|
Log-Analyse und Auswertung: Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.02.2023, 13:21 | #1 |
| Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. Hey, auf dem Latop meiner Eltern poppte plötzich eine riesen Meldung auf, dass Windos gesperrt würde. Zugleich wurde eine Audio-Nachricht abgespielt (im Loop), welche mitteilte, dass das System gesperrt wurde, und auch online Banking mit gesperrt wird (genauen Wortlaut habe ich nicht, da ich nicht vor Ort war). Ich habe mich dann per TeamViewer aufgeschalten. Das Pop-Up Fenster hat den ganzen Screen eingenommen. Über STRG-ALT-ENTF habe ich dann im Taksmanager gesehen, dass ein Task namens "Microsoft Teams" super viel Ressourcen fraß - ich wusste jedoch, dass auf dem Rechner kein Teams installiert war. (das Icon sah auch etws anders aus). Beim Erweitern dieses Tasks wurden aber viele Firefox Sub-Tasks gelistet, sodass ich deiese einfach mal gekillt habe - das Fenster war weg. (es schien über den Browser gelaufen zu sein). Jedoch hab es auch unten in der Windows Icon-Leiste einen eigenes Icon dafür.. Ich habe dann folgendes getan: - Norton einmal scannen lasse, der hat aber nichts gefunden - Malware Bytes AdwCleaner laufne lassen, der hatte "PUP.Optional.Fake.OpenOfficeUpdate" gefunden und behoben. (siehe Log) - uBlock für firefox installiert - FRST installiert und laufen lassen (siehe Logs) kann mir jemand sagen, ob noch was auf dme Rechner installiert ist? Meine Ma schwört, nichts installisert zu haben, sie hätte nur eine Seite aufgerufen.. geht das so einfach? FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2023 durchgeführt von gabri (Administrator) auf NB-GABY (HP HP 250 G8 Notebook PC) (22-02-2023 13:00:43) Gestartet von C:\Users\gabri\Downloads Geladene Profile: gabri Plattform: Microsoft Windows 11 Home Version 22H2 22621.1265 (X64) Sprache: Deutsch (Deutschland) Standard-Browser: FF Start-Modus: Normal ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe (C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe (C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_w32.exe (C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_x64.exe (C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe ->) (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6\win32\HPAudioSwitch.exe (C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.50\msedgewebview2.exe <12> (DriverStore\FileRepository\cui_dch.inf_amd64_cb841b7c497d4503\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_cb841b7c497d4503\igfxEMN.exe (DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\BridgeCommunication.exe (DriverStore\FileRepository\icss_extension.inf_amd64_0304b9d8e91ee308\UserAwarenessService.exe ->) (Intel(R) pGFX 2020 -> Intel Corp) C:\Windows\System32\DriverStore\FileRepository\icss_extension.inf_amd64_0304b9d8e91ee308\UserAwarenessHelper.exe (ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe (SECOMN64.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe (services.exe ->) (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrYNSvc.exe (services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f23fc423d26e5d79\x64\TouchpointAnalyticsClientService.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\AppHelperCap.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\DiagsCap.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\NetworkCap.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\SysInfoCap.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_cb841b7c497d4503\igfxCUIServiceN.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_897ea327b3fe52f7\esif_uf.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_a5ea1b1d8db1527e\RstMwService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_f94b71985382657d\OneApp.IGCC.WinService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9b53505f87f3498b\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_a29135245e28a81a\AS\IAS\IntelAudioService.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe (services.exe ->) (Intel(R) pGFX 2020 -> Intel Corp) C:\Windows\System32\DriverStore\FileRepository\icss_extension.inf_amd64_0304b9d8e91ee308\UserAwarenessService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncHelper.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe (services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.23.1.21\NortonSecurity.exe <2> (services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.23.1.21\nsWscSvc.exe (services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkWiFiManServ.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1c0a31316508effa\RtkAudUService64.exe <2> (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (sihost.exe ->) (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe (svchost.exe ->) (Flexera Software LLC -> Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe (svchost.exe ->) (Flexera Software LLC -> Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe (svchost.exe ->) (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6\HP.MyHP.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileCoAuth.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22122.94.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe (svchost.exe ->) (WhatsApp Inc.) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2304.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe ==================== Registry (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1c0a31316508effa\RtkAudUService64.exe [1596800 2022-09-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.) [Datei ist nicht signiert] HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.) [Datei ist nicht signiert] HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [122427152 2021-07-14] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 ] (Flexera Software LLC -> Flexera Software LLC.) HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [536152 2022-10-13] (HP Inc. -> HP Inc.) HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Run: [OpenOffice Updater] => C:\Users\gabri\AppData\Roaming\OpenOffice Updater\Updater.exe [367480 2021-07-28] (Arne Koenig -> ) <==== ACHTUNG HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2629552 2023-02-16] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\gabri\AppData\Local\Microsoft\Teams\Update.exe [2587336 2023-01-28] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.) HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Run: [MicrosoftEdgeAutoLaunch_E366E5E6AF98057EB6410578BC1FD47F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4243360 2023-02-17] (Microsoft Corporation -> Microsoft Corporation) HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0100D0A6-9F3D-4CA2-92FC-3585C2005A7E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2023-01-10] (HP Inc. -> HP Inc.) Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc Task: {07C19A67-C1F4-4C10-9E79-424C379A9911} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery Reboot (Keine Datei) Task: {10650654-D454-4607-ADBA-647FF8681220} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Task: {17D5928D-77DD-46EA-A895-33978E4C0BEC} - System32\Tasks\GoogleUpdateTaskMachineUA{BC940E11-41FF-4FEE-8FF2-099447A32231} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-22] (Google LLC -> Google LLC) Task: {18E436A0-3122-4D66-961E-AD08157D2251} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674720 2023-02-16] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {1C5676DF-69ED-4B99-A1FD-74CF5AABF6CA} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.23.1.21\SymErr.exe [379024 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Task: {2E02ECFD-AF94-4CB1-922D-CA5FBBFC266C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2022-12-27] (Microsoft Corporation -> Microsoft Corporation) Task: {367A7FA4-C69D-411E-9AB5-D7210AEA42D4} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.23.1.21\SymErr.exe [379024 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Task: {4C440D64-E135-42B1-B102-49D3CAC2CF7B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716192 2023-02-16] (Mozilla Corporation -> Mozilla Foundation) Task: {54259915-DFD6-4669-BE7E-7660185D79F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1149464 2023-01-10] (HP Inc. -> HP Inc.) Task: {72A61018-6C49-45AC-954D-D2BC1292AAB1} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.) Task: {796CC92E-8D9D-414A-828A-862C2434FD79} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2353000 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Task: {81041C1E-3659-4BA6-8776-69BFEA958E20} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141240 2023-02-20] (Microsoft Corporation -> Microsoft Corporation) Task: {8130BAF2-A0B4-4134-85D3-ACD4EAB5C729} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32} Task: {90E25386-4E33-41A8-BA15-A34E3DBEE922} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC Reboot (Keine Datei) Task: {96951949-D65A-47FD-87F5-510CBC5EE898} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [847392 2023-01-10] (HP Inc. -> HP Inc.) Task: {A488682F-0EC6-489B-B629-7E8E1F4DB0FE} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4191152 2023-02-16] (Microsoft Corporation -> Microsoft Corporation) Task: {A51AB5C0-21FA-426B-B891-A3B521DC15B9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => C:\WINDOWS\system32\MusNotification.exe LogonUpdateResults (Keine Datei) Task: {AD61B4CB-6BB8-4E9C-B398-DD861FA9DAD6} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice Task: {ADEA81E7-37CA-4B93-903B-3C10A8B7BFDE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141240 2023-02-20] (Microsoft Corporation -> Microsoft Corporation) Task: {AF730CDC-7FD9-4C01-AE68-36A652BC2C78} - System32\Tasks\GoogleUpdateTaskMachineCore{B2DB0D50-3494-4A98-8D39-4F2E5DABF61D} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-22] (Google LLC -> Google LLC) Task: {B16CF0CB-F41A-4D72-B752-772964D7E249} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.23.1.21\WSCStub.exe [646520 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Keine Datei) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (Keine Datei) Task: {E869009B-908D-496B-A4B0-B1C7BF1DF7BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Task: {EC38B38A-40DC-4037-BD83-8A8D6D5BD7DC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2022-12-27] (Microsoft Corporation -> Microsoft Corporation) Task: {F2D0283D-004B-4B3C-8832-95DF1BFD7FFF} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.23.1.21\SymErr.exe [379024 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Task: {F83CFC1C-E4DC-406F-9BA7-4C9325F78140} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-206354118-824061166-57906184-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4191152 2023-02-16] (Microsoft Corporation -> Microsoft Corporation) Task: {FD74F76C-309E-4616-A41F-91E24A830A83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1149464 2023-01-10] (HP Inc. -> HP Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{51380dae-4a02-4a6e-9308-8532626f37b0}: [DhcpNameServer] 100.100.20.24 Tcpip\..