| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner eingefangen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
10.02.2024, 15:15
| #1 |
| /// TB-Ausbilder   |  Trojaner eingefangen? Für mich sieht das nach Spam aus. Bitte lade dir die passende Version von Farbar Recovery Scan Tool (FRST) auf deinen Desktop: FRST 32-Bit | FRST 64-Bit
|
|
10.02.2024, 15:31
| #2 |
 | Trojaner eingefangen?Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 10.02.2024
durchgeführt von Acer (Administrator) auf DESKTOP-0EQCGGQ (Acer Aspire M1470) (10-02-2024 15:18:07)
Gestartet von C:\Users\Acer\Desktop\FRST64.exe
Geladene Profile: Acer
Plattform: Microsoft Windows 11 Home Version 22H2 22621.3007 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(atiesrxx.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.865.1\DropboxCrashHandler.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe <3>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <16>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(services.exe ->) (Brio) [Datei ist nicht signiert] C:\Program Files\FolderSize\FolderSizeSvc.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Huawei Technologies Co., Ltd. -> ) [Datei ist nicht signiert] C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\NisSrv.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.40.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [367456 2023-10-08] (Apple Inc. -> Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [11560840 2024-02-06] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [TeamsMachineInstaller] => %ProgramFiles%\Teams Installer\Teams.exe --checkInstall --source=PROPLUS (Keine Datei)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc. -> Apple Inc.)
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2597912 2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\Run: [MicrosoftEdgeAutoLaunch_0E856574C4D091667B5858ACF047C466] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788736 2024-02-05] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\Run: [org.whispersystems.signal-desktop] => C:\Users\Acer\AppData\Local\Programs\signal-desktop\Signal.exe [177137600 2024-02-08] (Signal Messenger, LLC -> Signal Messenger, LLC)
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\Run: [utweb] => C:\Users\Acer\AppData\Roaming\uTorrent Web\utweb.exe [6418944 2023-03-27] (Rainberry Inc -> BitTorrent Inc.)
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\Run: [CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [144008 2019-10-22] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\Run: [Spotify] => C:\Users\Acer\AppData\Roaming\Spotify\Spotify.exe [30697288 2024-02-01] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\Run: [Mozilla-Firefox-308046B0AF4A39CB] => "C:\Program Files\Mozilla Firefox\firefox.exe" -os-autostart [671136 2024-02-06] (Mozilla Corporation -> Mozilla Corporation)
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [11556768 2024-01-13] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\MountPoints2: {3fdaa2bd-d634-11ed-a1a2-047f0e3a6a26} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\MountPoints2: {3fdab837-d634-11ed-a1a2-047f0e3a6a26} - "G:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\MountPoints2: {78dc5c73-74ed-11ee-a1c5-047f0e3a6a26} - "F:\HiSuiteDownLoader.exe"
HKU\S-1-5-21-274020518-178741033-554351160-1006\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2597912 2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2023-06-14] (Adobe Inc. -> Adobe Systems Inc)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2023-06-22]
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [Datei ist nicht signiert]
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {3EA23366-4914-4672-8B35-766FD43AD54C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-20] (Adobe Inc. -> Adobe Inc.)
Task: {81C20331-D6CE-4FE1-9304-8F65BA4740DB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [617096 2022-02-25] (Apple Inc. -> Apple Inc.)
Task: {7153DCA1-0073-4A7E-B19A-59A332358E55} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [5319424 2024-01-10] (Microsoft Windows -> Microsoft Corporation)
Task: {D3DF9563-64E3-4791-A936-0322A62ED9D0} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2023-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {1A53DAF1-F752-45C8-BA10-E77AA1F9724C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2023-04-09] (Dropbox, Inc -> Dropbox, Inc.)
Task: {91119452-2CC9-4BDB-84A0-1258C1D9B664} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28371568 2024-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {2A3E8222-68DF-4E4E-92BC-504A98C45FDE} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28371568 2024-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {7644C18F-CF10-44D3-A64A-218D5E872BAE} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306352 2024-03-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {4FF32166-19E3-4645-8401-30E3F1214D97} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [306352 2024-03-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {56A71283-20A6-4C30-858F-50F741230252} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170128 2024-01-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {549AC3F1-C30E-4B67-B60F-17DBD6D3BD27} - System32\Tasks\Microsoft\Windows\Maintenance\InstallWinSAT => C:\WINDOWS\system32\Maintenance.vbs [12 2023-05-09] () [Datei ist nicht signiert]
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Keine Datei)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
Task: {2B377C54-9D76-44EF-B93F-D6FF115B250F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MpCmdRun.exe [1646000 2024-02-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {AB44BAC8-430A-4308-A6BF-FB1F0F3F3D23} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MpCmdRun.exe [1646000 2024-02-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {8FED3B84-25D2-4E98-8833-9DC791042A9A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MpCmdRun.exe [1646000 2024-02-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DE4FDA80-C9FC-4A5C-BD27-4CDB2E52BFBB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MpCmdRun.exe [1646000 2024-02-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {93321D2C-AB70-4595-B5CD-BE879E876DBA} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-02-06] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {B134CBCE-1923-4787-AB6F-612589BF410B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {338B8137-E912-4D72-A7C2-FC27C6C1236B} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130336 2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {FCB3B9F4-169B-4259-8CF8-78ADDBB3D660} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-274020518-178741033-554351160-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130336 2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {E81FD284-8F87-4509-9A32-96903CBCD4F4} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-274020518-178741033-554351160-1006 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4130336 2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392 2015-08-12] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{0503e9d3-5680-4fdc-befb-d3077f78d738}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Acer\AppData\Local\Microsoft\Edge\User Data\Default [2023-12-10]
Edge Extension: (Google Docs Offline) - C:\Users\Acer\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-09-25]
Edge Extension: (Edge relevant text changes) - C:\Users\Acer\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-09-25]
FireFox:
========
FF DefaultProfile: gx0owv6y.default
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\gx0owv6y.default [2023-04-01]
FF ProfilePath: C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\6d93sx5a.default-release [2024-02-10]
FF Session Restore: Mozilla\Firefox\Profiles\6d93sx5a.default-release -> ist aktiviert.
FF Notifications: Mozilla\Firefox\Profiles\6d93sx5a.default-release -> hxxps://twitter.com; hxxps://drive.google.com; hxxps://app.zoom.us
FF Extension: (Ghostery Tracker- & Werbeblocker | Datenschutz AdBlocker) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\6d93sx5a.default-release\Extensions\firefox@ghostery.com.xpi [2023-12-15]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\6d93sx5a.default-release\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2024-02-03]
FF Extension: (uBlock Origin) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\6d93sx5a.default-release\Extensions\uBlock0@raymondhill.net.xpi [2024-01-08]
FF Extension: (Block Site) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\6d93sx5a.default-release\Extensions\{07046613-1993-4b66-9dd1-9dd1ce581cb7}.xpi [2023-04-01]
FF Extension: (Nano Gestures) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\6d93sx5a.default-release\Extensions\{12cb0472-fcaf-408e-bef8-55cb359c38c7}.xpi [2023-04-01]
FF Extension: (Dark Knight Joker) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\6d93sx5a.default-release\Extensions\{173daadc-3cdb-41e9-a0a9-4de2d1ce7a16}.xpi [2023-04-01]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\6d93sx5a.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2023-12-20]
FF Extension: (Matte Black (Blue)) - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\6d93sx5a.default-release\Extensions\{c01b4916-eb9f-403d-9931-9d7cb152c729}.xpi [2023-04-01]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-01-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-01-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-01-31] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR HKU\S-1-5-21-274020518-178741033-554351160-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2023-06-22] (Adobe Systems) [Datei ist nicht signiert]
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-20] (Adobe Inc. -> Adobe Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [103776 2023-10-02] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14045768 2024-01-29] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2023-04-09] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2023-04-09] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2024-02-06] (Dropbox, Inc -> Dropbox, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncHelper.exe [3515936 2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
R2 FolderSize; C:\Program Files\FolderSize\FolderSizeSvc.exe [163840 2013-02-12] (Brio) [Datei ist nicht signiert]
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2349024 2023-10-22] (GOG sp. z o.o -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7173088 2023-10-22] (GOG sp. z o.o -> GOG.com)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2024-01-19] (HP Inc. -> HP Inc.)
