| |
| |||||||
Log-Analyse und Auswertung: Phishing SMS nach OnlinebankingWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.10.2022, 08:18
| #1 |
 |  Phishing SMS nach Onlinebanking Guten Morgen zusammen, nachdem ich eine Überweisung per Onlinebanking getätigt habe, bekam ich auf mein Handy eine Phishing SMS wo ich einige Daten über mein Konto angeben sollte. Ich muss dazu sagen das ich über die Banking App auf meinem Handy die Überweisung noch bestätigen muss. Kann natürlich reiner Zufall gewesen sein das ich genau in dem Moment eine SMS bekommen habe. Ich habe darüber mit meiner Bank geredet und deren IT Abteilung ist der Meinung das das Telefon oder der Laptop mit einer Schadsoftware infiziert ist. Ich habe Norton Security Deluxe auf dem Rechner installiert. Der hat bei einem Komplett Scan nix gefunden. Danach habe ich ein Scan mit dem ESEt Online Scanner gemacht. Hier die Logdatei: Code:
ATTFilter 25.10.2022 14:54:55
Geprüfte Dateien: 793811
Erkannte Dateien: 1
Gesäuberte Dateien: 1
Prüfdauer gesamt 01:04:40
Prüfstatus: Abgeschlossen
C:\Users\uh-sh\Downloads\JAP - Installer _0q5u.exe eine Variante von Win32/SoftonicDownloader.J potenziell unerwünschte Anwendung durch Löschen gesäubert
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 23-10-2022
durchgeführt von uh-sh (Administrator) auf LAPTOP-G9EUU80D (Acer Aspire A317-51) (26-10-2022 08:32:58)
Gestartet von C:\Users\uh-sh\Downloads
Geladene Profile: uh-sh
Plattform: Microsoft Windows 10 Home Version 22H2 19045.2130 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(C:\Program Files (x86)\Garmin\Express\express.exe ->) (The CefSharp Authors) [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.exe <2>
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
(C:\Program Files\Acer\Quick Access Service\QASvc.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QAAgent.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxCUIService.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxEM.exe
(explorer.exe ->) (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Express\express.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <15>
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
(services.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\QASvc.exe
(services.exe ->) (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) C:\Program Files\FRITZ!Fernzugang\avmike.exe
(services.exe ->) (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) C:\Program Files\FRITZ!Fernzugang\certsrv.exe
(services.exe ->) (AVM Computersysteme Vertriebs GmbH -> AVM Berlin) C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe
(services.exe ->) (devolo AG -> devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_553b9a82ff9cf770\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2b7bcff446ea567f\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_2b7bcff446ea567f\IntelCpHeciSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel(R) Rapid Storage Technology -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_225ceea266d51cd2\RstMwService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.22.9.11\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.22.9.11\nsWscSvc.exe
(services.exe ->) (Qualcomm Atheros -> Qualcomm Technologies Inc.) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe
(services.exe ->) (Smart Sound Technology -> Intel) C:\Windows\System32\cAVS\Intel(R) Audio Service\IntelAudioService.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
(svchost.exe ->) (Acer Incorporated -> Acer Incorporated) C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe
(svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(svchost.exe ->) (Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_f9f92cc42e038a12\igfxext.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22082.119.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (SweetLabs Inc -> SweetLabs, Inc) C:\Users\uh-sh\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [321112 2019-06-28] (Intel(R) Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [1138992 2020-08-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\Run: [MicrosoftEdgeAutoLaunch_188D618001D97FF9308576AE61889BA3] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3852232 2022-10-20] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\Run: [GarminExpress] => C:\Program Files (x86)\Garmin\Express\express.exe [31297304 2022-09-20] (Garmin International, Inc. -> Garmin Ltd. or its subsidiaries)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\107.0.5304.63\Installer\chrmstp.exe [2022-10-26] (Google LLC -> Google LLC)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {09B0054A-69B6-440D-937C-0891A571A76F} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2353000 2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {0EDE71DC-A76E-46E1-A6E6-82D63AA1114F} - System32\Tasks\Oem\wlanBrokerTask => C:\Program Files (x86)\Acer\ExpressVPN\wlanBroker.exe [17688 2019-11-16] (Acer Incorporated -> )
Task: {112D7772-4A30-4576-B5A6-8242C2DA33E4} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [4794672 2019-04-22] (Acer Incorporated -> )
Task: {190F9DE4-BE89-44B1-BB72-88D450332586} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [461472 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {197762AE-78B3-40F0-B487-00D5E59C53B2} - System32\Tasks\GoogleUpdateTaskMachineCore{A8E4C759-B94D-445B-8C41-389291D22C0C} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-20] (Google LLC -> Google LLC)
Task: {2C7B859F-E3E6-48B3-9126-65A1F646FD51} - System32\Tasks\Quick Access => C:\Program Files\Acer\Quick Access Service\QALauncher.exe [446624 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {375DB2AD-4E10-4982-8B2C-58E4A8C824FD} - System32\Tasks\Norton Security Ultra\Norton Security Ultra Autofix => C:\Program Files\Norton Security\Engine\22.20.1.69\SymErr.exe /ui (Keine Datei)
Task: {37E3D3EF-8440-4FCB-BBC4-E4FC02B3F201} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [41776 2019-04-22] (Acer Incorporated -> )
Task: {3F54D0BC-C11B-4712-A220-B6AC1F7AB822} - System32\Tasks\CareCenter\1013268F08166E907EB03C619157FCD238B2D833._service_run_Reg_HKCURun_S-1-5-21-568082222-3395335121-1670124993-1001 => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe [3852232 2022-10-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {4964CD46-68C8-4BB4-9361-42DF21AB6827} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.22.9.11\WSCStub.exe [646520 2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {4E12590A-495C-4C88-AFEC-B8A53F5E3EA6} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
Task: {59FA9758-689D-4A1A-9C79-90C63F786285} - System32\Tasks\App Explorer => C:\Users\uh-sh\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7900704 2022-09-13] (SweetLabs Inc -> SweetLabs, Inc) <==== ACHTUNG
Task: {6D151AB8-B798-4523-A945-33295FDE8593} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26165176 2022-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {6E978709-4758-46EF-B52E-25D1A457FBD0} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143232 2022-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {6EB23526-5511-4CFC-BC67-F4C176EE7C56} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26165176 2022-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {7CD24B9F-D276-4413-AA49-F0E5D1CD5EAF} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2935088 2019-04-22] (Acer Incorporated -> )
