Windows 10: PUA/DownloadSponsor entfernen

raphaelk · 27.09.2024, 15:46

Hallo zusammen,

mein Cousin hat mich gebeten, ein Virus von seinem PC zu entfernen, da er sich über den Virenscanner nicht entfernen lässt.

Er hat ihn sich wohl eingefangen, als er sich etwas bei Chip heruntergeladen hat. Zudem meint er das ggf. auch seine externe Festplatte/n infiziert sind.

Leider konnte ich den Virus trotz einiger Recherchen und befolgen folgender Anleitung nicht entfernen.
https://anleitung.trojaner-board.de/puadownloadsponsor-gen-entfernen_330

Aus diesem Grund bitte ich hier um Hilfe die Adware zu entfernen. Ggf. könnt ihr mir in dem Zusammenhang auch helfen oder Tipps geben, wie ich prüfen kann ob der Rechner bzw. die externen Festplatten sauber sind.

FRST.txt

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2024
durchgeführt von lukas (Administrator) auf DESKTOP-0FD6U7K (Acer Spin SP513-51) (27-09-2024 16:29:17)
Gestartet von C:\Users\lukas\Downloads\FRST64.exe
Geladene Profile: lukas
Plattform: Microsoft Windows 10 Home Version 22H2 19045.4842 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\lukas\AppData\Local\Microsoft\OneDrive\24.171.0825.0002\Microsoft.SharePoint.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <30>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxEM.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) CN -> Intel Corporation) C:\WINDOWS\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\IntelCpHeciSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\msiexec.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe
(services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(svchost.exe ->) (Acer Incorporated -> ) C:\OEM\Preload\FubTool\FubTool.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\backup\3C34117B-D5AB-421F-9628-63CD899224E3\OfficeC2RClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2406.13.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.4840_none_7de2e3147cada334\TiWorker.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16709128 2016-10-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-10-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtkMbSvTool.exe] => C:\Program Files\Realtek\Audio\HDA\RtkMbSvTool.exe [2026464 2016-11-11] (Realtek Semiconductor Corp. -> TODO: <Company name>)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\lukas\AppData\Local\Microsoft\Teams\Update.exe [2454240 2021-08-06] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (Keine Datei)
HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe  --app-fallback-url=hxxps://www.disneyplus.com/ --app-id=mbjafbmjpcimpkkihihoideiofnoalmh --display-mode=minimal-ui --ip-aumid=Disney.37853 (Der Dateneintrag hat 178 weitere Zeichen). [3798464 2024-09-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\lukas\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (Keine Datei)
HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\lukas\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" [70969872 2024-09-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\...\RunOnce: [Uninstall 24.161.0811.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\lukas\AppData\Local\Microsoft\OneDrive\24.161.0811.0001" [0 2024-09-27] () <==== ACHTUNG [Null Byte Datei/Ordner]
HKLM\...\Windows x64\Print Processors\Canon MG5200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAE.DLL [28672 2010-08-25] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5200 series: C:\WINDOWS\system32\CNMLMAE.DLL [361472 2010-08-25] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {D149E61A-3B28-4B10-989E-8116B45D0566} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe  -> C:\Program Files (x86)\Acer\AOP Framework\\task
Task: {E13FE8AD-C3A2-4407-8805-D92BF7E9DADA} - System32\Tasks\FubToolByPLD => C:\OEM\Preload\FubTool\FubTool.exe [30976 2015-05-14] (Acer Incorporated -> )
Task: {9B29E88E-1C2C-4B65-AFF8-D91A3CC3446E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {C3D86DCE-11AB-4C25-A38E-8CDDABF49C8B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28605656 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {8A2D6296-0DFC-48A0-975F-34B0B0EF9FAB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28605656 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {55D15D87-3E93-47C6-8E13-7C16DB80404E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222872 2024-09-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {E06F5FCE-D2D4-45A0-9F16-DCF90DDC0D5B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222872 2024-09-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {275B1062-923E-49C1-982A-68B47666A89E} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4464024 2024-08-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {B13FD857-EB96-4F03-BDAE-4815F85D92CF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [71368 2024-09-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {13064E4B-E8AD-4610-B183-66565AFDFD4B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EC7EB29E-8AFC-4F7A-AC2D-0EA230577589} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2940C243-C21A-4137-86CC-335FC6F22BD4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E9E7E5F2-DAD6-4EEB-8CEA-267834ED96AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {100191A5-D33E-43C0-81C5-2B33B9DD5DE9} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [672328 2024-09-06] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {B1BE498D-6484-4B4F-85A5-9AF6987B9A93} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [34376 2024-09-06] (Mozilla Corporation -> Mozilla Foundation)
Task: {2B21EDD3-228E-48DC-86C6-A65AEF22AE99} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [473904 2016-09-13] (Acer Incorporated -> Acer Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ccb67769-ecf5-4e7c-a80c-000707f16eaf}: [DhcpNameServer] 172.18.128.24
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}: [DhcpDomain] lan
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}\35569666562747: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}\35569666562747: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}\75C414E4D2130353034343: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}\75C414E4D2130353034343: [DhcpDomain] speedport.ip
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}\960586F6E656021313022456368647C656: [DhcpNameServer] 172.20.10.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\lukas\AppData\Local\Microsoft\Edge\User Data\Default [2024-09-27]
Edge Extension: (Google Docs Offline) - C:\Users\lukas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-09-06]
Edge Extension: (Edge relevant text changes) - C:\Users\lukas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-26]