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [236864 2022-06-24] (Huawei Technologies Co., Ltd. -> ) [Datei ist nicht signiert]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-01-27] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MpDefenderCoreService.exe [1427000 2024-02-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.015.0121.0003\OneDriveUpdaterService.exe [3853840 2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\NisSrv.exe [3191256 2024-02-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MsMpEng.exe [133688 2024-02-07] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 AppleIPod; C:\WINDOWS\System32\drivers\AppleIPod.sys [30096 2021-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
R3 brbtusb; C:\WINDOWS\System32\DriverStore\FileRepository\brbtusb.inf_amd64_31f001b878ff576d\brbtusb.sys [80056 2024-01-02] (Barrot Technology Limited -> )
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [218592 2023-11-17] (Microsoft Windows -> Microsoft Corporation)
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [116864 2022-06-24] (Microsoft Windows Hardware Compatibility Publisher -> Huawei Technologies Co., Ltd.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [222784 2024-01-11] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-05-01] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-01-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [14224 2021-04-02] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2023-02-23] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [94208 2023-11-17] (Microsoft Windows -> )
R0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [21040 2024-02-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [608648 2024-02-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2024-02-07] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-02-10 15:18 - 2024-02-10 15:19 - 000024802 _____ C:\Users\Acer\Desktop\FRST.txt
2024-02-10 15:17 - 2024-02-10 15:18 - 000000000 ____D C:\FRST
2024-02-10 15:17 - 2024-02-10 15:17 - 002389504 _____ (Farbar) C:\Users\Acer\Desktop\FRST64.exe
2024-02-10 08:35 - 2024-02-10 08:35 - 000132092 _____ C:\Users\Acer\Desktop\hopferwieser.jpeg
2024-02-10 08:10 - 2024-02-10 08:10 - 000720948 _____ C:\WINDOWS\system32\perfh007.dat
2024-02-10 08:10 - 2024-02-10 08:10 - 000149040 _____ C:\WINDOWS\system32\perfc007.dat
2024-02-09 22:59 - 2024-02-09 22:59 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Microsoft\Word
2024-02-09 22:59 - 2024-02-09 22:59 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Microsoft\UProof
2024-02-09 22:59 - 2024-02-09 22:59 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Microsoft\Proof
2024-02-09 22:59 - 2024-02-09 22:59 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Microsoft\Office
2024-02-09 22:59 - 2024-02-09 22:59 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Microsoft\AddIns
2024-02-09 22:57 - 2024-02-09 22:57 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Mozilla
2024-02-09 22:57 - 2024-02-09 22:57 - 000000000 ____D C:\Users\sarah\AppData\Local\Mozilla
2024-02-09 22:56 - 2024-02-09 22:56 - 000000788 _____ C:\Users\sarah\Desktop\LOTUS_aktuell.lnk
2024-02-09 22:51 - 2024-02-09 22:51 - 000000000 ____D C:\Users\sarah\AppData\Roaming\com.adobe.dunamis
2024-02-09 22:51 - 2024-02-09 22:51 - 000000000 ____D C:\Users\sarah\AppData\LocalLow\Adobe
2024-02-09 22:51 - 2024-02-09 22:51 - 000000000 ____D C:\Users\sarah\AppData\Local\SolidDocuments
2024-02-09 22:51 - 2024-02-09 22:51 - 000000000 ____D C:\Users\sarah\.ms-ad
2024-02-09 22:50 - 2024-02-09 22:51 - 000000000 ____D C:\Users\sarah\AppData\Local\Adobe
2024-02-09 22:40 - 2024-02-09 22:40 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-274020518-178741033-554351160-1006
2024-02-09 22:40 - 2024-02-09 22:40 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Apple Computer
2024-02-09 22:40 - 2024-02-09 22:40 - 000000000 ____D C:\Users\sarah\AppData\Local\Dropbox
2024-02-09 22:39 - 2024-02-09 22:40 - 000000000 ____D C:\Users\sarah\AppData\Local\Publishers
2024-02-09 22:39 - 2024-02-09 22:39 - 000000000 ____D C:\Users\sarah\AppData\Local\PlaceholderTileLogoFolder
2024-02-09 22:39 - 2024-02-09 22:39 - 000000000 ____D C:\Users\sarah\AppData\Local\CrashDumps
2024-02-09 22:38 - 2024-02-09 22:51 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Adobe
2024-02-09 22:38 - 2024-02-09 22:51 - 000000000 ____D C:\Users\sarah\AppData\Local\Packages
2024-02-09 22:38 - 2024-02-09 22:39 - 000000000 ____D C:\Users\sarah\AppData\Roaming\ExplorerPatcher
2024-02-09 22:38 - 2024-02-09 22:39 - 000000000 ____D C:\Users\sarah\AppData\Local\Malwarebytes
2024-02-09 22:38 - 2024-02-09 22:39 - 000000000 ____D C:\Users\sarah\AppData\Local\ConnectedDevicesPlatform
2024-02-09 22:38 - 2024-02-09 22:38 - 000000000 ___SD C:\Users\sarah\AppData\Roaming\Microsoft\Crypto
2024-02-09 22:38 - 2024-02-09 22:38 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Microsoft\Vault
2024-02-09 22:37 - 2024-02-10 15:18 - 000000000 ____D C:\Users\sarah
2024-02-09 22:37 - 2024-02-09 22:40 - 000000000 ___RD C:\Users\sarah\OneDrive
2024-02-09 22:37 - 2024-02-09 22:39 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Microsoft\Windows
2024-02-09 22:37 - 2024-02-09 22:38 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Microsoft\Spelling
2024-02-09 22:37 - 2024-02-09 22:37 - 000000020 ___SH C:\Users\sarah\ntuser.ini
2024-02-09 22:37 - 2024-02-09 22:37 - 000000000 _SHDL C:\Users\sarah\Vorlagen
2024-02-09 22:37 - 2024-02-09 22:37 - 000000000 _SHDL C:\Users\sarah\Startmenü
2024-02-09 22:37 - 2024-02-09 22:37 - 000000000 _SHDL C:\Users\sarah\Netzwerkumgebung
2024-02-09 22:37 - 2024-02-09 22:37 - 000000000 _SHDL C:\Users\sarah\Lokale Einstellungen
2024-02-09 22:37 - 2024-02-09 22:37 - 000000000 _SHDL C:\Users\sarah\Eigene Dateien
2024-02-09 22:37 - 2024-02-09 22:37 - 000000000 _SHDL C:\Users\sarah\Druckumgebung
2024-02-09 22:37 - 2024-02-09 22:37 - 000000000 _SHDL C:\Users\sarah\Documents\Eigene Videos
2024-02-09 22:37 - 2024-02-09 22:37 - 000000000 _SHDL C:\Users\sarah\Documents\Eigene Musik
2024-02-09 22:37 - 2024-02-09 22:37 - 000000000 _SHDL C:\Users\sarah\Documents\Eigene Bilder
2024-02-09 22:37 - 2024-02-09 22:37 - 000000000 _SHDL C:\Users\sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2024-02-09 22:37 - 2024-02-09 22:37 - 000000000 _SHDL C:\Users\sarah\AppData\Local\Verlauf
2024-02-09 22:37 - 2024-02-09 22:37 - 000000000 _SHDL C:\Users\sarah\AppData\Local\Anwendungsdaten
2024-02-09 22:37 - 2024-02-09 22:37 - 000000000 _SHDL C:\Users\sarah\Anwendungsdaten
2024-02-09 22:37 - 2024-02-09 22:37 - 000000000 ___SD C:\Users\sarah\AppData\Roaming\Microsoft\SystemCertificates
2024-02-09 22:37 - 2024-02-09 22:37 - 000000000 ___SD C:\Users\sarah\AppData\Roaming\Microsoft\Protect
2024-02-09 22:37 - 2024-02-09 22:37 - 000000000 ___SD C:\Users\sarah\AppData\Roaming\Microsoft\Credentials
