![]() |
|
Log-Analyse und Auswertung: Trojaner memorybuffer.e3bcfda800a?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Trojaner memorybuffer.e3bcfda800a? Guten Morgen, mit hat der Avira Virenschutz angezeigt, dass er folgenden Prozess blockiert: Dateiname: memorybuffer.e3bcfda800a, Name der Bedrohung: LNK/Dldr.Agent.VLPZ, Typ: Trojaner. Jetzt habe ich Avira deinstalliert und den Defender laufen lassen, der aber nicht gefunden hat. Aufgrund dieses Forums bin ich jetzt auf die Idee gekommen den Farbar Recovery Scan Tool laufen zu lassen. Anbei die Log-Dateien. Meine Frage ist mein Gerät von Malware verseucht und was sind die nächsten Schritte? Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01 durchgeführt von josch (Administrator) auf LAPTOP-3GFCL20G (LENOVO 21B3000LGE) (27-02-2024 10:51:17) Gestartet von C:\Users\josch\OneDrive\Dokumente\FRST_160224 (3)\FRST64.exe Geladene Profile: josch Plattform: Microsoft Windows 11 Pro Version 23H2 22631.3155 (X64) Sprache: Deutsch (Deutschland) Standard-Browser: Chrome Start-Modus: Normal ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(CommercialAddin).exe (C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(GenericMessagingAddin).exe (C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoServiceBridgeAddin).exe (C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoSystemUpdateAddin).exe (C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(VantageCoreAddin).exe (C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.170.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.52\msedgewebview2.exe <6> (C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe (C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe <2> (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\csc_ui.exe (conhost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e75a3d1c39bebe3f\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~1.INF\DAX3API.exe (DriverStore\FileRepository\fn.inf_amd64_341d0836121cf573\driver\tphkload.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\FNF910~1.INF\driver\shtctky.exe (DriverStore\FileRepository\fn.inf_amd64_341d0836121cf573\driver\tphkload.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\FNF910~1.INF\driver\tposd.exe (DriverStore\FileRepository\icst_service.inf_amd64_d30bd471ed01a230\intel_cst_service_standalone.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\icst_service.inf_amd64_d30bd471ed01a230\intel_cst_helper_service.exe (DriverStore\FileRepository\ipf_cpu.inf_amd64_a232fd65d8604eb5\ipf_uf.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_a232fd65d8604eb5\ipf_helper.exe (EPDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\EPDCtrl.exe (explorer.exe ->) (ownCloud GmbH -> ) C:\Program Files\sciebo\sciebo.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.372\GoogleCrashHandler64.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnagent.exe (services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e75a3d1c39bebe3f\DAX3API.exe (services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\fusion_swc_aposvc.inf_amd64_98e9a381707712c6\FusionAPI.exe (services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\EPDService.exe (services.exe ->) (Flexera Software LLC -> Flexera) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_3befaa646f991169\jhi_service.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_fe21a1d446afa67d\ipfsvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\icst_service.inf_amd64_d30bd471ed01a230\intel_cst_service_standalone.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_a232fd65d8604eb5\ipf_uf.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_f3c201b4c28c14d0\WMIRegistrationService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\TbtP2pShortcutService.exe (services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\System32\drivers\Lenovo\udc\Service\UDClientService.exe (services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe (services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\fn.inf_amd64_341d0836121cf573\driver\tphkload.exe (services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_7b52940a5893ba07\x64\ibmpmsvc.exe (services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\lnvvsndmft.inf_amd64_a1a974b0994de01d\LenovoVisionService.exe (services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_1a7a38fb4d407c19\SmartStandby.exe (services.exe ->) (Lenovo -> Lenovo.) C:\Windows\System32\DriverStore\FileRepository\litsdrv.inf_amd64_4eda545e0ed970d1\LITSSvc.exe (services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_4e93878658043b21\OneApp.IGCC.WinService.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_a35f9c28ba2a1841\IntelCpHDCPSvc.