FireFox:
========
FF DefaultProfile: ppdtvhm1.default
FF ProfilePath: C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ppdtvhm1.default [2024-09-27]
FF Homepage: Mozilla\Firefox\Profiles\ppdtvhm1.default -> hxxps://www.bing.com/?PC=B441
FF Notifications: Mozilla\Firefox\Profiles\ppdtvhm1.default -> hxxps://va.check-tl-ver-176-3.com; hxxps://cqbamvu071bc73d0c460.baseauthenticity.co.in
FF Extension: (German Dictionary, extended for Austria) - C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ppdtvhm1.default\Extensions\de-AT@dictionaries.addons.mozilla.org.xpi [2024-06-26]
FF Extension: (German Dictionary (Switzerland)) - C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ppdtvhm1.default\Extensions\de-CH@dictionaries.addons.mozilla.org.xpi [2024-06-26]
FF Extension: (German Dictionary) - C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ppdtvhm1.default\Extensions\de-DE@dictionaries.addons.mozilla.org.xpi [2024-06-26]
FF Extension: (Language: Deutsch (German)) - C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ppdtvhm1.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2024-09-06]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-08-31] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14042808 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe [1427024 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [22384 2023-11-18] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe [3199648 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe [133704 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated -> Acer Incorporated)
R3 MpKslb139ef56; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A616F2DC-F4CD-4BDE-AD04-9499FA6A0275}\MpKslDrv.sys [267552 2024-09-27] (Microsoft Windows -> Microsoft Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated -> Acer Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-09-06] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602504 2024-09-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2024-09-06] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2024-09-27 16:29 - 2024-09-27 16:30 - 000018538 _____ C:\Users\lukas\Downloads\FRST.txt
2024-09-27 16:28 - 2024-09-27 16:28 - 002397696 _____ (Farbar) C:\Users\lukas\Downloads\FRST64.exe
2024-09-27 16:19 - 2024-09-27 16:19 - 000000000 ___HD C:\$WinREAgent
2024-09-07 12:27 - 2024-09-07 12:27 - 000002557 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk
2024-09-07 10:34 - 2024-09-07 10:34 - 106168320 _____ C:\WINDOWS\system32\config\SOFTWARE
2024-09-06 14:12 - 2024-09-07 09:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-09-06 14:02 - 2024-09-27 16:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2024-09-06 14:02 - 2024-09-06 14:06 - 000000000 ____D C:\AdwCleaner
2024-09-06 13:54 - 2024-09-06 13:54 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2024-09-06 13:51 - 2024-09-27 16:29 - 000000000 ____D C:\FRST
2024-09-06 12:04 - 2024-09-06 12:04 - 000000000 ____D C:\Program Files\RUXIM
2024-09-06 11:53 - 2024-09-06 11:53 - 000000000 ____D C:\Users\lukas\Documents\SOLIDWORKS Downloads
2024-09-06 11:49 - 2024-09-06 11:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\Oem
2024-09-06 11:47 - 2024-09-06 11:47 - 000000000 ____D C:\Users\lukas\AppData\Local\IIIQF
2024-09-06 11:45 - 2024-09-06 11:45 - 000000337 _____ C:\UBT_UninstallLog.txt
2024-09-06 11:38 - 2024-09-06 11:38 - 000000000 ____D C:\Users\lukas\Mobile Uploads

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2024-09-27 16:29 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-09-27 16:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-09-27 16:28 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-09-27 16:24 - 2021-12-19 23:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-09-27 16:24 - 2020-10-29 11:38 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-09-27 16:24 - 2020-10-29 11:38 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-09-27 16:23 - 2022-02-18 19:17 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-09-27 16:23 - 2017-03-08 02:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-09-27 16:20 - 2021-12-11 15:00 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3665627448-2874417480-1659816315-1001
2024-09-27 16:20 - 2021-04-15 09:53 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3665627448-2874417480-1659816315-1001
2024-09-27 16:20 - 2021-04-15 09:48 - 000002403 _____ C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-09-27 16:20 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2024-09-27 16:19 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-09-27 16:16 - 2021-04-15 09:53 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-09-27 16:16 - 2021-04-15 09:53 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-09-27 16:16 - 2020-10-02 20:30 - 000000000 __SHD C:\Users\lukas\IntelGraphicsProfiles
2024-09-07 22:00 - 2021-04-15 09:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-09-07 10:34 - 2024-07-24 17:05 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2024-09-07 09:39 - 2021-04-15 09:57 - 001722792 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-09-07 09:39 - 2019-12-07 16:50 - 000744968 _____ C:\WINDOWS\system32\perfh007.dat
2024-09-07 09:39 - 2019-12-07 16:50 - 000150354 _____ C:\WINDOWS\system32\perfc007.dat
2024-09-07 09:35 - 2021-04-15 09:46 - 000008192 ___SH C:\DumpStack.log.tmp
2024-09-07 09:34 - 2021-04-15 09:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-09-07 09:34 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-09-07 09:34 - 2017-03-08 02:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-09-07 09:33 - 2019-12-07 11:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2024-09-07 09:13 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-09-06 14:08 - 2021-08-29 19:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-09-06 14:08 - 2017-03-08 02:36 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-09-06 14:06 - 2020-10-02 17:08 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-09-06 14:06 - 2017-03-08 02:35 - 000000000 ____D C:\ProgramData\Acer
2024-09-06 12:47 - 2021-04-15 09:46 - 000436480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\schemas
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-09-06 12:34 - 2021-04-15 09:47 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-09-06 12:17 - 2020-10-02 16:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-09-06 12:07 - 2020-10-19 13:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-09-06 12:05 - 2020-10-19 13:10 - 197093640 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-09-06 11:59 - 2020-10-02 20:30 - 000000000 ____D C:\Users\lukas\AppData\Local\Packages
2024-09-06 11:56 - 2020-10-29 11:15 - 000000000 ____D C:\Program Files\Common Files\SOLIDWORKS Shared
2024-09-06 11:51 - 2024-07-21 14:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2024-09-06 11:51 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-09-06 11:51 - 2017-03-08 02:37 - 000000000 ____D C:\ProgramData\Norton
2024-09-06 11:49 - 2017-03-08 02:35 - 000000000 ____D C:\Program Files (x86)\Acer
2024-09-06 11:45 - 2017-03-08 02:35 - 000000000 ____D C:\ProgramData\OEM
2024-09-06 11:45 - 2017-03-08 02:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2024-09-06 11:44 - 2020-10-13 09:24 - 000000000 ____D C:\Users\lukas\AppData\Local\OEM
2024-09-06 11:42 - 2020-10-02 17:12 - 000000000 ___HD C:\OEM
2024-09-06 11:38 - 2021-04-15 09:48 - 000000000 ____D C:\Users\lukas
2024-09-06 11:35 - 2020-10-19 13:14 - 000000000 ____D C:\Users\lukas\AppData\Local\D3DSCache

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2022-01-11 18:48 - 2022-01-11 18:53 - 000000000 _____ () C:\Users\lukas\AppData\Local\Temptable.xml