2024-02-09 22:37 - 2023-02-10 20:22 - 000000000 ____D C:\Users\sarah\AppData\Roaming\ATI
2024-02-09 22:37 - 2023-02-10 20:22 - 000000000 ____D C:\Users\sarah\AppData\Local\ATI
2024-02-09 22:37 - 2023-02-10 19:53 - 000000000 ____D C:\Users\sarah\AppData\Roaming\Microsoft\Network
2024-02-09 22:36 - 2024-02-09 22:38 - 000000000 ____D C:\Users\defaultuser100001\AppData\Local\Packages
2024-02-09 22:36 - 2024-02-09 22:37 - 000000000 ____D C:\Users\defaultuser100001\AppData\Roaming\ExplorerPatcher
2024-02-09 22:36 - 2024-02-09 22:37 - 000000000 ____D C:\Users\defaultuser100001\AppData\Local\Malwarebytes
2024-02-09 22:36 - 2024-02-09 22:36 - 000000020 ___SH C:\Users\defaultuser100001\ntuser.ini
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 _SHDL C:\Users\defaultuser100001\Vorlagen
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 _SHDL C:\Users\defaultuser100001\Startmenü
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 _SHDL C:\Users\defaultuser100001\Netzwerkumgebung
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 _SHDL C:\Users\defaultuser100001\Lokale Einstellungen
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 _SHDL C:\Users\defaultuser100001\Eigene Dateien
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 _SHDL C:\Users\defaultuser100001\Druckumgebung
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 _SHDL C:\Users\defaultuser100001\Documents\Eigene Videos
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 _SHDL C:\Users\defaultuser100001\Documents\Eigene Musik
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 _SHDL C:\Users\defaultuser100001\Documents\Eigene Bilder
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 _SHDL C:\Users\defaultuser100001\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 _SHDL C:\Users\defaultuser100001\AppData\Local\Verlauf
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 _SHDL C:\Users\defaultuser100001\AppData\Local\Anwendungsdaten
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 _SHDL C:\Users\defaultuser100001\Anwendungsdaten
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 ___SD C:\Users\defaultuser100001\AppData\Roaming\Microsoft\SystemCertificates
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 ___SD C:\Users\defaultuser100001\AppData\Roaming\Microsoft\Protect
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 ___SD C:\Users\defaultuser100001\AppData\Roaming\Microsoft\Crypto
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 ___SD C:\Users\defaultuser100001\AppData\Roaming\Microsoft\Credentials
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 ____D C:\Users\defaultuser100001\AppData\Roaming\Microsoft\Windows
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 ____D C:\Users\defaultuser100001\AppData\Roaming\Microsoft\Vault
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 ____D C:\Users\defaultuser100001\AppData\Roaming\Microsoft\Spelling
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 ____D C:\Users\defaultuser100001\AppData\Local\Publishers
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 ____D C:\Users\defaultuser100001\AppData\Local\ConnectedDevicesPlatform
2024-02-09 22:36 - 2024-02-09 22:36 - 000000000 ____D C:\Users\defaultuser100001
2024-02-09 22:36 - 2023-04-09 08:07 - 000000000 ___RD C:\Users\defaultuser100001\OneDrive
2024-02-09 22:36 - 2023-02-10 20:22 - 000000000 ____D C:\Users\defaultuser100001\AppData\Roaming\ATI
2024-02-09 22:36 - 2023-02-10 20:22 - 000000000 ____D C:\Users\defaultuser100001\AppData\Local\ATI
2024-02-09 22:36 - 2023-02-10 19:53 - 000000000 ____D C:\Users\defaultuser100001\AppData\Roaming\Microsoft\Network
2024-02-09 22:35 - 2024-02-09 22:35 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\Packages
2024-02-09 22:35 - 2024-02-09 22:35 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\Malwarebytes
2024-02-09 22:34 - 2024-02-09 22:35 - 000000000 ____D C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Windows
2024-02-09 22:34 - 2024-02-09 22:35 - 000000000 ____D C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Spelling
2024-02-09 22:34 - 2024-02-09 22:35 - 000000000 ____D C:\Users\defaultuser100000\AppData\Roaming\ExplorerPatcher
2024-02-09 22:34 - 2024-02-09 22:35 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\ConnectedDevicesPlatform
2024-02-09 22:34 - 2024-02-09 22:35 - 000000000 ____D C:\Users\defaultuser100000
2024-02-09 22:34 - 2024-02-09 22:34 - 000000020 ___SH C:\Users\defaultuser100000\ntuser.ini
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 _SHDL C:\Users\defaultuser100000\Vorlagen
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 _SHDL C:\Users\defaultuser100000\Startmenü
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 _SHDL C:\Users\defaultuser100000\Netzwerkumgebung
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 _SHDL C:\Users\defaultuser100000\Lokale Einstellungen
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 _SHDL C:\Users\defaultuser100000\Eigene Dateien
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 _SHDL C:\Users\defaultuser100000\Druckumgebung
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 _SHDL C:\Users\defaultuser100000\Documents\Eigene Videos
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 _SHDL C:\Users\defaultuser100000\Documents\Eigene Musik
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 _SHDL C:\Users\defaultuser100000\Documents\Eigene Bilder
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 _SHDL C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 _SHDL C:\Users\defaultuser100000\AppData\Local\Verlauf
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 _SHDL C:\Users\defaultuser100000\AppData\Local\Anwendungsdaten
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 _SHDL C:\Users\defaultuser100000\Anwendungsdaten
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 ___SD C:\Users\defaultuser100000\AppData\Roaming\Microsoft\SystemCertificates
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 ___SD C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Protect
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 ___SD C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Crypto
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 ___SD C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Credentials
2024-02-09 22:34 - 2024-02-09 22:34 - 000000000 ____D C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Vault
2024-02-09 22:34 - 2023-04-09 08:07 - 000000000 ___RD C:\Users\defaultuser100000\OneDrive
2024-02-09 22:34 - 2023-02-10 20:22 - 000000000 ____D C:\Users\defaultuser100000\AppData\Roaming\ATI
2024-02-09 22:34 - 2023-02-10 20:22 - 000000000 ____D C:\Users\defaultuser100000\AppData\Local\ATI
2024-02-09 22:34 - 2023-02-10 19:53 - 000000000 ____D C:\Users\defaultuser100000\AppData\Roaming\Microsoft\Network
