM-x32\...\{1679EF65-55F3-4248-B91E-6B3BE1A69CDF}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 106.0.1 (x64 en-US)) (Version: 106.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 105.0.3 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15629.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15629.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.15629.20118 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.35.510.2019 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8710.1 - Realtek Semiconductor Corp.)
Sena Bluetooth Device Manager 4.3.3 (HKLM-x32\...\Sena Bluetooth Device Manager) (Version: 4.3.3 - Copyright (C) 2012 ~ 2022 Sena Technologies Inc.)
Sky Ticket 8.10.0.0 (HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\com.bskyb.skyticket_is1) (Version: 8.10.0.0 - Sky Ticket)
thesettlers (HKLM-x32\...\Uplay Install 11662) (Version: - Ubisoft)
thesettlers2 (HKLM-x32\...\Uplay Install 11783) (Version: - Ubisoft)
thesettlers3 (HKLM-x32\...\Uplay Install 11784) (Version: - Ubisoft)
thesettlers4 (HKLM-x32\...\Uplay Install 11785) (Version: - Ubisoft)
theSettlers5 (HKLM-x32\...\Uplay Install 11786) (Version: - )
thesettlers6 (HKLM-x32\...\Uplay Install 11787) (Version: - Ubisoft)
thesettlers7 (HKLM-x32\...\Uplay Install 11788) (Version: - Ubisoft)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 68.0 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows-Treiberpaket - Cambridge Silicon Radio Ltd. (CSRBC) USB (11/27/2020 2.5.5.9) (HKLM\...\6A50C99E75CE49370D2FB6BD3959E25A02A0751A) (Version: 11/27/2020 2.5.5.9 - Cambridge Silicon Radio Ltd.)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Packages:
=========
Acer Collection S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCollectionS_1.0.3004.0_x64__48frkmn4z8aw4 [2021-11-21] (Acer Incorporated)
Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3040.0_x64__48frkmn4z8aw4 [2022-10-11] (Acer Incorporated)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.90.2.0_x64__kgqvnymyfvs32 [2022-10-11] (king.com)
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3042.0_x64__48frkmn4z8aw4 [2022-10-25] (Acer Incorporated)
Dropbox-Sonderaktion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_22.4.18.0_x64__xbfy0k16fey96 [2022-09-07] (Dropbox Inc.)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.89.8.0_x64__kgqvnymyfvs32 [2022-10-15] (king.com)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation)
GoTrust ID -> C:\Program Files\WindowsApps\GOTrustTechnologyInc.GO-TrustAuthenticator_3.1.21.0_x64__0r04f53sqacg6 [2020-12-03] (GoTrustID Inc.)
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.13.101.0_x64__kx24dqmazqk8j [2022-10-08] (Random Salad Games LLC)
Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-04-22] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-19] (INTEL CORP)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2020-01-12] (LinkedIn)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-12] (Microsoft Corporation)
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2022-10-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2022-10-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-10-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-10-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-09-17] (Microsoft Studios) [MS Ad]
Movie & Audio Studio -> C:\Program Files\WindowsApps\MAGIXSoftwareGmbH.MovieAudioStudio_1.1.4.0_x64__awcgk3qbzve1y [2019-10-27] (MAGIX Software GmbH)
MPEG-2-Videoerweiterung -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-02] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-20] (Netflix, Inc.)
Norton Password Manager -> C:\Program Files\WindowsApps\SymantecCorporation.5478111E43ACF_7.2.1.0_neutral__v68kp9n051hdp [2021-06-13] (NortonLifeLock Inc.)
Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.14.3.0_neutral__v68kp9n051hdp [2021-03-11] (NortonLifeLock Inc.)
