| |
| |||||||
Log-Analyse und Auswertung: Trojaner im Windows\Temp Ordner gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
13.11.2023, 16:28
| #1 |
 |  Trojaner im Windows\Temp Ordner gefunden Schönen Guten Tag, mein Virenprogramm (GData) zeigt mir seit längeren an, dass ich einen Trojaner besitze. Nachdem ich auf Datei löschen gehe oder ihn in Quarantäne stecke, zeigt es mir nach erneuten Scan an das ich nun 2 Trojaner besitze, bei erneuten löschen 4 usw. Die Datei heißt z.B. avk1286.tmp befindet sich bei Windows\Temp und die Infektion wird als Trojan.Heur.AutoIT.4 beschrieben. Eine weitere Datei heißt z.B avk171C.tmp. Das an meinen Laptop irgendwas nicht richtig funktioniert habe ich noch nicht gemerkt. Es würde mich freuen wenn mir jemand antwortet. Danke im Voraus. [Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 05-11-2023 02 durchgeführt von cedri (Administrator) auf CEDDSN ( Microsoft Corporation Surface Pro 9) (13-11-2023 16:24:31) Gestartet von C:\Users\cedri\OneDrive\Dokumente\FRST11 (2)\FRST64.exe Geladene Profile: cedri Plattform: Microsoft Windows 11 Home Version 22H2 22621.2428 (X64) Sprache: Deutsch (Deutschland) Standard-Browser nicht gefunden! Start-Modus: Normal ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (BINARYLABS LIMITED -> Binarylabs LTD) C:\Users\cedri\AppData\Roaming\BitCleaner\BitCleaner Tasker.exe (C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe (C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe ->) (G DATA CyberDefense AG -> G Data CyberDefense AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\DnsCloudClient.exe (C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe ->) (G DATA CyberDefense AG -> G DATA CyberDefense AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe ->) (G DATA CyberDefense AG -> G DATA CyberDefense AG) C:\Program Files (x86)\G DATA\InternetSecurity\GUI\GDSC.exe (C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe ->) (G DATA CyberDefense AG -> G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVK.exe (C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe ->) (G DATA Software AG -> G DATA CyberDefense AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe ->) (G DATA CyberDefense AG -> G DATA Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe (C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe (C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe (C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Adobe Crash Processor.exe (C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe <3> (C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe (C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe (C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe (C:\Program Files\WindowsApps\MicrosoftTeams_23275.702.2421.2406_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\118.0.2088.76\msedgewebview2.exe <6> (C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.58\msedgewebview2.exe <6> (cmd.exe ->) (G DATA CyberDefense AG -> G DATA CyberDefense AG) C:\Program Files (x86)\Common Files\G Data\WebProtection\NativeMessagingWP.exe (DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_bf97b127a99077da\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~1.INF\DAX3API.exe (dwm.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\ISM.exe (explorer.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2309.16.0_x64__8wekyb3d8bbwe\SnippingTool\SnippingTool.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <17> (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_bf97b127a99077da\DAX3API.exe (services.exe ->) (G DATA CyberDefense AG -> G DATA CyberDefense AG) C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe (services.exe ->) (G DATA CyberDefense AG -> G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (services.exe ->) (G DATA CyberDefense AG -> G DATA Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (services.exe ->) (G DATA CyberDefense AG -> G Data Software AG) C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (services.exe ->) (geek software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_cfd021ca4dd6b3cf\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe (services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_06dd582276d3f601\AS\IAS\IntelAudioService.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe <2> (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.SurfaceAppProxy_5.98.139.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe (services.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23090.124.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Microsoft) C:\Windows\System32\DriverStore\FileRepository\surfacemachinelearningservicenulldriver.inf_amd64_1e9c2495c55a41da\SurfaceMLService.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\ehdxsstmd3a4.inf_amd64_a8f6924f5c61d01c\RtkAudUService64.exe <2> (services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (services.exe ->) (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe (svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2342.7.0_x64__cv1g1gvanyjgm\WhatsApp.exe (svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21640.0_x64__8wekyb3d8bbwe\HxOutlook.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21640.0_x64__8wekyb3d8bbwe\HxTsr.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBar.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.7272.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe (svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.23500.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Windows.Media.BackgroundPlayback.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM\...\Run: [] => [X] HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\ehdxsstmd3a4.inf_amd64_a8f6924f5c61d01c\RtkAudUService64.exe [835936 2022-08-04] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2023-03-31] (Adobe Inc. -> ) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1131488 2023-09-19] (Adobe Inc. -> Adobe Inc.) HKLM-x32\...\Run: [] => [X] HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" (Keine Datei) HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" [64958880 2023-11-13] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\RunOnce: [msedge_cleanup_{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}] => C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.58\Installer\setup.exe [6296008 2023-11-13] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-2931271875-1807551688-705478306-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4377448 2023-10-31] (Valve Corp. -> Valve Corporation) HKU\S-1-5-21-2931271875-1807551688-705478306-1001\...\Run: [] => [X] HKU\S-1-5-21-2931271875-1807551688-705478306-1001\...