\Interfaces\{c9c7e339-318b-4f90-927c-45dd1ec301c2}: [DhcpNameServer] 192.168.178.1 Edge: ======= Edge Profile: C:\Users\gabri\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-22] FireFox: ======== FF DefaultProfile: xl01siw9.default FF ProfilePath: C:\Users\gabri\AppData\Roaming\Mozilla\Firefox\Profiles\xl01siw9.default [2022-10-13] FF ProfilePath: C:\Users\gabri\AppData\Roaming\Mozilla\Firefox\Profiles\1phivtl9.default-release-1677065467883 [2023-02-22] FF Extension: (uBlock Origin) - C:\Users\gabri\AppData\Roaming\Mozilla\Firefox\Profiles\1phivtl9.default-release-1677065467883\Extensions\uBlock0@raymondhill.net.xpi [2023-02-22] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2018-09-24] (Nuance Communications, Inc. -> Nuance Communications, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2018-09-24] (Nuance Communications, Inc. -> Nuance Communications, Inc.) ==================== Dienste (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [Datei ist nicht signiert] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9198496 2022-12-27] (Microsoft Corporation -> Microsoft Corporation) R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [151560 2018-09-24] (Nuance Communications, Inc. -> Nuance Communications, Inc.) R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncHelper.exe [3486640 2023-02-16] (Microsoft Corporation -> Microsoft Corporation) R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2020-03-18] (HP Inc. -> HP Inc.) R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\AppHelperCap.exe [797600 2023-01-19] (HP Inc. -> HP Inc.) R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\DiagsCap.exe [796584 2023-01-19] (HP Inc. -> HP Inc.) R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\NetworkCap.exe [792984 2023-01-19] (HP Inc. -> HP Inc.) R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\SysInfoCap.exe [796576 2023-01-19] (HP Inc. -> HP Inc.) R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f23fc423d26e5d79\x64\TouchpointAnalyticsClientService.exe [493712 2022-12-19] (HP Inc. -> HP Inc.) R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_a29135245e28a81a\\AS\\IAS\\IntelAudioService.exe [532056 ] (Intel Corporation -> Intel) R2 IntelContextService; C:\WINDOWS\System32\DriverStore\FileRepository\icss_extension.inf_amd64_0304b9d8e91ee308\UserAwarenessService.exe [148920 2020-10-22] (Intel(R) pGFX 2020 -> Intel Corp) S3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2022-12-07] (Microsoft Windows -> Microsoft Corporation) R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.23.1.21\NortonSecurity.exe [344888 2023-02-02] (NortonLifeLock Inc. -> NortonLifelock Inc.) R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.23.1.21\nsWscSvc.exe [1059176 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.023.0129.0002\OneDriveUpdaterService.exe [3857328 2023-02-16] (Microsoft Corporation -> Microsoft Corporation) R2 RtkWiFiManServ; C:\WINDOWS\RtkWiFiManServ.exe [826936 2021-12-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) R2 SECOMNService; C:\WINDOWS\System32\SECOMN64.exe [743400 2022-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16907064 2023-02-20] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2022-12-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe [3170576 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe [133584 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation) S3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137600 2023-02-15] (Microsoft Windows -> Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [135296 2020-10-22] (Alcorlink Corp. -> ) R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2022-12-07] (Microsoft Windows -> Microsoft Corporation) R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.22.9.11\Definitions\BASHDefs\20230221.001\BHDrvx64.sys [1705040 2022-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Datei ist nicht signiert] R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\ccSetx64.sys [198280 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [527864 2022-09-10] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [159720 2022-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation) R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-15] (HP Inc. -> HP Inc.) R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-07-19] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys [204440 2021-07-19] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_SPI_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_fc1ed3a5a1d514f2\iaLPSS2_SPI_TGL.sys [158352 2021-07-19] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_UART2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_cd8c3a141c1b1284\iaLPSS2_UART2_TGL.sys [313504 2021-07-19] (Intel Corporation -> Intel Corporation) R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1544912 2021-08-26] (Intel Corporation -> Intel Corporation) R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.22.9.11\Definitions\IPSDefs\20230221.061\IDSvia64.sys [1527816 2023-02-21] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_2a3cc0b2d56e7a64\IntcUSB.sys [889944 2022-11-01] (Intel Corporation -> Intel(R) Corporation) R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_19ceb7ce67a7cf8b\gna.sys [87200 2022-01-11] (Intel Corporation -> Intel Corporation) S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\nsvst.sys [57120 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.) S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> ) R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\SRTSP64.SYS [956048 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\SRTSPX64.SYS [52872 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\SYMEFASI64.SYS [2180248 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\SymELAM.sys [36016 2023-02-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Broadcom) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [100328 2022-10-22] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.22.9.11\SymPlatform\SymEvnt.sys [722400 2022-06-06] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\Ironx64.SYS [306824 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\symnets.sys [492728 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49616 2022-10-14] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [455968 2022-10-14] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-10-14] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP) S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\wpCtrlDrv.sys [1016792 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2022-12-18] (Microsoft Windows -> Microsoft Corporation) S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2023-02-22 13:00 - 2023-02-22 13:01 - 000031397 _____ C:\Users\gabri\Downloads\FRST.txt 2023-02-22 12:59 - 2023-02-22 13:00 - 000000000 ____D C:\FRST 2023-02-22 12:59 - 2023-02-22 12:59 - 002378752 _____ (Farbar) C:\Users\gabri\Downloads\FRST64.exe 2023-02-22 12:41 - 2023-02-22 12:41 - 000764278 _____ C:\WINDOWS\system32\perfh007.dat 2023-02-22 12:41 - 2023-02-22 12:41 - 000167026 _____ C:\WINDOWS\system32\perfc007.dat 2023-02-22 12:28 - 2023-02-22 12:28 - 000000000 ____D C:\AdwCleaner 2023-02-22 12:27 - 2023-02-22 12:27 - 008791352 _____ (Malwarebytes) C:\Users\gabri\Downloads\adwcleaner.exe 2023-02-22 12:25 - 2023-02-22 12:26 - 002555248 _____ (Malwarebytes) C:\Users\gabri\Downloads\MBSetup.exe 2023-02-22 11:46 - 2023-02-22 11:46 - 000000000 ____D C:\Program Files\Portrait Displays 2023-02-21 20:38 - 2023-02-21 20:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation 2023-02-17 16:06 - 2023-02-17 16:06 - 004943318 _____ C:\Users\gabri\OneDrive\Dokumente\dokument.prn 2023-02-16 19:44 - 2023-02-16 20:26 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-02-16 18:46 - 2023-02-16 18:46 - 000000000 ___RD C:\Users\gabri\AppData\Roaming\Brother 2023-02-16 18:46 - 2023-02-16 18:46 - 000000000 ____D C:\Users\gabri\AppData\LocalLow\Brother 2023-02-16 18:13 - 2023-02-22 12:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Security with Backup 2023-02-16 18:06 - 2023-02-16 19:47 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security 2023-02-16 18:06 - 2023-02-16 18:06 - 000003376 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration 2023-02-15 20:01 - 2023-02-15 20:01 - 000000000 ___HD C:\$WinREAgent 2023-02-10 19:12 - 2023-02-10 19:13 - 004576536 _____ (DeepLSetup) C:\Users\gabri\Downloads\DeepLSetup(1).exe 2023-02-07 07:46 - 2023-02-07 07:46 - 003814680 _____ (DeepLSetup) C:\Users\gabri\Downloads\DeepLSetup.exe 2023-01-28 11:02 - 2023-01-28 11:02 - 000002401 _____ C:\Users\gabri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school).lnk ==================== Ein Monat (geänderte) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2023-02-22 13:00 - 2022-10-13 17:53 - 000000000 ____D C:\Users\gabri\AppData\LocalLow\Mozilla 2023-02-22 13:00 - 2022-10-13 17:53 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-02-22 12:58 - 2022-10-22 11:53 - 000000000 ____D C:\Program Files (x86)\Google 2023-02-22 12:41 - 2022-12-07 15:17 - 001774666 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2023-02-22 12:41 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF 2023-02-22 12:37 - 2022-12-07 15:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-02-22 12:37 - 2022-10-13 15:16 - 000000000 ___RD C:\Users\gabri\OneDrive 2023-02-22 12:37 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps 2023-02-22 12:37 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-02-22 12:37 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-02-22 12:36 - 2022-12-07 15:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-02-22 12:36 - 2022-10-13 15:22 - 000000000 ____D C:\Program Files\TeamViewer 2023-02-22 12:36 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp 2023-02-22 12:36 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState 2023-02-22 12:36 - 2022-05-07 06:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2023-02-22 12:36 - 2021-09-17 11:08 - 000000000 __SHD C:\Users\gabri\IntelGraphicsProfiles 2023-02-22 12:36 - 2020-12-05 10:31 - 000000000 ____D C:\Intel 2023-02-22 12:36 - 2020-05-06 09:58 - 000012288 ___SH C:\DumpStack.log.tmp 2023-02-22 12:31 - 2022-12-07 15:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2023-02-22 12:16 - 2021-09-17 11:08 - 000000000 ____D C:\Users\gabri\AppData\Local\D3DSCache 2023-02-22 11:53 - 2022-11-02 20:58 - 000000000 ____D C:\Users\gabri\AppData\LocalLow\Norton 2023-02-21 20:38 - 2022-10-29 16:33 - 000000000 ____D C:\Users\gabri\OneDrive\Dokumente\Buch 2023-02-21 19:59 - 2021-09-17 11:08 - 000000000 ____D C:\Users\gabri\AppData\Local\Packages 2023-02-21 19:29 - 2022-10-22 14:48 - 000000000 ____D C:\Program Files\Microsoft Office 2023-02-18 16:36 - 2022-12-01 17:40 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-02-18 16:36 - 2020-12-05 10:32 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-02-17 14:14 - 2022-10-27 10:32 - 000000000 ____D C:\Program Files\Common Files\AV 2023-02-16 20:26 - 2022-10-13 17:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-02-16 19:49 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp 2023-02-16 19:48 - 2022-10-13 17:53 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-02-16 19:47 - 2022-12-07 15:09 - 000002413 _____ C:\Users\Public\Desktop\Norton Security.lnk 2023-02-16 19:46 - 2022-12-19 15:04 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK 2023-02-16 19:34 - 2022-10-13 16:43 - 149955784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2023-02-16 19:34 - 2022-10-13 16:43 - 000000000 ____D C:\WINDOWS\system32\MRT 2023-02-16 18:09 - 2021-09-17 10:00 - 000000000 ____D C:\ProgramData\Packages 2023-02-16 18:07 - 2022-10-22 15:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64 2023-02-16 18:07 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2023-02-16 18:06 - 2022-12-07 15:07 - 000624016 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2023-02-16 18:06 - 2022-10-22 15:01 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS 2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources 2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup 2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe 2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr 2023-02-16 17:14 - 2022-12-07 15:13 - 000003580 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-206354118-824061166-57906184-1001 2023-02-16 17:14 - 2022-12-07 15:13 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2023-02-16 17:14 - 2022-10-22 14:50 - 000002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-02-15 20:03 - 2022-12-07 15:09 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2023-02-08 15:09 - 2022-12-07 