Task: {89ED22C5-FC8A-4BFF-9D97-6E63D96D1681} - System32\Tasks\GoogleUpdateTaskMachineUA{DE28F7B9-20A5-42CD-B0A5-F786D860170F} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156232 2022-03-20] (Google LLC -> Google LLC)
Task: {9A9BE7BE-7BB1-4C39-94A4-276586548B9F} - System32\Tasks\Norton Security\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.22.9.11\SymErr.exe [379024 2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {A0574253-0519-4329-A911-CF98D6EDA163} - System32\Tasks\Norton Security Ultra\Norton Security Ultra Error Analyzer => C:\Program Files\Norton Security\Engine\22.20.1.69\SymErr.exe /analyze (Keine Datei)
Task: {B75FEE74-129A-4409-925A-397A2B95F6FA} - System32\Tasks\AcerCMUpdateTask2.5.22250 => C:\Program Files (x86)\Acer\Amundsen\2.5.22250\awc.exe [96904 2022-09-25] (Acer Incorporated -> )
Task: {C51304F4-16FB-4195-8FAA-C353B3D3EC81} - System32\Tasks\Norton Security Ultra\Norton Security Ultra Error Processor => C:\Program Files\Norton Security\Engine\22.20.1.69\SymErr.exe /submit (Keine Datei)
Task: {C5C7B78F-C18D-4CAF-A3FA-68717A316204} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [65448 2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {D183EB79-6E56-40B5-A130-9306927F6AB2} - System32\Tasks\Norton Security\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.22.9.11\SymErr.exe [379024 2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {D76ECA7B-AFD0-46ED-8E5D-B0BFF5B65A85} - System32\Tasks\UEIPInvitation => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UEIPOOBECheck.exe [2211136 2019-01-09] (Acer Incorporated -> Acer Incorporated)
Task: {DF60A18C-C318-4169-AEDF-DE01089FE714} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program Service\Framework\TriggerFramework.exe [268096 2019-01-09] (Acer Incorporated -> Acer Incorporated)
Task: {E26363C5-9466-4158-B720-35B0CBE4B0E0} - System32\Tasks\Norton Security\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.22.9.11\SymErr.exe [379024 2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {E2CB4EFB-95A8-4295-AFFA-1B6E3E53F394} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [29464 2022-09-20] (Garmin International, Inc. -> )
Task: {E4840122-7E50-4ED7-80CB-EBF7E6ED04C0} - System32\Tasks\Power Button => C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe [2771616 2022-01-03] (Acer Incorporated -> Acer Incorporated)
Task: {E591BC4B-3AF0-4391-9163-8C2090F9C00F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [143232 2022-10-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {F9BE3D0D-8643-43BC-B90C-184590946C02} - System32\Tasks\Oem\AcerJumpstartTask => C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe [70792 2022-08-15] (Acer Incorporated -> )
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 10.0.3.1 10.0.3.2
Tcpip\..\Interfaces\{4bb4cf8c-7dbf-4de7-aba9-d60be4adbc1e}: [DhcpNameServer] 10.0.3.1 10.0.3.2
Tcpip\..\Interfaces\{780540a4-858e-4639-927a-563f5c2691cd}: [DhcpNameServer] 192.168.178.1
Edge:
=======
DownloadDir: C:\Users\uh-sh\Downloads
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Norton Password Manager) -> EdgeExtension_SymantecCorporation5478111E43ACF_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.5478111E43ACF_6.7.4.0_neutral__v68kp9n051hdp [nicht gefunden]
Edge Extension: (Norton Safe Web) -> EdgeExtension_SymantecCorporationNortonSafeWeb_v68kp9n051hdp => C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.11.5.0_neutral__v68kp9n051hdp [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Profile 1
Edge Profile: C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Default [2021-09-19]
Edge StartupUrls: Default -> "hxxp://www.google.de/"
Edge Extension: (Norton Safe Web) - C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2021-09-08]
Edge Extension: (Norton Password Manager) - C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\lcccdlklhahfmobgpnilndimkankpnkg [2021-09-11]
Edge Profile: C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2022-10-18]
Edge Extension: (Norton Safe Web) - C:\Users\uh-sh\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\bdaafgjhhjkdplpffldcncdignokfkbo [2022-06-19]
FireFox:
========
FF DefaultProfile: 09g39tl6.default
FF ProfilePath: C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default [2022-10-26]
FF Extension: (German Dictionary, extended for Austria) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\de-AT@dictionaries.addons.mozilla.org.xpi [2020-07-07]
FF Extension: (German Dictionary (Switzerland)) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\de-CH@dictionaries.addons.mozilla.org.xpi [2020-07-07]
FF Extension: (German Dictionary) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\de-DE@dictionaries.addons.mozilla.org.xpi [2020-07-07]
FF Extension: (German dictionary (de_DE)) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\de_DE@dicts.j3e.de.xpi [2020-01-06]
FF Extension: (Norton Password Manager) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\idsafe@norton.com.xpi [2022-10-25]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2022-10-25]
FF Extension: (Norton Safe Search) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\nortonsafesearch_ul_2@symantec.com.xpi [2022-10-25] [UpdateUrl:hxxps://static.nortoncdn.com/idscp/firefox/nsss/ds_modified/updates.json]
FF Extension: (Deaktivierungs-Add-on von Google Analytics) - C:\Users\uh-sh\AppData\Roaming\Mozilla\Firefox\Profiles\09g39tl6.default\Extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}.xpi [2021-06-27] [UpdateUrl:hxxps://tools.google.com/service/update2/ff?guid=%ITEM_ID%&version=%ITEM_VERSION%&application=%APP_ID%&appversion=%APP_VERSION%]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.17.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-03-24] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-07-09] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\uh-sh\AppData\Local\Google\Chrome\User Data\Default [2022-10-26]
CHR StartupUrls: Default -> "hxxps://webmail.htp.net/appsuite/ui#!!&app=io.ox/mail&folder=default1/INBOX","hxxps://email.t-online.de/em"
CHR DefaultSearchURL: Default -> hxxps://www.bing.com/search?FORM=XCSRDF&q={searchTerms}&PC=XC03
CHR DefaultSearchKeyword: Default -> bing.com
CHR DefaultSuggestURL: Default -> hxxps://www.bing.com/osjson.aspx?query={searchTerms}
CHR Extension: (Norton Password Manager) - C:\Users\uh-sh\AppData\Local\Google\Chrome\User Data\Default\Extensions\admmjipmmciaobhojoghlmleefbicajg [2022-09-15]
CHR Extension: (Norton Safe Web) - C:\Users\uh-sh\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnpbeacklnhmkkilekogeiekaglbmmka [2022-10-26]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\uh-sh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-20]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 ACCSvc; C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe [300336 2019-04-22] (Acer Incorporated -> Acer Incorporated)
R2 avmike; C:\Program Files\FRITZ!Fernzugang\avmike.exe [337824 2012-11-28] (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