\Run: [MicrosoftEdgeAutoLaunch_74F9F1F92F1F439E8A23BD68852AFAC3] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [3894824 2023-11-09] (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\cedri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2023-04-26] ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) Startup: C:\Users\cedri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitCleaner Tasker.lnk [2023-11-13] ShortcutTarget: BitCleaner Tasker.lnk -> C:\Users\cedri\AppData\Roaming\BitCleaner\BitCleaner Tasker.exe (BINARYLABS LIMITED -> Binarylabs LTD) ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {C920F064-EF78-48C3-A8AF-0FC3F317F370} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2113024 2023-08-25] () [Datei ist nicht signiert] Task: {EE0DC685-5C88-4F97-A135-64C1056C0531} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) Task: {6748A0D7-0E04-422C-9621-40CB357EA724} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26913760 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) Task: {E71B3CC6-A46F-4F87-B4DA-150BA134ECAE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-19] (Microsoft Corporation -> Microsoft Corporation) Task: {B6B9F2A0-BCCA-4C43-A38C-C7E9430B05D9} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [158664 2023-09-19] (Microsoft Corporation -> Microsoft Corporation) Task: {72791EC4-72BC-45EC-82B0-A5BC4CBB2822} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [167864 2023-07-31] (Microsoft Corporation -> Microsoft Corporation) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei) Task: {09CA8CA5-C3D2-49E7-AE27-131D40F243A0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-11-02] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {47E94CF5-E5DA-4207-A6EA-5FA0B8E8BC87} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-11-02] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {66EA3176-CB43-4B70-A086-AEC8EDE549AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-11-02] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {02BB1F41-1B42-4FC5-AB2F-935AFF38A096} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MpCmdRun.exe [1596304 2023-11-02] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {4FB65F6C-BDFA-491A-B271-DE8B5CDAB346} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2023-11-13] (Microsoft Corporation -> Microsoft Corporation) Task: {B6902C54-ADBF-4CAF-A0DC-0F03FC642AEC} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2931271875-1807551688-705478306-1000 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2023-11-13] (Microsoft Corporation -> Microsoft Corporation) Task: {5F9F17E6-70B7-43B9-A743-6A43FD446672} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2931271875-1807551688-705478306-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130320 2023-11-13] (Microsoft Corporation -> Microsoft Corporation) Task: {B7AE58AE-43E2-4FF9-A742-2C3DD2C0D6E1} - System32\Tasks\Opera scheduled assistant Autoupdate 1686393582 => C:\Users\cedri\AppData\Local\Programs\Opera\launcher.exe [2708384 2023-06-01] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\cedri\AppData\Local\Programs\Opera\assistant" $(Arg0) Task: {A5A40B74-EB8F-4743-9655-D91A67B10745} - System32\Tasks\Opera scheduled Autoupdate 1686393576 => C:\Users\cedri\AppData\Local\Programs\Opera\launcher.exe [2708384 2023-06-01] (Opera Norway AS -> Opera Software) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{044f3ba0-776d-4695-be99-3ab3cc4e5c87}: [DhcpNameServer] 192.168.178.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\cedri\AppData\Local\Microsoft\Edge\User Data\Default [2023-11-13] Edge Notifications: Default -> hxxps://www.instagram.com Edge DefaultSearchURL: Default -> hxxps://www.bing.com/search?PC=U523&q={searchTerms} Edge Extension: (Microsoft Rewards) - C:\Users\cedri\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bnplfnhcidhhdapmblniehfaaompjlck [2023-04-04] Edge Extension: (Avira Safe Shopping) - C:\Users\cedri\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\caiblelclndcckfafdaggpephhgfpoip [2023-04-04] Edge Extension: (Google Docs Offline) - C:\Users\cedri\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-29] Edge Extension: (Edge relevant text changes) - C:\Users\cedri\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-15] Edge Extension: (G DATA WebProtection) - C:\Users\cedri\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\pehnahjhohlhchmcpcjcfnafkebenbgn [2023-08-29] Edge Profile: C:\Users\cedri\AppData\Local\Microsoft\Edge\User Data\Profile 1 [2023-11-02] Edge StartupUrls: Profile 1 -> "hxxp://google.de/" Edge Extension: (Avira Safe Shopping) - C:\Users\cedri\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\caiblelclndcckfafdaggpephhgfpoip [2023-04-07] Edge Extension: (Avira Password Manager) - C:\Users\cedri\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\emgfgdclgfeldebanedpihppahgngnle [2023-04-07] Edge Extension: (Google Docs Offline) - C:\Users\cedri\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-10-09] Edge Extension: (Edge relevant text changes) - C:\Users\cedri\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-10-09] Edge Extension: (AdBlocking Free) - C:\Users\cedri\AppData\Local\Microsoft\Edge\User Data\Profile 1\Extensions\kicbblioeipmjhndddemdjgdncegohln [2023-04-07] Edge HKU\S-1-5-21-2931271875-1807551688-705478306-1001\SOFTWARE\Microsoft\Edge\Extensions\...\Edge\Extension: [gidnhakgfijhghmilgiiffidakihnbnb] Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip] Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle] FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2023-07-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=3.0.16 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-06-18] (VideoLAN -> VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2023-09-19] (Adobe Inc. -> Adobe Systems) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2023-07-31] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2023-09-19] (Adobe Inc. -> Adobe Systems) Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] Opera: ======= OPR Profile: C:\Users\cedri\AppData\Roaming\Opera Software\Opera Stable [2023-06-10] ==================== Dienste (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-09-19] (Adobe Inc. -> Adobe Inc.) R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [7704824 2023-07-11] (G DATA CyberDefense AG -> G DATA Software AG) R2 AVKWCtl; C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlx64.exe [3859712 2023-07-11] (G DATA CyberDefense AG -> G DATA CyberDefense AG) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11817040 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) S3 CloudBackupRestoreSvc; C:\Windows\System32\CloudRestoreLauncher.dll [1261568 2023-10-19] (Microsoft Windows -> Microsoft Corporation) R2 DolbyDAXAPI; C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_bf97b127a99077da\DAX3API.exe [2298936 2022-08-04] (Dolby Laboratories, Inc. -> Dolby Laboratories) S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncHelper.exe [3505696 2023-11-13] (Microsoft Corporation -> Microsoft Corporation) R3 GDFwSvc; C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe [7072000 2023-07-11] (G DATA CyberDefense AG -> G Data Software AG) R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [2124528 2023-07-11] (G DATA CyberDefense AG -> G DATA Software AG) S4 IDBWM; C:\Windows\System32\drivers\Intel\ICPS\IDBWMService.exe [88304 2023-05-10] (Intel Corporation -> Intel® Corporation) S4 Intel Analytics Service; C:\Windows\System32\drivers\Intel\ICPS\IntelAnalyticsService.exe [2098928 2023-05-10] (Intel Corporation -> Intel) S4 Intel Connectivity Network Service; C:\Windows\System32\drivers\Intel\ICPS\IntelConnectivityNetworkService.exe [2597104 2023-05-10] (Intel Corporation -> Intel) S4 Intel Provider Data Helper Service; C:\Windows\System32\drivers\Intel\ICPS\IntelProviderDataHelperService.exe [714992 2023-05-10] (Intel Corporation -> Intel) R2 IntelAudioService; C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_06dd582276d3f601\AS\IAS\IntelAudioService.exe [532024 2022-06-02] (Intel Corporation -> Intel) S4 IntelConnectService; C:\Windows\System32\drivers\Intel\ICPS\IntelConnectService.exe [88304 2023-05-10] (Intel Corporation -> Intel® Corporation) S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.214.1015.0001\OneDriveUpdaterService.exe [3842064 2023-11-13] (Microsoft Corporation -> Microsoft Corporation) R2 PDF24; C:\Program Files\PDF24\pdf24.exe [613048 2023-05-24] (geek software GmbH -> geek software GmbH) R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2022-10-04] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) R2 ss_conn_service2; C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [920768 2022-10-04] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) R2 SurfaceExperienceService-5.98; C:\Program Files\WindowsApps\Microsoft.SurfaceAppProxy_5.98.139.