15:13 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2023-02-08 15:09 - 2022-12-07 15:13 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2023-02-02 16:15 - 2022-11-30 18:07 - 000000000 ____D C:\Users\gabri\AppData\Local\CrashDumps 2023-01-28 11:02 - 2022-10-22 15:01 - 000000000 ____D C:\Users\gabri\AppData\Local\SquirrelTemp 2023-01-27 16:51 - 2022-10-13 15:15 - 000000000 ____D C:\Users\gabri\AppData\Local\PlaceholderTileLogoFolder 2023-01-25 19:42 - 2022-10-13 16:45 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2023-01-23 17:57 - 2022-10-27 14:54 - 000000000 ____D C:\ProgramData\TEMP 2023-01-23 17:56 - 2022-10-22 15:17 - 000000000 ____D C:\ProgramData\Norton ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======== 2022-10-27 15:12 - 2023-01-22 18:05 - 000000835 _____ () C:\Users\gabri\AppData\Roaming\SAS7_000.DAT ==================== SigCheck ============================ (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) ==================== Ende von FRST.txt ======================== Addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 22-02-2023 durchgeführt von gabri (22-02-2023 13:01:31) Gestartet von C:\Users\gabri\Downloads Microsoft Windows 11 Home Version 22H2 22621.1265 (X64) (2022-12-07 14:14:05) Start-Modus: Normal ========================================================== ==================== Konten: ============================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) Administrator (S-1-5-21-206354118-824061166-57906184-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-206354118-824061166-57906184-503 - Limited - Disabled) gabri (S-1-5-21-206354118-824061166-57906184-1001 - Administrator - Enabled) => C:\Users\gabri Gast (S-1-5-21-206354118-824061166-57906184-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-206354118-824061166-57906184-504 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Security (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0} FW: Norton Security (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Dragon (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.) Google Earth Pro (HKLM\...\{F27DBA46-80E1-4858-9285-19198FFFBF3D}) (Version: 7.3.6.9345 - Google) HL-1110 series (HKLM-x32\...\{4F2442B7-A89E-42A4-8F0E-6937499855CA}) (Version: 1.0.1.0 - Brother Industries, Ltd.) HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.) HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.17.0 - HP Inc.) HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.) Microsoft Edge (HKLM-x32\...\{EBCAB07F-EF8A-3941-83F7-1C84779015FA}) (Version: 110.0.1587.50 - Microsoft Corporation) Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.50 - Microsoft Corporation) Microsoft Office LTSC Professional Plus 2021 - de-de (HKLM\...\ProPlus2021Volume - de-de) (Version: 16.0.14332.20461 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.023.0129.0002 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Teams) (Version: 1.5.00.36367 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{EF9EBC42-6969-45CE-A8D2-B9249B00C838}) (Version: 5.69.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 110.0 (x64 de)) (Version: 110.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 107.0.1 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Norton Security (HKLM-x32\...\NGC) (Version: 22.23.1.21 - NortonLifeLock Inc) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20461 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20461 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.14332.20461 - Microsoft Corporation) Hidden OpenOffice 4.1.13 (HKLM-x32\...\{8BF457BB-5693-497F-B2D3-305905993C08}) (Version: 4.113.9810 - Apache Software Foundation) OpenOffice Updater (HKU\S-1-5-21-206354118-824061166-57906184-1001\...\OpenOffice Updater) (Version: 1.1.10 - OpenOffice) <==== ACHTUNG Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.19572 - Microsoft Corporation) TeamViewer (HKLM\...\TeamViewer) (Version: 15.39.3 - TeamViewer) Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation) Packages: ========= Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.15.0_neutral__yxz26nhyzhsrt [2023-01-22] (Microsoft Corp.) Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2023-02-07] (HP Inc.) HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.38.277.0_x64__v10z8vjag6ke6 [2023-01-07] (HP Inc.) HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.1.0.0_x64__v10z8vjag6ke6 [2023-01-17] (HP Inc.) HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.1.54.0_x64__v10z8vjag6ke6 [2023-02-21] (HP Inc.) HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6 [2022-12-07] (HP Inc.) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_142.3.139.0_x64__v10z8vjag6ke6 [2023-01-27] (HP Inc.) HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.23.20.0_x64__v10z8vjag6ke6 [2023-01-22] (HP Inc.) HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6 [2022-10-13] (HP Inc.) Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2022-10-22] (INTEL CORP) Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-10-14] (Microsoft Corporation) Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-06] (Microsoft Corp.) Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10114.505.0_x64__8wekyb3d8bbwe [2023-01-22] (Microsoft Corporation) ms-resource://MicrosoftCorporationII.QuickAssist/resources/APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.16.0_x64__8wekyb3d8bbwe [2023-02-02] (Microsoft Corp.) ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.52851.0_x64__8wekyb3d8bbwe [2022-12-16] (Microsoft Corporation) ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.40041.0_x64__8wekyb3d8bbwe [2023-01-25] (Microsoft Corporation) ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2022-12-07] (Microsoft Corporation) ms-resource:System_Item_Title_IntelGraphicsControlPanel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4478.0_x64__8j3eq9eme6ctt [2023-01-17] (INTEL CORP) [Startup Task] myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6 [2023-01-17] (HP Inc.) [Startup Task] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-10-13] (Netflix, Inc.) Norton Security -> C:\Program Files\Norton Security\Engine\22.23.1.21 [2023-02-22] (0) Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.126.0_x64__pwbj9vvecjh7j [2023-02-13] (Amazon Development Centre (London) Ltd) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-16] (Microsoft Studios) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0 [2023-02-18] (Spotify AB) [Startup Task] WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2304.6.0_x64__cv1g1gvanyjgm [2023-02-12] (WhatsApp Inc.) [Startup Task] Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2023-01-19] (Microsoft Windows) WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x64__8wekyb3d8bbwe [2023-02-05] (Microsoft Corporation) WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x86__8wekyb3d8bbwe [2023-02-05] (Microsoft Corporation) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-206354118-824061166-57906184-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\gabri\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22304.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-206354118-824061166-57906184-1001_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2210.4.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [Datei ist nicht signiert] ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_651bb78e61d538aa\OptaneShellExt.dll [2021-08-26] (Intel Corporation -> ) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.23.1.21\NavShExt.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.23.1.21\NavShExt.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_651bb78e61d538aa\OptaneShellExt.dll [2021-08-26] (Intel Corporation -> ) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.23.1.21\NavShExt.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ==================== Codecs (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Drivers32: [msacm.pspgru] => C:\Windows\SysWOW64\pspgru.acm [401920 2010-03-22] (Philips Austria GmbH - Speech Processing) [Datei ist nicht signiert] ==================== Verknüpfungen & WMI ======================== (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gratistests.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=203&RedeemCode=jxqnsxXiIRT2CO6S5tw5A1vmhXU3smUlDuzeabiydy%2fUZ0feuXsvK3fFNq%2fcAknYFb3ItYXXJLjMGeIrxUsBUGM6JH0Nr0gAy2SDHsqWhn0t7OhmEd68332XrOMG3eQpMQR2Is0PhRNCFlKf4g%2beRpoR3%2fWvtlob9Zhazd%2f%2fAcI%3d ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass.lnk -> C:\Program Files (x86)\Online Services\LastPass\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=lastpass&c=*&locale=*&pf=*&s=*&tp=edge ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============= 2022-10-22 14:34 - 2009-02-27 15:38 - 000139264 ____R () [Datei ist nicht signiert] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2023-02-11 19:22 - 2023-02-11 19:22 - 103364608 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2304.6.0_x64__cv1g1gvanyjgm\WhatsApp.dll 2023-02-11 19:22 - 2023-02-11 19:22 - 008704512 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2304.6.0_x64__cv1g1gvanyjgm\WhatsAppNative.dll 2023-02-18 18:03 - 2023-02-18 18:03 - 000138240 _____ () [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\2d30f7ea748931b45f2d69c609d6bc47\Interop.IWshRuntimeLibrary.ni.dll 2022-10-22 14:34 - 2008-08-18 17:27 - 000122880 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\brlmw03a.dll 2022-10-22 14:34 - 2012-07-13 12:09 - 000385024 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrMonitor.dll 2022-10-22 14:34 - 2011-02-28 10:32 - 000208896 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll 2022-10-22 14:34 - 2012-08-30 14:30 - 002040832 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll 2023-02-18 18:03 - 2023-02-18 18:03 - 000134656 _____ (hardcodet.net) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\87f74a71a204bf7fde39f622924c4f3f\Hardcodet.Wpf.TaskbarNotification.ni.dll 2021-09-17 10:13 - 2021-09-17 10:13 - 000014336 _____ (HP Inc.) [Datei ist nicht signiert] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL 2023-02-18 18:03 - 2023-02-18 18:03 - 001701376 _____ (Mark Heath & Contributors) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\9341642fab995e2f3a1c93d48a0e07f6\NAudio.ni.dll 2023-02-18 18:03 - 2023-02-18 18:03 - 003060736 _____ (Newtonsoft) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\2f079fd0a6ce77092bdcbab1ce035231\Newtonsoft.Json.ni.dll 2023-02-18 18:03 - 2023-02-18 18:03 - 000793088 _____ (The Apache Software Foundation) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\8d542123be4595a204d30ab91330deac\log4net.ni.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [254] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ================= ==================== Internet Explorer (Nicht auf der Ausnahmeliste) ========== SearchScopes: HKLM -> {263BD5CF-9CB1-4BD1-9368-2B63121864BE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {263BD5CF-9CB1-4BD1-9368-2B63121864BE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-206354118-824061166-57906184-1001 -> {263BD5CF-9CB1-4BD1-9368-2B63121864BE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2018-09-24] (Nuance Communications, Inc. -> Nuance Communications, Inc.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2023-01-10] (HP Inc. -> HP Inc.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.22.10.9\coIEPlg.dll => Keine Datei BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2018-09-24] (Nuance Communications, Inc. -> Nuance Communications, Inc.