R2 certsrv; C:\Program Files\FRITZ!Fernzugang\certsrv.exe [143776 2012-11-28] (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12477344 2022-10-15] (Microsoft Corporation -> Microsoft Corporation)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [6108344 2021-07-13] (devolo AG -> devolo AG)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.22.9.11\NortonSecurity.exe [344888 2022-10-03] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.22.9.11\nsWscSvc.exe [1059176 2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 nwtsrv; C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe [191328 2013-06-10] (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
S3 QALSvc; C:\Program Files\Acer\Quick Access Service\QALSvc.exe [466080 2022-01-03] (Acer Incorporated -> Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Quick Access Service\QASvc.exe [504480 2022-01-03] (Acer Incorporated -> Acer Incorporated)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe [305984 2019-01-10] (Acer Incorporated -> Acer Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\NisSrv.exe [2483616 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2102.4-0\MsMpEng.exe [128376 2021-03-31] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 AcerAirplaneModeController; C:\WINDOWS\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated)
R1 avm_nwim; C:\WINDOWS\system32\DRIVERS\avmnwim.sys [396088 2017-03-17] (WDKTestCert shuebner,130916460956458304 -> AVM)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\BASHDefs\20221024.011\BHDrvx64.sys [1705040 2022-10-17] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\ccSetx64.sys [198288 2022-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [527864 2022-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [159720 2022-09-17] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.20.5.39\Definitions\IPSDefs\20221024.061\IDSvia64.sys [1526776 2022-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [36496 2021-07-13] (devolo AG -> Riverbed Technology, Inc.)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\nsvst.sys [57104 2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\SRTSP64.SYS [956048 2022-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\SRTSPX64.SYS [52872 2022-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\SYMEFASI64.SYS [2092696 2022-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\SymELAM.sys [36048 2022-10-03] (Microsoft Windows Early Launch Anti-Malware Publisher -> Broadcom)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100320 2022-05-05] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.20.5.39\SymPlatform\SymEvnt.sys [722400 2022-07-11] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\Ironx64.SYS [306832 2022-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\symnets.sys [490664 2022-10-03] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49560 2021-03-31] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [420072 2021-03-31] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [72952 2021-03-31] (Microsoft Windows -> Microsoft Corporation)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1616090.00B\wpCtrlDrv.sys [1016792 2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-10-26 08:32 - 2022-10-26 08:33 - 000026876 _____ C:\Users\uh-sh\Downloads\FRST.txt
2022-10-26 08:32 - 2022-10-26 08:33 - 000000000 ____D C:\FRST
2022-10-26 08:32 - 2022-10-26 08:32 - 002373632 _____ (Farbar) C:\Users\uh-sh\Downloads\FRST64.exe
2022-10-25 15:00 - 2022-10-25 15:00 - 078858285 _____ C:\Users\uh-sh\Downloads\Acer Care Center_Acer_4.00.3042_W10x64_A.zip
2022-10-25 15:00 - 2022-10-25 15:00 - 000096096 _____ C:\Users\uh-sh\Downloads\SerialNumberDetectionTool.exe
2022-10-25 14:55 - 2022-10-25 14:55 - 000000608 _____ C:\Users\uh-sh\Desktop\eset.txt
2022-10-25 14:30 - 2022-10-25 13:35 - 000000000 ____D C:\Windows.old
2022-10-25 14:21 - 2022-10-25 14:21 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2022-10-25 13:45 - 2022-10-25 13:48 - 000000674 _____ C:\Users\uh-sh\Desktop\ESET Online Scanner.lnk
2022-10-25 13:45 - 2022-10-25 13:45 - 014562400 _____ (ESET spol. s r.o.) C:\Users\uh-sh\Downloads\ESETOnlineScanner_DEU.exe
2022-10-25 13:45 - 2022-10-25 13:45 - 000000773 _____ C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2022-10-25 13:45 - 2022-10-25 13:45 - 000000000 ____D C:\Users\uh-sh\AppData\Local\ESET
2022-10-25 13:44 - 2022-10-25 13:44 - 000002224 _____ C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2022-10-25 13:44 - 2022-10-25 13:44 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2022-10-25 13:38 - 2022-10-25 13:48 - 001722998 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2022-10-25 13:38 - 2022-10-25 13:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\Agent Activation Runtime
2022-10-25 13:38 - 2022-10-25 13:38 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2022-10-25 13:37 - 2022-10-25 13:37 - 000000020 ___SH C:\Users\uh-sh\ntuser.ini
2022-10-25 13:35 - 2022-10-25 13:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Security
2022-10-25 13:35 - 2022-10-25 13:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-10-25 13:35 - 2022-10-25 13:35 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2022-10-25 13:35 - 2022-10-25 13:35 - 000007623 _____ C:\WINDOWS\diagerr.xml
2022-10-25 13:35 - 2022-10-25 13:35 - 000004302 _____ C:\WINDOWS\system32\Tasks\Software Update Application
2022-10-25 13:35 - 2022-10-25 13:35 - 000003852 _____ C:\WINDOWS\system32\Tasks\ACCAgent
2022-10-25 13:35 - 2022-10-25 13:35 - 000003684 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-10-25 13:35 - 2022-10-25 13:35 - 000003682 _____ C:\WINDOWS\system32\Tasks\AcerCMUpdateTask2.5.22250
2022-10-25 13:35 - 2022-10-25 13:35 - 000003636 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{DE28F7B9-20A5-42CD-B0A5-F786D860170F}
2022-10-25 13:35 - 2022-10-25 13:35 - 000003460 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-10-25 13:35 - 2022-10-25 13:35 - 000003412 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{A8E4C759-B94D-445B-8C41-389291D22C0C}
2022-10-25 13:35 - 2022-10-25 13:35 - 000003062 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-568082222-3395335121-1670124993-1001
2022-10-25 13:35 - 2022-10-25 13:35 - 000002858 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-568082222-3395335121-1670124993-1001
2022-10-25 13:35 - 2022-10-25 13:35 - 000002852 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-568082222-3395335121-1670124993-500
2022-10-25 13:35 - 2022-10-25 13:35 - 000002782 _____ C:\WINDOWS\system32\Tasks\UbtFrameworkService
2022-10-25 13:35 - 2022-10-25 13:35 - 000002730 _____ C:\WINDOWS\system32\Tasks\ACC
2022-10-25 13:35 - 2022-10-25 13:35 - 000002712 _____ C:\WINDOWS\system32\Tasks\UEIPInvitation
2022-10-25 13:35 - 2022-10-25 13:35 - 000002702 _____ C:\WINDOWS\system32\Tasks\GarminUpdaterTask
2022-10-25 13:35 - 2022-10-25 13:35 - 000002612 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration
2022-10-25 13:35 - 2022-10-25 13:35 - 000002408 _____ C:\WINDOWS\system32\Tasks\App Explorer
2022-10-25 13:35 - 2022-10-25 13:35 - 000002328 _____ C:\WINDOWS\system32\Tasks\ACCBackgroundApplication
2022-10-25 13:35 - 2022-10-25 13:35 - 000002296 _____ C:\WINDOWS\system32\Tasks\Power Button
2022-10-25 13:35 - 2022-10-25 13:35 - 000002222 _____ C:\WINDOWS\system32\Tasks\Quick Access