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe [8741256 2023-05-18] (Microsoft Corporation -> Microsoft) R2 SurfaceExperienceService-61.23090.124; C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23090.124.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe [8742336 2023-10-05] (Microsoft Corporation -> Microsoft) R2 SurfaceMachineLearningService; C:\Windows\System32\DriverStore\FileRepository\surfacemachinelearningservicenulldriver.inf_amd64_1e9c2495c55a41da\SurfaceMLService.exe [68307296 2022-08-04] (Microsoft Windows Hardware Compatibility Publisher -> Microsoft) R2 TbtP2pShortcutService; C:\Windows\TbtP2pShortcutService.exe [253576 2022-08-04] (Intel Corporation -> Intel Corporation) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\NisSrv.exe [3116904 2023-11-02] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe [133584 2023-11-02] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 AX88179; C:\Windows\System32\DriverStore\FileRepository\netax88179_178a.inf_amd64_a8bb8a6e92764769\ax88179_178a.sys [79872 2022-05-07] (Microsoft Windows -> ASIX Electronics Corp.) S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [184320 2023-03-31] (Microsoft Corporation) [Datei ist nicht signiert] S3 fdrawcmd; C:\Windows\system32\drivers\fdrawcmd.sys [33144 2010-04-24] (Simon Owen -> simonowen.com) R0 fse; C:\Windows\System32\drivers\fse.sys [218464 2023-03-31] (Microsoft Windows -> Microsoft Corporation) S0 GDElam; C:\Windows\System32\DRIVERS\GDElam.sys [278504 2023-02-16] (Microsoft Windows Early Launch Anti-Malware Publisher -> G DATA CyberDefense AG) R3 GDKBB; C:\Windows\system32\drivers\GDKBB64.sys [36264 2023-07-19] (Microsoft Windows Hardware Compatibility Publisher -> G DATA CyberDefense AG) R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [38984 2023-07-19] (G DATA Software AG -> G DATA Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [939976 2023-11-13] (Microsoft Windows Hardware Compatibility Publisher -> G DATA CyberDefense AG) R3 GDNetflt; C:\Windows\System32\DRIVERS\gdnetflt.sys [127928 2023-02-16] (Microsoft Windows Hardware Compatibility Publisher -> G DATA Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [313768 2023-07-19] (Microsoft Windows Hardware Compatibility Publisher -> G DATA CyberDefense AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [78760 2023-07-19] (Microsoft Windows Hardware Compatibility Publisher -> G DATA Software AG) R3 GRD; C:\Windows\system32\drivers\GRD.sys [125640 2023-11-03] (G DATA Software AG -> G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [327232 2023-10-27] (Microsoft Windows Hardware Compatibility Publisher -> G DATA CyberDefense AG) R3 iaisp64; C:\Windows\System32\drivers\iaisp64.sys [48752 2022-09-30] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_GPIO2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_0e92b4646ab70162\iaLPSS2_GPIO2_ADL.sys [140976 2022-08-04] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_I2C_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_35ed2fd5a51c2bc2\iaLPSS2_I2C_ADL.sys [210608 2022-08-04] (Intel Corporation -> Intel Corporation) S3 iaLPSS2_SPI_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi_adl.inf_amd64_a8eb11f842d6a043\iaLPSS2_SPI_ADL.sys [161968 2022-08-04] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_UART2_ADL; C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_adl.inf_amd64_cafb511c07eb2595\iaLPSS2_UART2_ADL.sys [319672 2022-08-04] (Intel Corporation -> Intel Corporation) S4 INTCCoSvc; C:\Windows\System32\drivers\Intel\ICPS\IntcCo11X64.sys [223984 2023-05-10] (Intel Corporation -> Intel Corporation) R3 IntcUSB; C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_d97909364d9908a5\IntcUSB.sys [892968 2022-06-02] (Intel Corporation -> Intel(R) Corporation) R3 IntelGNA; C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_19ceb7ce67a7cf8b\gna.sys [87208 2022-08-04] (Intel Corporation -> Intel Corporation) R3 IntelTHCBase; C:\Windows\System32\DriverStore\FileRepository\intelthcbase.inf_amd64_2812a3a8790ffe6b\IntelTHCBase.sys [189064 2022-08-04] (Intel Corporation -> Intel Corporation) R3 ov13858; C:\Windows\System32\drivers\ov13858.sys [219760 2022-09-30] (Intel Corporation -> Intel Corporation) R0 SurfaceAcpiPlatformExtensionDriver; C:\Windows\System32\DriverStore\FileRepository\surfaceacpiplatformextensiondriver.inf_amd64_151c14702b170a0b\SurfaceAcpiPlatformExtensionDriver.sys [375272 2022-08-04] (Microsoft Corporation -> Microsoft Corporation) R3 SurfaceBattery; C:\Windows\System32\DriverStore\FileRepository\surfacebattery.inf_amd64_5c1a67596cf7f35c\SurfaceBattery.sys [433048 2022-08-04] (Microsoft Corporation -> Microsoft Corporation) R3 SurfaceButton; C:\Windows\System32\DriverStore\FileRepository\surfacebutton.inf_amd64_27ccc57de18927c5\SurfaceButton.sys [437704 2022-08-04] (Microsoft Corporation -> Microsoft Corporation) S3 SurfaceDockIntegration; C:\Windows\System32\DriverStore\FileRepository\surfacedockintegration.inf_amd64_3380e60bafc898c1\SurfaceDockIntegration.sys [49600 2022-08-04] (Microsoft Corporation -> Microsoft Corporation) S3 SurfaceEeprom; C:\Windows\System32\DriverStore\FileRepository\surfaceeeprom.inf_amd64_4878c304eaa37421\SurfaceEeprom.sys [310912 2022-08-04] (Windows OEM Test Cert 2017 (TEST ONLY) -> ) R3 SurfaceHotPlug; C:\Windows\System32\DriverStore\FileRepository\surfacehotplug.inf_amd64_4dae69e5e0e67a11\SurfaceHotPlug.sys [461656 2022-08-04] (Microsoft Corporation -> Microsoft Corporation) R3 SurfaceIhvCpuSmfClient; C:\Windows\System32\DriverStore\FileRepository\surfaceihvcpusmfclient.inf_amd64_a72bcde42d29c5af\SurfaceIhvCpuSmfClient.sys [384072 2022-08-04] (Windows OEM Test Cert 2017 (TEST ONLY) -> Microsoft Corporation) R3 SurfaceIntegrationDriver; C:\Windows\System32\DriverStore\FileRepository\surfaceintegrationdriver.inf_amd64_b2bfffd72df8bdda\SurfaceIntegrationDriver.sys [448456 2023-06-13] (Microsoft Corporation -> Microsoft Corporation) R3 SurfacePenBleLcAddrAdaptationDriver; C:\Windows\System32\DriverStore\FileRepository\surfacepenblelcaddradaptationdriver.inf_amd64_07aaecbe486a150d\SurfacePenBleLcAddrAdaptationDriver.sys [288720 2022-09-14] (Microsoft Corporation -> Microsoft Corporation) S3 SurfacePowerMeter; C:\Windows\System32\DriverStore\FileRepository\surfacepowermeter.inf_amd64_8d5390a34d8fdd98\SurfacePowerMeter.sys [386904 2022-08-04] (Microsoft Corporation -> Microsoft Corporation) R3 SurfacePowerStateDriver; C:\Windows\System32\DriverStore\FileRepository\surfacepowerstate.inf_amd64_0481bcd6adf3d446\SurfacePowerStateDriver.sys [298800 2022-08-04] (Microsoft Corporation -> Microsoft Corporation) R3 SurfacePowerTrackerCore; C:\Windows\System32\DriverStore\FileRepository\surfacepowertrackercore.inf_amd64_9a24da0270fea9ca\SurfacePowerTrackerCore.sys [430512 2022-08-29] (Microsoft Corporation -> Microsoft Corporation) R3 SurfaceSerialHubDriver; C:\Windows\System32\DriverStore\FileRepository\surfaceserialhubdriver.inf_amd64_84e412ddc03a1ee5\SurfaceSerialHubDriver.sys [445832 2022-08-04] (Microsoft Corporation -> Microsoft Corporation) R3 SurfaceSmfClient; C:\Windows\System32\DriverStore\FileRepository\surfacesmfclient.inf_amd64_fb869ec9417eee98\SurfaceSmfClient.sys [376344 2022-08-04] (Microsoft Corporation -> Microsoft Corporation) R3 SurfaceSmfDisplayClient; C:\Windows\System32\DriverStore\FileRepository\surfacesmfdisplayclient.inf_amd64_1e70493c5bcabb57\SurfaceSmfDisplayClient.sys [315752 2022-08-04] (Microsoft Corporation -> Microsoft Corporation) R3 SurfaceSystemManagementFrameworkDriver; C:\Windows\System32\DriverStore\FileRepository\surfacesystemmanagementframeworkdriver.inf_amd64_947bdc7a3ee6bca3\SurfaceSystemManagementFrameworkDrive r.sys [616248 2022-08-04] (Microsoft Corporation -> Microsoft Corporation) R3 SurfaceSystemTelemetry; C:\Windows\System32\DriverStore\FileRepository\surfacesystemtelemetrydriver.inf_amd64_441ce188078e3cfa\SurfaceSystemTelemetryDriver.sys [483936 2022-08-04] (Windows OEM Test Cert 2017 (TEST ONLY) -> Microsoft Corporation) R3 SurfaceThermalPolicy; C:\Windows\System32\DriverStore\FileRepository\surfacethermalpolicy.inf_amd64_d30965280376555d\SurfaceThermalPolicy.sys [339368 2022-08-30] (Microsoft Corporation -> Microsoft Corporation) R3 SurfaceTimeAlarmAcpiFilter; C:\Windows\System32\DriverStore\FileRepository\surfacetimealarmacpifilter.inf_amd64_0017a19a183478b7\SurfaceTimeAlarmAcpiFilter.sys [276440 2022-08-04] (Microsoft Corporation -> Microsoft Corporation) S3 SurfaceTypeCoverV7FprUdeDriver; C:\Windows\System32\DriverStore\FileRepository\surfacetypecoverv7fprudedriver.inf_amd64_37b0eb99ff29741a\SurfaceTypeCoverV7FprUdeDriver.sys [327184 2022-08-04] (Microsoft Corporation -> Microsoft Corporation) S4 UCPD; C:\Windows\System32\drivers\UCPD.sys [29184 2023-09-13] (Microsoft Windows -> Microsoft Corporation) R3 vd55g0; C:\Windows\System32\drivers\vd55g0.sys [248968 2022-09-30] (Intel Corporation -> Intel Corporation) S3 vmbusproxy; C:\Windows\system32\drivers\vmbusproxy.sys [94208 2022-07-20] (Microsoft Windows -> ) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55856 2023-11-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [572712 2023-11-02] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105872 2023-11-02] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2023-11-13 15:53 - 2023-11-13 16:24 - 000000000 ____D C:\FRST 2023-11-13 15:52 - 2023-11-13 15:55 - 000000000 ____D C:\Users\cedri\OneDrive\Dokumente\FRST11 (2) 2023-11-13 15:52 - 2023-11-13 15:52 - 003492628 _____ C:\Users\cedri\OneDrive\Dokumente\FRST11 (2).zip 2023-11-13 15:51 - 2023-11-13 15:56 - 000000000 ____D C:\Users\cedri\AppData\Roaming\BitCleaner 2023-11-13 15:50 - 2023-11-13 15:51 - 003492628 _____ C:\Users\cedri\OneDrive\Dokumente\FRST11.zip 2023-11-13 15:50 - 2023-11-13 15:50 - 005331520 _____ (CHIP Digital GmbH) C:\Users\cedri\Downloads\Farbar Recovery Scan Tool (HijackThis Alternative) - CHIP Installer _Sro3p.exe 2023-11-13 15:18 - 2023-11-13 15:18 - 007322616 _____ (Stanislav Polshyn & Trend Micro Inc.) C:\Users\cedri\Downloads\HiJackThis (1).exe 2023-11-03 14:37 - 2023-11-03 14:37 - 000000000 ____D C:\Users\cedri\AppData\Local\Backup 2023-11-02 17:06 - 2023-11-02 17:06 - 000760092 _____ C:\Windows\system32\perfh007.dat 2023-11-02 17:06 - 2023-11-02 17:06 - 000157276 _____ C:\Windows\system32\perfc007.dat 2023-11-02 17:04 - 2023-11-02 17:04 - 000388608 _____ (Trend Micro Inc.) C:\Users\cedri\Downloads\hijackthis.exe 2023-11-01 21:48 - 2023-11-01 21:48 - 000000000 ____D C:\Users\cedri\OneDrive\Dokumente\TotalAV 2023-11-01 21:45 - 2023-11-01 21:45 - 000000000 ____D C:\Users\cedri\AppData\Local\GUI 2023-11-01 21:45 - 2023-11-01 21:45 - 000000000 ____D C:\ProgramData\SecuritySuite 2023-11-01 21:44 - 2023-11-01 21:44 - 057488912 _____ C:\Users\cedri\Downloads\TotalAV.exe 2023-10-25 04:36 - 2023-10-25 04:36 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView 2023-10-19 22:04 - 2023-10-19 22:04 - 000060462 _____ C:\Windows\SysWOW64\ctac.json 2023-10-19 22:03 - 2023-10-19 22:03 - 000060462 _____ C:\Windows\system32\ctac.json 2023-10-19 22:03 - 2023-10-19 22:03 - 000016239 _____ C:\Windows\system32\IntegratedServicesRegionPolicySet.json ==================== Ein Monat (geänderte) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2023-11-13 16:24 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-11-13 16:22 - 2023-04-04 13:13 - 000000000 ____D C:\Users\cedri\AppData\Roaming\Microsoft\Word 2023-11-13 15:56 - 2023-04-01 17:38 - 000000000 ____D C:\Users\cedri\AppData\Local\CrashDumps 2023-11-13 15:46 - 2022-07-20 21:14 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-11-13 15:37 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\AppReadiness 2023-11-13 15:13 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps 2023-11-13 14:48 - 2023-03-31 21:43 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2023-11-13 14:48 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemTemp 2023-11-13 14:45 - 2022-07-20 21:16 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-11-13 14:37 - 2022-05-07 06:17 - 000032768 _____ C:\Windows\system32\config\ELAM 2023-11-13 14:36 - 2022-05-07 06:22 - 000000000 ____D C:\Windows\INF 2023-11-13 14:35 - 2023-09-15 08:55 - 000263784 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy_3.dll 2023-11-13 14:35 - 2023-04-07 13:43 - 000939976 _____ (G DATA CyberDefense AG) C:\Windows\system32\Drivers\MiniIcpt.sys 2023-11-13 14:35 - 2023-04-06 13:49 - 002758248 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll 2023-11-13 14:35 - 2023-04-06 13:49 - 000634880 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll 2023-11-13 14:35 - 2023-04-06 13:49 - 000210536 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll 2023-11-13 14:35 - 2023-04-06 13:49 - 000190056 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll 2023-11-13 14:35 - 2023-04-06 13:49 - 000145000 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll 2023-11-13 14:35 - 2023-04-06 13:49 - 000095848 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe 2023-11-13 14:35 - 2023-04-06 13:49 - 000075368 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe 2023-11-13 14:28 - 2023-04-27 15:56 - 000000000 ___HD C:\Users\cedri\Downloads\.opera 2023-11-13 14:28 - 2023-04-27 15:56 - 000000000 ___HD C:\Users\cedri\.opera 2023-11-13 14:27 - 2022-07-21 23:47 - 000003194 _____ C:\Windows\system32\Tasks\OneDrive Per-Machine Standalone Update Task 2023-11-13 14:26 - 2023-03-31 12:48 - 000000000 ____D C:\Program Files\Microsoft OneDrive 2023-11-13 14:26 - 2023-03-31 12:36 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2931271875-1807551688-705478306-1001 2023-11-13 14:26 - 2022-07-21 23:47 - 000002158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-11-08 18:03 - 2023-03-31 12:45 - 000000000 ____D C:\Users\cedri\AppData\Local\D3DSCache 2023-11-03 15:34 - 2023-04-07 13:51 - 000125640 _____ (G Data Software) C:\Windows\system32\Drivers\GRD.sys 2023-11-02 17:09 - 2022-07-20 21:14 - 000000000 ____D C:\Windows\system32\Drivers\wd 2023-11-02 17:06 - 2022-07-21 23:44 - 001754668 _____ C:\Windows\system32\PerfStringBackup.INI 2023-11-02 16:59 - 2023-04-06 14:14 - 000000000 ____D C:\Program Files (x86)\Steam 2023-11-02 16:59 - 2023-03-31 13:59 - 000000000 ___RD C:\Users\cedri\Creative Cloud Files 2023-11-02 16:58 - 2023-03-31 12:32 - 000000000 ____D C:\Users\cedri 2023-11-02 16:58 - 2022-07-20 21:14 - 000012288 ___SH C:\DumpStack.log.tmp 2023-11-02 16:58 - 2022-07-20 21:14 - 000001623 _____ C:\Windows\system32\config\VSMIDK 2023-11-02 16:58 - 