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2023-01-10] (HP Inc. -> HP Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.22.10.9\coIEPlg.dll Keine Datei Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts Inhalt: ========================= (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 ____N C:\WINDOWS\system32\drivers\etc\hosts ==================== Andere Bereiche =========================== (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-206354118-824061166-57906184-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) HKU\S-1-5-21-206354118-824061166-57906184-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{EC99D474-3AEF-438D-BC61-E721623E749F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{18EE6AED-A4CF-4E91-825E-4BAAACBA81C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3207037E-4482-41A1-84A3-4E2860C95315}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3C66A91E-4523-4238-A329-FEFE905E2688}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{3BE99318-7704-46C2-8E02-5FA1D7DAF758}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5B7F7A3C-0712-4D2B-A9C7-9B4AC1DD661C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{965B8C2A-4683-441C-8C75-DFD582F85FE4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{6A17E5B1-B85E-42A9-8846-7E6F4F8674C8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{486D80C0-8314-4EC0-91F4-C731A0A82293}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{CF0DCE0F-8F66-47E7-AA5E-3FC307618CB1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{E601B53B-56DD-419E-B13B-A43A84660295}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{33137D3F-F6F2-4FA6-8ABB-0604987583C7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{4F39CAD2-684C-4028-8C11-D4D2FDBFBA05}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D7A45C89-A6AE-4EB7-AF94-7558CAA8C7EF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.50\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{EED7A55D-22B5-4995-B884-EEAD0D81837F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{07EAB059-4549-4D16-B1F5-EA6FD53347BB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{788BA7F7-3828-48B9-883E-2374F770A113}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{BAF9B331-CB5F-4852-9795-F78646323051}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{63EDDFB0-6689-489A-9F1C-5AC2537FB2F3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D0FFE334-2576-4DCE-A695-A495DFBC6D8A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7D39EB22-FF8F-421A-B148-B1B48BD4AAFD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{18CDA9CE-46A2-4E5F-B8BF-ED8DA46453B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) ==================== Wiederherstellungspunkte ========================= 15-02-2023 20:01:41 Windows Modules Installer ==================== Fehlerhafte Geräte im Gerätemanager ============ ==================== Fehlereinträge in der Ereignisanzeige: ======================== Applikationsfehler: ================== Error: (02/21/2023 10:02:21 PM) (Source: DNS logging) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/20/2023 08:59:18 PM) (Source: DNS logging) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/20/2023 07:48:55 PM) (Source: DNS logging) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/20/2023 07:46:56 PM) (Source: DNS logging) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/20/2023 07:40:05 PM) (Source: DNS logging) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/19/2023 09:36:16 PM) (Source: DNS logging) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/19/2023 09:35:53 PM) (Source: DNS logging) (EventID: 0) (User: ) Description: Event-ID 0 Error: (02/19/2023 05:18:01 PM) (Source: DNS logging) (EventID: 0) (User: ) Description: Event-ID 0 Systemfehler: ============= Error: (02/22/2023 12:36:08 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (02/22/2023 12:36:08 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (02/22/2023 12:36:08 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (02/22/2023 12:36:08 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (02/22/2023 12:36:08 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (02/22/2023 12:36:08 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (02/22/2023 12:36:08 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (02/22/2023 12:36:08 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY) Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. CodeIntegrity: =============== Date: 2023-02-22 12:39:55 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.23.1.21\symamsi.dll that did not meet the Microsoft signing level requirements. Date: 2023-02-22 12:38:55 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.23.1.21\symamsi.dll that did not meet the Windows signing level requirements. ==================== Speicherinformationen =========================== BIOS: Insyde F.46 07/27/2021 Hauptplatine: HP 881D Prozessor: 11th Gen Intel(R) Core(TM) i3-1115G4 @ 3.00GHz Prozentuale Nutzung des RAM: 79% Installierter physikalischer RAM: 7948.62 MB Verfügbarer physikalischer RAM: 1636.76 MB Summe virtueller Speicher: 8460.62 MB Verfügbarer virtueller Speicher: 1327.55 MB ==================== Laufwerke ================================ Drive c: (Windows) (Fixed) (Total:237.21 GB) (Free:170.34 GB) (Model: NVMe SAMSUNG MZVLQ256HBJD-00BH1) (Protected) NTFS \\?\Volume{303f1acf-dd6b-4b7b-941c-030bb8f02be3}\ () (Fixed) (Total:0.99 GB) (Free:0.08 GB) NTFS \\?\Volume{75de0296-dc89-4739-bbeb-f0e0cafbd866}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32 ==================== MBR & Partitionstabelle ==================== ========================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: A67FC905) Partition: GPT. ==================== Ende von Addition.txt ======================= AdwCleaner[S00].txt Code:
ATTFilter # ------------------------------- # Malwarebytes AdwCleaner 8.4.0.0 # ------------------------------- # Build: 08-30-2022 # Database: 2022-10-10.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 02-22-2023 # Duration: 00:00:07 # OS: Windows 11 (Build 22621.1265) # Scanned: 32094 # Detected: 23 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.Fake.OpenOfficeUpdater C:\Users\gabri\AppData\Roaming\OpenOffice Updater ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.Fake.OpenOfficeUpdater HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|OpenOffice Updater PUP.Optional.Fake.OpenOfficeUpdater HKCU\Software\Microsoft\Windows\CurrentVersion\Run|OpenOffice Updater PUP.Optional.Fake.OpenOfficeUpdater HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OpenOffice Updater PUP.Optional.Fake.OpenOfficeUpdater HKCU\Software\OpenOffice Updater ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72A61018-6C49-45AC-954D-D2BC1292AAB1} Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Folder C:\Users\gabri\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6} Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F} ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## |
22.02.2023, 13:25 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt.Zitat:
Downloadquellen Lade keine Software von Chip.de, Softonic.de, sourceforge.net, openoffice.de, VLC.de, audacity.de, gimp24.de oder updatestar.com. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software (Potentially unwanted programs, kurz PUP) oder Adware installiert. Auf manchen Seiten wird direkt PUP / Adware zum Download angeboten. Für Windows gibt es seit einiger Zeit einen brauchbaren Paketmanager, der mit einfachen Befehlen es erlaubt, automatisiert Software herunterzuladen und zu installieren. Das erspart eine Menge Arbeit, denn ohne einen Paketmanager muss man jedes Programm selbst prüfen und separat manuell updaten, vorher manuell noch runterladen etc. pp. - siehe auch --> chocolatey Paketmanager für Windows Wir empfehlen dringend, alle Programme, sofern verfügbar, über chocolatey zu installieren. Falls du schon mit Linux zu tun hattest, wird dir die Syntax sehr vertraut sein. Die FAQs zu choco findest du da --> Chocolatey: Häufig gestellte Fragen (englisch) Selbstverständlich darfst du auch Fragen zu chocolatey im o.g. Thread zu chocolatey stellen. Für den seltenen Fall, dass du das benötigte Programm nicht im repository von chocolatey findest: Lade diese Software direkt beim jeweiligen Hersteller / Entwickler. Störende, veraltete oder unnötige Programme deinstallieren Bitte über Programme und Features (appwiz.cpl) deinstallieren:
__________________ |
23.02.2023, 20:00 | #3 |
| Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. Hallo,
__________________vielen Dank erstmal fur deine Antwort! Die Anwendungen sind direkt geflogen (open Office war aber garnicht installiert). Ich weiß nun nur nicht, ob noch was im System ist, was da nicht hingehört. Braucht ihr noch was? |
23.02.2023, 22:36 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. adwCleaner Führe AdwCleaner gemäß der bebilderten Anleitung aus und poste abschließend die Logdatei in CODE-Tags. adwcleaner zwecks Kontrolle bitte wiederholen, falls es Funde gab.
__________________ Logfiles bitte immer in CODE-Tags posten |
24.02.2023, 20:46 | #5 |
| Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. Hallo, vielen Dank für die Antwort. anbei die Log-Datei von AdwCleaner Code:
ATTFilter # ------------------------------- # Malwarebytes AdwCleaner 8.4.0.0 # ------------------------------- # Build: 08-30-2022 # Database: 2022-10-10.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 02-24-2023 # Duration: 00:00:02 # OS: Windows 11 (Build 22621.1265) # Cleaned: 5 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\Users\gabri\AppData\Roaming\OpenOffice Updater ***** [ Files ] ***** No malicious files cleaned. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks cleaned. ***** [ Registry ] ***** Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|OpenOffice Updater Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Run|OpenOffice Updater Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OpenOffice Updater Deleted HKCU\Software\OpenOffice Updater ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** No Preinstalled Software cleaned. ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* AdwCleaner[S00].txt - [3941 octets] - [22/02/2023 12:28:55] AdwCleaner[S01].txt - [4002 octets] - [24/02/2023 20:41:17] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C01].txt ########## |
24.02.2023, 20:47 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. Alles gelesen? Zitat:
__________________ --> Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. |
24.02.2023, 22:11 | #7 |
| Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. Ja, hatte ich wiederholt, er sagte, es wäre nichts weiter gefunden worden sie sind Frei von PUPs und Adware. Hier der log Code:
ATTFilter # ------------------------------- # Malwarebytes AdwCleaner 8.4.0.0 # ------------------------------- # Build: 08-30-2022 # Database: 2022-10-10.1 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 02-24-2023 # Duration: 00:00:09 # OS: Windows 11 (Build 22621.1265) # Scanned: 32092 # Detected: 18 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** No malicious registry entries found. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72A61018-6C49-45AC-954D-D2BC1292AAB1} Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Folder C:\Users\gabri\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE} Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6} Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F} AdwCleaner[S00].txt - [3941 octets] - [22/02/2023 12:28:55] AdwCleaner[S01].txt - [4002 octets] - [24/02/2023 20:41:17] AdwCleaner[C01].txt - [1999 octets] - [24/02/2023 20:42:01] AdwCleaner[S02].txt - [3682 octets] - [24/02/2023 20:42:31] AdwCleaner[S03].txt - [3743 octets] - [24/02/2023 20:44:59] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S04].txt ########## |
24.02.2023, 22:14 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. Schau dir mal die Sektion **** [ Preinstalled Software ] ***** an - da kannst du noch ne Menge deinstallieren. Danach bitte neue FRST-Logs.