2022-10-25 13:35 - 2022-10-25 13:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Oem
2022-10-25 13:35 - 2022-10-25 13:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Security Ultra
2022-10-25 13:35 - 2022-10-25 13:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\Intel
2022-10-25 13:35 - 2022-10-25 13:35 - 000000000 ____D C:\WINDOWS\system32\Tasks\CareCenter
2022-10-25 13:30 - 2022-10-25 14:54 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2022-10-25 13:30 - 2022-10-25 13:30 - 000437344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2022-10-25 13:18 - 2022-10-25 14:30 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2022-10-25 13:17 - 2022-10-25 13:37 - 000000000 ____D C:\Users\uh-sh
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Vorlagen
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Startmenü
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Netzwerkumgebung
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Lokale Einstellungen
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Eigene Dateien
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Druckumgebung
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Documents\Eigene Videos
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Documents\Eigene Musik
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Documents\Eigene Bilder
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\AppData\Local\Verlauf
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\AppData\Local\Anwendungsdaten
2022-10-25 13:17 - 2022-10-25 13:17 - 000000000 _SHDL C:\Users\uh-sh\Anwendungsdaten
2022-10-25 13:17 - 2019-12-07 11:10 - 000001105 _____ C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-10-25 13:16 - 2022-10-25 13:18 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2022-10-25 13:11 - 2022-10-25 13:11 - 002260480 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-10-25 13:11 - 2022-10-25 13:11 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2022-10-25 13:11 - 2022-10-25 13:11 - 000288768 _____ C:\WINDOWS\system32\Windows.Management.InprocObjects.dll
2022-10-25 13:11 - 2022-10-25 13:11 - 000060928 _____ C:\WINDOWS\system32\runexehelper.exe
2022-10-25 13:11 - 2022-10-25 13:11 - 000048640 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2022-10-25 13:11 - 2022-10-25 13:11 - 000039936 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2022-10-25 13:11 - 2022-10-25 13:11 - 000012253 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-10-25 13:03 - 2022-10-25 13:03 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2022-10-25 13:03 - 2022-10-25 13:03 - 000000000 ____D C:\Program Files\Reference Assemblies
2022-10-25 13:03 - 2022-10-25 13:03 - 000000000 ____D C:\Program Files\MSBuild
2022-10-25 13:03 - 2022-10-25 13:03 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2022-10-25 13:03 - 2022-10-25 13:03 - 000000000 ____D C:\Program Files (x86)\MSBuild
2022-10-25 13:00 - 2022-10-25 13:00 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2022-10-25 12:55 - 2022-10-25 13:44 - 000000000 ____D C:\Program Files\Mozilla Firefox
2022-10-25 12:55 - 2022-10-25 13:37 - 000000000 ___DC C:\WINDOWS\Panther
2022-10-25 12:53 - 2022-10-25 12:55 - 000000036 _____ C:\WINDOWS\progress.ini
2022-10-25 12:50 - 2022-10-25 12:53 - 000000000 ___HD C:\$GetCurrent
2022-10-25 12:50 - 2022-10-25 12:53 - 000000000 ____D C:\Program Files (x86)\WindowsInstallationAssistant
2022-10-15 17:08 - 2022-10-25 14:30 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2022-10-15 16:10 - 2022-10-15 16:10 - 000000000 ___HD C:\$WinREAgent
2022-10-11 17:43 - 2022-10-11 17:43 - 000272595 _____ C:\Users\uh-sh\Downloads\Simulationsrechnung_1665503007320.pdf
2022-10-11 17:08 - 2022-10-11 17:08 - 000272292 _____ C:\Users\uh-sh\Downloads\Marktwertermittlung_Finke.pdf
2022-10-09 14:48 - 2022-10-09 14:48 - 000062291 _____ C:\Users\uh-sh\Downloads\Quartalsauszug 3. Quartal 2022 _ UnionDepot 20261608_2285448845.pdf
2022-10-05 18:33 - 2022-10-05 18:33 - 000077242 _____ C:\Users\uh-sh\Downloads\63109204_2022_Mitteilung_vom_04.10.2022_20221005183332.pdf
2022-10-05 18:33 - 2022-10-05 18:33 - 000076498 _____ C:\Users\uh-sh\Downloads\6310920400_2022_Mitteilung_vom_30.09.2022_20221005183323.pdf
2022-10-03 12:12 - 2022-10-03 12:12 - 000098627 _____ C:\Users\uh-sh\Downloads\393621000_2022_Nr.009_Kontoauszug_vom_30.09.2022_20221003121209.pdf
2022-10-03 12:09 - 2022-10-03 12:09 - 000331158 _____ C:\Users\uh-sh\Downloads\3936210_2022_AGB- und Sonderbedingungen Anschreiben_vom_27.09.2022_20221003120851.pdf
2022-10-03 12:08 - 2022-10-03 12:08 - 000098627 _____ C:\Users\uh-sh\Downloads\393621000_2022_Nr.009_Kontoauszug_vom_30.09.2022_20221003120753.pdf
2022-09-28 16:40 - 2022-09-28 16:40 - 000331158 _____ C:\Users\uh-sh\Downloads\3936210_2022_AGB- und Sonderbedingungen Anschreiben_vom_27.09.2022_20220928164034.pdf
2022-09-27 18:14 - 2022-09-27 18:14 - 000001967 _____ C:\Users\Public\Desktop\Garmin Express.lnk
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2022-10-26 08:29 - 2020-01-04 22:23 - 000000000 ____D C:\Users\uh-sh\AppData\Local\PlaceholderTileLogoFolder
2022-10-26 08:29 - 2020-01-04 22:21 - 000000000 ____D C:\Users\uh-sh\AppData\Local\Packages
2022-10-26 08:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-10-26 08:27 - 2022-03-20 11:21 - 000000000 ____D C:\Program Files (x86)\Google
2022-10-26 08:27 - 2020-01-04 23:26 - 000000000 ____D C:\Users\uh-sh\AppData\LocalLow\Mozilla
2022-10-26 08:27 - 2020-01-04 22:13 - 000000000 ____D C:\Users\uh-sh\AppData\Local\Host App Service
2022-10-26 08:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\appcompat
2022-10-26 08:26 - 2022-03-20 11:22 - 000002243 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-10-26 08:26 - 2022-03-20 11:22 - 000002202 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2022-10-26 08:24 - 2020-01-04 22:21 - 000000000 __SHD C:\Users\uh-sh\IntelGraphicsProfiles
2022-10-25 14:58 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2022-10-25 14:30 - 2022-09-04 09:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Acer
2022-10-25 14:30 - 2021-11-08 11:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang
2022-10-25 14:30 - 2021-05-30 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2022-10-25 14:30 - 2020-09-03 19:40 - 000000000 ____D C:\Program Files\UNP
2022-10-25 14:30 - 2020-07-10 15:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo
2022-10-25 14:30 - 2020-06-07 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2022-10-25 14:30 - 2020-03-15 11:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2022-10-25 14:30 - 2020-01-30 21:03 - 000000000 ____D C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sky Ticket
2022-10-25 14:30 - 2020-01-05 15:01 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-10-25 14:30 - 2020-01-05 04:04 - 000000000 ____D C:\WINDOWS\oem
2022-10-25 14:30 - 2019-12-07 11:14 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2022-10-25 14:30 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2022-10-25 14:30 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2022-10-25 14:30 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\spool
2022-10-25 14:30 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\NDF