2022-07-20 21:14 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-11-02 16:58 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ServiceState 2023-11-02 16:58 - 2022-05-07 06:17 - 001048576 _____ C:\Windows\system32\config\BBI 2023-11-02 16:57 - 2022-05-07 06:24 - 000000000 ___HD C:\Windows\ELAMBKUP 2023-11-01 21:52 - 2023-06-08 12:27 - 000000000 ____D C:\Windows\Minidump 2023-11-01 21:52 - 2022-07-20 12:51 - 000000000 ____D C:\Windows\panther 2023-11-01 21:45 - 2023-03-31 14:15 - 000918960 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2023-11-01 21:42 - 2023-03-31 12:32 - 000000000 ___RD C:\Users\cedri\OneDrive 2023-11-01 21:23 - 2023-04-01 17:38 - 000000000 ____D C:\Users\cedri\AppData\Roaming\Canva 2023-11-01 20:39 - 2023-03-31 12:32 - 000000000 ____D C:\Users\cedri\AppData\Roaming\Microsoft\Windows 2023-10-30 10:08 - 2023-04-19 11:46 - 000000000 ___HD C:\adobeTemp 2023-10-30 10:08 - 2023-03-31 13:49 - 000000000 ____D C:\Program Files\Adobe 2023-10-30 10:07 - 2022-07-20 21:15 - 000003754 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2023-10-30 10:07 - 2022-07-20 21:15 - 000003630 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2023-10-27 14:56 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate 2023-10-27 09:09 - 2023-04-07 13:43 - 000327232 _____ (G DATA CyberDefense AG) C:\Windows\system32\Drivers\HookCentre.sys 2023-10-25 04:40 - 2023-03-31 12:45 - 000000000 ____D C:\Users\cedri\AppData\Local\Packages 2023-10-25 04:37 - 2022-07-20 21:14 - 000516136 _____ C:\Windows\system32\FNTCACHE.DAT 2023-10-25 04:36 - 2022-05-07 06:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-10-25 04:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\UUS 2023-10-25 04:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-10-25 04:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\setup 2023-10-25 04:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SysWOW64\Dism 2023-10-25 04:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\SystemResources 2023-10-25 04:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-10-25 04:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\setup 2023-10-25 04:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\oobe 2023-10-25 04:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\migwiz 2023-10-25 04:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\Dism 2023-10-25 04:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\system32\appraiser 2023-10-25 04:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ShellExperiences 2023-10-25 04:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\ShellComponents 2023-10-25 04:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\Provisioning 2023-10-25 04:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\PolicyDefinitions 2023-10-25 04:36 - 2022-05-07 06:24 - 000000000 ____D C:\Windows\bcastdvr 2023-10-19 22:26 - 2022-05-07 06:17 - 000000000 ____D C:\Windows\CbsTemp 2023-10-19 22:04 - 2022-07-20 21:17 - 003210752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2023-10-19 21:50 - 2023-03-31 16:05 - 000000000 ____D C:\Windows\system32\MRT 2023-10-19 21:12 - 2023-03-31 16:05 - 181553176 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======== 2023-04-07 13:43 - 2023-04-07 13:43 - 000000000 _____ () C:\Users\cedri\AppData\Roaming\gdfw.log 2023-04-07 13:43 - 2023-04-07 13:43 - 000000779 _____ () C:\Users\cedri\AppData\Roaming\gdscan.log 2023-04-27 16:58 - 2023-04-27 16:58 - 000004250 _____ () C:\Users\cedri\AppData\Local\recently-used.xbel ==================== SigCheck ============================ (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) ==================== Ende von FRST.txt ========================] [Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 05-11-2023 02 durchgeführt von cedri (13-11-2023 16:26:00) Gestartet von C:\Users\cedri\OneDrive\Dokumente\FRST11 (2) Microsoft Windows 11 Home Version 22H2 22621.2428 (X64) (2023-02-24 08:22:01) Start-Modus: Normal ========================================================== ==================== Konten: ============================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) Administrator (S-1-5-21-2931271875-1807551688-705478306-500 - Administrator - Disabled) cedri (S-1-5-21-2931271875-1807551688-705478306-1001 - Administrator - Enabled) => C:\Users\cedri DefaultAccount (S-1-5-21-2931271875-1807551688-705478306-503 - Limited - Disabled) Gast (S-1-5-21-2931271875-1807551688-705478306-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-2931271875-1807551688-705478306-504 - Limited - Disabled) ==================== Sicherheits-Center ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.) AV: G DATA INTERNET SECURITY (Disabled - Up to date) {65C9CA7D-B990-170A-E0FF-B7F59A846451} AV: G DATA INTERNET SECURITY (Disabled - Up to date) {9236DD49-E94E-24D6-9122-C4F39CEA579A} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: G DATA INTERNET SECURITY (Enabled - Up to date) {9A031196-8C4F-6B12-1520-CC6F3EA1D298} FW: G DATA INTERNET SECURITY (Enabled) {A23890B3-C620-6A4A-3E7F-655AC07295E3} FW: G DATA INTERNET SECURITY (Disabled) {AA0D5C6C-A321-258E-BA7D-6DC6623910E1} FW: G DATA INTERNET SECURITY (Disabled) {5DF24B58-F3FF-1652-CBA0-1EC06457232A} FW: Avira Security (Enabled) {4EFB3EBA-D5BC-D311-F570-D3065B48D523} ==================== Installierte Programme ====================== (Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 6.0.0.571 - Adobe Inc.) AirDroid 3.7.1.2 (HKLM-x32\...\AirDroid) (Version: 3.7.1.2 - Sand Studio) BitCleaner (HKU\S-1-5-21-2931271875-1807551688-705478306-1001\...\BitCleaner) (Version: 1.0.5.0 - BinaryLabs LTD) Canva (HKU\S-1-5-21-2931271875-1807551688-705478306-1001\...\3d0ba22d-e02b-5c6d-93a1-4e2a9af9c1f2) (Version: 1.75.0 - Canva Pty Ltd) Embird 2021 (64-bit) (HKLM\...\Embird 2021 (64-bit)) (Version: Embird 2021 Build 10.52 (64-bit) - © 1997-2021 BALARAD, s.r.o.) Fdrawcmd.sys 1.0.1.11 (HKLM-x32\...\fdrawcmd) (Version: 1.0.1.11 - Simon Owen) G DATA INTERNET SECURITY (HKLM-x32\...\G DATA INTERNET SECURITY) (Version: 25.5.16.125 - G DATA CyberDefense AG) GIMP 2.10.34 (HKU\S-1-5-21-2931271875-1807551688-705478306-1001\...\GIMP-2_is1) (Version: 2.10.34 - The GIMP Team) K-Lite Codec Pack 17.7.5 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 17.7.5 - KLCP) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 119.0.2151.58 - Microsoft Corporation) Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 119.0.2151.58 - Microsoft Corporation) Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation) Microsoft Office Professional Plus 2021 - de-de (HKLM\...\ProPlus2021Retail - de-de) (Version: 16.0.16731.20170 - Microsoft Corporation) Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.214.1015.0001 - Microsoft Corporation) Microsoft OneNote - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.16731.20170 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation) Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326 (HKLM-x32\...\{2d507699-404c-4c8b-a54a-38e352f32cdd}) (Version: 14.32.31326.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326 (HKLM-x32\...\{817e21c1-6b3a-4bc1-8c49-67e4e1887b3a}) (Version: 14.32.31326.0 - Microsoft Corporation) Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326 (HKLM\...\{38624EB5-356D-4B08-8357-C33D89A5C0C5}) (Version: 14.32.31326 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326 (HKLM\...\{C96241EA-9900-4FE8-85B3-1E238D509DF6}) (Version: 14.32.31326 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326 (HKLM-x32\...