__________________ Logfiles bitte immer in CODE-Tags posten |
24.02.2023, 22:21 | #9 |
| Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. Huhu. danre für deine Antwort zu später Stunde. Hierzu eine Frage: da es sich um ein HP Notebook handelt, sind diese nicht für den Betrieb benötigt? z.B. für Trackpad, Audio-Devices etc? |
24.02.2023, 22:28 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. Das ist alles unnötiger Müll. Der wird nicht umsonst vom adwCleaner so gelistet.
__________________ Logfiles bitte immer in CODE-Tags posten |
25.02.2023, 18:22 | #11 |
| Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. Anbei die neuen Logs. FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2023 durchgeführt von gabri (Administrator) auf NB-GABY (HP HP 250 G8 Notebook PC) (25-02-2023 18:17:09) Gestartet von C:\Users\gabri\Downloads Geladene Profile: gabri Plattform: Microsoft Windows 11 Home Version 22H2 22621.1265 (X64) Sprache: Deutsch (Deutschland) Standard-Browser: FF Start-Modus: Normal ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe (C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer.exe (C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe (C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_w32.exe (C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_x64.exe (C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe ->) (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6\win32\HPAudioSwitch.exe (C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.50\msedgewebview2.exe <6> (DriverStore\FileRepository\cui_dch.inf_amd64_cb841b7c497d4503\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_cb841b7c497d4503\igfxEMN.exe (DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\BridgeCommunication.exe (DriverStore\FileRepository\icss_extension.inf_amd64_0304b9d8e91ee308\UserAwarenessService.exe ->) (Intel(R) pGFX 2020 -> Intel Corp) C:\Windows\System32\DriverStore\FileRepository\icss_extension.inf_amd64_0304b9d8e91ee308\UserAwarenessHelper.exe (ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7> (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe (McAfee, LLC -> McAfee, LLC.) C:\Program Files\McAfee\Real Protect\RealProtect.exe (SECOMN64.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe (services.exe ->) (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrYNSvc.exe (services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f23fc423d26e5d79\x64\TouchpointAnalyticsClientService.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\AppHelperCap.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\DiagsCap.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\NetworkCap.exe (services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\SysInfoCap.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_cb841b7c497d4503\igfxCUIServiceN.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_897ea327b3fe52f7\esif_uf.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_a5ea1b1d8db1527e\RstMwService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_f94b71985382657d\OneApp.IGCC.WinService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9b53505f87f3498b\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_a29135245e28a81a\AS\IAS\IntelAudioService.exe (services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe (services.exe ->) (Intel(R) pGFX 2020 -> Intel Corp) C:\Windows\System32\DriverStore\FileRepository\icss_extension.inf_amd64_0304b9d8e91ee308\UserAwarenessService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncHelper.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe (services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.23.1.21\NortonSecurity.exe <2> (services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.23.1.21\nsWscSvc.exe (services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkWiFiManServ.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1c0a31316508effa\RtkAudUService64.exe <2> (services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (sihost.exe ->) (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe (svchost.exe ->) (Flexera Software LLC -> Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe (svchost.exe ->) (Flexera Software LLC -> Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (svchost.exe ->) (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6\HP.MyHP.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileCoAuth.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21330.0_x64__8wekyb3d8bbwe\HxTsr.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22122.94.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (WhatsApp Inc.) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2306.4.0_x64__cv1g1gvanyjgm\WhatsApp.exe ==================== Registry (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1c0a31316508effa\RtkAudUService64.exe [1596800 2022-09-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.) [Datei ist nicht signiert] HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.) [Datei ist nicht signiert] HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [122427152 2021-07-14] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 ] (Flexera Software LLC -> Flexera Software LLC.) HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM\...\RunOnce: [RealProtect] => C:\Program Files\McAfee\Real Protect\RealProtect.exe [8373232 2023-02-24] (McAfee, LLC -> McAfee, LLC.) HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [536152 2022-10-13] (HP Inc. -> HP Inc.) HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2629528 2023-02-24] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\gabri\AppData\Local\Microsoft\Teams\Update.exe [2587336 2023-01-28] (Microsoft 3rd Party Application Component -> Microsoft Corporation) HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.) HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Run: [MicrosoftEdgeAutoLaunch_E366E5E6AF98057EB6410578BC1FD47F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4243360 2023-02-23] (Microsoft Corporation -> Microsoft Corporation) HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {0100D0A6-9F3D-4CA2-92FC-3585C2005A7E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2023-01-10] (HP Inc. -> HP Inc.) Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc Task: {07C19A67-C1F4-4C10-9E79-424C379A9911} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery Reboot (Keine Datei) Task: {10650654-D454-4607-ADBA-647FF8681220} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Task: {17D5928D-77DD-46EA-A895-33978E4C0BEC} - System32\Tasks\GoogleUpdateTaskMachineUA{BC940E11-41FF-4FEE-8FF2-099447A32231} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-22] (Google LLC -> Google LLC) Task: {18E436A0-3122-4D66-961E-AD08157D2251} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674720 2023-02-16] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate Task: {1C5676DF-69ED-4B99-A1FD-74CF5AABF6CA} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.23.1.21\SymErr.exe [379024 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Task: {2E02ECFD-AF94-4CB1-922D-CA5FBBFC266C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2022-12-27] (Microsoft Corporation -> Microsoft Corporation) Task: {4C440D64-E135-42B1-B102-49D3CAC2CF7B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716192 2023-02-16] (Mozilla Corporation -> Mozilla Foundation) Task: {54259915-DFD6-4669-BE7E-7660185D79F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1149464 2023-01-10] (HP Inc. -> HP Inc.) Task: {81041C1E-3659-4BA6-8776-69BFEA958E20} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141240 2023-02-20] (Microsoft Corporation -> Microsoft Corporation) Task: {8130BAF2-A0B4-4134-85D3-ACD4EAB5C729} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32} Task: {818549D1-63F3-425C-B3A2-6F19C61EE54C} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.23.1.21\SymErr.exe [379024 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Task: {90E25386-4E33-41A8-BA15-A34E3DBEE922} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC Reboot (Keine Datei) Task: {96951949-D65A-47FD-87F5-510CBC5EE898} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [847392 2023-01-10] (HP Inc. -> HP Inc.) Task: {A51AB5C0-21FA-426B-B891-A3B521DC15B9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => C:\WINDOWS\system32\MusNotification.exe LogonUpdateResults (Keine Datei) Task: {AD61B4CB-6BB8-4E9C-B398-DD861FA9DAD6} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice Task: {ADEA81E7-37CA-4B93-903B-3C10A8B7BFDE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141240 2023-02-20] (Microsoft Corporation -> Microsoft Corporation) Task: {AF730CDC-7FD9-4C01-AE68-36A652BC2C78} - System32\Tasks\GoogleUpdateTaskMachineCore{B2DB0D50-3494-4A98-8D39-4F2E5DABF61D} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-22] (Google LLC -> Google LLC) Task: {B16CF0CB-F41A-4D72-B752-772964D7E249} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.23.1.21\WSCStub.exe [646520 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Keine Datei) Task: {CD6686F7-3F3B-4DAE-A4E1-4AB887D6C78C} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2353000 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Task: {D7123268-44BE-433D-9CAF-2D924EC40832} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4191152 2023-02-24] (Microsoft Corporation -> Microsoft Corporation) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (Keine Datei) Task: {E869009B-908D-496B-A4B0-B1C7BF1DF7BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Task: {EC38B38A-40DC-4037-BD83-8A8D6D5BD7DC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2022-12-27] (Microsoft Corporation -> Microsoft Corporation) Task: {F2D0283D-004B-4B3C-8832-95DF1BFD7FFF} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.23.1.21\SymErr.exe [379024 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) Task: {F83CFC1C-E4DC-406F-9BA7-4C9325F78140} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-206354118-824061166-57906184-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4191152 2023-02-24] (Microsoft Corporation -> Microsoft Corporation) Task: {FD74F76C-309E-4616-A41F-91E24A830A83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1149464 2023-01-10] (HP Inc. -> HP Inc.) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{51380dae-4a02-4a6e-9308-8532626f37b0}: [DhcpNameServer] 100.100.20.24 Tcpip\..\Interfaces\{c9c7e339-318b-4f90-927c-45dd1ec301c2}: [DhcpNameServer] 192.168.178.1 Edge: ======= Edge Profile: C:\Users\gabri\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-25] FireFox: ======== FF DefaultProfile: xl01siw9.default FF ProfilePath: C:\Users\gabri\AppData\Roaming\Mozilla\Firefox\Profiles\xl01siw9.default [2022-10-13] FF ProfilePath: C:\Users\gabri\AppData\Roaming\Mozilla\Firefox\Profiles\1phivtl9.default-release-1677065467883 [2023-02-24] FF Extension: (uBlock Origin) - C:\Users\gabri\AppData\Roaming\Mozilla\Firefox\Profiles\1phivtl9.default-release-1677065467883\Extensions\uBlock0@raymondhill.net.xpi [2023-02-22] FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2018-09-24] (Nuance Communications, Inc. -> Nuance Communications, Inc.