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================

Addition.txt

Code:

ATTFilter

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 16-09-2024
durchgeführt von lukas (27-09-2024 16:30:57)
Gestartet von C:\Users\lukas\Downloads
Microsoft Windows 10 Home Version 22H2 19045.4842 (X64) (2021-04-15 07:53:42)
Start-Modus: Normal
==========================================================


==================== Konten: =============================


(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

Administrator (S-1-5-21-3665627448-2874417480-1659816315-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3665627448-2874417480-1659816315-503 - Limited - Disabled)
Gast (S-1-5-21-3665627448-2874417480-1659816315-501 - Limited - Disabled)
lukas (S-1-5-21-3665627448-2874417480-1659816315-1001 - Administrator - Enabled) => C:\Users\lukas
WDAGUtilityAccount (S-1-5-21-3665627448-2874417480-1659816315-504 - Limited - Disabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Norton Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Disabled - Out of date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AV: Norton Security (Disabled - Out of date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Disabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton Security (Disabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
FW: Norton Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Intel(R) Chipset Device Software (HKLM\...\{3AAD3A73-0D6A-4EFE-93FC-7719DC6C89E4}) (Version: 10.1.1.37 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1025 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{4EB05024-F740-48CF-B9B0-62A041E22D5C}) (Version: 1.0.0.0 - Intel Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{DD04783C-E206-46DB-97A7-1155B1C76038}) (Version: 11.6.0.1025 - Intel Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4526 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{EC883E72-01ED-4DED-AA46-9162C34A7D4F}) (Version: 30.100.1633.03 - Intel Corporation) Hidden
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel(R) Corporation) Hidden
Intel® Trusted Connect Service Client (HKLM\...\{75FE588B-F158-4BB3-A283-A8D18E522A52}) (Version: 1.43.301.1 - Intel Corporation) Hidden
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.17928.20156 - Microsoft Corporation)
Microsoft 365 Apps for Enterprise - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 16.0.17928.20156 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 129.0.2792.52 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 129.0.2792.52 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\...\OneDriveSetup.exe) (Version: 24.171.0825.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\...\Teams) (Version: 1.4.00.19572 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{1FC1A6C2-576E-489A-9B4A-92D21F542136}) (Version: 3.74.0.0 - Microsoft Corporation)
Microsoft VC++ redistributables repacked. (HKLM\...\{B409944C-1493-4B0D-A92C-2CE3C5F5F289}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft VC++ redistributables repacked. (HKLM-x32\...\{0E8D087B-5654-4010-AF4D-DE1250B8C1EB}) (Version: 12.0.0.0 - Intel Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) (HKLM\...\{90120064-0070-0000-0000-4000000FF1CE}) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (HKLM\...\{90F60409-7000-11D3-8CFE-0150048383C9}) (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) German (HKLM\...\{90F60407-7000-11D3-8CFE-0150048383C9}) (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.16.27012 (HKLM-x32\...\{67f67547-9693-4937-aa13-56e296bd40f6}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual C++ 2017 X64 Additional Runtime - 14.16.27012 (HKLM\...\{DF5B1280-A057-4536-9D03-3BCAA0D4C6F0}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 X64 Minimum Runtime - 14.16.27012 (HKLM\...\{3ECD99CB-EDAF-45DA-AD9C-2C4875F375FB}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 X86 Additional Runtime - 14.16.27012 (HKLM-x32\...\{DD6BC8D7-4582-4677-BAAC-4AB933E6C315}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2017 X86 Minimum Runtime - 14.16.27012 (HKLM-x32\...\{7B77DE7F-5219-435E-9CE1-FC77F1D4CCAD}) (Version: 14.16.27012 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 (HKLM-x32\...\{ab213ab7-4792-4c6f-a3fa-8485d06c3475}) (Version: 14.0.23829 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2015 Finalizer (HKLM-x32\...\{F93E37BD-4053-37CA-A7BB-A5B74508006C}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 x64 Hosting Support (HKLM\...\{A8C30947-7C1B-3A31-8FD8-CEC6D3357D34}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Microsoft Visual Studio Tools for Applications 2015 x86 Hosting Support (HKLM-x32\...\{11A9EF3E-6616-31B1-82BC-1080366FA34D}) (Version: 14.0.23829 - Microsoft Corporation) Hidden
Mozilla Firefox (x64 en-US) (HKLM\...\Mozilla Firefox 130.0 (x64 en-US)) (Version: 130.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 130.0.0.2283 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.17928.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.17928.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.17928.20156 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0407-0000-0000000FF1CE}) (Version: 16.0.17928.20156 - Microsoft Corporation) Hidden
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10388 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.278 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7954 - Realtek Semiconductor Corp.)
Sky Go 23.5.1.0 (HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\...\com.bskyb.skygoplayer_is1) (Version: 23.5.1.0 - Sky)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{85C69797-7336-4E83-8D97-32A7C8465A3B}) (Version: 8.94.0.0 - Microsoft Corporation)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)

Packages:
=========

Disney+ -> C:\Program Files\WindowsApps\Disney.37853FC22B2CE_2024.3.211.0_neutral__6rarf9sa4v8jt [2024-07-21] (Disney)
iTunes -> C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa [2024-05-24] (Apple Inc.) [Startup Task]
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-01-31] (Microsoft Corporation)
Microsoft Teams (work or school) -> C:\Program Files\WindowsApps\MSTeams_23306.3315.2560.6525_x64__8wekyb3d8bbwe [2023-12-08] (Microsoft) [Startup Task]
MPEG-2-Videoerweiterung -> C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.61931.0_x64__8wekyb3d8bbwe [2024-03-02] (Microsoft Corporation)
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_7.0.8.0_neutral__mcm4njqhnhss8 [2024-07-19] (Netflix, Inc.)
Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.160.0_x64__pwbj9vvecjh7j [2024-09-06] (Amazon Development Centre (London) Ltd)
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.245.454.0_x64__zpdnekdrzrea0 [2024-09-06] (Spotify AB) [Startup Task]
Websuche von Microsoft Bing -> C:\Program Files\WindowsApps\Microsoft.BingSearch_1.0.95.0_x64__8wekyb3d8bbwe [2024-07-24] (Microsoft Corporation)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3665627448-2874417480-1659816315-1001_Classes\CLSID\{04271989-C4D2-A8E1-8570-AF100347AFAA} -> [OneDrive - Carl-Reuther-Berufskolleg des Rhein-Sieg-Kreises] => C:\Users\lukas\OneDrive - Carl-Reuther-Berufskolleg des Rhein-Sieg-Kreises [2020-10-19 15:53]
CustomCLSID: HKU\S-1-5-21-3665627448-2874417480-1659816315-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\lukas\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.21105.1\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3665627448-2874417480-1659816315-1001_Classes\CLSID\{d1b22d3d-8585-53a6-acb3-0e803c7e8d2a}\localserver32 -> C:\Users\lukas\AppData\Local\Microsoft\Teams\current\Teams.exe (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> Keine Datei
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxDTCM.dll [2016-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)