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe (services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2a86f979b6e5b8bf\RtkAudUService64.exe <3> (services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated.) C:\Windows\System32\DriverStore\FileRepository\synawudfbiousbuwp.inf_amd64_b4553f061288fdeb\SynRpcServer.exe (Slack Technologies, LLC -> Slack Technologies Inc.) C:\Users\josch\AppData\Local\slack\app-4.36.140\slack.exe <6> (svchost.exe ->) (Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe (svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.170.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Windows.Media.BackgroundPlayback.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RtkAudUService] => "C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_47c1cbb90ce0f6e7\RtkAudUService64.exe" -background (Keine Datei) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech) HKLM\...\Run: [] => [X] HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [142222176 2023-04-21] (Microsoft Corporation -> Microsoft Corporation) HKLM-x32\...\Run: [Cisco Secure Client] => C:\Program Files (x86)\Cisco\Cisco Secure Client\UI\csc_ui.exe [3051104 2023-04-10] (Cisco Systems, Inc. -> Cisco Systems, Inc.) HKLM-x32\...\Run: [] => [X] HKU\S-1-5-21-3505320915-1573090934-3906154687-1001\...\Run: [MicrosoftEdgeAutoLaunch_3CA18125895636413B6CE81FB2B3AFDF] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4067896 2024-02-23] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-3505320915-1573090934-3906154687-1001\...\Run: [sciebo] => C:\Program Files\sciebo\sciebo.exe [2092272 2024-01-09] (ownCloud GmbH -> ) HKU\S-1-5-21-3505320915-1573090934-3906154687-1001\...\Run: [Grammarly] => C:\Users\josch\AppData\Local\Grammarly\DesktopIntegrations\Grammarly.Desktop.exe [293984 2024-02-16] (Grammarly, Inc. -> Grammarly) HKU\S-1-5-21-3505320915-1573090934-3906154687-1001\...\Run: [] => [X] HKU\S-1-5-21-3505320915-1573090934-3906154687-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\josch\AppData\Local\slack\slack.exe [310576 2024-02-05] (Slack Technologies, LLC -> Slack Technologies Inc.) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\122.0.6261.70\Installer\chrmstp.exe [2024-02-27] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> GroupPolicy: Beschränkung ? <==== ACHTUNG Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG ==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) Task: {E6A69B59-ADA3-4D09-8E62-446F32FD1731} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.) Task: {6A6EAF1C-2FED-4FEE-802B-0EE5109EAFC6} - System32\Tasks\ArcGIS Pro Indexing (MicrosoftAccount_joscha.reiners@outlook.de) => C:\Program Files\ArcGIS\Pro\bin\ArcGISIndexingServer.exe [747096 2023-10-16] (Environmental Systems Research Institute, Inc. -> Esri) Task: {DC936382-DE46-4B3D-BEA9-9287FB5133D7} - System32\Tasks\Enable-DAManualEntryPointSelection_QoS => C:\WINDOWS\system32\conhost.exe [1040384 2023-11-15] (Microsoft Windows -> Microsoft Corporation) -> --headless powershell .$([char](9652-9547)+'ex') (get-content 'C:\Users\josch\AppData\Local\Microsoft\WindowsApps\Enable-DAManualEntryPointSelection_QoS.log' -raw) <==== ACHTUNG Task: {75872278-44A0-488E-9C32-7FC4A1932D11} - System32\Tasks\GoogleUpdateTaskMachineCore{3CD978E8-E034-4861-91E1-B762F48B85BD} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-08-17] (Google LLC -> Google LLC) Task: {9ABA66D5-F89A-49F8-8AA3-F11EF5434C44} - System32\Tasks\GoogleUpdateTaskMachineUA{EE0C899A-1FC2-4A61-954C-23E510D3A277} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [162072 2023-08-17] (Google LLC -> Google LLC) Task: {3CFF953B-85D7-46D5-89E3-756095D04925} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [74952 2022-11-20] (Lenovo -> Lenovo Group Ltd.) Task: {E1B46997-8519-4968-BAE6-35FBDE083E53} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService Task: {611EE837-3638-4AAA-B945-B9A379C2D266} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [102400 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {BF972163-4D4A-4ADA-AF9B-EC8FD9B3C58C} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\52cd98ad-4a7d-4631-b3f3-f93976a0cf2e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.) Task: {4E4B84B2-E395-4502-871D-0E050A1EAFC3} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\874d03d8-c5d3-4c6f-9870-0ed057f9c661 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.) Task: {27166E4D-E7DD-4A9A-89E0-DA9E9E27359B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\8bc51ad2-c458-428b-b263-437820141047 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.) Task: {48BC00CD-2F7F-4DC1-A0A4-4CE4D2A607B8} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\98b4b822-bd5f-486d-b7ce-9ba4fbd35066 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.) Task: {366BC365-B367-4374-9934-A97AF296217B} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [129016 2022-12-04] (Lenovo -> Lenovo) Task: {02B5A4D0-16E4-498D-BEB8-23EB0BE46C33} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [65016 2022-12-04] (Lenovo -> ) Task: {8AD46732-86FE-44B7-8AC0-99E3B8E8F4EF} - System32\Tasks\Lenovo\SmartStandby\Daily analysis => C:\WINDOWS\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_1a7a38fb4d407c19\AutonomicMgr.exe [74232 2023-02-03] (Lenovo -> ) Task: {466F7A73-F037-4A49-A0D7-A01986310003} - System32\Tasks\Lenovo\SmartStandby\Uninstall Monitor => C:\WINDOWS\system32\SmartStandbyInst.exe [43512 2023-02-03] (Lenovo -> ) Task: {F57C57FB-8841-4553-8DAE-12BB23347418} - System32\Tasks\Lenovo\UDC\Lenovo UDC Diagnostic Scan => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> control udcservice 210 Task: {366DC617-031A-48E5-9CCC-49403DB41BAD} - System32\Tasks\Lenovo\UDC\Lenovo UDC Idle Monitor => C:\windows\system32\drivers\Lenovo\udc\Service\UDCUserAgent.exe [90600 2023-11-02] (Lenovo -> Lenovo Group Ltd.) Task: {7D7F3AA3-2E0A-4587-8DB4-725A8CD88919} - System32\Tasks\Lenovo\UDC\Lenovo UDC Monitor => C:\WINDOWS\system32\drivers\lenovo\udc\data\InfBackup\UdcInfInstaller.exe [185312 2023-11-02] (Lenovo -> Lenovo Group Ltd.) Task: {9761EB1D-F455-4D4D-96DB-D535E6AEE5C8} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService Task: {FC8E0E7B-8376-4C85-90FE-822D23BDCFE9} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo) Task: {9FD60B6B-5825-4666-B69B-A728B6C31000} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo) Task: {C2F798D0-0398-4D12-9480-F8E53734FB0A} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe [30040 2023-07-14] (Lenovo -> Lenovo) Task: {90F0DFC2-F27C-4674-BB67-C8660F349874} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28425296 2024-02-10] (Microsoft Corporation -> Microsoft Corporation) Task: {3B590472-1DE9-4CF0-BC8F-EB61767414EF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28425296 2024-02-10] (Microsoft Corporation -> Microsoft Corporation) Task: {773757BF-E47E-49BB-9FD9-D9EAD9AAFDD5} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305712 2024-02-18] (Microsoft Corporation -> Microsoft Corporation) Task: {E464131A-92AA-45BB-8C5F-DB0123F44493} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [305712 2024-02-18] (Microsoft Corporation -> Microsoft Corporation) Task: {03D8AC20-9504-4D6B-AED9-32C83CF456B0} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [170048 2024-02-18] (Microsoft Corporation -> Microsoft Corporation) Task: {DC858B43-2E42-4357-8343-B620303FAD13} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4434624 2024-02-10] (Microsoft Corporation -> Microsoft Corporation) Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Keine Datei) Task: {11F25AFF-E469-4D13-AC1E-BB6063662A42} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (Keine Datei) Task: {4F15A5F3-8249-4F8F-9063-268B44F1BBF2} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (Keine Datei) Task: {FC55E2E5-1084-406B-BBCF-E0C02738ADB5} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (Keine Datei) Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei) Task: {398C2DBB-868F-48EA-A9CE-07B5B208D122} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3505320915-1573090934-3906154687-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [65536 2022-05-07] (Microsoft Windows -> Microsoft Corporation) Task: {88D3075C-FDB1-48C2-890D-1FDEF30B8D7D} - System32\Tasks\RtkAudUService64_BG => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2a86f979b6e5b8bf\RtkAudUService64.exe [1659744 2023-06-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor) (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) ProxyEnable: [S-1-5-21-3505320915-1573090934-3906154687-1001] => Proxy ist aktiviert. ProxyServer: [S-1-5-21-3505320915-1573090934-3906154687-1001] => https=localhost:9940 Tcpip\Parameters: [DhcpNameServer] 134.95.127.1 134.95.9.74 Tcpip\..\Interfaces\{9838313c-715d-4267-b16a-c49cd66d196b}: [DhcpNameServer] 134.95.127.3 134.95.9.74 Tcpip\..\Interfaces\{9838313c-715d-4267-b16a-c49cd66d196b}: [DhcpDomain] wiso.ad.uni-koeln.de Tcpip\..\Interfaces\{f5919d8c-e05b-4148-81c4-d31e444e2d3b}: [DhcpNameServer] 134.95.127.1 134.95.9.74 Tcpip\..\Interfaces\{f5919d8c-e05b-4148-81c4-d31e444e2d3b}: [DhcpDomain] wlan.uni-koeln.de Tcpip\..\Interfaces\{f5919d8c-e05b-4148-81c4-d31e444e2d3b}\64259445A51224F687027353330302D455: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{f5919d8c-e05b-4148-81c4-d31e444e2d3b}\64259445A51224F687027353330302D455: [DhcpDomain] fritz.box Tcpip\..