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2018-09-24] (Nuance Communications, Inc. -> Nuance Communications, Inc.) ==================== Dienste (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [Datei ist nicht signiert] R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9198496 2022-12-27] (Microsoft Corporation -> Microsoft Corporation) R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [151560 2018-09-24] (Nuance Communications, Inc. -> Nuance Communications, Inc.) R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncHelper.exe [3486640 2023-02-24] (Microsoft Corporation -> Microsoft Corporation) R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\AppHelperCap.exe [797600 2023-01-19] (HP Inc. -> HP Inc.) R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\DiagsCap.exe [796584 2023-01-19] (HP Inc. -> HP Inc.) R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\NetworkCap.exe [792984 2023-01-19] (HP Inc. -> HP Inc.) R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\SysInfoCap.exe [796576 2023-01-19] (HP Inc. -> HP Inc.) R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f23fc423d26e5d79\x64\TouchpointAnalyticsClientService.exe [493712 2022-12-19] (HP Inc. -> HP Inc.) R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_a29135245e28a81a\\AS\\IAS\\IntelAudioService.exe [532056 ] (Intel Corporation -> Intel) R2 IntelContextService; C:\WINDOWS\System32\DriverStore\FileRepository\icss_extension.inf_amd64_0304b9d8e91ee308\UserAwarenessService.exe [148920 2020-10-22] (Intel(R) pGFX 2020 -> Intel Corp) R3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2022-12-07] (Microsoft Windows -> Microsoft Corporation) R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.23.1.21\NortonSecurity.exe [344888 2023-02-02] (NortonLifeLock Inc. -> NortonLifelock Inc.) R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.23.1.21\nsWscSvc.exe [1059176 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.028.0205.0002\OneDriveUpdaterService.exe [3866528 2023-02-24] (Microsoft Corporation -> Microsoft Corporation) R2 RtkWiFiManServ; C:\WINDOWS\RtkWiFiManServ.exe [826936 2021-12-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) R2 SECOMNService; C:\WINDOWS\System32\SECOMN64.exe [743400 2022-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16907064 2023-02-20] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2022-12-07] (Microsoft Windows -> Microsoft Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe [3170576 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation) S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe [133584 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation) R3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137600 2023-02-15] (Microsoft Windows -> Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [135296 2020-10-22] (Alcorlink Corp. -> ) R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2022-12-07] (Microsoft Windows -> Microsoft Corporation) R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.22.9.11\Definitions\BASHDefs\20230223.001\BHDrvx64.sys [1705040 2022-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Datei ist nicht signiert] R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\ccSetx64.sys [198280 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [527864 2022-09-10] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [159720 2022-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation) R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-15] (HP Inc. -> HP Inc.) R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-07-19] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys [204440 2021-07-19] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_SPI_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_fc1ed3a5a1d514f2\iaLPSS2_SPI_TGL.sys [158352 2021-07-19] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_UART2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_cd8c3a141c1b1284\iaLPSS2_UART2_TGL.sys [313504 2021-07-19] (Intel Corporation -> Intel Corporation) R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1544912 2021-08-26] (Intel Corporation -> Intel Corporation) R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.22.9.11\Definitions\IPSDefs\20230224.061\IDSvia64.sys [1527816 2023-02-21] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_2a3cc0b2d56e7a64\IntcUSB.sys [889944 2022-11-01] (Intel Corporation -> Intel(R) Corporation) R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_19ceb7ce67a7cf8b\gna.sys [87200 2022-01-11] (Intel Corporation -> Intel Corporation) S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\nsvst.sys [57120 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.) S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> ) R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\SRTSP64.SYS [956048 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\SRTSPX64.SYS [52872 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\SYMEFASI64.SYS [2180248 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\SymELAM.sys [36016 2023-02-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Broadcom) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [100328 2022-10-22] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.22.9.11\SymPlatform\SymEvnt.sys [722400 2022-06-06] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\Ironx64.SYS [306824 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\symnets.sys [492728 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom) S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49616 2022-10-14] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [455968 2022-10-14] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-10-14] (Microsoft Windows -> Microsoft Corporation) R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP) S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\wpCtrlDrv.sys [1016792 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2022-12-18] (Microsoft Windows -> Microsoft Corporation) S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2023-02-25 18:17 - 2023-02-25 18:17 - 000030970 _____ C:\Users\gabri\Downloads\FRST.txt 2023-02-25 18:16 - 2023-02-25 18:16 - 000764278 _____ C:\WINDOWS\system32\perfh007.dat 2023-02-25 18:16 - 2023-02-25 18:16 - 000167026 _____ C:\WINDOWS\system32\perfc007.dat 2023-02-25 18:13 - 2023-02-25 18:13 - 000000754 _____ C:\Users\gabri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64.lnk 2023-02-24 22:10 - 2023-02-24 22:10 - 000000114 ___RH C:\Users\gabri\Downloads\Stinger.opt 2023-02-24 22:02 - 2023-02-24 22:02 - 000802705 _____ C:\Users\gabri\AppData\Local\census.cache 2023-02-24 22:02 - 2023-02-24 22:02 - 000407843 _____ C:\Users\gabri\AppData\Local\ars.cache 2023-02-24 21:24 - 2023-02-24 21:24 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation 2023-02-24 20:52 - 2023-02-24 20:52 - 000000036 _____ C:\Users\gabri\AppData\Local\housecall.guid.cache 2023-02-24 20:48 - 2023-02-24 22:10 - 000000000 ____D C:\Program Files\stinger 2023-02-24 20:48 - 2023-02-24 20:48 - 000000000 ____D C:\Program Files\McAfee 2023-02-24 20:40 - 2023-02-24 20:40 - 008791352 _____ (Malwarebytes) C:\Users\gabri\Downloads\adwcleaner(2).exe 2023-02-22 13:04 - 2023-02-22 13:04 - 000003941 _____ C:\Users\gabri\Downloads\AdwCleaner[S00].txt 2023-02-22 13:03 - 2023-02-22 13:03 - 008791352 _____ (Malwarebytes) C:\Users\gabri\Downloads\adwcleaner(1).exe 2023-02-22 12:59 - 2023-02-25 18:17 - 000000000 ____D C:\FRST 2023-02-22 12:59 - 2023-02-25 18:14 - 002378752 _____ (Farbar) C:\Users\gabri\Downloads\FRST64.exe 2023-02-22 12:28 - 2023-02-24 20:41 - 000000000 ____D C:\AdwCleaner 2023-02-22 12:27 - 2023-02-22 12:27 - 008791352 _____ (Malwarebytes) C:\Users\gabri\Downloads\adwcleaner.exe 2023-02-22 12:25 - 2023-02-22 12:26 - 002555248 _____ (Malwarebytes) C:\Users\gabri\Downloads\MBSetup.exe 2023-02-22 11:46 - 2023-02-22 11:46 - 000000000 ____D C:\Program Files\Portrait Displays 2023-02-17 16:06 - 2023-02-17 16:06 - 004943318 _____ C:\Users\gabri\OneDrive\Dokumente\dokument.prn 2023-02-16 19:44 - 2023-02-16 20:26 - 000000000 ____D C:\Program Files\Mozilla Firefox 2023-02-16 18:46 - 2023-02-16 18:46 - 000000000 ___RD C:\Users\gabri\AppData\Roaming\Brother 2023-02-16 18:46 - 2023-02-16 18:46 - 000000000 ____D C:\Users\gabri\AppData\LocalLow\Brother 2023-02-16 18:13 - 2023-02-25 18:17 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Security with Backup 2023-02-16 18:06 - 2023-02-16 19:47 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security 2023-02-16 18:06 - 2023-02-16 18:06 - 000003376 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration 2023-02-15 20:01 - 2023-02-15 20:01 - 000000000 ___HD C:\$WinREAgent 2023-02-10 19:12 - 2023-02-10 19:13 - 004576536 _____ (DeepLSetup) C:\Users\gabri\Downloads\DeepLSetup(1).exe 2023-02-07 07:46 - 2023-02-07 07:46 - 003814680 _____ (DeepLSetup) C:\Users\gabri\Downloads\DeepLSetup.exe 2023-01-28 11:02 - 2023-01-28 11:02 - 000002401 _____ C:\Users\gabri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school).lnk ==================== Ein Monat (geänderte) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2023-02-25 18:16 - 2022-12-07 15:17 - 001774666 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2023-02-25 18:16 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF 2023-02-25 18:14 - 2022-10-22 11:53 - 000000000 ____D C:\Program Files (x86)\Google 2023-02-25 18:12 - 2022-10-13 15:22 - 000000000 ____D C:\Program Files\TeamViewer 2023-02-25 18:12 - 2022-10-13 15:16 - 000000000 ___RD C:\Users\gabri\OneDrive 2023-02-25 18:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp 2023-02-25 18:12 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness 2023-02-25 18:12 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-02-25 18:11 - 2022-12-07 15:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2023-02-25 18:11 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState 2023-02-25 18:11 - 2022-05-07 06:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2023-02-25 18:11 - 2021-09-17 11:08 - 000000000 __SHD C:\Users\gabri\IntelGraphicsProfiles 2023-02-25 18:11 - 2020-12-05 10:31 - 000000000 ____D C:\Intel 2023-02-25 18:11 - 2020-05-06 09:58 - 000012288 ___SH C:\DumpStack.log.tmp 2023-02-25 18:10 - 2020-12-05 10:38 - 000000000 ____D C:\Program Files\HP 2023-02-25 18:09 - 2020-12-05 10:40 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2023-02-25 18:08 - 2022-10-13 15:15 - 000000000 ____D C:\Users\gabri\AppData\Roaming\HP 2023-02-25 18:08 - 2020-12-05 10:38 - 000000000 ____D C:\ProgramData\HP 2023-02-25 18:08 - 2020-12-05 10:38 - 000000000 ____D C:\Program Files (x86)\HP 2023-02-25 18:06 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps 2023-02-24 22:01 - 2022-12-07 15:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2023-02-24 20:52 - 2022-11-02 20:58 - 000000000 ____D C:\Users\gabri\AppData\LocalLow\Norton 2023-02-24 20:51 - 2022-10-13 17:53 - 000000000 ____D C:\Users\gabri\AppData\LocalLow\Mozilla 2023-02-24 20:46 - 2022-10-13 17:53 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38 2023-02-24 20:45 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2023-02-24 20:44 - 2022-10-22 15:01 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2023-02-24 20:40 - 2022-12-07 15:13 - 000003580 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-206354118-824061166-57906184-1001 2023-02-24 20:40 - 2022-12-07 15:13 