==================== Codecs (Nicht auf der Ausnahmeliste) ====================

==================== Verknüpfungen & WMI ========================

==================== Geladene Module (Nicht auf der Ausnahmeliste) =============


==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================

==================== Internet Explorer (Nicht auf der Ausnahmeliste) =============

HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer17win10.msn.com/?pc=ACTE
HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-09-07] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2024-09-07] (Microsoft Corporation -> Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\...\sharepoint.com -> hxxps://bkhennef-files.sharepoint.com

==================== Hosts Inhalt: =========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2016-07-16 13:47 - 2024-09-06 14:07 - 000000852 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Andere Bereiche ===========================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lukas\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\acer01.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 ist aktiviert.

Network Binding:
=============
WLAN: Qualcomm Atheros QCA9377 Wireless Network Adapter -> Qcamain10x64.sys
Bluetooth-Netzwerkverbindung: Bluetooth Device (Personal Area Network) -> bthpan.sys

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{C031CCE0-8499-4FFA-AF44-6ABE7A2D75AD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{9F139AF5-1322-493D-9D67-F32E2D446A2D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{7FA53C4F-75AA-4247-A267-558EF45E6609}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{31C892C8-9A18-48D5-9CA3-172B2F2F37DA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{96B28F0A-EA53-4E0E-91A0-A60561BE4787}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D3F140D8-A83F-449F-8B56-23341DB6B8C6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{7DDFD371-4E8E-4A5F-8CA8-AF629EB374B0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A988F726-4472-42E6-9790-59CE90138544}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\129.0.2792.52\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Wiederherstellungspunkte =========================


==================== Fehlerhafte Geräte im Gerätemanager ============

Name: WD SES Device USB Device
Description: WD SES Device USB Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: ========================

Applikationsfehler:
==================
Error: (09/07/2024 12:26:46 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: DESKTOP-0FD6U7K)
Description: Die Anwendung oder der Dienst "Microsoft Office SDX Helper" konnte nicht heruntergefahren werden.

Error: (09/07/2024 10:00:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm SearchApp.exe Version 10.0.19041.4842 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b84

Startzeit: 01db00fafafa90c2

Beendigungszeit: 4294967295

Anwendungspfad: C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

Bericht-ID: 345d4b68-ede2-404a-81a5-e741091ace69

Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.Search_1.14.15.19041_neutral_neutral_cw5n1h2txyewy

Relative Anwendungs-ID des fehlerhaften Pakets: ShellFeedsUI

Absturztyp: Quiesce

Error: (09/07/2024 09:12:52 AM) (Source: SecurityCenter) (EventID: 17) (User: )
Description: Das Sicherheitscenter konnte den Aufrufer nicht überprüfen. Der Fehler %1 ist aufgetreten.

Error: (09/06/2024 12:55:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Das Programm SearchApp.exe Version 10.0.19041.4842 hat die Interaktion mit Windows beendet und wurde geschlossen. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ae0

Startzeit: 01db004a5afb7ff6

Beendigungszeit: 4294967295

Anwendungspfad: C:\WINDOWS\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

Bericht-ID: 064a863e-e556-4a64-b11a-17673969da71

Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.Search_1.14.15.19041_neutral_neutral_cw5n1h2txyewy

Relative Anwendungs-ID des fehlerhaften Pakets: ShellFeedsUI

Absturztyp: Quiesce

Error: (09/06/2024 12:13:21 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007045b, Der Computer wird heruntergefahren..

Error: (09/06/2024 12:13:21 PM) (Source: VSS) (EventID: 13) (User: )
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} und dem Namen "CEventSystem" kann nicht gestartet werden. [0x8007045b, Der Computer wird heruntergefahren.]

Error: (09/06/2024 11:35:16 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNS_Execute: mDNSPlatformRawTime went backwards by 513555202 ticks; setting correction factor to 742297369

Error: (07/24/2024 04:07:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname DESKTOP-0FD6U7K.local already in use; will try DESKTOP-0FD6U7K-2.local instead


Systemfehler:
=============
Error: (09/27/2024 04:29:23 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: 9NMPJ99VJBWV-Microsoft.YourPhone

Error: (09/27/2024 04:23:13 PM) (Source: Microsoft-Windows-Ntfs) (EventID: 98) (User: NT-AUTORITÄT)
Description: E:\Device\HarddiskVolume73

Error: (09/07/2024 10:00:56 PM) (Source: volsnap) (EventID: 25) (User: )
Description: Die Schattenkopien von Volume "C:" wurden gelöscht, weil der Schattenkopiespeicher nicht rechtzeitig vergrößert wurde. Sie sollten die E/A-Last auf dem System verringern oder ein Schattenkopie-Speichervolume, von dem keine Schattenkopie erstellt wird, auswählen.