\Interfaces\{f5919d8c-e05b-4148-81c4-d31e444e2d3b}\64259445A51224F687027353930302F424: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{f5919d8c-e05b-4148-81c4-d31e444e2d3b}\64259445A51224F687027353930302F424: [DhcpDomain] fritz.box ManualProxies: 1https=localhost:9940 <==== ACHTUNG Edge: ======= Edge Profile: C:\Users\josch\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-27] Edge Extension: (Avira Password Manager) - C:\Users\josch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\emgfgdclgfeldebanedpihppahgngnle [2024-02-26] Edge Extension: (Google Docs Offline) - C:\Users\josch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-24] Edge Extension: (Edge relevant text changes) - C:\Users\josch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24] Edge Extension: (Citavi Picker) - C:\Users\josch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mielbhbkcliienpdicphhecpodcaeefg [2023-11-24] Edge Extension: (AdBlock*– der beste Ad-Blocker) - C:\Users\josch\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ndcileolkflehcjpmjnfbnaibdcgglog [2024-02-25] Edge HKLM-x32\...\Edge\Extension: [caiblelclndcckfafdaggpephhgfpoip] Edge HKLM-x32\...\Edge\Extension: [emgfgdclgfeldebanedpihppahgngnle] Edge HKLM-x32\...\Edge\Extension: [mielbhbkcliienpdicphhecpodcaeefg] FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-01-26] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-02-18] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-01-26] (Microsoft Corporation -> Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\josch\AppData\Local\Google\Chrome\User Data\Default [2024-02-27] CHR Notifications: Default -> hxxps://pomofocus.io CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Extension: (Avira Password Manager) - C:\Users\josch\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2024-02-26] CHR Extension: (Avira Safe Shopping) - C:\Users\josch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2024-02-26] CHR Extension: (Adobe Acrobat: Tools zum Bearbeiten, Konvertieren und Signieren von PDF-Dateien) - C:\Users\josch\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2024-02-23] CHR Extension: (Google Docs Offline) - C:\Users\josch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-24] CHR Extension: (AdBlock*– der beste Ad-Blocker) - C:\Users\josch\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2024-02-21] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\josch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2023-08-17] CHR Extension: (Citavi Picker) - C:\Users\josch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2023-11-24] CHR Extension: (Sci-Hub X Now!) - C:\Users\josch\Downloads\sci-hub-now-master\sci-hub-now-master [2023-08-28] CHR HKU\S-1-5-21-3505320915-1573090934-3906154687-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn] ==================== Dienste (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13779968 2024-02-10] (Microsoft Corporation -> Microsoft Corporation) R2 csc_vpnagent; C:\Program Files (x86)\Cisco\Cisco Secure Client\vpnagent.exe [1224288 2023-06-06] (Cisco Systems, Inc. -> Cisco Systems, Inc.) R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_e75a3d1c39bebe3f\DAX3API.exe [2363432 2023-05-18] (Dolby Laboratories, Inc. -> Dolby Laboratories) R2 DolbyFusionAPI; C:\WINDOWS\System32\DriverStore\FileRepository\fusion_swc_aposvc.inf_amd64_98e9a381707712c6\FusionAPI.exe [815608 2023-03-23] (Dolby Laboratories, Inc. -> Dolby Laboratories) R2 dptftcs; C:\WINDOWS\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_fe21a1d446afa67d\ipfsvc.exe [548528 2023-04-14] (Intel Corporation -> Intel Corporation) R2 EPDService; C:\WINDOWS\System32\EPDService.exe [211528 2022-11-01] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) R2 IBMPMSVC; C:\WINDOWS\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_7b52940a5893ba07\x64\ibmpmsvc.exe [1031024 2023-06-20] (Lenovo -> Lenovo) R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [93896 2022-11-20] (Lenovo -> Lenovo Group Ltd.) S2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_5f98233769cf65a5\AS\IAS\IntelAudioService.exe [539992 2023-06-02] (Intel Corporation -> Intel) R2 IntelCstService; C:\WINDOWS\System32\DriverStore\FileRepository\icst_service.inf_amd64_d30bd471ed01a230\intel_cst_service_standalone.exe [36019464 2022-07-14] (Intel Corporation -> Intel Corporation) R2 ipfsvc; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_a232fd65d8604eb5\ipf_uf.exe [2785952 2023-04-13] (Intel Corporation -> Intel Corporation) R2 LenovoSmartStandby; C:\WINDOWS\System32\DriverStore\FileRepository\smartstandbycomponent.inf_amd64_1a7a38fb4d407c19\SmartStandby.exe [332792 2023-02-03] (Lenovo -> Lenovo) R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe [34176 2023-07-14] (Lenovo -> Lenovo) R2 LenovoVisionService; C:\WINDOWS\System32\DriverStore\FileRepository\lnvvsndmft.inf_amd64_a1a974b0994de01d\LenovoVisionService.exe [565616 2023-10-10] (Lenovo -> Lenovo) S3 LenovoVisionSetupService; C:\WINDOWS\System32\DriverStore\FileRepository\lnvvsndmft.inf_amd64_a1a974b0994de01d\LvfSetupService.exe [36720 2023-10-10] (Lenovo -> Lenovo Group Ltd.) R2 LITSSVC; C:\WINDOWS\System32\DriverStore\FileRepository\litsdrv.inf_amd64_4eda545e0ed970d1\LITSSvc.exe [1083864 2023-10-02] (Lenovo -> Lenovo.) S2 LPlatSvc; C:\WINDOWS\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_7b52940a5893ba07\x64\LPlatSvc.exe [915824 2023-06-20] (Lenovo -> Lenovo) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534592 2023-12-13] (Microsoft Windows Publisher -> Microsoft Corporation) R2 SynHsaService; C:\WINDOWS\System32\DriverStore\FileRepository\synawudfbiousbuwp.inf_amd64_b4553f061288fdeb\SynRpcServer.exe [188352 2023-12-13] (Synaptics Incorporated -> Synaptics Incorporated.) R2 TbtP2pShortcutService; C:\WINDOWS\TbtP2pShortcutService.exe [254088 2021-10-11] (Intel Corporation -> Intel Corporation) R2 TPHKLOAD; C:\WINDOWS\System32\DriverStore\FileRepository\fn.inf_amd64_341d0836121cf573\driver\TPHKLOAD.exe [197496 2024-01-09] (Lenovo -> Lenovo) R2 UDCService; C:\WINDOWS\system32\DRIVERS\Lenovo\udc\Service\UDClientService.exe [72160 2023-11-02] (Lenovo -> Lenovo Group Ltd.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-11] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-11] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Treiber (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R3 acsock; C:\WINDOWS\system32\DRIVERS\acsock64.sys [304088 2023-06-06] (Microsoft Windows Hardware Compatibility Publisher -> Cisco Systems, Inc.) R3 AKCCID; C:\WINDOWS\System32\drivers\AKCCID.sys [115064 2021-07-06] (Alcorlink Corp. -> Generic) S3 CYUSB3; C:\WINDOWS\System32\Drivers\CYUSB3.sys [57912 2021-12-23] (WDKTestCert FlyX,132817871662226341 -> Cypress Semiconductor) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) R3 EPD; C:\WINDOWS\System32\drivers\EPD.sys [162368 2022-11-01] (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) R3 iaLPSS2_GPIO2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys [150616 2022-10-18] (Intel Corporation -> Intel Corporation) R3 iaLPSS2_I2C_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys [220224 2022-10-18] (Intel Corporation -> Intel Corporation) R3 IBMPMDRV; C:\WINDOWS\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_7b52940a5893ba07\x64\ibmpmdrv.sys [56128 2023-06-20] (Lenovo -> Lenovo) R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_5d49b801c1e48609\IntcUSB.sys [941976 2023-06-02] (Intel Corporation -> Intel(R) Corporation) R3 ipf_acpi; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_acpi.inf_amd64_3e77ea8ce8c01463\ipf_acpi.sys [88784 2023-04-13] (Intel Corporation -> Intel Corporation) R3 ipf_cpu; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_a232fd65d8604eb5\ipf_cpu.sys [82080 2023-04-13] (Intel Corporation -> Intel Corporation) R3 ipf_lf; C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_a232fd65d8604eb5\ipf_lf.sys [446112 2023-04-13] (Intel Corporation -> Intel Corporation) R3 MpKslb73e6a37; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AE9A11CD-AC65-494B-A783-379C05DF055D}\MpKslDrv.sys [272664 2024-02-27] (Microsoft Windows -> Microsoft Corporation) R1 PMDRVS; C:\WINDOWS\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_7b52940a5893ba07\x64\pmdrvs.sys [41792 2023-06-20] (Lenovo -> Lenovo) R3 rtu53cx22x64; C:\WINDOWS\System32\DriverStore\FileRepository\rtu53cx22x64.inf_amd64_841b1dac10ff931f\rtu53cx22x64.sys [1083264 2023-08-02] (Realtek Semiconductor Corp. -> Realtek Corporation) S3 rtump64x64; C:\WINDOWS\System32\drivers\rtump64x64.sys [1238416 2023-05-17] (Realtek Semiconductor Corp. -> Realtek Corporation) S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [54176 2023-06-06] (Microsoft Windows Hardware Compatibility Publisher -> Cisco Systems, Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-11] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-11] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-11] (Microsoft Windows -> Microsoft Corporation) R3 WiManHu; C:\WINDOWS\System32\DriverStore\FileRepository\wiman.inf_amd64_f8dbb140e86553d1\WiManHu\WiManHu.sys [212032 2022-12-20] (Intel Corporation -> Intel Corporation) S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) ========= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2024-02-27 10:50 - 2024-02-27 10:51 - 000000000 ____D C:\Users\josch\OneDrive\Dokumente\FRST_160224 (3) 2024-02-27 10:50 - 2024-02-27 10:50 - 003504843 _____ C:\Users\josch\OneDrive\Dokumente\FRST_160224 (3).zip 2024-02-27 10:49 - 2024-02-27 10:49 - 000000000 ____D C:\Users\josch\AppData\Local\Microsoft_Corporation 2024-02-27 10:45 - 2024-02-27 10:45 - 000082432 ____H C:\Users\josch\Desktop\.sync_journal.db-wal 2024-02-27 10:45 - 2024-02-27 10:45 - 000032768 ____H C:\Users\josch\Desktop\.sync_journal.db-shm 2024-02-27 10:45 - 2024-02-27 10:45 - 000000448 __RSH C:\ProgramData\ntuser.pol 2024-02-27 10:34 - 2024-02-27 10:34 - 003504843 _____ C:\Users\josch\OneDrive\Dokumente\FRST_160224 (2).zip 2024-02-27 10:34 - 2024-02-27 10:34 - 000000000 ____D