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2023-02-24 20:40 - 2022-12-01 17:40 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-02-24 20:40 - 2022-10-22 14:50 - 000002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-02-24 20:40 - 2020-12-05 10:32 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-02-22 12:31 - 2022-12-07 15:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla 2023-02-22 12:16 - 2021-09-17 11:08 - 000000000 ____D C:\Users\gabri\AppData\Local\D3DSCache 2023-02-21 20:38 - 2022-10-29 16:33 - 000000000 ____D C:\Users\gabri\OneDrive\Dokumente\Buch 2023-02-21 19:59 - 2021-09-17 11:08 - 000000000 ____D C:\Users\gabri\AppData\Local\Packages 2023-02-21 19:29 - 2022-10-22 14:48 - 000000000 ____D C:\Program Files\Microsoft Office 2023-02-17 14:14 - 2022-10-27 10:32 - 000000000 ____D C:\Program Files\Common Files\AV 2023-02-16 20:26 - 2022-10-13 17:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2023-02-16 19:49 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp 2023-02-16 19:48 - 2022-10-13 17:53 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2023-02-16 19:47 - 2022-12-07 15:09 - 000002413 _____ C:\Users\Public\Desktop\Norton Security.lnk 2023-02-16 19:46 - 2022-12-19 15:04 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK 2023-02-16 19:34 - 2022-10-13 16:43 - 149955784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2023-02-16 19:34 - 2022-10-13 16:43 - 000000000 ____D C:\WINDOWS\system32\MRT 2023-02-16 18:09 - 2021-09-17 10:00 - 000000000 ____D C:\ProgramData\Packages 2023-02-16 18:07 - 2022-10-22 15:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64 2023-02-16 18:06 - 2022-12-07 15:07 - 000624016 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS 2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources 2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup 2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe 2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr 2023-02-15 20:03 - 2022-12-07 15:09 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2023-02-08 15:09 - 2022-12-07 15:13 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2023-02-08 15:09 - 2022-12-07 15:13 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2023-02-02 16:15 - 2022-11-30 18:07 - 000000000 ____D C:\Users\gabri\AppData\Local\CrashDumps 2023-01-28 11:02 - 2022-10-22 15:01 - 000000000 ____D C:\Users\gabri\AppData\Local\SquirrelTemp 2023-01-27 16:51 - 2022-10-13 15:15 - 000000000 ____D C:\Users\gabri\AppData\Local\PlaceholderTileLogoFolder ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======== 2022-10-27 15:12 - 2023-01-22 18:05 - 000000835 _____ () C:\Users\gabri\AppData\Roaming\SAS7_000.DAT 2023-02-24 22:02 - 2023-02-24 22:02 - 000407843 _____ () C:\Users\gabri\AppData\Local\ars.cache 2023-02-24 22:02 - 2023-02-24 22:02 - 000802705 _____ () C:\Users\gabri\AppData\Local\census.cache 2023-02-24 20:52 - 2023-02-24 20:52 - 000000036 _____ () C:\Users\gabri\AppData\Local\housecall.guid.cache ==================== SigCheck ============================ (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) ==================== Ende von FRST.txt ======================== Addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 25-02-2023 durchgeführt von gabri (25-02-2023 18:18:01) Gestartet von C:\Users\gabri\Downloads Microsoft Windows 11 Home Version 22H2 22621.1265 (X64) (2022-12-07 14:14:05) Start-Modus: Normal ========================================================== ==================== Konten: ============================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) Administrator (S-1-5-21-206354118-824061166-57906184-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-206354118-824061166-57906184-503 - Limited - Disabled) gabri (S-1-5-21-206354118-824061166-57906184-1001 - Administrator - Enabled) => C:\Users\gabri Gast (S-1-5-21-206354118-824061166-57906184-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-206354118-824061166-57906184-504 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Norton Security (Disabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0} FW: Norton Security (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Dragon (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.) Google Earth Pro (HKLM\...\{F27DBA46-80E1-4858-9285-19198FFFBF3D}) (Version: 7.3.6.9345 - Google) HL-1110 series (HKLM-x32\...\{4F2442B7-A89E-42A4-8F0E-6937499855CA}) (Version: 1.0.1.0 - Brother Industries, Ltd.) Microsoft Edge (HKLM-x32\...\{EBCAB07F-EF8A-3941-83F7-1C84779015FA}) (Version: 110.0.1587.56 - Microsoft Corporation) Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.50 - Microsoft Corporation) Microsoft Office LTSC Professional Plus 2021 - de-de (HKLM\...\ProPlus2021Volume - de-de) (Version: 16.0.14332.20461 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.028.0205.0002 - Microsoft Corporation) Microsoft Teams (HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Teams) (Version: 1.5.00.36367 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{EF9EBC42-6969-45CE-A8D2-B9249B00C838}) (Version: 5.69.0.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 110.0 (x64 de)) (Version: 110.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 107.0.1 - Mozilla) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Norton Security (HKLM-x32\...\NGC) (Version: 22.23.1.21 - NortonLifeLock Inc) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20461 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20461 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.14332.20461 - Microsoft Corporation) Hidden OpenOffice 4.1.13 (HKLM-x32\...\{8BF457BB-5693-497F-B2D3-305905993C08}) (Version: 4.113.9810 - Apache Software Foundation) Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.19572 - Microsoft Corporation) TeamViewer (HKLM\...\TeamViewer) (Version: 15.39.3 - TeamViewer) Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation) Packages: ========= Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.15.0_neutral__yxz26nhyzhsrt [2023-01-22] (Microsoft Corp.) Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2023-02-07] (HP Inc.) HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.38.277.0_x64__v10z8vjag6ke6 [2023-01-07] (HP Inc.) HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.1.0.0_x64__v10z8vjag6ke6 [2023-01-17] (HP Inc.) HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.1.54.0_x64__v10z8vjag6ke6 [2023-02-21] (HP Inc.) HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6 [2022-12-07] (HP Inc.) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_142.3.139.0_x64__v10z8vjag6ke6 [2023-01-27] (HP Inc.) HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.23.20.0_x64__v10z8vjag6ke6 [2023-01-22] (HP Inc.) HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6 [2022-10-13] (HP Inc.) Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2022-10-22] (INTEL CORP) Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-10-14] (Microsoft Corporation) Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-06] (Microsoft Corp.) Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10126.517.0_x64__8wekyb3d8bbwe [2023-02-24] (Microsoft Corporation) ms-resource://MicrosoftCorporationII.QuickAssist/resources/APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.16.0_x64__8wekyb3d8bbwe [2023-02-02] (Microsoft Corp.) ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.52851.0_x64__8wekyb3d8bbwe [2022-12-16] (Microsoft Corporation) ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.40041.0_x64__8wekyb3d8bbwe [2023-01-25] (Microsoft Corporation) ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2022-12-07] (Microsoft Corporation) ms-resource:System_Item_Title_IntelGraphicsControlPanel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4478.0_x64__8j3eq9eme6ctt [2023-01-17] (INTEL CORP) [Startup Task] myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6 [2023-01-17] (HP Inc.) [Startup Task] Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-10-13] (Netflix, Inc.) Norton Security -> C:\Program Files\Norton Security\Engine\22.23.1.21 [2023-02-25] (0) Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.126.0_x64__pwbj9vvecjh7j [2023-02-13] (Amazon Development Centre (London) Ltd) Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-16] (Microsoft Studios) [MS Ad] Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0 [2023-02-18] (Spotify AB) [Startup Task] WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2306.4.0_x64__cv1g1gvanyjgm [2023-02-25] (WhatsApp Inc.) [Startup Task] Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2023-01-19] (Microsoft Windows) WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x64__8wekyb3d8bbwe [2023-02-05] (Microsoft Corporation) WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x86__8wekyb3d8bbwe [2023-02-05] (Microsoft Corporation) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-206354118-824061166-57906184-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\gabri\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22304.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-206354118-824061166-57906184-1001_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2301.22.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [Datei ist nicht signiert] ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncShell64.dll [2023-02-24] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncShell64.dll [2023-02-24] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncShell64.dll [2023-02-24] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncShell64.dll [2023-02-24] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncShell64.dll [2023-02-24] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncShell64.dll [2023-02-24] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncShell64.dll [2023-02-24] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_651bb78e61d538aa\OptaneShellExt.dll [2021-08-26] (Intel Corporation -> ) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncShell64.dll [2023-02-24] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncShell64.dll [2023-02-24] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncShell64.dll [2023-02-24] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncShell64.dll [2023-02-24] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncShell64.dll [2023-02-24] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncShell64.dll [2023-02-24] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncShell64.dll [2023-02-24] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncShell64.dll [2023-02-24] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.23.1.21\NavShExt.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.23.1.21\NavShExt.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_651bb78e61d538aa\OptaneShellExt.dll [2021-08-26] (Intel Corporation -> ) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncShell64.dll [2023-02-24] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.028.0205.0002\FileSyncShell64.dll [2023-02-24] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.23.1.21\NavShExt.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.) ==================== Codecs (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Drivers32: [msacm.pspgru] => C:\Windows\SysWOW64\pspgru.acm [401920 2010-03-22] (Philips Austria GmbH - Speech Processing) [Datei ist nicht signiert] ==================== Verknüpfungen & WMI ======================== (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gratistests.