Error: (09/07/2024 10:00:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-0FD6U7K)
Description: Der Server "{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/07/2024 10:00:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-0FD6U7K)
Description: Der Server "{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/07/2024 10:00:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-0FD6U7K)
Description: Der Server "{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/07/2024 10:00:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-0FD6U7K)
Description: Der Server "{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (09/07/2024 10:00:45 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-0FD6U7K)
Description: Der Server "{2593F8B9-4EAF-457C-B68A-50F6B8EA6B54}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


Windows Defender:
================
Date: 2024-09-07 09:54:45
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {B02638A7-1407-4C96-8238-DBBEA17F1639}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: DESKTOP-0FD6U7K\lukas

Date: 2024-09-07 09:33:14
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {B2F13F16-C742-4759-B6C5-C01417BC003E}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Schnellüberprüfung
Benutzer: DESKTOP-0FD6U7K\lukas

Date: 2024-09-07 09:31:45
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {A136AF93-D148-454C-88CE-A7978DF52C4F}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Vollständige Überprüfung
Benutzer: DESKTOP-0FD6U7K\lukas

Date: 2024-09-06 14:01:45
Description: 
Die Microsoft Defender Antivirus-Überprüfung wurde vor ihrem Abschluss beendet.
Überprüfungs-ID: {DDD780E4-E7DC-4D59-A766-966237B6D36A}
Überprüfungstyp: Antimalware
Überprüfungsparameter: Benutzerdefinierte Überprüfung
Benutzer: DESKTOP-0FD6U7K\lukas

Date: 2024-09-06 13:47:25
Description: 
Microsoft Defender Antivirus hat Schadsoftware oder andere potenziell unerwünschte Software erkannt.
Weitere Informationen:
https://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/DownloadSponsor&threatid=225064&enterprise=0
Name: PUA:Win32/DownloadSponsor
Schweregrad: Niedrig
Kategorie: Potenziell unerwünschte Software
Pfad: file:_D:\Windows 7 Service Pack 1 32 Bit - CHIP-Installer.exe
Erkennungsursprung: Lokaler Computer
Erkennungstype: Konkret
Erkennungsquelle: Echtzeitschutz
Benutzer: DESKTOP-0FD6U7K\lukas
Prozessname: C:\WINDOWS\explorer.exe
Sicherheitsversion: AV: 1.417.531.0, AS: 1.417.531.0, NIS: 1.417.531.0
Modulversion: AM: 1.1.24070.3, NIS: 1.1.24070.3
Event[0]:

Date: 2024-09-07 09:29:11
Description: 
Bei Microsoft Defender Antivirus ist ein Fehler beim Aktualisieren der Sicherheitsinformationen aufgetreten.
Neue Version der Sicherheitsinformationen: 
%Vorherige Version der Sicherheitsinformationen: 1.417.548.0
Update Source: Microsoft Update-Server
Sicherheitstyp: AntiVirus
Updatetyp: Voll
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: 
%Vorherige Modulversion: 1.1.24070.3
Fehlercode: 0x80070102
Fehlerbeschreibung: Der Wartevorgang wurde abgebrochen. 

CodeIntegrity:
===============
Date: 2024-09-27 16:22:51
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igd10iumd64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2024-09-07 09:12:59
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\WINDOWS\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Windows signing level requirements.

Date: 2024-09-07 09:12:52
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbamsi64.dll that did not meet the Microsoft signing level requirements.


==================== Speicherinformationen =========================== 

BIOS: Insyde Corp. V1.02 10/20/2016
Hauptplatine: KBL Drift_SK
Prozessor: Intel(R) Core(TM) i7-7500U CPU @ 2.70GHz
Prozentuale Nutzung des RAM: 58%
Installierter physikalischer RAM: 8060.22 MB
Verfügbarer physikalischer RAM: 3377.47 MB
Summe virtueller Speicher: 9340.22 MB
Verfügbarer virtueller Speicher: 4510.61 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:237.36 GB) (Free:31.01 GB) (Model: Micron_1100_MTFDDAV256TBN) NTFS
Drive d: (INTENSO) (Fixed) (Total:931.28 GB) (Free:876.99 GB) (Model: Intenso SCSI SCSI Disk Device) FAT32
Drive e: (My Passport) (Fixed) (Total:465.73 GB) (Free:11.93 GB) (Model: WD My Passport 0740 USB Device) NTFS

\\?\Volume{788f5e3a-b49e-4bac-b480-d755cf8248d4}\ (Recovery) (Fixed) (Total:1 GB) (Free:0.38 GB) NTFS
\\?\Volume{6b71e21a-af27-4d92-996d-a9e36d2561ca}\ (ESP) (Fixed) (Total:0.09 GB) (Free:0.04 GB) FAT32

==================== MBR & Partitionstabelle ====================

==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 993CE4C0)

Partition: GPT.

==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 508B5CCB)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=FAT32)

==========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: 00038A56)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt =======================

Vielen Dank im Voraus!

Beste Grüße,
Raphael

cosinus · 27.09.2024, 20:19

Zitat:

Zudem meint er das ggf. auch seine externe Festplatte/n infiziert sind.

Dann auch alle Funde dazu posten. Was genau wo gefunden wurde. Das steht nämlich nicht in den FRST-Logs. Oder meintet ihr nur das hier -> Pfad: file:_D:\Windows 7 Service Pack 1 32 Bit - CHIP-Installer.exe

raphaelk · 27.09.2024, 20:26

Vielen Dank erstmal für die schnelle Antwort @cosinus
Der Microsoft Defender hat bei der vollständigen Überprüfung sonst nichts gefunden. Weder auf dem Rechner noch auf den Festplatten. Ist da Verlass drauf oder sollte ich das noch einmal mit einem anderen Tool prüfen?

cosinus · 27.09.2024, 20:42

Das beantwortet nicht wirklich meine Frage.

Zitat:

Zudem meint er das ggf. auch seine externe Festplatte/n infiziert sind.

Was genau wurde nun auf der externen Platte gefunden?

raphaelk · 27.09.2024, 20:47

Entschuldige bitte, ich hätte es besser formulieren sollen.
Mein Cousin kennt sich leider nicht groß mit PCs aus, er hat nur eine Vermutung geäußert. Ich habe dann den Defender durchlaufen lassen, konnte aber auf den externen Festplatten nichts finden. Also stand jetzt wurde nichts gefunden. Entweder die Festplatten sind clean oder der Defender hat nichts gefunden.

cosinus · 27.09.2024, 20:57

Zitat:

2024-09-06 14:02 - 2024-09-06 14:06 - 000000000 ____D C:\AdwCleaner

Und vor drei Wochen wurde adwCleaner ausgeführt. Logs dazu?

raphaelk · 27.09.2024, 21:10

Code:

ATTFilter

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-06-2024
# Duration: 00:00:01
# OS:       Windows 10 (Build 19045.4842)
# Cleaned:  6
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