ntv Nachrichten -> C:\Program Files\WindowsApps\n-tvNachrichtenfernsehenG.n-tvNachrichten_2.8.0.0_x64__hf9cm24zcg85p [2020-01-05] (n-tv Nachrichtenfernsehen GmbH)
PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292 [2019-10-27] (CYBERLINK COM CORP)
PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2019-10-27] (CYBERLINK COM CORP)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3038.0_x64__48frkmn4z8aw4 [2022-02-11] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.14.226.0_x64__dt26b99r8h8gj [2020-09-22] (Realtek Semiconductor Corp)
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_6.3.81.0_x64__kx24dqmazqk8j [2022-10-25] (Random Salad Games LLC)
Solitär -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.14.0_x64__kx24dqmazqk8j [2022-10-25] (Random Salad Games LLC)
Spades -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.Spades_6.1.120.0_x64__kx24dqmazqk8j [2022-10-03] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0 [2022-10-15] (Spotify AB) [Startup Task]
User Experience Improvement Program -> C:\Program Files\WindowsApps\AcerIncorporated.UserExperienceImprovementProgram_4.0.3106.0_x64__48frkmn4z8aw4 [2019-10-27] (Acer Incorporated)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-568082222-3395335121-1670124993-1001_Classes\CLSID\{E1159E6E-9613-4159-BCB9-7174056EE486}\InprocServer32 -> C:\Program Files\Mozilla Firefox\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-06-20] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-06-20] (Intel(R) Rapid Storage Technology -> )
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\uh-sh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Profil 2 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2020-04-17 19:44 - 2020-04-17 19:44 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2020-04-17 19:44 - 2020-04-17 19:44 - 000000000 ____L (Microsoft Corporation) [simlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-568082222-3395335121-1670124993-1001 -> DefaultScope {EB9EE7C9-E85E-4C04-AF17-4C336F1E187A} URL =
SearchScopes: HKU\S-1-5-21-568082222-3395335121-1670124993-1001 -> {EB9EE7C9-E85E-4C04-AF17-4C336F1E187A} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\uh-sh\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\IMG_20210527_115333_HDR.jpg
DNS Servers: 10.0.3.1 - 10.0.3.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
Network Binding:
=============
WLAN: AVM VPN NDIS 6 Driver -> avm_nwim (enabled)
Ethernet: AVM VPN NDIS 6 Driver -> avm_nwim (enabled)
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{63E32948-C136-4C8D-A2B6-D77BAD96C100}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\106.0.1370.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C48DF7B4-F4EF-4A69-A545-E502BDE40998}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DB1382C9-3C31-438D-A99D-ECA7DFDE40B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B81C8B33-674B-42C9-BE38-F0CB10B05CFE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FAB68B6F-2EDC-419B-B62D-9E286DD6A371}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5930ADDD-F81D-471C-94E9-48E440804473}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{583F828E-ADFE-4F05-9A81-87B947241DA8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{09B5D30A-BA69-468B-A4BB-65E023646B04}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0315E634-162A-403E-A72A-6833D0C3CBBA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1FFC9FB8-EA25-488B-A5AE-5ECE9E6E7359}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{67232343-84E2-4C71-95B9-56D47450B334}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{95DDF05D-31E2-4B25-B0B2-64D34DF1BC09}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A12B2912-BBA5-46A2-9D08-72B0495DAF72}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EB32C0EE-DB16-478D-BFAD-AFD3487AB14C}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{76175A68-2EBA-46AA-B56A-1EAB931DA9B3}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{6AA611C6-BC30-4566-919D-CA5CFCB41CEA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{88BD4A24-27B8-4072-8611-121A6EFC167B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{10D75891-9BF1-4CD9-B84B-6D14B6635AFD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{E67DCF11-AF86-4CC1-BC53-CB7634B23795}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => Keine Datei
FirewallRules: [{996E76A9-8AD3-4449-B35E-4859AD72690F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => Keine Datei
FirewallRules: [{EB56911A-3FAA-4787-B897-A4E099D790EE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [TCP Query User{518CB87B-3049-4A02-BB01-08787706AF53}C:\users\uh-sh\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\uh-sh\appdata\roaming\spotify\spotify.exe => Keine Datei
FirewallRules: [UDP Query User{03BA1F8C-DF95-412C-9A2B-7D46AA20AC5B}C:\users\uh-sh\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\uh-sh\appdata\roaming\spotify\spotify.exe => Keine Datei
==================== Wiederherstellungspunkte =========================
25-10-2022 13:39:04 Windows Modules Installer
26-10-2022 11:21:51 AdwCleaner_BeforeCleaning_26/10/2022_11:21:50
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (10/26/2022 11:59:07 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: LAPTOP-G9EUU80D)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (10/26/2022 09:09:57 AM) (Source: Microsoft-Windows-PerfNet) (EventID: 2004) (User: LAPTOP-G9EUU80D)
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.
Error: (10/25/2022 01:30:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -1409.
Systemfehler:
=============
Error: (10/26/2022 11:22:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Quick Access Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/26/2022 11:22:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Content Protection HECI Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/26/2022 11:22:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/26/2022 11:22:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Microsoft Office-Klick-und-Los-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/26/2022 11:22:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Storage Middleware Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/26/2022 11:22:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Realtek Audio Universal Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (10/26/2022 11:22:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "devolo Network Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (10/26/2022 11:22:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Graphics Command Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
CodeIntegrity:
===============
Date: 2022-10-26 12:34:45
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Mozilla Firefox\mozavcodec.dll that did not meet the Microsoft signing level requirements.
Date: 2022-10-26 12:34:45
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Mozilla Firefox\mozavutil.dll that did not meet the Microsoft signing level requirements.
Date: 2022-10-26 11:32:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2b7bcff446ea567f\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
Date: 2022-10-26 10:31:59
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.22.9.11\symamsi.dll that did not meet the Windows signing level requirements.