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=203&RedeemCode=jxqnsxXiIRT2CO6S5tw5A1vmhXU3smUlDuzeabiydy%2fUZ0feuXsvK3fFNq%2fcAknYFb3ItYXXJLjMGeIrxUsBUGM6JH0Nr0gAy2SDHsqWhn0t7OhmEd68332XrOMG3eQpMQR2Is0PhRNCFlKf4g%2beRpoR3%2fWvtlob9Zhazd%2f%2fAcI%3d ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass.lnk -> C:\Program Files (x86)\Online Services\LastPass\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=lastpass&c=*&locale=*&pf=*&s=*&tp=edge ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============= 2022-10-22 14:34 - 2009-02-27 15:38 - 000139264 ____R () [Datei ist nicht signiert] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2023-01-27 16:38 - 2023-01-27 16:38 - 001530368 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2306.4.0_x64__cv1g1gvanyjgm\e_sqlite3.dll 2023-02-24 21:51 - 2023-02-24 21:58 - 104974336 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2306.4.0_x64__cv1g1gvanyjgm\WhatsApp.dll 2023-02-24 21:51 - 2023-02-24 21:59 - 008795648 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2306.4.0_x64__cv1g1gvanyjgm\WhatsAppNative.dll 2022-10-22 14:34 - 2008-08-18 17:27 - 000122880 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\brlmw03a.dll 2022-10-22 14:34 - 2012-07-13 12:09 - 000385024 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrMonitor.dll 2022-10-22 14:34 - 2011-02-28 10:32 - 000208896 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll 2022-10-22 14:34 - 2012-08-30 14:30 - 002040832 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll 2021-09-17 10:13 - 2021-09-17 10:13 - 000014336 _____ (HP Inc.) [Datei ist nicht signiert] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.) AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [254] ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service" ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ================= ==================== Internet Explorer (Nicht auf der Ausnahmeliste) ========== SearchScopes: HKLM -> {263BD5CF-9CB1-4BD1-9368-2B63121864BE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 -> {263BD5CF-9CB1-4BD1-9368-2B63121864BE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKU\S-1-5-21-206354118-824061166-57906184-1001 -> {263BD5CF-9CB1-4BD1-9368-2B63121864BE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2018-09-24] (Nuance Communications, Inc. -> Nuance Communications, Inc.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2023-01-10] (HP Inc. -> HP Inc.) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.22.10.9\coIEPlg.dll => Keine Datei BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2018-09-24] (Nuance Communications, Inc. -> Nuance Communications, Inc.) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2023-01-10] (HP Inc. -> HP Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.22.10.9\coIEPlg.dll Keine Datei Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts Inhalt: ========================= (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 ____N C:\WINDOWS\system32\drivers\etc\hosts ==================== Andere Bereiche =========================== (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKU\S-1-5-21-206354118-824061166-57906184-1001\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller" HKU\S-1-5-21-206354118-824061166-57906184-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams" ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [{EC99D474-3AEF-438D-BC61-E721623E749F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{18EE6AED-A4CF-4E91-825E-4BAAACBA81C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3207037E-4482-41A1-84A3-4E2860C95315}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation) FirewallRules: [{3C66A91E-4523-4238-A329-FEFE905E2688}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{3BE99318-7704-46C2-8E02-5FA1D7DAF758}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5B7F7A3C-0712-4D2B-A9C7-9B4AC1DD661C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{965B8C2A-4683-441C-8C75-DFD582F85FE4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{6A17E5B1-B85E-42A9-8846-7E6F4F8674C8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{486D80C0-8314-4EC0-91F4-C731A0A82293}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{CF0DCE0F-8F66-47E7-AA5E-3FC307618CB1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{E601B53B-56DD-419E-B13B-A43A84660295}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{33137D3F-F6F2-4FA6-8ABB-0604987583C7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{4F39CAD2-684C-4028-8C11-D4D2FDBFBA05}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd) FirewallRules: [{D7A45C89-A6AE-4EB7-AF94-7558CAA8C7EF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.50\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{EED7A55D-22B5-4995-B884-EEAD0D81837F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{07EAB059-4549-4D16-B1F5-EA6FD53347BB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{788BA7F7-3828-48B9-883E-2374F770A113}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{BAF9B331-CB5F-4852-9795-F78646323051}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) FirewallRules: [{63EDDFB0-6689-489A-9F1C-5AC2537FB2F3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{D0FFE334-2576-4DCE-A695-A495DFBC6D8A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{7D39EB22-FF8F-421A-B148-B1B48BD4AAFD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{18CDA9CE-46A2-4E5F-B8BF-ED8DA46453B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) ==================== Wiederherstellungspunkte ========================= 25-02-2023 18:07:55 Removed HP Audio Switch ==================== Fehlerhafte Geräte im Gerätemanager ============ ==================== Fehlereinträge in der Ereignisanzeige: ======================== Applikationsfehler: ================== Error: (02/25/2023 06:14:39 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2123-02-01T17:14:39Z. Fehlercode: 0x80070005. Error: (02/25/2023 06:11:28 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren. . Error: (02/25/2023 06:11:28 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren. ] Error: (02/25/2023 06:11:28 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren. . Error: (02/25/2023 06:11:28 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren. ] Error: (02/25/2023 06:11:28 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren. . Error: (02/25/2023 06:11:28 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren. ] Error: (02/24/2023 08:52:03 PM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT) Description: Name der fehlerhaften Anwendung: TeamViewer_Desktop.exe, Version: 15.39.3.0, Zeitstempel: 0x63f37490 Name des fehlerhaften Moduls: mfx_mft_h264ve_64.dll, Version: 22.4.19.417, Zeitstempel: 0x625f765a Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000006eb2f ID des fehlerhaften Prozesses: 0x0x28a8 Startzeit der fehlerhaften Anwendung: 0x0x1d948896f83f55c Pfad der fehlerhaften Anwendung: C:\Program Files\TeamViewer\TeamViewer_Desktop.exe Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9b53505f87f3498b\mfx_mft_h264ve_64.dll Berichtskennung: d4d9b591-ede8-481f-90f2-29cb1b2e9f4c Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Systemfehler: ============= Error: (02/25/2023 06:08:23 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY) Description: Der Server "{8CFC164F-4BE5-4FDD-94E9-E2AF73ED4A19}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (02/24/2023 10:12:53 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY) Description: Der Server "{A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (02/24/2023 10:12:53 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY) Description: Der Server "{A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (02/24/2023 10:12:53 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY) Description: Der Server "{A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (02/24/2023 10:12:53 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY) Description: Der Server "{A463FCB9-6B1C-4E0D-A80B-A2CA7999E25D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (02/24/2023 10:12:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Realtek Wireless Manager Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts. Error: (02/24/2023 09:59:16 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9NKSQGP7F2NH-5319275A.WhatsAppDesktop Error: (02/24/2023 08:42:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) HD Graphics Control Panel Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. CodeIntegrity: =============== Date: 2023-02-25 18:16:59 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.23.1.21\symamsi.dll that did not meet the Windows signing level requirements. Date: 2023-02-25 18:15:09 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.23.1.21\symamsi.dll that did not meet the Microsoft signing level requirements. ==================== Speicherinformationen =========================== BIOS: Insyde F.46 07/27/2021 Hauptplatine: HP 881D Prozessor: 11th Gen Intel(R) Core(TM) i3-1115G4 @ 3.00GHz Prozentuale Nutzung des RAM: 65% Installierter physikalischer RAM: 7948.62 MB Verfügbarer physikalischer RAM: 2715.69 MB Summe virtueller Speicher: 8460.62 MB Verfügbarer virtueller Speicher: 2826.65 MB ==================== Laufwerke ================================ Drive c: (Windows) (Fixed) (Total:237.21 GB) (Free:173.19 GB) (Model: NVMe SAMSUNG MZVLQ256HBJD-00BH1) (Protected) NTFS \\?\Volume{303f1acf-dd6b-4b7b-941c-030bb8f02be3}\ () (Fixed) (Total:0.99 GB) (Free:0.08 GB) NTFS \\?\Volume{75de0296-dc89-4739-bbeb-f0e0cafbd866}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32 ==================== MBR & Partitionstabelle ==================== ========================================================== Disk: 0 (Size: 238.5 GB) (Disk ID: A67FC905) Partition: GPT. ==================== Ende von Addition.txt ======================= Einige der HP Programme gibt es nicht über "Programme deinstallieren". |
26.02.2023, 17:42 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. Dieser Müll von Norton ist immer noch drauf. Und OpenOffice auch.
__________________ Logfiles bitte immer in CODE-Tags posten |
26.02.2023, 17:48 | #13 |
| Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. Es gibt aber keinen Deinstaller von OpenOffice wie/wo krieg ich den weg...? |
26.02.2023, 18:20 | #14 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. Das Zeug wird da aber gelistet! Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
03.03.2023, 15:33 | #15 |
/// TB-Ausbilder | Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. Fehlende Rückmeldung Dieses Thema wurde aus unseren Abos gelöscht. Somit bekommen wir keine Benachrichtigung über neue Antworten. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und ein eigenes Thema erstellen! |
Themen zu Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. |
adobe, browser, defender, error, firefox, gesperrt, google, home, internet, internet explorer, malware, monitor, mozilla, prozesse, realtek, registry, scan, security, services.exe, software, svchost.exe, symantec, system, updates, windows |