2024-02-09 19:59 - 2024-02-09 19:59 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2024-02-09 19:58 - 2024-02-09 19:58 - 000002158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-07 21:16 - 2024-02-07 21:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2024-02-06 17:08 - 2024-02-09 23:04 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-02-06 12:50 - 2024-02-06 12:50 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2024-02-04 20:23 - 2024-02-04 20:23 - 000541312 _____ C:\Users\Acer\Desktop\Fachtagung Freinet-Pädagogik 2024.pdf
2024-02-04 15:32 - 2024-02-04 15:32 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-02-04 10:57 - 2024-02-04 10:57 - 001721834 _____ C:\Users\Acer\Desktop\hogwarts4.pdf
2024-02-04 10:57 - 2024-02-04 10:57 - 001694292 _____ C:\Users\Acer\Desktop\hogwarts3.pdf
2024-02-04 10:56 - 2024-02-04 10:56 - 001552852 _____ C:\Users\Acer\Desktop\hogwarts1.pdf
2024-02-04 10:56 - 2024-02-04 10:56 - 001184073 _____ C:\Users\Acer\Desktop\hogwarts2.pdf
2024-01-31 22:04 - 2024-01-31 22:04 - 000212618 _____ C:\Users\Acer\Desktop\kundenrechnung_3214_321400188_3214.24.00054_20240131_1.pdf
2024-01-26 09:52 - 2024-01-29 19:11 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2024-01-24 18:18 - 2024-01-24 18:18 - 051506379 _____ C:\Users\Acer\Downloads\win-hueanimation.zip
2024-01-19 07:18 - 2024-01-19 07:18 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-01-19 07:18 - 2024-01-19 07:18 - 000002084 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-01-19 07:18 - 2024-01-19 07:18 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-01-16 16:45 - 2024-01-16 16:45 - 000000000 ____D C:\Users\Acer\Documents\HUE Animation
2024-01-16 16:45 - 2024-01-16 16:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HUE Animation v1.6.6
2024-01-16 16:45 - 2024-01-16 16:45 - 000000000 ____D C:\Program Files (x86)\HUE
2024-01-15 18:58 - 2024-01-15 18:58 - 000268952 _____ C:\Users\Acer\Downloads\fake-news-arbeitsblatt-102.pdf
2024-01-15 18:57 - 2024-01-15 18:57 - 000789638 _____ C:\Users\Acer\Downloads\fake-news-arbeitsblatt-106.pdf
2024-01-15 18:57 - 2024-01-15 18:57 - 000694228 _____ C:\Users\Acer\Downloads\fake-news-arbeitsblatt-104.pdf
2024-01-13 16:39 - 2024-02-09 23:04 - 000012288 ___SH C:\DumpStack.log.tmp
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-02-10 14:34 - 2023-04-01 16:19 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-10 14:33 - 2023-05-25 08:30 - 000000000 ____D C:\Users\Acer\AppData\Local\Malwarebytes
2024-02-10 08:58 - 2023-12-06 19:07 - 000000000 ____D C:\Users\Acer\AppData\Local\Spotify
2024-02-10 08:58 - 2023-04-01 18:43 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Signal
2024-02-10 08:57 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-10 08:51 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-10 08:51 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-10 08:24 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-10 08:12 - 2023-04-09 07:58 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Dropbox
2024-02-10 08:12 - 2023-04-09 07:56 - 000000000 ____D C:\Users\Acer\AppData\Local\Dropbox
2024-02-10 08:10 - 2023-12-06 19:06 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Spotify
2024-02-10 08:10 - 2023-02-10 19:58 - 001662900 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-10 08:10 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2024-02-09 23:10 - 2023-02-10 19:51 - 000000000 ____D C:\Users\Acer
2024-02-09 23:04 - 2023-10-29 16:15 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2024-02-09 23:04 - 2023-04-10 11:58 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2024-02-09 23:04 - 2023-04-01 16:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-02-09 23:04 - 2023-02-10 19:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-09 23:04 - 2023-02-10 19:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-09 22:40 - 2023-10-18 19:39 - 000000000 ___HD C:\OneDriveTemp
2024-02-09 22:39 - 2023-02-10 19:18 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-02-09 22:38 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-09 22:35 - 2023-02-10 19:18 - 000000000 ____D C:\ProgramData\Packages
2024-02-09 22:13 - 2023-04-09 12:01 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Word
2024-02-09 20:23 - 2023-02-10 19:18 - 000000000 ____D C:\Users\Acer\AppData\Local\ConnectedDevicesPlatform
2024-02-09 19:58 - 2023-02-10 20:00 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-274020518-178741033-554351160-1001
2024-02-07 21:35 - 2023-04-09 12:01 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Office
2024-02-07 21:24 - 2023-02-10 19:13 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-07 21:22 - 2023-02-10 19:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-02-07 21:16 - 2023-04-09 07:56 - 000000000 ____D C:\Program Files (x86)\Dropbox
2024-02-06 17:43 - 2023-04-01 16:19 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-02-06 17:07 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-02-04 15:30 - 2023-04-09 07:56 - 000000000 ____D C:\Program Files\Microsoft Office
2024-02-02 11:00 - 2023-12-18 20:13 - 000000000 ____D C:\Users\Acer\Desktop\LOTUS-WiP
2024-02-01 23:41 - 2023-02-10 19:57 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-01 23:41 - 2023-02-10 19:57 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-01-31 19:21 - 2023-06-14 19:10 - 000000000 ____D C:\Users\Acer\AppData\Local\CrashDumps
2024-01-29 19:11 - 2023-04-09 07:56 - 000001242 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2024-01-29 19:11 - 2023-04-09 07:56 - 000001238 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2024-01-27 12:38 - 2023-02-10 20:35 - 000000000 ____D C:\Users\Acer\AppData\Local\ElevatedDiagnostics
2024-01-27 12:16 - 2023-04-01 18:48 - 000001055 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2024-01-24 18:19 - 2023-12-29 11:47 - 000000000 ___HD C:\Users\Acer\HUE Animation Backups
2024-01-20 19:07 - 2023-04-12 15:13 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Excel
2024-01-19 18:55 - 2023-04-09 07:56 - 000004302 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineUA
2024-01-19 18:55 - 2023-04-09 07:56 - 000004070 _____ C:\WINDOWS\system32\Tasks\DropboxUpdateTaskMachineCore
2024-01-19 07:35 - 2023-07-30 08:23 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2024-01-19 07:35 - 2023-07-30 08:23 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2024-01-17 17:14 - 2023-10-30 18:58 - 000000000 ____D C:\Program Files (x86)\Steam
2024-01-15 20:22 - 2022-05-07 06:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-01-15 20:18 - 2023-04-09 12:13 - 000000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\PowerPoint
2024-01-15 20:18 - 2023-04-04 13:03 - 000000000 ____D C:\Users\Acer\Desktop\Lukas
2024-01-13 16:53 - 2023-02-19 18:58 - 000000000 ____D C:\Users\Acer\AppData\Local\D3DSCache