\{A250E750-DB3F-40C1-8460-8EF77C7582DA}) (Version: 14.32.31326 - Microsoft Corporation) Hidden Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326 (HKLM-x32\...\{46E11E7F-01E1-44D0-BB86-C67342D253DD}) (Version: 14.32.31326 - Microsoft Corporation) Hidden NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation) Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20052 - Microsoft Corporation) Hidden Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.16731.20170 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.16731.20052 - Microsoft Corporation) Hidden PDF24 Creator 11.12.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: 11.12.1 - PDF24.org) Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.7.59.0 - Samsung Electronics Co., Ltd.) Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23052.1 - Samsung Electronics Co., Ltd.) Hidden Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.3.23052.1 - Samsung Electronics Co., Ltd.) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) VLC media player (HKLM\...\VLC media player) (Version: 3.0.16 - VideoLAN) Packages: ========= Adobe Notification Client -> C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc [2023-03-31] (Adobe Systems Incorporated) Amazon Music -> C:\Program Files\WindowsApps\AmazonMobileLLC.AmazonMusic_9.5.2.0_x86__kc6t79cpj4tp0 [2023-10-16] (AMZN Mobile LLC) BreeZip -> C:\Program Files\WindowsApps\3138AweZip.AweZip_1.4.30.0_x64__ffd303wmbhcjt [2023-10-19] (BreeZip) Dolby Access OEM -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccessOEM_3.19.8.0_x64__rz1tebttyb220 [2023-11-01] (Dolby Laboratories) Dolby Vision Extensions -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionAccess_2.2.337.0_x64__rz1tebttyb220 [2023-07-24] (Dolby Laboratories) Dropbox Lite -> C:\Program Files\WindowsApps\C27EB4BA.DROPBOX_23.4.20.0_x64__xbfy0k16fey96 [2023-11-01] (Dropbox Inc.) Epson Print and Scan -> C:\Program Files\WindowsApps\SEIKOEPSONCORPORATION.EpsonPrintandScan_1.1.0.0_x64__ezaqdwkaef94e [2023-04-27] (SEIKO EPSON CORPORATION) Fresco -> C:\Program Files\WindowsApps\Adobe.Fresco_4.6.1.1250_x64__pc75e8sa7ep4e [2023-06-09] (Adobe Inc.) Instagram -> C:\Program Files\WindowsApps\Facebook.InstagramBeta_42.0.21.0_neutral__8xx8rvfyw5nnt [2023-11-01] (Instagram) Instagram -> C:\Program Files\WindowsApps\www.instagram.com-E4B7766F_42.0.21.1_neutral__ysfa6mcnwr1rw [2023-11-01] (www.instagram.com) Intel® Connectivity Performance Suite -> C:\Program Files\WindowsApps\AppUp.IntelConnectivityPerformanceSuite_2.1123.505.0_x64__8j3eq9eme6ctt [2023-07-19] (INTEL CORP) [Startup Task] Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.23075.1229.0_x64__8wekyb3d8bbwe [2023-11-01] (Microsoft Corporation) Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2310.10002.0_x64__8wekyb3d8bbwe [2023-10-19] (Microsoft Corporation) [Startup Task] Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-16] (Microsoft Corp.) Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10829.535.0_x64__8wekyb3d8bbwe [2023-09-29] (Microsoft Corporation) Microsoft.D3DMappingLayers -> C:\Program Files\WindowsApps\Microsoft.D3DMappingLayers_1.2302.1.0_x64__8wekyb3d8bbwe [2023-03-31] (Microsoft Corporation) Microsoft.MPEG2VideoExtension -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2023-08-15] (Microsoft Corporation) Microsoft.WindowsAppRuntime.CBS -> C:\Windows\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2023-10-25] (Microsoft Corporation) OneDrive -> C:\Program Files\WindowsApps\microsoft.microsoftskydrive_19.23.19.0_x64__8wekyb3d8bbwe [2023-11-01] (Microsoft Corporation) Outlook for Windows -> C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2023.616.100_x64__8wekyb3d8bbwe [2023-06-28] (Microsoft Corporation) SoundCloud - Music & Songs -> C:\Program Files\WindowsApps\SoundcloudLtd.SoundCloudforWindowsBeta_2.0.0.0_neutral__2xc63xn306dnw [2023-11-01] (SoundCloud Global Limited & Co. KG) SoundCloud -> C:\Program Files\WindowsApps\soundcloud.com-11A6A179_2.0.0.1_neutral__mz0ydhkgwkv3y [2023-11-01] (soundcloud.com) Surface -> C:\Program Files\WindowsApps\Microsoft.SurfaceHub_61.23090.124.0_x64__8wekyb3d8bbwe [2023-10-16] (Microsoft Corporation) Surface Diagnostic Toolkit -> C:\Program Files\WindowsApps\Microsoft.SurfaceDiagnostics_2.218.139.0_x64__8wekyb3d8bbwe [2023-10-19] (Microsoft Corporation) [Startup Task] Surface Management Extension -> C:\Program Files\WindowsApps\Microsoft.SurfaceAppProxy_5.98.139.0_x64__8wekyb3d8bbwe [2023-11-01] (Microsoft Corporation) WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2342.7.0_x64__cv1g1gvanyjgm [2023-11-03] (WhatsApp Inc.) [Startup Task] Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2023-10-25] (Microsoft Corporation) ==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ============== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) CustomCLSID: HKU\S-1-5-21-2931271875-1807551688-705478306-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-817666DF7E2E} -> [Creative Cloud Files] => C:\Users\cedri\Creative Cloud Files [2023-03-31 13:59] CustomCLSID: HKU\S-1-5-21-2931271875-1807551688-705478306-1001_Classes\CLSID\{2F81B25E-7507-4844-BFF2-77D2CC24CED4}\localserver32 -> C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Inc. -> Adobe Inc.) CustomCLSID: HKU\S-1-5-21-2931271875-1807551688-705478306-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Inc. -> Adobe Systems) ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncShell64.dll [2023-11-13] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncShell64.dll [2023-11-13] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncShell64.dll [2023-11-13] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncShell64.dll [2023-11-13] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncShell64.dll [2023-11-13] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncShell64.dll [2023-11-13] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncShell64.dll [2023-11-13] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-05] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-05] (Adobe Inc. -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-05] (Adobe Inc. -> ) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncShell64.dll [2023-11-13] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncShell64.dll [2023-11-13] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncShell64.dll [2023-11-13] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncShell64.dll [2023-11-13] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncShell64.dll [2023-11-13] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncShell64.dll [2023-11-13] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncShell64.dll [2023-11-13] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncShell64.dll [2023-11-13] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-05] (Adobe Inc. -> ) ContextMenuHandlers1: [AVK9CM] -> {CAF4C320-32F5-11D3-A222-004095200FF2} => C:\Program Files (x86)\G DATA\InternetSecurity\AVK\ShellExt64.dll [2023-07-11] (G DATA CyberDefense AG -> G DATA Software AG) ContextMenuHandlers2: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei ContextMenuHandlers3: [ContextMenu] -> {ee10d625-cc60-30a4-b3df-4b349785be6b} => C:\Program Files (x86)\Avira\Security\Antivirus.ContextMenu\Antivirus.ContextMenu.DLL -> Keine Datei ContextMenuHandlers3: [Reisswolf] -> {1F0F1EE7-36B9-11D2-8985-0080ADA96E9B} => C:\Program Files (x86)\G DATA\InternetSecurity\Shredder\Reisswlf64.dll [2023-07-11] (G DATA CyberDefense AG -> G DATA Software AG) ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncShell64.dll [2023-11-13] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.214.1015.0001\FileSyncShell64.dll [2023-11-13] (Microsoft Corporation -> Microsoft Corporation) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2023-10-05] (Adobe Inc. -> ) ContextMenuHandlers6: [AVK9CM] -> {CAF4C320-32F5-11D3-A222-004095200FF2} => C:\Program Files (x86)\G DATA\InternetSecurity\AVK\ShellExt64.dll [2023-07-11] (G DATA CyberDefense AG -> G DATA Software AG) ContextMenuHandlers6: [Reisswolf] -> {1F0F1EE7-36B9-11D2-8985-0080ADA96E9B} => C:\Program Files (x86)\G DATA\InternetSecurity\Shredder\Reisswlf64.dll [2023-07-11] (G DATA CyberDefense AG -> G DATA Software AG) ==================== Codecs (Nicht auf der Ausnahmeliste) ==================== ==================== Verknüpfungen & WMI ======================== (Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.) ShortcutWithArgument: C:\Users\cedri\AppData\Local\Microsoft\Edge\User Data\Default\Web Applications\_crx__akpamiohjfcnimfljfndmaldlcfphjmp\Instagram.