Deleted       C:\Users\Public\Desktop\eBay.lnk
Deleted       C:\Windows\System32\Tasks_Migrated\App Explorer

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.ACERClear.fiShellExtension   Registry   HKLM\Software\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Deleted       Preinstalled.ACERClear.fiShellExtension   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B}
Deleted       Preinstalled.AcerUEIPFramework   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7}
Deleted       Preinstalled.AcerUpdater   Folder   C:\ProgramData\ACER\ACER UPDATER


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [8063 octets] - [06/09/2024 14:05:05]
AdwCleaner[S00].txt - [2039 octets] - [06/09/2024 14:05:13]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########

Code:

ATTFilter

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-06-2024
# Duration: 00:00:00
# OS:       Windows 10 (Build 19045.4842)
# Cleaned:  0
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset BITS
[+] Reset Windows Firewall
[+] Reset Hosts File
[+] Reset IPSec
[+] Reset Chromium Policies
[+] Reset IE Policies
[+] Reset Proxy Settings
[+] Reset TCP/IP
[+] Reset Winsock
[+] Reset Windows Installer

*************************

AdwCleaner_Debug.log - [21179 octets] - [06/09/2024 14:05:05]
AdwCleaner[S00].txt - [2039 octets] - [06/09/2024 14:05:13]
AdwCleaner[C00].txt - [2241 octets] - [06/09/2024 14:06:03]
AdwCleaner[S01].txt - [1605 octets] - [06/09/2024 14:07:00]
AdwCleaner[S02].txt - [1666 octets] - [06/09/2024 14:07:46]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########

Code:

ATTFilter

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-06-2024
# Duration: 00:00:07
# OS:       Windows 10 (Build 19045.4842)
# Scanned:  32099
# Detected: 6


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

Adware.pokki                    C:\Windows\System32\Tasks_Migrated\App Explorer
PUP.Optional.Legacy             C:\Users\Public\Desktop\eBay.lnk

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.ACERClear.fiShellExtension   Registry   HKLM\Software\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B} 
Preinstalled.ACERClear.fiShellExtension   Registry   HKLM\Software\Wow6432Node\\Classes\CLSID\{ED32C084-BABB-11E1-B491-D4D66088709B} 
Preinstalled.AcerUEIPFramework   Registry   HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{12A718F2-2357-4D41-9E1F-18583A4745F7} 
Preinstalled.AcerUpdater   Folder   C:\ProgramData\ACER\ACER UPDATER 


AdwCleaner_Debug.log - [2782 octets] - [06/09/2024 14:05:05]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########

Code:

ATTFilter

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-06-2024
# Duration: 00:00:06
# OS:       Windows 10 (Build 19045.4842)
# Scanned:  32095
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner_Debug.log - [13384 octets] - [06/09/2024 14:05:05]
AdwCleaner[S00].txt - [2039 octets] - [06/09/2024 14:05:13]
AdwCleaner[C00].txt - [2241 octets] - [06/09/2024 14:06:03]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S01].txt ##########

Code:

ATTFilter

# -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build:    03-04-2024
# Database: 2024-03-04.1 (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    09-06-2024
# Duration: 00:00:05
# OS:       Windows 10 (Build 19045.4842)
# Scanned:  32098
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.


AdwCleaner_Debug.log - [17411 octets] - [06/09/2024 14:05:05]
AdwCleaner[S00].txt - [2039 octets] - [06/09/2024 14:05:13]
AdwCleaner[C00].txt - [2241 octets] - [06/09/2024 14:06:03]
AdwCleaner[S01].txt - [1605 octets] - [06/09/2024 14:07:00]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S02].txt ##########

Code:

ATTFilter

2024-09-06 12:05:05 :  <INFO>      [Button clicked] Dashboard menu item
2024-09-06 12:05:06 :  <INFO>      [Button clicked] Scan
2024-09-06 12:05:06 :  <INFO>      [Scan] Started
2024-09-06 12:05:06 :  <INFO>      [Database] Downloading database
2024-09-06 12:05:07 :  <INFO>      [Database] Checking integrity
2024-09-06 12:05:07 :  <INFO>      [Database] Found  2689  families
2024-09-06 12:05:07 :  <INFO>      [Database] Database v "2024-03-04.1"
2024-09-06 12:05:08 :  <INFO>      [Loading paths] Local paths loaded
2024-09-06 12:05:08 :  <INFO>      [Loading paths] Chrome paths loaded
2024-09-06 12:05:08 :  <INFO>      [Loading paths] Edge paths loaded
2024-09-06 12:05:08 :  <INFO>      [Loading paths] Firefox paths loaded
2024-09-06 12:05:08 :  <INFO>      [Loading paths] User Keys loaded
2024-09-06 12:05:08 :  <INFO>      [Module initialized]  "File"
2024-09-06 12:05:08 :  <INFO>      [Module initialized]  "Folder"
2024-09-06 12:05:08 :  <INFO>      [Module initialized]  "RegistryKey"
2024-09-06 12:05:08 :  <INFO>      [Module initialized]  "Winlogon"
2024-09-06 12:05:08 :  <INFO>      [Module initialized]  "RegClasses"
2022024-09-06 12:05:08 :  <INFO>      [Module initialized]  "RegProductID"
icy"
2024-09-06 12:05:08 :  <INFO>      [Module initialized]  "TaskName"
2024-09-06 12:05:08 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2024-09-06 12:05:08 :  <INFO>      [Module initialized]  "Service"
2024-09-06 12:05:08 :  <INFO>      [Module initialized]  "FirefoxExt"
2024-09-06 12:05:08 :  <INFO>      [Module initialized]  "ChromiumExt"
2024-09-06 12:05:08 :  <INFO>      [Module initialized]  "WMI"
2024-09-06 12:05:09 :  <INFO>      [Module initialized]  "URL"
2024-09-06 12:05:09 :  <INFO>      [Scan] Exclusions loaded
2024-09-06 12:05:09 :  <INFO>      [Scan] Item detected:  "PUP.Optional.Legacy" ,  "C:\\Users\\Public\\Desktop\\eBay.lnk" [ "File" ]
2024-09-06 12:05:09 :  <INFO>      [Scan] Item detected:  "Adware.pokki" ,  "C:\\Windows\\System32\\Tasks_Migrated\\App Explorer" [ "File" ]
2024-09-06 12:05:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ACERClear.fiShellExtension" ,  "HKLM\\Software\\Classes\\CLSID\\{ED32C084-BABB-11E1-B491-D4D66088709B}" [ "Registry" ]
2024-09-06 12:05:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.ACERClear.fiShellExtension" ,  "HKLM\\Software\\Wow6432Node\\\\Classes\\CLSID\\{ED32C084-BABB-11E1-B491-D4D66088709B}" [ "Registry" ]
2024-09-06 12:05:11 :  <INFO>      [Scan] Item detected:  "Preinstalled.AcerUpdater" ,  "C:\\ProgramData\\ACER\\ACER UPDATER" [ "Folder" ]
2024-09-06 12:05:12 :  <INFO>      [Scan] Item detected:  "Preinstalled.AcerUEIPFramework" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{12A718F2-2357-4D41-9E1F-18583A4745F7}" [ "Registry" ]
2024-09-06 12:05:13 :  <INFO>      [Telemetry] Sending to Influx
2024-09-06 12:05:14 :  <INFO>      [SslCert] Issued by ("Amazon RSA 2048 M03")
2024-09-06 12:05:14 :  <INFO>      [SslCert] Issued to ("malwarebytes.com")
2024-09-06 12:05:14 :  <INFO>      [SslCert] Locality Name ()
2024-09-06 12:05:14 :  <INFO>      [SslCert] Organization ()
2024-09-06 12:05:14 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Aug 5 00:00:00 2024 GMT"
2024-09-06 12:05:14 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Sep 3 23:59:59 2025 GMT"
2024-09-06 12:05:14 :  <INFO>      [SslCert] ALPN: Yes
2024-09-06 12:05:14 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2024-09-06 12:05:14 :  <INFO>      [SslCert] KXE:  "ECDH"
2024-09-06 12:05:14 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2024-09-06 12:05:14 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2024-09-06 12:05:14 :  <INFO>      [Telemetry] Sending to DSE
2024-09-06 12:05:15 :  <INFO>      [SslCert] Issued by ("Amazon RSA 2048 M03")
2024-09-06 12:05:15 :  <INFO>      [SslCert] Issued to ("telemetry.malwarebytes.com")
2024-09-06 12:05:15 :  <INFO>      [SslCert] Locality Name ()
2024-09-06 12:05:15 :  <INFO>      [SslCert] Organization ()
2024-09-06 12:05:15 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Mai 23 00:00:00 2024 GMT"
2024-09-06 12:05:15 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Jun 21 23:59:59 2025 GMT"
2024-09-06 12:05:15 :  <INFO>      [SslCert] ALPN: Yes
2024-09-06 12:05:15 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2024-09-06 12:05:15 :  <INFO>      [SslCert] KXE:  "ECDH"
2024-09-06 12:05:15 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2024-09-06 12:05:15 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2024-09-06 12:05:15 :  <INFO>      [Scan] Finished
2024-09-06 12:05:29 :  <INFO>      [Button clicked] Next
2024-09-06 12:05:36 :  <INFO>      [Button clicked] Bundleware found ok button
2024-09-06 12:05:43 :  <INFO>      [Button clicked] Clean & repair
2024-09-06 12:05:45 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2024-09-06 12:06:01 :  <INFO>      Restore point created [ "AdwCleaner_BeforeCleaning_06/09/2024_14:05:45" ]
2024-09-06 12:06:01 :  <INFO>      [Cleaning] Started
2024-09-06 12:06:01 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2024-09-06 12:06:01 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2024-09-06 12:06:01 :  <WARNING>   [Cleaning] Unable to Open process -  "Registry"   0
2024-09-06 12:06:01 :  <WARNING>   [Cleaning] Unable to Open process -  "Memory Compression"   0
2024-09-06 12:06:01 :  <WARNING>   [Cleaning] Unable to Open process -  "MpDefenderCoreService.exe"   0
2024-09-06 12:06:01 :  <WARNING>   [Cleaning] Unable to Open process -  "NisSrv.exe"   0
2024-09-06 12:06:01 :  <WARNING>   [Cleaning] Unable to Open process -  "SgrmBroker.exe"   0
2024-09-06 12:06:02 :  <INFO>      [Quarantine] Session folder:  "C:\\AdwCleaner\\Quarantine\\v1\\20240906.140602"
2024-09-06 12:06:02 :  <INFO>      [Cleaning] Processing:  "PUP.Optional.Legacy" ,  "C:\\Users\\Public\\Desktop\\eBay.lnk" [ "File" ]
2024-09-06 12:06:02 :  <INFO>      [Cleaning] Quarantined:  "PUP.Optional.Legacy" ,  "C:\\Users\\Public\\Desktop\\eBay.lnk" [ "File" ]