2022-10-25 14:30 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2022-10-25 14:30 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2022-10-25 14:30 - 2019-10-27 01:46 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 14
2022-10-25 14:30 - 2019-10-27 01:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2022-10-25 14:30 - 2019-10-27 01:21 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2022-10-25 14:30 - 2019-10-27 01:01 - 000000000 ____D C:\Program Files\Intel
2022-10-25 14:30 - 2019-03-19 06:52 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2022-10-25 14:05 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2022-10-25 13:48 - 2019-12-07 16:50 - 000744794 _____ C:\WINDOWS\system32\perfh007.dat
2022-10-25 13:48 - 2019-12-07 16:50 - 000150180 _____ C:\WINDOWS\system32\perfc007.dat
2022-10-25 13:44 - 2022-02-13 15:54 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2022-10-25 13:44 - 2021-08-28 10:39 - 000000000 ____D C:\Users\uh-sh\AppData\LocalLow\Norton
2022-10-25 13:44 - 2019-10-27 01:40 - 000001009 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2022-10-25 13:44 - 2019-10-27 01:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2022-10-25 13:41 - 2021-02-28 12:49 - 000008192 ___SH C:\DumpStack.log.tmp
2022-10-25 13:41 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2022-10-25 13:41 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2022-10-25 13:41 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-10-25 13:41 - 2019-10-27 00:54 - 000000000 ___HD C:\Intel
2022-10-25 13:40 - 2019-12-07 11:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2022-10-25 13:39 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-10-25 13:37 - 2020-01-04 22:21 - 000000000 ___RD C:\Users\uh-sh\3D Objects
2022-10-25 13:37 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2022-10-25 13:37 - 2019-10-27 00:57 - 000000000 __RHD C:\Users\Public\AccountPictures
2022-10-25 13:35 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-10-25 13:35 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows NT
2022-10-25 13:35 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender
2022-10-25 13:35 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2022-10-25 13:32 - 2019-12-07 11:14 - 000000000 __RSD C:\WINDOWS\Media
2022-10-25 13:31 - 2019-10-27 01:32 - 000000000 ____D C:\WINDOWS\system32\Intel
2022-10-25 13:30 - 2020-06-21 11:52 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-10-25 13:27 - 2019-12-07 11:18 - 000000000 ____D C:\WINDOWS\Setup
2022-10-25 13:25 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate
2022-10-25 13:24 - 2019-12-07 11:14 - 000000000 __RHD C:\Users\Public\Libraries
2022-10-25 13:18 - 2019-10-27 01:32 - 000000000 ____D C:\WINDOWS\system32\cAVS
2022-10-25 13:17 - 2022-05-26 10:25 - 000000000 ____D C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sena Technologies
2022-10-25 13:17 - 2022-01-24 13:12 - 000000000 ____D C:\Users\uh-sh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2022-10-25 13:14 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-10-25 13:13 - 2019-12-07 11:15 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2022-10-25 13:13 - 2019-12-07 11:14 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2022-10-25 13:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2022-10-25 13:03 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\MUI
2022-10-18 09:17 - 2022-01-24 13:12 - 000000000 ____D C:\Users\uh-sh\AppData\Local\Ubisoft Game Launcher
2022-10-18 09:12 - 2020-02-11 19:02 - 000000000 ____D C:\Users\uh-sh\Documents\Mrowka
2022-10-16 17:34 - 2022-05-26 10:49 - 000007683 _____ C:\Users\uh-sh\AppData\Local\resmon.resmoncfg
2022-10-16 17:11 - 2019-10-27 01:01 - 000000000 ____D C:\ProgramData\Package Cache
2022-10-16 11:31 - 2020-01-04 22:48 - 000000000 ____D C:\Program Files\Common Files\AV
2022-10-15 17:08 - 2021-02-18 21:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2022-10-15 16:07 - 2020-01-05 15:01 - 147398024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2022-10-15 15:35 - 2022-08-13 15:03 - 000000000 ____D C:\Users\uh-sh\Documents\Steuer ELSTER
2022-10-15 15:20 - 2019-10-27 01:41 - 000000000 ____D C:\Program Files\Microsoft Office
2022-10-13 16:03 - 2022-03-20 11:22 - 000000000 ____D C:\Program Files\Google
2022-10-09 17:43 - 2021-11-21 13:06 - 000000000 ____D C:\Users\uh-sh\Desktop\Zum Dienst
2022-10-09 17:03 - 2020-03-15 12:54 - 000000000 ____D C:\Users\uh-sh\AppData\Roaming\Garmin
2022-10-05 18:44 - 2019-10-27 01:46 - 000000000 ____D C:\ProgramData\Norton
2022-10-05 17:57 - 2019-10-27 01:37 - 000000000 ____D C:\Program Files (x86)\Acer
2022-09-28 17:35 - 2021-06-13 17:14 - 000000000 ____D C:\Users\uh-sh\AppData\Local\CrashDumps
2022-09-28 17:29 - 2021-01-30 18:35 - 000000000 ____D C:\Users\uh-sh\AppData\Local\D3DSCache
2022-09-27 18:15 - 2020-01-05 13:08 - 000000000 ____D C:\ProgramData\Garmin
2022-09-27 18:14 - 2020-01-05 13:08 - 000000000 ____D C:\Program Files (x86)\Garmin
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2022-05-26 10:49 - 2022-10-16 17:34 - 000007683 _____ () C:\Users\uh-sh\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 23-10-2022
durchgeführt von uh-sh (26-10-2022 08:33:49)
Gestartet von C:\Users\uh-sh\Downloads
Microsoft Windows 10 Home Version 22H2 19045.2130 (X64) (2022-10-25 11:35:51)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-568082222-3395335121-1670124993-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-568082222-3395335121-1670124993-503 - Limited - Disabled)
Gast (S-1-5-21-568082222-3395335121-1670124993-501 - Limited - Disabled)
uh-sh (S-1-5-21-568082222-3395335121-1670124993-1001 - Administrator - Enabled) => C:\Users\uh-sh
WDAGUtilityAccount (S-1-5-21-568082222-3395335121-1670124993-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Norton Security (Enabled - Up to date) {1122B19A-E671-38EC-8EAC-87048FD4528D}
AV: Norton Security Ultra (Enabled - Up to date) {A2708B76-6835-6565-CB96-694212954A75}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AV: Norton Security (Enabled - Up to date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton Security Ultra (Enabled) {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
FW: Norton Security (Enabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton Security (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
FW: Norton Security (Enabled) {291930BF-AC1E-39B4-A5F3-2E31710715F6}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Acer Configuration Manager (HKLM-x32\...\{8CB1A03C-9849-4744-AD56-341A18F9E3E2}) (Version: 2.5.22250 - Acer)
Acer Jumpstart (HKLM-x32\...\{0C5ED25A-B8D1-4E71-BFCB-6B370A4EA19C}) (Version: 3.5.22220.20 - Acer)
ANT Drivers Installer x64 (HKLM\...\{4F35B8FF-E00B-42BB-A6D4-6174BAB0404A}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.273.3.150 - SweetLabs) <==== ACHTUNG
App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.273.3.150 - SweetLabs) <==== ACHTUNG
App Explorer (HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\Host App Service) (Version: 0.273.4.565 - SweetLabs) <==== ACHTUNG
Care Center Service (HKLM\...\{AFB52E98-7597-4484-9202-58F0FD3512ED}) (Version: 4.00.3042 - Acer Incorporated)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.8904.02 - CyberLink Corp.)