2024-01-13 16:40 - 2023-02-20 12:01 - 000000000 ____D C:\WINDOWS\Minidump
2024-01-13 16:39 - 2024-01-09 22:16 - 000539274 ____N C:\WINDOWS\Minidump\011324-23937-01.dmp
2024-01-12 07:42 - 2023-02-10 20:04 - 000918944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2024-01-11 09:58 - 2023-04-25 21:40 - 000000000 ____D C:\Users\Acer\AppData\Roaming\ExplorerPatcher
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2023-10-27 18:46 - 2023-10-27 18:46 - 000001379 _____ () C:\Users\Acer\AppData\Local\recently-used.xbel
2023-03-12 12:18 - 2023-03-12 12:18 - 000007605 _____ () C:\Users\Acer\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 10.02.2024
durchgeführt von Acer (10-02-2024 15:21:41)
Gestartet von C:\Users\Acer\Desktop
Microsoft Windows 11 Home Version 22H2 22621.3007 (X64) (2023-02-10 18:57:22)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Acer (S-1-5-21-274020518-178741033-554351160-1001 - Administrator - Enabled) => C:\Users\Acer
Administrator (S-1-5-21-274020518-178741033-554351160-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-274020518-178741033-554351160-503 - Limited - Disabled)
Gast (S-1-5-21-274020518-178741033-554351160-501 - Limited - Disabled)
sarah (S-1-5-21-274020518-178741033-554351160-1006 - Administrator - Enabled) => C:\Users\sarah
WDAGUtilityAccount (S-1-5-21-274020518-178741033-554351160-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
4D File Assistant 8.1 (HKLM-x32\...\{FECB9276-B073-4E24-8210-E644AA4DA680}) (Version: 8.1 - VSM Software Ltd.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1033-FFFF-7760-BC15014EA700}) (Version: 23.008.20470 - Adobe)
Adobe Bridge 1.0 (HKLM-x32\...\{B74D4E10-6884-0000-0000-000000000101}) (Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (HKLM-x32\...\{8EDBA74D-0686-4C99-BFDD-F894678E5101}) (Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Help Center 1.0 (HKLM-x32\...\{E9787678-119F-4D52-B551-6739B2B22101}) (Version: 1.0.1 - Adobe Systems) Hidden
Adobe InDesign CS2 (HKLM-x32\...\Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}) (Version: 004.000.000 - Adobe Systems Incorporated)
Adobe Photoshop 2020 (HKLM-x32\...\PHSP_21_0_2) (Version: 21.0.2 - Adobe Systems Incorporated)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601053}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos 1.0 (HKLM-x32\...\{786C5747-0C40-4930-9AFE-113BCE553101}) (Version: 1.0.1 - Adobe Systems) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{95040521-FCB6-4D6B-A44D-089DBACD5494}) (Version: 17.0.0.24 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{B292D163-23D2-4523-A699-1ABEC1875609}) (Version: 2.7.0.3 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Candle (HKLM-x32\...\1411619402_is1) (Version: 1.1.17 - GOG.com)
Catalyst Control Center - Branding (HKLM-x32\...\{11087D24-567D-7D88-69C6-D7A08B5F4C47}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.8.7128 - CDBurnerXP)
CPUID CPU-Z 2.05 (HKLM\...\CPUID CPU-Z_is1) (Version: 2.05 - CPUID, Inc.)
Discord (HKU\S-1-5-21-274020518-178741033-554351160-1001\...\Discord) (Version: 1.0.9021 - Discord Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 193.3.5459 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.865.1 - Dropbox, Inc.) Hidden
ExplorerPatcher (HKLM\...\{D17F1E1A-5919-4427-8F89-A1A8503CA3EB}_ExplorerPatcher) (Version: 22621.1555.55.1 - VALINET Solutions SRL)
Folder Size (64-bit) (HKLM\...\{F24FF688-7138-4CCF-A83F-71E9FB01170E}) (Version: 2.6 - Brio)
GOG GALAXY (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: 2.0.72.94 - GOG.com)
Grand Theft Auto (HKLM-x32\...\Grand Theft Auto) (Version: - )
HiSuite (HKLM-x32\...\Hi Suite) (Version: 11.0.0.650 - Huawei Technologies Co., Ltd.)
HUE Animation v1.6.6 (HKLM-x32\...\{A23B9726-7771-4D2C-BB3A-1375EBD24D92}) (Version: 1.6.6.0 - HUE) Hidden
HUE Animation v1.6.6 (HKLM-x32\...\HUE Animation v1.6.6 1.6.6.0) (Version: 1.6.6.0 - HUE)
Inkscape (HKLM\...\{2C69A8D5-2E44-4F99-BD5E-08536B52F1DA}) (Version: 1.3.0 - Inkscape)
INSIDE (HKLM-x32\...\1916896012_is1) (Version: 10 - GOG.com)
iPod-Unterstützung (HKLM\...\{5530CCC4-99F6-4198-BB1B-F1F78D6BCA76}) (Version: 12.11.3.7 - Apple Inc.)
iTunes (HKLM\...\{9090ADBB-63C9-494B-907F-2C0FA50BBA9A}) (Version: 12.13.0.9 - Apple Inc.)
Malwarebytes version 4.6.8.311 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.8.311 - Malwarebytes)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 121.0.2277.106 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 121.0.2277.106 - Microsoft Corporation)
Microsoft Office Home and Student 2021 - de-de (HKLM\...\HomeStudent2021Retail - de-de) (Version: 16.0.17231.20194 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 24.015.0121.0003 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.23.33413 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.31.31103 (HKLM-x32\...\{2aaf1df0-eb13-4099-9992-962bb4e596d1}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.31.31103 (HKLM-x32\...\{41d7b770-418a-43b7-95a5-f925fff05789}) (Version: 14.31.31103.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.31.31103 (HKLM\...\{A977984B-9244-49E3-BD24-43F0A8009667}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.31.31103 (HKLM\...\{A181A302-3F6D-4BAD-97A8-A426A6499D78}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.31.31103 (HKLM-x32\...\{5720EC03-F26F-40B7-980C-50B5D420B5DE}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.31.31103 (HKLM-x32\...\{799E3FFF-705C-461F-B400-6DE27398B3E5}) (Version: 14.31.31103 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 122.0.1 (x64 de)) (Version: 122.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 102.9.1 - Mozilla)
Mozilla Thunderbird (x64 de) (HKLM\...\Mozilla Thunderbird 115.7.0 (x64 de)) (Version: 115.7.0 - Mozilla)
Mp3tag v3.23 (HKLM\...\Mp3tag) (Version: 3.23 - Florian Heidenreich)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20194 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.17231.20194 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.17231.20194 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
REAPER (x64) (HKLM\...\REAPER) (Version: 6.80 - Cockos Incorporated)
Revo Uninstaller 2.4.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.4.5 - VS Revo Group, Ltd.)
Signal 6.47.0 (HKU\S-1-5-21-274020518-178741033-554351160-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 6.47.0 - Signal Messenger, LLC)
Spotify (HKU\S-1-5-21-274020518-178741033-554351160-1001\...\Spotify) (Version: 1.2.30.1135.g02fef27a - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Superliminal (HKLM-x32\...\1766270223_is1) (Version: 1.4 - GOG.com)
The Silent Age (HKLM-x32\...\1228006877_is1) (Version: 1.0 - GOG.com)
tiptoi® Manager 5.1 (HKLM\...\{833392BB-E8C0-4066-9408-3A30FA43972F}_is1) (Version: 5.1 - Ravensburger AG)
uTorrent Web (HKU\S-1-5-21-274020518-178741033-554351160-1001\...\utweb) (Version: 1.3.0 - Rainberry, Inc.)