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=akpamiohjfcnimfljfndmaldlcfphjmp --app-url=hxxps://www.instagram.com/?utm_source=pwa_homescreen&__pwa=1 --app-launch-source=4 ShortcutWithArgument: C:\Users\cedri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Instagram.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge_proxy.exe (Microsoft Corporation) -> --profile-directory=Default --app-id=akpamiohjfcnimfljfndmaldlcfphjmp --app-url=hxxps://www.instagram.com/?utm_source=pwa_homescreen&__pwa=1 --app-launch-source=4 ShortcutWithArgument: C:\Users\cedri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\188f5ec9d11ded56\Persönlich - Edge.lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory="Profile 1" ==================== Geladene Module (Nicht auf der Ausnahmeliste) ============= 2022-08-04 15:46 - 2022-08-04 15:46 - 000120320 _____ (LadybugCore) [Datei ist nicht signiert] [Datei wird verwendet] C:\Windows\TEMP\.net\SurfaceMLService\fa5ka122.xdn\LadybugCore.dll 2022-08-04 15:46 - 2022-08-04 15:46 - 000283648 _____ (Marc Gravell) [Datei ist nicht signiert] [Datei wird verwendet] C:\Windows\TEMP\.net\SurfaceMLService\fa5ka122.xdn\protobuf-net.dll 2022-07-21 23:43 - 2022-07-21 23:43 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems64.dll 2022-07-21 23:43 - 2022-07-21 23:43 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\root\Office16\AppVIsvSubsystems64.dll 2022-07-21 23:43 - 2022-07-21 23:43 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\Office16\c2r64.dll 2022-07-21 23:44 - 2022-07-21 23:44 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\c2r64.dll 2022-08-04 15:46 - 2022-08-04 15:46 - 001369600 _____ (Microsoft) [Datei ist nicht signiert] [Datei wird verwendet] C:\Windows\TEMP\.net\SurfaceMLService\fa5ka122.xdn\SurfaceMLService.dll ==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ======== ==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ================== ==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ================= ==================== Internet Explorer (Nicht auf der Ausnahmeliste) ========== HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-2931271875-1807551688-705478306-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2023-07-31] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation) Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation) Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2023-09-19] (Microsoft Corporation -> Microsoft Corporation) ==================== Hosts Inhalt: ========================= (Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.) 2022-05-07 06:24 - 2023-11-02 16:57 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Andere Bereiche =========================== (Aktuell gibt es keinen automatisierten Fix für diesen Bereich.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\Syst em32\OpenSSH\ HKU\S-1-5-21-2931271875-1807551688-705478306-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\cedri\OneDrive\Desktop\Unbenannt - 27. Oktober 2023 10.02.png DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) ist aktiviert. ==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge == ==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================ (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) FirewallRules: [TCP Query User{21825034-875B-40C7-8185-D904E18EB692}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio) FirewallRules: [UDP Query User{31C7FB93-DC03-4540-9E3B-E3DB3DE79603}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe (SAND STUDIO CORPORATION LIMITED -> Sand Studio) FirewallRules: [{4800F0F8-7381-4324-BAAF-601408B5BF9B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{CBA9CF3D-8883-4C49-AF5A-0762B595B962}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{299D3935-51FB-4D89-AA95-EE5FC152F416}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{BDF62882-D66E-4C00-8A3F-713AD35F4868}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation) FirewallRules: [{506BB3EE-65F4-4953-A455-1586DD51D83D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{66176401-D7FA-463C-B01F-5EED6736EF26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => Keine Datei FirewallRules: [{04858464-56FA-413C-B9C0-5D76DD31D8BD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe => Keine Datei FirewallRules: [{D0DE0B0F-FE8A-4BA4-9555-895B2E52B567}] => (Allow) C:\Users\cedri\AppData\Local\Programs\Opera\99.0.4788.40\opera.exe => Keine Datei FirewallRules: [{9CB72678-15A7-4D01-822E-2CDB863DB93A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe (Bethesda Softworks) [Datei ist nicht signiert] FirewallRules: [{9F421FFE-FB1D-48F8-B917-BF0DD5A3E4E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Oblivion\OblivionLauncher.exe (Bethesda Softworks) [Datei ist nicht signiert] FirewallRules: [{56B5DB42-8CDD-4B06-9C3E-DE57134A8C34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tails of Iron\TOI.exe () [Datei ist nicht signiert] FirewallRules: [{472D7DD8-E0C7-49BA-B7C9-8300EB8E0E22}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tails of Iron\TOI.exe () [Datei ist nicht signiert] FirewallRules: [{437A1822-5871-481B-BB99-D89D5D3BED3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Outer Worlds Spacer's Choice\TheOuterWorldsSpacersChoiceEdition.exe (Private Division) [Datei ist nicht signiert] FirewallRules: [{30416AE8-1D46-4CF7-A2DE-44D08F2CAC23}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Outer Worlds Spacer's Choice\TheOuterWorldsSpacersChoiceEdition.exe (Private Division) [Datei ist nicht signiert] FirewallRules: [{41841B56-5BBA-47A3-8B31-0525757C574E}] => (Allow) C:\Program Files\WindowsApps\AmazonMobileLLC.AmazonMusic_9.5.2.0_x86__kc6t79cpj4tp0\Amazon Music Helper.exe (16916B57-7991-4968-B02A-2ADE4B5FB0DE -> Amazon.com Services LLC) FirewallRules: [{695FB07A-7513-436E-962F-81EF042F7AC7}] => (Allow) C:\Program Files\WindowsApps\AmazonMobileLLC.AmazonMusic_9.5.2.0_x86__kc6t79cpj4tp0\Amazon Music Helper.exe (16916B57-7991-4968-B02A-2ADE4B5FB0DE -> Amazon.com Services LLC) FirewallRules: [{412F1982-C216-4975-97CA-5A46EFAEAAEC}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23275.702.2421.2406_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{D8BDF011-1265-4346-B563-4B242FE9869F}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23275.702.2421.2406_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{4E738C2D-DCC8-4216-9C65-668083284C9E}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\118.0.2088.76\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{5D27A73A-B731-4148-8996-6F5C652C6A2E}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23285.3703.2471.4627_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{2997E5C3-5BC0-4309-B029-B25F1D7D6081}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23285.3703.2471.4627_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation) FirewallRules: [{ED10763D-2DC4-4041-9BF0-C2494DA0C915}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.58\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Wiederherstellungspunkte ========================= 01-11-2023 21:45:41 TotalAV-Installation 13-11-2023 14:35:57 Windows Update ==================== Fehlerhafte Geräte im Gerätemanager ============ Name: Proxy für Microsoft Streaming Service Description: Proxy für Microsoft Streaming Service Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: MSKSSRV Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39) Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded. Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver. ==================== Fehlereinträge in der Ereignisanzeige: ======================== Applikationsfehler: ================== Error: (11/13/2023 03:56:45 PM) (Source: Application Error) (EventID: 1000) (User: CEDDSN) Description: Name der fehlerhaften Anwendung: instui.exe, Version: 1.0.5.0, Zeitstempel: 0x652fb5a7 Name des fehlerhaften Moduls: instui.exe, Version: 1.0.5.0, Zeitstempel: 0x652fb5a7 Ausnahmecode: 0xc0000409 Fehleroffset: 0x000000000004b395 ID des fehlerhaften Prozesses: 0x0x38a8 Startzeit der fehlerhaften Anwendung: 0x0x1da1640dc0e75a3 Pfad der fehlerhaften Anwendung: C:\Users\cedri\AppData\Roaming\BitCleaner\instui.exe Pfad des fehlerhaften Moduls: C:\Users\cedri\AppData\Roaming\BitCleaner\instui.exe Berichtskennung: 7dcd6d77-5ad3-4071-86a1-e385485bc228 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (11/03/2023 04:01:33 PM) (Source: Application Hang) (EventID: 1002) (User: NT-AUTORITÄT) Description: Das Programm WhatsApp.exe Version 0.0.0.0 hat aufgehört mit Windows zu interagieren und wurde geschlossen. Weitere Informationen zum Problem finden Sie im Problemverlauf in der Systemsteuerung „Sicherheit und Wartung“. Error: (11/02/2023 05:00:57 PM) (Source: SecurityCenter) (EventID: 18) (User: ) Description: Der Windows-Sicherheitscenterdienst konnte keine Instanzen von FirewallProduct aus dem Datastore laden. Error: (11/02/2023 04:58:23 PM) (Source: VSS) (EventID: 8193) (User: ) Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren. . Error: (11/02/2023 04:58:23 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren. ] Error: (11/02/2023 04:42:39 PM) (Source: SecurityCenter) (EventID: 18) (User: ) Description: Der Windows-Sicherheitscenterdienst konnte keine Instanzen von FirewallProduct aus dem Datastore laden. Error: (11/01/2023 10:28:54 PM) (Source: Application Error) (EventID: 1000) (User: NT-AUTORITÄT) Description: Name der fehlerhaften Anwendung: SecurityService.exe, Version: 5.24.38.0, Zeitstempel: 0x637474de Name des fehlerhaften Moduls: coreclr.dll, Version: 4.700.22.55902, Zeitstempel: 0x636c0075 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001b1faf ID des fehlerhaften Prozesses: 0x0x40a4 Startzeit der fehlerhaften Anwendung: 0x0x1da0d0469fa03c3 Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\TotalAV\SecurityService.exe Pfad des fehlerhaften Moduls: C:\Program Files (x86)\TotalAV\coreclr.dll Berichtskennung: 179e668e-3069-4dc8-9b26-5eefa2bd9084 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (11/01/2023 10:28:53 PM) (Source: .NET Runtime) (EventID: 1023) (User: ) Description: Application: SecurityService.exe CoreCLR Version: 4.700.22.55902 .NET Core Version: 3.1.32 Description: The process was terminated due to an internal error in the .NET Runtime at IP 6D441FAF (6D290000) with exit code c0000005. Systemfehler: ============= Error: (11/13/2023 03:04:29 PM) (Source: Netwtw12) (EventID: 5035) (User: ) Description: \Device\NDMP1Intel(R) Wi-Fi 6E AX211 160MHz Error: (11/13/2023 03:04:20 PM) (Source: Netwtw12) (EventID: 5002) (User: ) Description: Intel(R) Wi-Fi 6E AX211 160MHz : Fehlfunktion des Netzwerkadapters wurde ermittelt. Error: (11/13/2023 03:04:20 PM) (Source: Netwtw12) (EventID: 5010) (User: ) Description: Intel(R) Wi-Fi 6E AX211 160MHz : Der Netzwerkadapter hat einen ungültigen Wert an den Treiber zurückgegeben. Error: (11/13/2023 02:36:34 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT) Description: Fehler "87" in DCOM, als der Dienst "GamingServices" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {3E8C9ABE-9226-4609-BF5B-60288A391DEE} Error: (11/13/2023 02:36:34 PM) (Source: DCOM) (EventID: 10005) (User: NT-AUTORITÄT) Description: Fehler "87" in DCOM, als der Dienst "GamingServices" mit den Argumenten "Nicht verfügbar" gestartet wurde, um den folgenden Server zu verwenden: {3E8C9ABE-9226-4609-BF5B-60288A391DEE} Error: (11/13/2023 02:22:46 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: ) Description: Für den Miniport "Microsoft Wi-Fi Direct Virtual Adapter #2, {099df2d4-cab7-4abe-9596-a4ea6bdc5d28}" ist das Ereignis "74" aufgetreten. Error: (11/08/2023 08:06:28 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (60000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WinDefend erreicht. Error: (11/08/2023 05:51:04 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: ) Description: Für den Miniport "Microsoft Wi-Fi Direct Virtual Adapter #2, {099df2d4-cab7-4abe-9596-a4ea6bdc5d28}" ist das Ereignis "74" aufgetreten. Windows Defender: ================ Date: 2023-11-08 18:05:04 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {BCDC5A1D-A09E-4EF5-A247-6C67D622BE5B} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM Date: 2023-11-01 21:59:14 Description: Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet. Überprüfungs-ID: {81358CC0-E6A3-4EBD-ABB9-6B8AFD0B8122} Überprüfungstyp: Antimalware Überprüfungsparameter: Schnellüberprüfung Benutzer: NT-AUTORITÄT\SYSTEM CodeIntegrity: =============== Date: 2023-11-13 15:51:39 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Common Files\G Data\AVKProxy\GDAMSIx64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Speicherinformationen =========================== BIOS: Microsoft Corporation 11.0.143 05/08/2023 Hauptplatine: Microsoft Corporation Surface Pro 9 Prozessor: 12th Gen Intel(R) Core(TM) i7-1255U Prozentuale Nutzung des RAM: 74% Installierter physikalischer RAM: 16209.13 MB Verfügbarer physikalischer RAM: 4123.69 MB Summe virtueller Speicher: 21073.13 MB Verfügbarer virtueller Speicher: 5720.16 MB ==================== Laufwerke ================================ Drive c: (Local Disk) (Fixed) (Total:236.15 GB) (Free:64.64 GB) (Model: HFM256GD3GX013N-SKhynix) (Protected) NTFS \\?\Volume{096594a7-afff-469a-9669-a9f67b62f3d9}\ (Windows RE tools) (Fixed) (Total:1.12 GB) (Free:0.3 GB) NTFS \\?\Volume{85b0ead4-fbfc-4c52-a54c-e2fbe97e579d}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partitionstabelle ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 237.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== Ende von Addition.txt =======================] |
| Themen zu Trojaner im Windows\Temp Ordner gefunden |
| avira, avk1286.temp, bitcleaner, computer, desktop, error, google, hijack, hijackthis, home, internet explorer, monitor, performance, programm, prozesse, realtek, registry, scan, security, services.exe, software, svchost.exe, system, trojaner, udp, usb, windows, windows?temp |
Baum-Darstellung