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 5.1.7.638 - devolo AG)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3026 - Acer Incorporated)
Elevated Installer (HKLM-x32\...\{5383BE8D-5852-4FE5-A290-1B231C4A322C}) (Version: 7.14.0.0 - Garmin Ltd or its subsidiaries) Hidden
ExpressVPN (HKLM-x32\...\{878F6EB4-73BF-4A1E-9A92-6DDF9EDC8A8B}) (Version: 2.2.19325.10 - Acer)
Forge of Empires (HKLM-x32\...\{39D43D1E-8661-4990-9D01-2C1F593CC8C3}) (Version: 3.1.19223.4 - Acer)
FRITZ!Fernzugang (HKLM\...\{DD57CC22-8864-4CCA-94D4-600D024C1207}) (Version: 1.4.1 - AVM Berlin)
Garmin BaseCamp (HKLM-x32\...\{a7339a73-aef7-4ce1-963f-e7396ba18511}) (Version: 4.7.4.0 - Garmin Ltd or its subsidiaries)
Garmin BaseCamp (HKLM-x32\...\{B48BC415-D96D-4676-BAB5-66EFDA0D8D7B}) (Version: 4.7.4.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin City_Navigator_Europe_NTU_2020_30 (HKLM-x32\...\{BEE5950B-8A67-4ACB-A391-77D5F440DC71}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City_Navigator_Europe_NTU_2021_30 (HKLM-x32\...\{DE52C2E9-2116-452F-A2D4-2AD963C7B236}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{5bc116de-415f-4087-a55b-ffa07751c0d1}) (Version: 7.14.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{BB1DCEBC-FD41-4EA7-8F74-168B91D032F1}) (Version: 7.14.0.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{4e365b8d-ed6f-4316-a1b8-f8762eaed5a0}) (Version: 2.5.8 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{9644C9A2-DB70-40B2-9CD3-E025F9CD867D}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 107.0.5304.63 - Google LLC)
Intel(R) Chipset Device Software (HKLM\...\{351A0D24-F6F1-4105-AA50-5D2CCC71E0DD}) (Version: 10.1.18019.8144 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 1924.14.0.1295 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{3978C240-E168-423F-828F-FACD27C87200}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{4C474EBC-96D2-4273-A465-34BA6EB9B50F}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Driver (HKLM\...\{3489EF28-7347-4779-9701-FD81E898870C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 26.20.100.6911 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{31E11FD7-9921-48E4-AAFC-FD25A0051994}) (Version: 17.5.1.1021 - Intel Corporation) Hidden
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 17.5.1.1021 - Intel Corporation)
Intel(R) Trusted Connect Service Client x64 (HKLM\...\{C9552825-7BF2-4344-BA91-D3CD46F4C442}) (Version: 1.55.66.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Service Client x86 (HKLM-x32\...\{C9552825-7BF2-4344-BA91-D3CD46F4C441}) (Version: 1.55.66.0 - Intel Corporation) Hidden
Intel(R) Trusted Connect Services Client (HKLM-x32\...\{1fec26b5-eeec-4604-877a-44f1843ae9d4}) (Version: 1.55.66.0 - Intel Corporation) Hidden
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{4551f75f-3c54-4f09-8221-8c8a061bad00}) (Version: 10.1.18019.8144 - Intel(R) Corporation)
Intel® Optane™ Pinning Explorer Extensions (HKLM\...\{1AC25CEA-DED2-4D31-AE36-A9CBD5B85B67}) (Version: 17.5.1.1021 - Intel Corporation)
Microsoft Edge (HKLM-x32\...\{2D52B6E4-968B-39B1-A00F-4F12269DA6B2}) (Version: 106.0.1370.52 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 106.0.1370.52 - Microsoft Corporation)
Microsoft Office Home and Student 2019 - de-de (HKLM\...\HomeStudent2019Retail - de-de) (Version: 16.0.15629.20208 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\OneDriveSetup.exe) (Version: 22.207.1002.0003 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{7B1FCD52-8F6B-4F12-A143-361EA39F5E7C}) (Version: 3.67.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{722855E9-F981-4436-A979-32E0C5A09918}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{3EB42C92-1F2D-4D47-B12C-E9F5A9CD55F0}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218 (HKLM\...\{BBBE35B2-9349-3C48-BD3D-F574B17C7924}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30139 (HKLM-x32\...\{2c673fb6-3e65-4751-965d-33d30b68a8a6}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30139 (HKLM-x32\...\{8d5fdf81-7022-423f-bd8b-b513a1050ae1}) (Version: 14.29.30139.0 - Microsoft Corporation)
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.29.30139 (HKLM\...\{7F4A9F52-173F-4B0D-B1EA-269C32EDA827}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.29.30139 (HKLM\...\{A6D3F752-BF11-4D7C-B19C-F6F96A35CF50}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.29.30139 (HKLM-x32\...\{1AEA8854-7597-4CD3-948F-8DE364D94E07}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.29.30139 (HKLM-x32\...\{1679EF65-55F3-4248-B91E-6B3BE1A69CDF}) (Version: 14.29.30139 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 106.0.1 (x64 en-US)) (Version: 106.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 105.0.3 - Mozilla)
Norton Security (HKLM-x32\...\NGC) (Version: 22.22.9.11 - NortonLifeLock Inc)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.15629.20118 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.15629.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.15629.20118 - Microsoft Corporation) Hidden
Quick Access Service (HKLM\...\{AB25551C-74EF-4BAB-9989-891517FCF9FF}) (Version: 3.00.3038 - Acer Incorporated)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.35.510.2019 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.8710.1 - Realtek Semiconductor Corp.)
Sena Bluetooth Device Manager 4.3.3 (HKLM-x32\...\Sena Bluetooth Device Manager) (Version: 4.3.3 - Copyright (C) 2012 ~ 2022 Sena Technologies Inc.)
Sky Ticket 8.10.0.0 (HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\com.bskyb.skyticket_is1) (Version: 8.10.0.0 - Sky Ticket)
thesettlers (HKLM-x32\...\Uplay Install 11662) (Version: - Ubisoft)
thesettlers2 (HKLM-x32\...\Uplay Install 11783) (Version: - Ubisoft)
thesettlers3 (HKLM-x32\...\Uplay Install 11784) (Version: - Ubisoft)
thesettlers4 (HKLM-x32\...\Uplay Install 11785) (Version: - Ubisoft)
theSettlers5 (HKLM-x32\...\Uplay Install 11786) (Version: - )
thesettlers6 (HKLM-x32\...\Uplay Install 11787) (Version: - Ubisoft)
thesettlers7 (HKLM-x32\...\Uplay Install 11788) (Version: - Ubisoft)
Ubisoft Connect (HKLM-x32\...\Uplay) (Version: 68.0 - Ubisoft)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
User Experience Improvement Program Service (HKLM\...\{E9495FD3-F73D-4D33-A104-047F9E8BE6C7}) (Version: 4.00.3106 - Acer Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.17.4 - VideoLAN)
Windows 10-Update-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.19041.2183 - Microsoft Corporation)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Windows-Treiberpaket - Cambridge Silicon Radio Ltd. (CSRBC) USB (11/27/2020 2.5.5.9) (HKLM\...\6A50C99E75CE49370D2FB6BD3959E25A02A0751A) (Version: 11/27/2020 2.5.5.9 - Cambridge Silicon Radio Ltd.)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Packages:
=========
Acer Collection S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCollectionS_1.0.3004.0_x64__48frkmn4z8aw4 [2021-11-21] (Acer Incorporated)
Acer Product Registration -> C:\Program Files\WindowsApps\AcerIncorporated.AcerRegistration_2.0.3040.0_x64__48frkmn4z8aw4 [2022-10-11] (Acer Incorporated)
Candy Crush Friends -> C:\Program Files\WindowsApps\king.com.CandyCrushFriends_1.90.2.0_x64__kgqvnymyfvs32 [2022-10-11] (king.com)
Care Center S -> C:\Program Files\WindowsApps\AcerIncorporated.AcerCareCenterS_4.0.3042.0_x64__48frkmn4z8aw4 [2022-10-25] (Acer Incorporated)
Dropbox-Sonderaktion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_22.4.18.0_x64__xbfy0k16fey96 [2022-09-07] (Dropbox Inc.)