C:\Users\josch\OneDrive\Dokumente\FRST_160224 (2) 2024-02-27 10:27 - 2024-02-27 10:45 - 000000000 ____D C:\Program Files (x86)\Avira 2024-02-27 10:27 - 2024-02-27 10:27 - 000723674 _____ C:\WINDOWS\system32\perfh007.dat 2024-02-27 10:27 - 2024-02-27 10:27 - 000149714 _____ C:\WINDOWS\system32\perfc007.dat 2024-02-26 22:45 - 2024-02-26 22:45 - 000000000 ____D C:\Users\josch\AppData\Local\CrashDumps 2024-02-26 11:07 - 2024-02-27 10:51 - 000000000 ____D C:\FRST 2024-02-26 11:07 - 2024-02-26 11:09 - 000000000 ____D C:\Users\josch\OneDrive\Dokumente\FRST_160224 2024-02-26 11:05 - 2024-02-26 11:06 - 003504843 _____ C:\Users\josch\OneDrive\Dokumente\FRST_160224.zip 2024-02-26 11:05 - 2024-02-26 11:05 - 005331520 _____ (CHIP Digital GmbH) C:\Users\josch\Downloads\Farbar Recovery Scan Tool (HijackThis Alternative) - CHIP Installer _7Wdnp.exe 2024-02-26 10:54 - 2024-02-26 10:54 - 000000000 ____D C:\Users\josch\AppData\Local\mbam 2024-02-26 10:46 - 2024-02-26 10:48 - 000000000 ____D C:\AdwCleaner 2024-02-26 10:40 - 2024-02-26 10:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Avira 2024-02-26 10:13 - 2024-02-26 10:13 - 003611856 _____ (RCS LT) C:\Users\josch\Downloads\CCSetup.exe 2024-02-26 09:55 - 2024-02-26 09:55 - 000000000 ____D C:\Users\Public\Security Sessions 2024-02-26 09:51 - 2024-02-27 10:39 - 011540704 _____ C:\WINDOWS\system32\rtp.db 2024-02-26 09:51 - 2024-02-26 09:51 - 000000000 ____D C:\WINDOWS\SysWOW64\statReporter 2024-02-26 09:51 - 2024-02-26 09:51 - 000000000 ____D C:\Users\josch\AppData\Local\AviraWebView2Cache 2024-02-26 09:50 - 2024-02-26 09:55 - 000000000 ____D C:\Users\josch\AppData\Local\Avira 2024-02-26 09:49 - 2024-02-26 09:49 - 006768568 _____ (Avira Operations GmbH) C:\Users\josch\Downloads\avira_de_sptl1_841437658-1708937354__adwav.exe 2024-02-23 11:48 - 2024-02-23 11:48 - 000137460 _____ C:\Users\josch\Downloads\Things to Do in Yosemite Valley _ Yosemite Valley Attractions & Activities.jfif 2024-02-22 11:45 - 2024-02-22 11:45 - 002631335 _____ C:\Users\josch\Downloads\evaluierung-der-prioritaetsachse-4-nachhaltige-stadtentwicklung-zwischenbericht.pdf 2024-02-21 13:27 - 2024-02-21 13:27 - 000758253 _____ C:\Users\josch\Downloads\massnahmenuebersicht_stand_15-03-2023.pdf 2024-02-21 13:27 - 2024-02-21 13:27 - 000332043 _____ C:\Users\josch\Downloads\antragsformular-173baugb_stand_16-05-2023.pdf 2024-02-18 10:57 - 2024-02-18 10:57 - 000000000 ____D C:\Program Files\Common Files\DESIGNER 2024-02-14 20:08 - 2024-02-14 20:08 - 000106084 _____ C:\Users\josch\Downloads\175153-1670-MDL-CRP.webp 2024-02-14 10:42 - 2024-02-14 10:42 - 000019222 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json 2024-02-14 10:42 - 2024-02-14 10:42 - 000019222 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json 2024-02-12 18:03 - 2024-02-12 18:03 - 000000000 ____D C:\Users\josch\AppData\Roaming\Microsoft\MMC 2024-02-12 18:02 - 2024-02-12 18:02 - 000183255 _____ C:\Users\josch\Downloads\viewlabel.pdf 2024-02-09 10:15 - 2024-02-27 10:50 - 000000004 _____ C:\Users\josch\AppData\Local\rootCert_lock.pfx 2024-02-09 10:15 - 2024-02-09 10:15 - 021140204 _____ C:\Users\josch\AppData\Roaming\Microsoft\e67632589e090e4c2494326c50ab5c8c 2024-02-09 10:15 - 2024-02-09 10:15 - 000002536 _____ C:\Users\josch\AppData\Local\WindowsUpdateCertificate.pfx 2024-02-09 10:11 - 2024-02-09 10:11 - 000004024 _____ C:\WINDOWS\system32\Tasks\Enable-DAManualEntryPointSelection_QoS 2024-02-09 10:10 - 2024-02-09 10:10 - 000005808 _____ C:\Users\josch\Downloads\Update (1).js 2024-02-09 10:09 - 2024-02-09 10:09 - 000005808 _____ C:\Users\josch\Downloads\Update.js 2024-02-07 16:50 - 2024-02-14 15:33 - 000775691 _____ C:\Users\josch\Desktop\acrefore-9780190625979-e-829.pdf 2024-02-07 16:33 - 2024-02-07 16:33 - 000751940 _____ C:\Users\josch\Downloads\HousingPolicyAndAffordableHousing_preview.pdf 2024-02-07 15:47 - 2024-02-07 15:47 - 000581207 _____ C:\Users\josch\Downloads\10.2202_1935-1682.2613 (2).pdf 2024-02-07 15:47 - 2024-02-07 15:47 - 000172846 _____ C:\Users\josch\Downloads\395 (1).pdf 2024-02-07 15:46 - 2024-02-07 15:46 - 000581207 _____ C:\Users\josch\Downloads\10.2202_1935-1682.2613.pdf 2024-02-07 15:46 - 2024-02-07 15:46 - 000581207 _____ C:\Users\josch\Downloads\10.2202_1935-1682.2613 (1).pdf 2024-02-07 15:46 - 2024-02-07 15:46 - 000172846 _____ C:\Users\josch\Downloads\395.pdf 2024-02-07 11:35 - 2024-02-07 11:35 - 000183061 _____ C:\Users\josch\Downloads\uniqloeu_label_743592885001.pdf 2024-02-06 11:43 - 2023-10-16 14:05 - 002589851 _____ C:\Users\josch\Desktop\1 MPA.pdf 2024-02-06 11:29 - 2024-02-06 11:29 - 000478547 _____ C:\Users\josch\Desktop\condo conversion.pdf 2024-02-05 20:12 - 2024-02-05 20:11 - 000139885 _____ C:\Users\josch\Desktop\QSBT-2024-Call_for_Workshops.pdf 2024-02-05 20:11 - 2024-02-05 20:11 - 000139885 _____ C:\Users\josch\Downloads\QSBT-2024-Call_for_Workshops.pdf 