WinRAR 6.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 6.21.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-274020518-178741033-554351160-1001\...\ZoomUMX) (Version: 5.17.2 (29988) - Zoom Video Communications, Inc.)
Packages:
=========
Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2024-01-24] (Adobe Systems Incorporated)
Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC [2024-01-19] ()
Dev Home -> C:\Program Files\WindowsApps\Microsoft.Windows.DevHome_0.1000.389.0_x64__8wekyb3d8bbwe [2024-02-10] (Microsoft Corporation)
Dropbox -> C:\Program Files (x86)\Dropbox\Client\PackageAssets [2024-02-07] (Dropbox Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_151.3.1092.0_x64__v10z8vjag6ke6 [2024-02-09] (HP Inc.)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-09-15] (Microsoft Corp.)
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_23335.232.2637.4844_x64__8wekyb3d8bbwe [2024-01-31] (Microsoft) [Startup Task]
Microsoft.WindowsAppRuntime.CBS -> C:\WINDOWS\SystemApps\Microsoft.WindowsAppRuntime.CBS_8wekyb3d8bbwe [2024-01-11] (Microsoft Corporation)
Mp3tag -> C:\Program Files\Mp3tag [2023-11-05] (Florian Heidenreich)
PowerShell -> C:\Program Files\WindowsApps\Microsoft.PowerShell_7.4.1.0_x64__8wekyb3d8bbwe [2024-01-13] (Microsoft Corporation)
Samsung Printer Experience -> C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCO.LTD.SamsungPrinterExperience_1.3.15.0_x64__3c1yjt4zspk6g [2023-04-01] (Samsung Electronics Co. Ltd.)
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.5.0_x64__cv1g1gvanyjgm [2024-02-07] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.FileExp_cw5n1h2txyewy [2024-01-11] (Microsoft Corporation)
Windows Package Manager Source (platform) -> C:\Program Files\WindowsApps\Microsoft.Winget.Platform.Source_2023.1102.1838.719_neutral__8wekyb3d8bbwe [2023-11-27] (Microsoft Corporation)
WinRAR -> C:\Program Files\WinRAR [2023-04-03] (win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-274020518-178741033-554351160-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-274020518-178741033-554351160-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\Acer\AppData\Local\Microsoft\TeamsMeetingAddin\1.23.33413\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-274020518-178741033-554351160-1001_Classes\CLSID\{1C29794E-F9AB-4037-BF3B-92153EDDF7CB} -> [Dropbox] => C:\Users\Acer\Dropbox [2023-04-09 12:03]
CustomCLSID: HKU\S-1-5-21-274020518-178741033-554351160-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
CustomCLSID: HKU\S-1-5-21-274020518-178741033-554351160-1001_Classes\CLSID\{86ca1aa0-34aa-4e8b-a509-50c905bae2a2}\InprocServer32 -> => Keine Datei
CustomCLSID: HKU\S-1-5-21-274020518-178741033-554351160-1001_Classes\CLSID\{b69496b6-0c17-4b22-881b-469490e33ef5}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll => Keine Datei
CustomCLSID: HKU\S-1-5-21-274020518-178741033-554351160-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A} -> [Dropbox] => C:\Users\Acer\Dropbox [2023-04-09 12:03]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncShell64.dll [2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncShell64.dll [2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncShell64.dll [2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncShell64.dll [2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncShell64.dll [2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncShell64.dll [2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncShell64.dll [2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncShell64.dll [2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncShell64.dll [2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncShell64.dll [2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncShell64.dll [2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncShell64.dll [2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncShell64.dll [2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncShell64.dll [2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncShell64.dll [2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-01-02] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-01] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncShell64.dll [2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\24.015.0121.0003\FileSyncShell64.dll [2024-02-09] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.69.0.dll [2023-12-08] (Dropbox, Inc -> Dropbox, Inc.)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2024-01-02] (Adobe Inc. -> Adobe Systems Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-05-01] (Malwarebytes Inc. -> Malwarebytes)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
==================== Verknüpfungen & WMI ========================
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2014-02-11 06:08 - 2014-02-11 06:08 - 000817152 _____ () [Datei ist nicht signiert] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2015-11-04 16:43 - 2015-11-04 16:43 - 000214528 _____ () [Datei ist nicht signiert] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 06:08 - 2014-02-11 06:08 - 003650560 _____ () [Datei ist nicht signiert] C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2023-04-09 08:02 - 2023-04-09 08:02 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2023-04-09 08:02 - 2023-04-09 08:02 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
2023-04-25 21:40 - 2023-04-25 21:40 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\WINDOWS\system32\wincorlib.dll] C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\wincorlib_orig.dll
2023-04-25 21:40 - 2023-04-25 21:40 - 000641536 _____ (VALINET Solutions SRL) [Datei ist nicht signiert] C:\WINDOWS\dxgi.dll
2023-04-25 21:40 - 2023-04-25 21:40 - 000641536 _____ (VALINET Solutions SRL) [Datei ist nicht signiert] C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\dxgi.dll
2023-04-25 21:40 - 2023-04-25 21:40 - 000198656 _____ (VALINET Solutions SRL) [Datei ist nicht signiert] C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\wincorlib.DLL
2023-04-25 21:40 - 2023-04-25 21:40 - 000641536 _____ (VALINET Solutions SRL) [Datei ist nicht signiert] C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\dxgi.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-01-13] (Adobe Inc. -> Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-01-13] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-01-31] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-01-13] (Adobe Inc. -> Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-01-13] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2024-01-13] (Adobe Inc. -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2024-01-13] (Adobe Inc. -> Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-01-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-01-31] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-274020518-178741033-554351160-1001\...\sharepoint.com -> hxxps://freieschuleseenland-files.sharepoint.com
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-274020518-178741033-554351160-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Acer\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\IMG_3197.jpg
HKU\S-1-5-21-274020518-178741033-554351160-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.8.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "TeamsMachineInstaller"
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\StartupApproved\StartupFolder: => "Adobe Gamma.lnk"
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\StartupApproved\Run: => "GogGalaxy"
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_0E856574C4D091667B5858ACF047C466"
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\StartupApproved\Run: => "CCXProcess"
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\StartupApproved\Run: => "Mozilla-Firefox-308046B0AF4A39CB"
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\StartupApproved\Run: => "org.whispersystems.signal-desktop"
HKU\S-1-5-21-274020518-178741033-554351160-1001\...\StartupApproved\Run: => "Spotify"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{FFFF8A9D-3A5B-4DC9-9D0C-C442AB669782}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{79C7FBAA-3D30-4574-9B6D-03F41EEAC060}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{F53642E7-187F-49B6-90F7-636B632E9540}] => (Allow) C:\Users\Acer\AppData\Roaming\uTorrent Web\utweb.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{0F1D1FE4-064F-41F0-9DD4-70ABF33D6C58}] => (Allow) C:\Users\Acer\AppData\Roaming\uTorrent Web\utweb.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{249A66CA-C503-44EF-9984-58A0B89B1AC9}C:\program files (x86)\gog galaxy\games\superliminal\superliminalgog.exe] => (Allow) C:\program files (x86)\gog galaxy\games\superliminal\superliminalgog.exe () [Datei ist nicht signiert]
FirewallRules: [UDP Query User{2383A799-6437-4D68-9CF3-5BE3097D003A}C:\program files (x86)\gog galaxy\games\superliminal\superliminalgog.exe] => (Allow) C:\program files (x86)\gog galaxy\games\superliminal\superliminalgog.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{004916FA-190B-4EAD-AC41-361BF44ADB31}C:\program files (x86)\common files\scan process machine\imageeng.exe] => (Allow) C:\program files (x86)\common files\scan process machine\imageeng.exe => Keine Datei
FirewallRules: [UDP Query User{282D71C9-CA2E-4184-8A0A-5260B83E200B}C:\program files (x86)\common files\scan process machine\imageeng.exe] => (Allow) C:\program files (x86)\common files\scan process machine\imageeng.exe => Keine Datei
FirewallRules: [{49E019F8-DF63-4EBF-A77B-8DCB107B4269}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe => Keine Datei
FirewallRules: [{036FF157-CDC0-4A69-AE19-CB738408C183}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe => Keine Datei
FirewallRules: [TCP Query User{8FB8A5B1-3855-47E5-9E0C-0FD3A1964F7D}C:\users\acer\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\acer\appdata\roaming\utorrent web\utweb.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [UDP Query User{887381A9-C9D3-4DAC-A33A-3FFC26FC1A0F}C:\users\acer\appdata\roaming\utorrent web\utweb.exe] => (Allow) C:\users\acer\appdata\roaming\utorrent web\utweb.exe (Rainberry Inc -> BitTorrent Inc.)