Date: 2022-10-26 10:31:47
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.22.9.11\symamsi.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
BIOS: Insyde Corp. V1.05 09/05/2019
Hauptplatine: CML Dopey_WC
Prozessor: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz
Prozentuale Nutzung des RAM: 55%
Installierter physikalischer RAM: 8023.05 MB
Verfügbarer physikalischer RAM: 3576.4 MB
Summe virtueller Speicher: 9303.05 MB
Verfügbarer virtueller Speicher: 4667.38 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:475.83 GB) (Free:185.47 GB) (Model: WDC PC SN520 SDAPNUW-512G-1014) NTFS
Drive d: (The Settlers History Edition) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
\\?\Volume{dfc3fb7b-15dd-4953-9871-4d6591573a2c}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.42 GB) NTFS
\\?\Volume{93bf6021-1beb-4e50-b38c-2f2cbc23b483}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 343094EA)
Partition: GPT.
==================== Ende von Addition.txt =======================
|
|
26.10.2022, 11:58
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Phishing SMS nach Onlinebanking Scripting/Repair mit FRST64 WARNUNG AN ALLE MITLESER !!! Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.10.2022, 12:03
| #13 |
| | Phishing SMS nach OnlinebankingCode:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-10-2022
durchgeführt von uh-sh (26-10-2022 13:01:01) Run:1
Gestartet von C:\Users\uh-sh\Downloads
Geladene Profile: uh-sh
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
Start::
CloseProcesses:
AV: Norton Security (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Norton Security Ultra (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Norton Security (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton Security Ultra (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton Security (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton Security (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
Task: {375DB2AD-4E10-4982-8B2C-58E4A8C824FD} - System32\Tasks\Norton Security Ultra\Norton Security Ultra Autofix => C:\Program Files\Norton Security\Engine\22.20.1.69\SymErr.exe /ui (Keine Datei)
Task: {A0574253-0519-4329-A911-CF98D6EDA163} - System32\Tasks\Norton Security Ultra\Norton Security Ultra Error Analyzer => C:\Program Files\Norton Security\Engine\22.20.1.69\SymErr.exe /analyze (Keine Datei)
Task: {C51304F4-16FB-4195-8FAA-C353B3D3EC81} - System32\Tasks\Norton Security Ultra\Norton Security Ultra Error Processor => C:\Program Files\Norton Security\Engine\22.20.1.69\SymErr.exe /submit (Keine Datei)
Edge Extension: (Norton Password Manager) -> EdgeExtension_SymantecCorporation5478111E43ACF_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.5478111E43ACF_6.7.4.0_neutral__v68kp9n051hdp [nicht gefunden]
Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.11.5.0_neutral__v68kp9n051hdp [nicht gefunden]
Edge Extension: (Norton Safe Web) - C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2021-09-08]
Edge Extension: (Norton Password Manager) - C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimkankpnkg [2021-09-11]
Edge Extension: (Norton Safe Web) - C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2022-10-26]
FF Extension: (Norton Password Manager) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\idsafe@norton.com.xpi [2022-10-25]
FF Extension: (Norton Safe Search) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2022-10-25] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds_modified/updates.json]
CHR Extension: (Norton Password Manager) - C:\Users\uh-sh\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2022-09-15]
CHR Extension: (Norton Safe Web) - C:\Users\uh-sh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2022-10-26]
C:\ProgramData\Acer
C:\Program Files\Acer
C:\Program Files (x86)\Acer
C:\ProgramData\Norton
C:\Users\uh-sh\AppData\LocalLow\Norton
C:\Program Files\Norton Security
C:\WINDOWS\system32\Tasks\Norton Security Ultra
cmd: netsh advfirewall reset
emptytemp:
End::
*****************
Prozesse erfolgreich geschlossen.