2024-02-02 12:03 - 2024-02-02 12:03 - 000058648 _____ C:\Users\josch\Downloads\2023-12-netcologne-13861365-rgn-internet_telefon.pdf 2024-01-30 15:57 - 2024-02-27 10:42 - 000937984 ____H C:\Users\josch\Desktop\.sync_journal.db 2024-01-30 12:40 - 2024-01-30 12:40 - 000024817 _____ C:\Users\josch\Downloads\Rücksendezentrum.pdf 2024-01-30 11:57 - 2024-01-30 15:58 - 000000000 ___SD C:\Users\josch\sciebo - Reiners, Joscha (jreiner3@uni-koeln.de)@uni-koeln.sciebo.de (2) 2024-01-30 11:56 - 2024-01-30 11:57 - 000000000 ___SD C:\Users\josch\sciebo - Reiners, Joscha (jreiner3@uni-koeln.de)@uni-koeln.sciebo.de 2024-01-30 11:56 - 2024-01-30 11:56 - 000000000 ____D C:\Users\josch\AppData\Local\sciebo 2024-01-30 11:53 - 2024-02-27 10:45 - 000000000 ____D C:\Users\josch\AppData\Roaming\sciebo 2024-01-30 11:51 - 2024-01-30 11:51 - 021966848 _____ C:\Users\josch\Downloads\sciebo-5.2.1.13074.x64.msi 2024-01-30 11:51 - 2024-01-30 11:51 - 000001855 _____ C:\Users\Public\Desktop\sciebo.lnk 2024-01-30 11:51 - 2024-01-30 11:51 - 000001003 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sciebo.lnk 2024-01-30 11:51 - 2024-01-30 11:51 - 000000000 ____D C:\Program Files\sciebo 2024-01-29 13:24 - 2024-01-29 13:24 - 001939483 _____ C:\Users\josch\Downloads\AnyScanner_01_29_2024.pdf ==================== Ein Monat (geänderte) ================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2024-02-27 10:50 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp 2024-02-27 10:49 - 2023-08-17 09:47 - 000000000 ____D C:\Users\josch\AppData\Local\D3DSCache 2024-02-27 10:47 - 2023-08-17 13:10 - 000000000 ____D C:\Program Files (x86)\Google 2024-02-27 10:45 - 2023-09-28 16:22 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2024-02-27 10:45 - 2023-08-29 09:24 - 000000000 ____D C:\Users\josch\AppData\Roaming\Slack 2024-02-27 10:45 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2024-02-27 10:45 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState 2024-02-27 10:45 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2024-02-27 10:45 - 2021-10-27 18:15 - 000012288 ___SH C:\DumpStack.log.tmp 2024-02-27 10:42 - 2022-05-07 06:17 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2024-02-27 10:39 - 2022-05-07 06:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2024-02-27 10:37 - 2023-09-28 16:17 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2024-02-27 10:32 - 2023-08-17 13:10 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2024-02-27 10:32 - 2023-08-17 13:10 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2024-02-27 10:27 - 2023-09-28 16:22 - 001662892 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2024-02-27 10:27 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF 2024-02-27 09:20 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness 2024-02-26 23:31 - 2023-08-17 09:48 - 000000000 ____D C:\Users\josch\AppData\Roaming\Microsoft\Word 2024-02-26 23:28 - 2023-09-28 16:17 - 000471496 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2024-02-26 23:27 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData 2024-02-26 23:12 - 2023-08-30 16:30 - 000000000 ____D C:\Users\josch\AppData\Roaming\Microsoft\Excel 2024-02-26 14:15 - 2023-09-07 15:54 - 000000000 ____D C:\Users\josch\AppData\Roaming\RStudio 2024-02-26 14:15 - 2023-09-07 15:54 - 000000000 ____D C:\Users\josch\AppData\Local\RStudio 2024-02-26 14:13 - 2023-08-17 09:45 - 000000000 ____D C:\Users\josch\Desktop\Master Economic Research 2024-02-26 10:14 - 2023-08-18 19:37 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2024-02-26 09:49 - 2023-09-28 16:18 - 000000000 ____D C:\Users\josch 2024-02-26 09:24 - 2022-12-02 07:28 - 000000000 ____D C:\WINDOWS\TempInst 2024-02-25 22:30 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps 2024-02-25 21:32 - 2021-10-27 18:15 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2024-02-25 12:04 - 2023-11-29 16:46 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task 2024-02-25 12:04 - 2023-11-29 16:46 - 000002080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk 2024-02-25 12:04 - 2023-11-29 16:46 - 000002068 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk 2024-02-24 02:00 - 2023-09-28 16:22 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2024-02-24 02:00 - 2023-09-28 16:22 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2024-02-22 20:42 - 2023-11-06 18:55 - 000000000 ___HD C:\Users\josch\AppData\Local\ESRI_Licensing 2024-02-21 16:22 - 2023-08-17 09:48 - 000000000 ____D C:\Users\josch\AppData\Roaming\Microsoft\Office 2024-02-20 16:42 - 2023-08-17 09:43 - 000000000 ____D C:\Users\josch\AppData\Local\Packages 2024-02-19 15:49 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\NDF 2024-02-19 11:33 - 2023-08-31 09:23 - 000001434 _____ C:\Users\josch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grammarly.lnk 