FirewallRules: [{F561A505-35ED-4DCD-8DCB-AA9A0894AF80}] => (Allow) C:\Users\Acer\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{3F592832-0403-44C0-8CE4-F590C71F4FF4}] => (Allow) C:\Users\Acer\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{6CABDD21-6DDD-48E1-A689-38542E874870}] => (Allow) C:\Users\Acer\AppData\Roaming\Zoom\bin\airhost.exe => Keine Datei
FirewallRules: [{5FBE5D58-30E0-48DA-B1C1-75FAB2113129}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{79BE0F76-9242-4584-9711-C9137DA838E2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1B3C9681-DFFA-4252-9E33-DA3913A164F2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4568F3C2-6816-4D02-946C-D49216920F4D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{60A3A271-F81F-4540-BA8E-BE4784550C87}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{E1A97D82-D18E-4FF7-9C95-5D78B7FE0B31}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{EAA76480-F086-4E93-83BC-1CD9879E509E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{71787D5E-95DD-48B1-AA35-0995D40E94C5}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{0533C8A3-E89C-4953-96FD-F71DDA6EC432}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pixel Dungeon\PD.exe () [Datei ist nicht signiert]
FirewallRules: [{7A80C7EA-AAAF-4319-A2F6-F0D800C10C90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Pixel Dungeon\PD.exe () [Datei ist nicht signiert]
FirewallRules: [{79D698F7-AB6A-4CA2-9A65-4C7226995633}] => (Allow) C:\Program Files\iTunes\iTunes.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{09987B24-1600-4A42-A323-6D7E13465BE7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Feast\The Feast.exe () [Datei ist nicht signiert]
FirewallRules: [{61596013-4F5A-402A-972E-7CB3AED87B08}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Feast\The Feast.exe () [Datei ist nicht signiert]
FirewallRules: [{2AF8D463-1313-4D12-8786-F4DA98A60D6A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FAR Lone Sails\Game\FarLoneSails.exe () [Datei ist nicht signiert]
FirewallRules: [{0258B32D-F906-4BA9-AF57-D8F57C266516}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\FAR Lone Sails\Game\FarLoneSails.exe () [Datei ist nicht signiert]
FirewallRules: [TCP Query User{D15948B6-7535-46BB-8738-8D56A7EB5448}C:\users\acer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\acer\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [UDP Query User{D0491AC1-80DD-47C7-B964-BB51405C649C}C:\users\acer\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\acer\appdata\roaming\spotify\spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{9D0D055D-59CF-42D1-9BFD-427006611566}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Coma\Bad Dream Coma.exe (Desert Fox) [Datei ist nicht signiert]
FirewallRules: [{C5D49C0B-1ED2-42F1-A85C-A32527F37683}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Coma\Bad Dream Coma.exe (Desert Fox) [Datei ist nicht signiert]
FirewallRules: [TCP Query User{18234521-B99F-4493-AE3C-6EEF78E0B974}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{488CFB14-23CC-4750-84A8-9465F359EF62}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{6DD5C746-58DE-429F-83A8-C3A885650796}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4E80BFF0-B922-42B8-A69E-34C0974C5231}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23335.232.2637.4844_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3BFE8E70-7DC4-44A3-9015-B4FE776E51E8}] => (Allow) C:\Program Files\WindowsApps\MSTeams_23335.232.2637.4844_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{39346CB6-C73B-4E8A-8866-7D6ABFD202C6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3206.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5D5C560B-CD18-49D9-A81D-C734BD41997F}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3206.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{10B96F52-01E6-4B43-A377-27B1C3C807F7}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3206.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3D14130E-25C2-4C21-AFF9-8AA24AE37D55}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.112.3206.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{9E6EE216-E421-480C-A0EC-C7DA9F8BA6CF}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{CDBDDEE4-4B83-49B2-B83F-11F4EB8BB3BC}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc -> Dropbox, Inc.)
FirewallRules: [{DC518F5C-CBAE-4917-874D-AB3EEA7F54DD}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.106\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AAEA9A63-B839-4D6A-B42A-D693CFAC7E76}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24004.1403.2634.2418_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9DDCD8FE-C12C-46B8-894F-8BBA7E9E3F36}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24004.1403.2634.2418_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Wiederherstellungspunkte =========================
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (02/09/2024 11:00:47 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
Error: (02/09/2024 11:00:46 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
Error: (02/09/2024 10:39:31 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-0EQCGGQ)
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 10.0.22621.3007, Zeitstempel: 0x4421e92b
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.22621.2506, Zeitstempel: 0xbced4b82
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000a5f26
ID des fehlerhaften Prozesses: 0x0x2170
Startzeit der fehlerhaften Anwendung: 0x0x1da5ba073cf2871
Pfad der fehlerhaften Anwendung: C:\WINDOWS\explorer.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: fc917d1b-50a3-4d44-bad2-fe8acdd03737
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/09/2024 10:39:26 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-0EQCGGQ)
Description: Name der fehlerhaften Anwendung: msteams.exe, Version: 24004.1403.2634.2418, Zeitstempel: 0x65a73083
Name des fehlerhaften Moduls: ucrtbase.dll, Version: 10.0.22621.2506, Zeitstempel: 0x097c794c
Ausnahmecode: 0xc0000409
Fehleroffset: 0x000000000007f61e
ID des fehlerhaften Prozesses: 0x0x3564
Startzeit der fehlerhaften Anwendung: 0x0x1da5ba06b1972e2
Pfad der fehlerhaften Anwendung: C:\Program Files\WindowsApps\MicrosoftTeams_24004.1403.2634.2418_x64__8wekyb3d8bbwe\msteams.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\ucrtbase.dll
Berichtskennung: 6ed2ab17-2d6d-40a5-b5e3-4e9110f9bf53
Vollständiger Name des fehlerhaften Pakets: MicrosoftTeams_24004.1403.2634.2418_x64__8wekyb3d8bbwe
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MicrosoftTeams
Error: (02/09/2024 10:39:18 PM) (Source: Application Error) (EventID: 1000) (User: DESKTOP-0EQCGGQ)
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 10.0.22621.3007, Zeitstempel: 0x4421e92b
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.22621.2506, Zeitstempel: 0xbced4b82
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000a5f0f
ID des fehlerhaften Prozesses: 0x0x12bc
Startzeit der fehlerhaften Anwendung: 0x0x1da5ba05753f78b
Pfad der fehlerhaften Anwendung: C:\WINDOWS\Explorer.EXE
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: ae642a66-c750-4d01-a550-ab8c45fd54fb
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (02/09/2024 10:38:36 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
Error: (02/09/2024 10:38:34 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