Farm Heroes Saga -> C:\Program Files\WindowsApps\king.com.FarmHeroesSaga_5.89.8.0_x64__kgqvnymyfvs32 [2022-10-15] (king.com)
Fotos-Add-On -> C:\Program Files\WindowsApps\Microsoft.Windows.Photos.DLC.Main_2021.39122.10110.0_x64__8wekyb3d8bbwe [2021-03-16] (Microsoft Corporation)
GoTrust ID -> C:\Program Files\WindowsApps\GOTrustTechnologyInc.GO-TrustAuthenticator_3.1.21.0_x64__0r04f53sqacg6 [2020-12-03] (GoTrustID Inc.)
Hearts Deluxe -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.HeartsDeluxe_6.13.101.0_x64__kx24dqmazqk8j [2022-10-08] (Random Salad Games LLC)
Intel® Grafik-Kontrollraum -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.3408.0_x64__8j3eq9eme6ctt [2022-04-22] (INTEL CORP) [Startup Task]
Intel® Graphics Control Panel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsControlPanel_3.3.0.0_x64__8j3eq9eme6ctt [2020-02-19] (INTEL CORP)
LinkedIn -> C:\Program Files\WindowsApps\7EE7776C.LinkedInforWindows_2.1.7098.0_neutral__w1wdnht996qgy [2020-01-12] (LinkedIn)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2020-04-12] (Microsoft Corporation)
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x64__8wekyb3d8bbwe [2022-10-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for JavaScript -> C:\Program Files\WindowsApps\Microsoft.Advertising.JavaScript_10.1809.1.0_x86__8wekyb3d8bbwe [2022-10-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2022-10-25] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2022-10-25] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.14.9130.0_x64__8wekyb3d8bbwe [2022-09-17] (Microsoft Studios) [MS Ad]
Movie & Audio Studio -> C:\Program Files\WindowsApps\MAGIXSoftwareGmbH.MovieAudioStudio_1.1.4.0_x64__awcgk3qbzve1y [2019-10-27] (MAGIX Software GmbH)
MPEG-2-Videoerweiterung -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe [2022-05-02] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-02-20] (Netflix, Inc.)
Norton Password Manager -> C:\Program Files\WindowsApps\SymantecCorporation.5478111E43ACF_7.2.1.0_neutral__v68kp9n051hdp [2021-06-13] (NortonLifeLock Inc.)
Norton Safe Web -> C:\Program Files\WindowsApps\SymantecCorporation.NortonSafeWeb_3.14.3.0_neutral__v68kp9n051hdp [2021-03-11] (NortonLifeLock Inc.)
ntv Nachrichten -> C:\Program Files\WindowsApps\n-tvNachrichtenfernsehenG.n-tvNachrichten_2.8.0.0_x64__hf9cm24zcg85p [2020-01-05] (n-tv Nachrichtenfernsehen GmbH)
PhotoDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PhotoDirectorforacerDesktop_8.0.5229.0_x64__ypz87dpxkv292 [2019-10-27] (CYBERLINK COM CORP)
PowerDirector for acer -> C:\Program Files\WindowsApps\CyberLinkCorp.ac.PowerDirectorforacerDesktop_14.0.4304.0_x64__ypz87dpxkv292 [2019-10-27] (CYBERLINK COM CORP)
QuickAccess -> C:\Program Files\WindowsApps\AcerIncorporated.QuickAccess_3.0.3038.0_x64__48frkmn4z8aw4 [2022-02-11] (Acer Incorporated)
Realtek Audio Control -> C:\Program Files\WindowsApps\RealtekSemiconductorCorp.RealtekAudioControl_1.14.226.0_x64__dt26b99r8h8gj [2020-09-22] (Realtek Semiconductor Corp)
Simple Mahjong -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleMahjong_6.3.81.0_x64__kx24dqmazqk8j [2022-10-25] (Random Salad Games LLC)
Solitär -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.4.14.0_x64__kx24dqmazqk8j [2022-10-25] (Random Salad Games LLC)
Spades -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.Spades_6.1.120.0_x64__kx24dqmazqk8j [2022-10-03] (Random Salad Games LLC)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0 [2022-10-15] (Spotify AB) [Startup Task]
User Experience Improvement Program -> C:\Program Files\WindowsApps\AcerIncorporated.UserExperienceImprovementProgram_4.0.3106.0_x64__48frkmn4z8aw4 [2019-10-27] (Acer Incorporated)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-568082222-3395335121-1670124993-1001_Classes\CLSID\{E1159E6E-9613-4159-BCB9-7174056EE486}\InprocServer32 -> C:\Program Files\Mozilla Firefox\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-06-20] (Intel(R) Rapid Storage Technology -> )
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.9.11\buShell.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.9.11\buShell.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.9.11\buShell.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.22.9.11\buShell.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.22.9.11\buShell.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.22.9.11\buShell.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.9.11\buShell.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.9.11\NavShExt.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.9.11\NavShExt.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\Program Files\Intel\OptaneShellExtensions\OptaneShellExt.dll [2019-06-20] (Intel(R) Rapid Storage Technology -> )
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.22.9.11\buShell.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.22.9.11\NavShExt.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\Users\uh-sh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Profil 2 - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1"
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2020-11-27 04:38 - 2020-11-27 04:38 - 000961536 _____ () [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\Garmin\Express\CefSharp.BrowserSubprocess.Core.dll
2020-11-27 04:38 - 2020-11-27 04:38 - 001446400 _____ () [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\Garmin\Express\CefSharp.Core.dll
2022-09-20 09:35 - 2022-09-20 09:35 - 000073216 _____ () [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\Garmin\Express\FixBootSector.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000325632 _____ () [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\Garmin\Express\GpsImgWrapper.dll
2020-11-18 10:14 - 2020-11-18 10:14 - 117340672 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\libcef.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 000323072 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\libegl.dll
2020-11-18 08:40 - 2020-11-18 08:40 - 005441536 _____ () [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\libglesv2.dll
2022-09-20 09:35 - 2022-09-20 09:35 - 001976832 _____ (Apache Software Foundation) [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\XercesLib.dll
2022-09-20 09:41 - 2022-09-20 09:41 - 000234496 _____ (Dynastream Innovations Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\ANT_WrappedLib.dll
2022-09-20 09:35 - 2022-09-20 09:35 - 002711552 _____ (Garmin International) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\Garmin\Express\legacyio.dll
2017-05-08 10:35 - 2017-05-08 10:35 - 000343552 _____ (Garmin International, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\IMG_GPSMAP.dll
2022-09-20 09:35 - 2022-09-20 09:35 - 000425472 _____ (Garmin) [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\XMLdll.dll
2022-09-20 09:39 - 2022-09-20 09:39 - 000090112 _____ (Silicon Laboratories, Inc.) [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\DSI_SiUSBXp_3_1.DLL
2020-11-18 08:39 - 2020-11-18 08:39 - 000843264 _____ (The Chromium Authors) [Datei ist nicht signiert] C:\Program Files (x86)\Garmin\Express\chrome_elf.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKU\S-1-5-21-568082222-3395335121-1670124993-1001 -> DefaultScope {EB9EE7C9-E85E-4C04-AF17-4C336F1E187A} URL =
SearchScopes: HKU\S-1-5-21-568082222-3395335121-1670124993-1001 -> {EB9EE7C9-E85E-4C04-AF17-4C336F1E187A} URL =
BHO: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine\22.22.9.11\coIEPlg.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-08-13] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.22.9.11\coIEPlg.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine\22.22.9.11\coIEPlg.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.22.9.11\coIEPlg.dll [2022-10-03] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-01] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-03-19 06:49 - 2019-03-19 06:49 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\uh-sh\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\IMG_20210527_115333_HDR.jpg
DNS Servers: 10.0.3.1 - 10.0.3.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
ist aktiviert.