2024-02-19 11:33 - 2023-08-31 09:23 - 000001426 _____ C:\Users\josch\Desktop\Grammarly.lnk 2024-02-19 11:33 - 2023-08-31 09:10 - 000000000 ____D C:\Users\josch\AppData\Local\Grammarly 2024-02-18 10:56 - 2023-08-17 10:29 - 000000000 ____D C:\Program Files\Microsoft Office 2024-02-15 10:17 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2024-02-14 19:40 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\USOPrivate 2024-02-14 16:15 - 2023-08-17 09:40 - 000000000 ___SD C:\Users\josch\AppData\Roaming\Microsoft\Credentials 2024-02-14 16:13 - 2023-09-28 16:17 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK 2024-02-14 16:11 - 2023-10-19 17:38 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView 2024-02-14 16:11 - 2022-05-07 11:39 - 000000000 ___SD C:\WINDOWS\system32\AppV 2024-02-14 16:11 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2024-02-14 16:11 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS 2024-02-14 16:11 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2024-02-14 16:11 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2024-02-14 16:11 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources 2024-02-14 16:11 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2024-02-14 16:11 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm 2024-02-14 16:11 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup 2024-02-14 16:11 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2024-02-14 16:11 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe 2024-02-14 16:11 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\appraiser 2024-02-14 16:11 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ShellComponents 2024-02-14 16:11 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\Provisioning 2024-02-14 16:11 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2024-02-14 16:11 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\BrowserCore 2024-02-14 16:11 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr 2024-02-14 10:48 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp 2024-02-14 10:47 - 2023-08-17 12:06 - 000000000 ____D C:\WINDOWS\system32\MRT 2024-02-14 10:44 - 2023-08-17 12:06 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2024-02-14 10:42 - 2023-09-28 16:21 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2024-02-13 17:08 - 2024-01-24 17:25 - 000010001 _____ C:\Users\josch\Desktop\Expenses Vietnam.xlsx 2024-02-07 17:14 - 2023-10-23 16:36 - 000129342 ____H C:\Users\josch\Desktop\~WRL0004.tmp 2024-02-07 13:50 - 2023-10-23 16:36 - 000117163 ____H C:\Users\josch\Desktop\~WRL0003.tmp 2024-02-05 19:50 - 2023-08-29 09:24 - 000000000 ____D C:\Users\josch\AppData\Local\slack 2024-02-05 19:49 - 2023-08-29 09:24 - 000002214 _____ C:\Users\josch\Desktop\Slack.lnk 2024-02-05 19:49 - 2023-08-29 09:24 - 000000000 ____D C:\Users\josch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies Inc 2024-02-02 18:34 - 2023-11-28 11:05 - 000755130 _____ C:\Users\josch\Desktop\chapple-et-al-2022-the-role-of-local-housing-policies-in-preventing-displacement-a-literature-review.pdf 2024-02-01 14:14 - 2023-09-28 16:22 - 000004002 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA{EE0C899A-1FC2-4A61-954C-23E510D3A277} 2024-02-01 14:14 - 2023-09-28 16:22 - 000003878 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore{3CD978E8-E034-4861-91E1-B762F48B85BD} 2024-01-30 21:07 - 2023-08-17 09:44 - 000002357 _____ C:\Users\josch\Desktop\Microsoft Edge.lnk 2024-01-30 16:05 - 2023-08-17 09:45 - 000000000 ____D C:\Users\josch\Desktop\Siegloch Masterarbeit 2024-01-30 16:04 - 2024-01-26 17:25 - 000000000 ____D C:\Users\josch\Desktop\Shapefiles Siegloch 2024-01-30 15:57 - 2023-10-16 14:03 - 000000000 ____D C:\Users\josch\Desktop\1 Literature 2024-01-30 14:34 - 2023-08-17 09:45 - 000000000 __RSD C:\Users\josch\Dokumente 2024-01-30 12:46 - 2023-09-06 15:02 - 000000000 ____D C:\Program Files\QGIS 3.32.2 2024-01-29 09:45 - 2022-05-07 06:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======== 2024-02-09 10:15 - 2024-02-09 10:15 - 021140204 _____ () C:\Users\josch\AppData\Roaming\Microsoft\e67632589e090e4c2494326c50ab5c8c 2024-02-09 10:15 - 2024-02-27 10:50 - 000000004 _____ () C:\Users\josch\AppData\Local\rootCert_lock.pfx 2024-02-09 10:15 - 2024-02-09 10:15 - 000002536 _____ () C:\Users\josch\AppData\Local\WindowsUpdateCertificate.pfx ==================== SigCheck ============================ (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) ==================== Ende von FRST.txt ======================== |
Themen zu Trojaner memorybuffer.e3bcfda800a? |
avira, blockiert, frage, google, helper, hijack, hijackthis, homepage, installation, internet, malware, malware entfernen, mozilla, prozess, prozesse, realtek, registry, rundll, scan, schutz, security, software, svchost.exe, trojaner, updates, windows |