Error: (02/09/2024 10:38:34 PM) (Source: ATIeRecord) (EventID: 16391) (User: )
Description: ATI EEU maximum number of session has been surpassed
Systemfehler:
=============
Error: (02/10/2024 03:22:29 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{816A45F9-7406-42BB-B4FA-A655D96F2A8A}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/10/2024 03:20:29 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{74FA5D1F-BBD3-4F3E-8776-41EDEFC608D9}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/10/2024 03:18:29 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{8C9C0DB7-2CBA-40F1-AFE0-C55740DD91A0}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/10/2024 03:16:29 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{CC66E708-C687-42EA-806E-83D41C9D1A5F}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/10/2024 03:14:29 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{F99A566C-42AE-4DE2-AD4D-D297A04C5433}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/10/2024 02:34:39 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{470B9B9B-0E95-4963-B265-5D58E5808C3D}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/10/2024 02:32:39 PM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{816A45F9-7406-42BB-B4FA-A655D96F2A8A}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/10/2024 08:57:09 AM) (Source: DCOM) (EventID: 10010) (User: NT-AUTORITÄT)
Description: Der Server "{74FA5D1F-BBD3-4F3E-8776-41EDEFC608D9}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Windows Defender:
================
Date: 2024-02-09 22:45:31
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {B0831573-1F75-4F92-9977-BCA729CBBBB6}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-02-09 05:30:39
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {6A911150-1DB8-4317-A810-E405F7BF1386}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-02-07 23:01:06
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {C56BED84-B877-40A6-90EC-1D8ED3C951DA}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-02-06 17:22:12
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {38EBB08C-0D5C-4C13-9D91-B31D30BF6851}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Date: 2024-02-04 15:48:45
Description:
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {209948E6-3290-40A8-9020-57EACE553987}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: NT-AUTORITÄT\SYSTEM
Event[0]
Date: 2023-04-09 13:17:23
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.387.432.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.20200.4
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.
Date: 2023-04-09 13:17:23
Description:
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen:
%Vorherige Version der Sicherheitsinformationen: 1.387.432.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion:
%Vorherige Modulversion: 1.1.20200.4
Fehlercode: 0x80240022
Fehlerbeschreibung: Die Suche des Programms nach Definitionsaktualisierungen ist nicht möglich.
CodeIntegrity:
===============
Date: 2024-02-10 15:22:35
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
Date: 2024-02-10 15:13:06
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
BIOS: American Megatrends Inc. P01-A3 11/21/2011
Hauptplatine: Acer Aspire M1470
Prozessor: AMD A8-3850 APU with Radeon(tm) HD Graphics
Prozentuale Nutzung des RAM: 61%
Installierter physikalischer RAM: 7571.7 MB
Verfügbarer physikalischer RAM: 2919.52 MB
Summe virtueller Speicher: 10515.7 MB
Verfügbarer virtueller Speicher: 4790.15 MB
==================== Laufwerke ================================
Drive c: () (Fixed) (Total:222.89 GB) (Free:79.34 GB) (Model: INTENSO SCSI Disk Device) NTFS
Drive d: (Daten) (Fixed) (Total:1397.26 GB) (Free:1377.36 GB) (Model: WDC WD15EARX-22PASB0 SCSI Disk Device) NTFS
Drive e: (Audio CD) (CDROM) (Total:0 GB) (Free:0 GB) CDFS
Drive g: (1TB_LukasSSD) (Fixed) (Total:931.51 GB) (Free:305.37 GB) (Model: SanDisk SSD PLUS 1000GB USB Device) NTFS
\\?\Volume{9feb714d-0000-0000-0000-100000000000}\ (System-reserviert) (Fixed) (Total:0.05 GB) (Free:0.02 GB) NTFS
\\?\Volume{9feb714d-0000-0000-0000-f0bb37000000}\ () (Fixed) (Total:0.63 GB) (Free:0.08 GB) NTFS
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: C50DAB18)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: 9FEB714D)
Partition 1: (Active) - (Size=50 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=222.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=647 MB) - (Type=27)
==========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 38D58721)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt =======================
Ich werd auf keinen Fall Geld überweisen |
|
10.02.2024, 15:40
| #3 |
| /// TB-Ausbilder | Trojaner eingefangen? Oh... da ist Malware im System...
__________________ |
|
10.02.2024, 15:43
| #4 | |
| | Trojaner eingefangen?Zitat:
|
|
10.02.2024, 15:45
| #5 |
| /// TB-Ausbilder | Trojaner eingefangen? Lass mal eine FRST Analyse wie folgt laufen (es wird noch nichts entfernt): Schritt 1 WARNUNG AN ALLE MITLESER !!! Dieses FRST-Skript ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System verwendet werden!
|
|
10.02.2024, 15:48
| #6 |
| | Trojaner eingefangen?Code:
ATTFilter Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 10.02.2024
durchgeführt von Acer (10-02-2024 15:47:31) Run:1
Gestartet von C:\Users\Acer\Desktop
Geladene Profile: Acer & sarah
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
Start::
CMD: type "C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\InstallWinSAT"
CMD: type "C:\WINDOWS\system32\Maintenance.vbs"
End::
*****************
========= type "C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\InstallWinSAT" =========
<?xml version="1.0" encoding="UTF-16"?>
<Task version="1.2" xmlns="hxxp://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Date>2023-04-29T22:24:15</Date>
<Author>DESKTOP-0EQCGGQ\Acer</Author>
<URI>\Microsoft\Windows\Maintenance\InstallWinSAT</URI>
</RegistrationInfo>
<Triggers>
<LogonTrigger>
<StartBoundary>2023-04-29T22:24:00</StartBoundary>
<Enabled>true</Enabled>
</LogonTrigger>
</Triggers>
<Principals>
<Principal id="Author">
<RunLevel>HighestAvailable</RunLevel>
<UserId>DESKTOP-0EQCGGQ\Acer</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>true</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<Duration>PT10M</Duration>
<WaitTimeout>PT1H</WaitTimeout>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT72H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>Maintenance.vbs</Command>
</Exec>
</Actions>
</Task>
========= Ende von CMD: =========
========= type "C:\WINDOWS\system32\Maintenance.vbs" =========
Wscript.Quit
========= Ende von CMD: =========
==== Ende von Fixlog 15:47:32 ====
|
|
10.02.2024, 15:54
| #7 |
| /// TB-Ausbilder | Trojaner eingefangen? Anscheinend nur Überreste einer früheren Infektion. cosinus, sorry fürs reinposten, willst du weitermachen? |
|
10.02.2024, 16:01
| #8 |
| /// TB-Ausbilder | Trojaner eingefangen? cosinus ist nicht da... wir starten.  Wir starten mit einer Reparatur mit FRST. Schritt 1 WARNUNG AN ALLE MITLESER !!! Dieses FRST-Skript ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System verwendet werden!
|
|
| Themen zu Trojaner eingefangen? |
| antivirus, chat, check, computer, e-mail, email, folge, hacked, links, log, malware, monitoring, not, online, problem, remote, reset, security, tracking, trojan, trojaner, updates, virus, webcam, websites |
Hybrid-Darstellung