Network Binding:
=============
WLAN: AVM VPN NDIS 6 Driver -> avm_nwim (enabled)
Ethernet: AVM VPN NDIS 6 Driver -> avm_nwim (enabled)
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "RtkAudUService"
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\StartupApproved\Run: => "GarminExpress"
HKU\S-1-5-21-568082222-3395335121-1670124993-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_188D618001D97FF9308576AE61889BA3"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{63E32948-C136-4C8D-A2B6-D77BAD96C100}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\106.0.1370.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C48DF7B4-F4EF-4A69-A545-E502BDE40998}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{DB1382C9-3C31-438D-A99D-ECA7DFDE40B9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{B81C8B33-674B-42C9-BE38-F0CB10B05CFE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{FAB68B6F-2EDC-419B-B62D-9E286DD6A371}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{5930ADDD-F81D-471C-94E9-48E440804473}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{583F828E-ADFE-4F05-9A81-87B947241DA8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{09B5D30A-BA69-468B-A4BB-65E023646B04}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{0315E634-162A-403E-A72A-6833D0C3CBBA}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.196.785.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{1FFC9FB8-EA25-488B-A5AE-5ECE9E6E7359}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{67232343-84E2-4C71-95B9-56D47450B334}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{95DDF05D-31E2-4B25-B0B2-64D34DF1BC09}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A12B2912-BBA5-46A2-9D08-72B0495DAF72}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EB32C0EE-DB16-478D-BFAD-AFD3487AB14C}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{76175A68-2EBA-46AA-B56A-1EAB931DA9B3}] => (Allow) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (devolo AG -> devolo AG)
FirewallRules: [{6AA611C6-BC30-4566-919D-CA5CFCB41CEA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{88BD4A24-27B8-4072-8611-121A6EFC167B}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{10D75891-9BF1-4CD9-B84B-6D14B6635AFD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [{E67DCF11-AF86-4CC1-BC53-CB7634B23795}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe => Keine Datei
FirewallRules: [{996E76A9-8AD3-4449-B35E-4859AD72690F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe => Keine Datei
FirewallRules: [{EB56911A-3FAA-4787-B897-A4E099D790EE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe (CyberLink Corp. -> CyberLink Corp.)
FirewallRules: [TCP Query User{518CB87B-3049-4A02-BB01-08787706AF53}C:\users\uh-sh\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\uh-sh\appdata\roaming\spotify\spotify.exe => Keine Datei
FirewallRules: [UDP Query User{03BA1F8C-DF95-412C-9A2B-7D46AA20AC5B}C:\users\uh-sh\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\uh-sh\appdata\roaming\spotify\spotify.exe => Keine Datei
FirewallRules: [{9CA8C1E7-01BC-4F1E-B42C-8A5EB45C10B8}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Wiederherstellungspunkte =========================
25-10-2022 13:39:04 Windows Modules Installer
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (10/25/2022 01:30:47 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -1409.
Systemfehler:
=============
Error: (10/25/2022 01:50:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (10/25/2022 01:50:07 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\uh-sh\AppData\Local\Temp\ehdrv.sys
Error: (10/25/2022 01:50:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (10/25/2022 01:50:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\uh-sh\AppData\Local\Temp\ehdrv.sys
Error: (10/25/2022 01:50:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (10/25/2022 01:50:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\uh-sh\AppData\Local\Temp\ehdrv.sys
Error: (10/25/2022 01:50:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
Der Treiber konnte nicht geladen werden.
Error: (10/25/2022 01:50:06 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\uh-sh\AppData\Local\Temp\ehdrv.sys
CodeIntegrity:
===============
Date: 2022-10-26 08:31:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Mozilla Firefox\mozavcodec.dll that did not meet the Microsoft signing level requirements.
Date: 2022-10-26 08:31:58
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Mozilla Firefox\firefox.exe) attempted to load \Device\HarddiskVolume3\Program Files\Mozilla Firefox\mozavutil.dll that did not meet the Microsoft signing level requirements.
Date: 2022-10-26 08:25:17
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.22.9.11\symamsi.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
BIOS: Insyde Corp. V1.05 09/05/2019
Hauptplatine: CML Dopey_WC
Prozessor: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz
Prozentuale Nutzung des RAM: 70%
Installierter physikalischer RAM: 8023.05 MB
Verfügbarer physikalischer RAM: 2356.3 MB
Summe virtueller Speicher: 9303.05 MB
Verfügbarer virtueller Speicher: 2949.39 MB
==================== Laufwerke ================================
Drive c: (Acer) (Fixed) (Total:475.83 GB) (Free:177.75 GB) (Model: WDC PC SN520 SDAPNUW-512G-1014) NTFS
Drive d: (The Settlers History Edition) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
\\?\Volume{dfc3fb7b-15dd-4953-9871-4d6591573a2c}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.42 GB) NTFS
\\?\Volume{93bf6021-1beb-4e50-b38c-2f2cbc23b483}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32
==================== MBR & Partitionstabelle ====================
==================== Ende von Addition.txt =======================
Grüße Jens |
| Themen zu Phishing SMS nach Onlinebanking |
| cpu, desktop, error, firefox, google, home, internet, internet explorer, monitor, mozilla, performance, phishing, popup, prozesse, realtek, registry, scan, security, services.exe, svchost.exe, system, udp, updates, usb, windows |
Baum-Darstellung