"AV: Norton Security (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}" => erfolgreich entfernt
"AV: Norton Security Ultra (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}" => erfolgreich entfernt
"AV: Norton Security (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}" => erfolgreich entfernt
"FW: Norton Security Ultra (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}" => erfolgreich entfernt
"FW: Norton Security (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}" => erfolgreich entfernt
"FW: Norton Security (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}" => erfolgreich entfernt
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{375DB2AD-4E10-4982-8B2C-58E4A8C824FD}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{375DB2AD-4E10-4982-8B2C-58E4A8C824FD}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Norton Security Ultra\Norton Security Ultra Autofix => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Ultra\Norton Security Ultra Autofix" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0574253-0519-4329-A911-CF98D6EDA163}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0574253-0519-4329-A911-CF98D6EDA163}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Norton Security Ultra\Norton Security Ultra Error Analyzer => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Ultra\Norton Security Ultra Error Analyzer" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C51304F4-16FB-4195-8FAA-C353B3D3EC81}" => erfolgreich entfernt
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C51304F4-16FB-4195-8FAA-C353B3D3EC81}" => erfolgreich entfernt
C:\WINDOWS\System32\Tasks\Norton Security Ultra\Norton Security Ultra Error Processor => erfolgreich verschoben
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Security Ultra\Norton Security Ultra Error Processor" => erfolgreich entfernt
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporation5478111E43ACF_v68kp9n051hdp => erfolgreich entfernt
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => erfolgreich entfernt
Edge Extension: (Norton Safe Web) - C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2021-09-08] => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
Edge Extension: (Norton Password Manager) - C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimkankpnkg [2021-09-11] => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
Edge Extension: (Norton Safe Web) - C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2022-10-26] => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\idsafe@norton.com.xpi => erfolgreich verschoben
C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\nortonsafesearch_ul_2@symantec.com.xpi => erfolgreich verschoben
CHR Extension: (Norton Password Manager) - C:\Users\uh-sh\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2022-09-15] => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
CHR Extension: (Norton Safe Web) - C:\Users\uh-sh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2022-10-26] => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
C:\ProgramData\Acer => erfolgreich verschoben
C:\Program Files\Acer => erfolgreich verschoben
C:\Program Files (x86)\Acer => erfolgreich verschoben
C:\ProgramData\Norton => erfolgreich verschoben
C:\Users\uh-sh\AppData\LocalLow\Norton => erfolgreich verschoben
"C:\Program Files\Norton Security" => nicht gefunden
C:\WINDOWS\system32\Tasks\Norton Security Ultra => erfolgreich verschoben
========= netsh advfirewall reset =========
OK.
========= Ende von CMD: =========
=========== EmptyTemp: ==========
FlushDNS => abgeschlossen
BITS transfer queue => 1310720 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 21304834 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 4240 B
Windows/system/drivers => 1954299 B
Edge => 3237476 B
Chrome => 189330611 B
Firefox => 34855466 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 24916 B
NetworkService => 31558 B
uh-sh => 8322417 B
RecycleBin => 674 B
EmptyTemp: => 248.3 MB temporäre Dateien entfernt.
================================
Das System musste neu gestartet werden.
==== Ende von Fixlog 13:01:27 ====
|
|
26.10.2022, 12:06
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Phishing SMS nach Onlinebanking Kontrollscans mit MBAM und RK Wir sind fast fertig. Jetzt ist es an der Zeit für Kontrollscans mit Poste nach Abschluss der beiden Scans die Logs in CODE-Tags.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.10.2022, 12:27
| #15 |
| | Phishing SMS nach Onlinebanking MBAM Log: Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 26.10.22
Scan-Zeit: 13:12
Protokolldatei: 098e7b98-551f-11ed-b00c-0897987fdcc1.json
-Softwaredaten-
Version: 4.5.16.217
Komponentenversion: 1.0.1792
Version des Aktualisierungspakets: 1.0.61567
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 19045.2130)
CPU: x64
Dateisystem: NTFS
Benutzer: LAPTOP-G9EUU80D\uh-sh
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 274164
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 2 Min., 41 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Rogue Log: Code:
ATTFilter Program : RogueKiller Anti-Malware
Version : 15.6.2.0
x64 : Yes
Program Date : Oct 10 2022
Location : C:\Program Files\RogueKiller\RogueKiller64.exe
Premium : No
Company : Adlice Software
Website : https://www.adlice.com/
Contact : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.19045) 64-bit
64-bit OS : Yes
Startup : 0
WindowsPE : No
User : uh-sh
User is Admin : Yes
Date : 2022/10/26 11:23:19
Type : Scan
Aborted : No
Scan Mode : Standard
Duration : 338
Found items : 0
Total scanned : 63255
Signatures Version : 20221024_084649
Truesight Driver : Yes
Updates Count : 0
Arguments : -minimize
************************* Warnings *************************
************************* Updates *************************
************************* Processes *************************
************************* Modules *************************
************************* Services *************************
************************* Scheduled Tasks *************************
************************* Registry *************************
************************* WMI *************************
************************* Hosts File *************************
is_too_big : No
hosts_file_path : C:\Windows\System32\drivers\etc\hosts
************************* Filesystem *************************
************************* Web Browsers *************************
************************* Antirootkit *************************
|
|
| Themen zu Phishing SMS nach Onlinebanking |
| cpu, desktop, error, firefox, google, home, internet, internet explorer, monitor, mozilla, performance, phishing, popup, prozesse, realtek, registry, scan, security, services.exe, svchost.exe, system, udp, updates, usb, windows |
Linear-Darstellung