2024-09-06 12:06:02 :  <INFO>      [Cleaning] Processing:  "Adware.pokki" ,  "C:\\Windows\\System32\\Tasks_Migrated\\App Explorer" [ "File" ]
2024-09-06 12:06:02 :  <INFO>      [Cleaning] Quarantined:  "Adware.pokki" ,  "C:\\Windows\\System32\\Tasks_Migrated\\App Explorer" [ "File" ]
2024-09-06 12:06:02 :  <INFO>      [Cleaning] Processing:  "Preinstalled.ACERClear.fiShellExtension" ,  "HKLM\\Software\\Classes\\CLSID\\{ED32C084-BABB-11E1-B491-D4D66088709B}" [ "Registry" ]
2024-09-06 12:06:02 :  <INFO>      [Cleaning] Quarantined:  "Preinstalled.ACERClear.fiShellExtension" ,  "HKLM\\Software\\Classes\\CLSID\\{ED32C084-BABB-11E1-B491-D4D66088709B}" [ "Registry" ]
2024-09-06 12:06:02 :  <INFO>      [Cleaning] Processing:  "Preinstalled.ACERClear.fiShellExtension" ,  "HKLM\\Software\\Wow6432Node\\\\Classes\\CLSID\\{ED32C084-BABB-11E1-B491-D4D66088709B}" [ "Registry" ]
2024-09-06 12:06:02 :  <INFO>      [Cleaning] Quarantined:  "Preinstalled.ACERClear.fiShellExtension" ,  "HKLM\\Software\\Wow6432Node\\\\Classes\\CLSID\\{ED32C084-BABB-11E1-B491-D4D66088709B}" [ "Registry" ]
2024-09-06 12:06:02 :  <INFO>      [Cleaning] Processing:  "Preinstalled.AcerUpdater" ,  "C:\\ProgramData\\ACER\\ACER UPDATER" [ "Folder" ]
2024-09-06 12:06:02 :  <INFO>      [Cleaning] Quarantined:  "Preinstalled.AcerUpdater" ,  "C:\\ProgramData\\ACER\\ACER UPDATER" [ "Folder" ]
2024-09-06 12:06:02 :  <INFO>      [Cleaning] Processing:  "Preinstalled.AcerUEIPFramework" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{12A718F2-2357-4D41-9E1F-18583A4745F7}" [ "Registry" ]
2024-09-06 12:06:02 :  <INFO>      [Cleaning] Quarantined:  "Preinstalled.AcerUEIPFramework" ,  "HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{12A718F2-2357-4D41-9E1F-18583A4745F7}" [ "Registry" ]
2024-09-06 12:06:02 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2024-09-06 12:06:03 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2024-09-06 12:06:03 :  <INFO>      [Telemetry] Sending to Influx
2024-09-06 12:06:03 :  <INFO>      [SslCert] Issued by ("Amazon RSA 2048 M03")
2024-09-06 12:06:03 :  <INFO>      [SslCert] Issued to ("malwarebytes.com")
2024-09-06 12:06:03 :  <INFO>      [SslCert] Locality Name ()
2024-09-06 12:06:03 :  <INFO>      [SslCert] Organization ()
2024-09-06 12:06:03 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Aug 5 00:00:00 2024 GMT"
2024-09-06 12:06:03 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Sep 3 23:59:59 2025 GMT"
2024-09-06 12:06:03 :  <INFO>      [SslCert] ALPN: Yes
2024-09-06 12:06:03 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2024-09-06 12:06:03 :  <INFO>      [SslCert] KXE:  "ECDH"
2024-09-06 12:06:03 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2024-09-06 12:06:03 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2024-09-06 12:06:03 :  <INFO>      [Telemetry] Sending to DSE
2024-09-06 12:06:04 :  <INFO>      [SslCert] Issued by ("Amazon RSA 2048 M03")
2024-09-06 12:06:04 :  <INFO>      [SslCert] Issued to ("telemetry.malwarebytes.com")
2024-09-06 12:06:04 :  <INFO>      [SslCert] Locality Name ()
2024-09-06 12:06:04 :  <INFO>      [SslCert] Organization ()
2024-09-06 12:06:04 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Mai 23 00:00:00 2024 GMT"
2024-09-06 12:06:04 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Jun 21 23:59:59 2025 GMT"
2024-09-06 12:06:04 :  <INFO>      [SslCert] ALPN: Yes
2024-09-06 12:06:04 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2024-09-06 12:06:04 :  <INFO>      [SslCert] KXE:  "ECDH"
2024-09-06 12:06:04 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2024-09-06 12:06:04 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2024-09-06 12:06:04 :  <INFO>      [Cleaning] Finished
2024-09-06 12:06:04 :  <INFO>      [MBBanner] Checking Iris
2024-09-06 12:06:04 :  <INFO>      [IRIS] Making request
2024-09-06 12:06:04 :  <INFO>      [SslCert] Issued by ("Amazon RSA 2048 M03")
2024-09-06 12:06:04 :  <INFO>      [SslCert] Issued to ("malwarebytes.com")
2024-09-06 12:06:04 :  <INFO>      [SslCert] Locality Name ()
2024-09-06 12:06:04 :  <INFO>      [SslCert] Organization ()
2024-09-06 12:06:04 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Aug 5 00:00:00 2024 GMT"
2024-09-06 12:06:04 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Sep 3 23:59:59 2025 GMT"
2024-09-06 12:06:04 :  <INFO>      [SslCert] ALPN: None
2024-09-06 12:06:04 :  <INFO>      [SslCert] Cipher:  "TLS_AES_128_GCM_SHA256"
2024-09-06 12:06:04 :  <INFO>      [SslCert] KXE:  "any"
2024-09-06 12:06:04 :  <INFO>      [SslCert] Protocol:  "TLSv1.3"
2024-09-06 12:06:04 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::ContentNotFoundError )
2024-09-06 12:06:04 :  <INFO>      [IRIS] Failed
2024-09-06 12:06:08 :  <INFO>      [Button clicked] Dashboard menu item
2024-09-06 12:06:10 :  <INFO>      [Button clicked] Quarantine menu item
2024-09-06 12:06:15 :  <INFO>      [Button clicked] Delete quarantine
2024-09-06 12:06:15 :  <INFO>      [Quarantine] Deleted:  "Adware.pokki" ,  "C:\\AdwCleaner\\Quarantine\\v1\\20240906.140602\\2"
2024-09-06 12:06:15 :  <INFO>      [Quarantine] Deleted:  "PUP.Optional.Legacy" ,  "C:\\AdwCleaner\\Quarantine\\v1\\20240906.140602\\1"
2024-09-06 12:06:16 :  <INFO>      [Button clicked] Settings menu item
2024-09-06 12:06:53 :  <INFO>      [Button clicked] Dashboard menu item
2024-09-06 12:06:54 :  <INFO>      [Button clicked] Scan
2024-09-06 12:06:54 :  <INFO>      [Scan] Started
2024-09-06 12:06:54 :  <INFO>      [Database] Downloading database
2024-09-06 12:06:55 :  <INFO>      [Database] Checking integrity
2024-09-06 12:06:55 :  <INFO>      [Database] Found  2689  families
2024-09-06 12:06:55 :  <INFO>      [Database] Database v "2024-03-04.1"
2024-09-06 12:06:55 :  <INFO>      [Loading paths] Local paths loaded
2024-09-06 12:06:55 :  <INFO>      [Loading paths] Chrome paths loaded
2024-09-06 12:06:55 :  <INFO>      [Loading paths] Edge paths loaded
2024-09-06 12:06:55 :  <INFO>      [Loading paths] Firefox paths loaded
2024-09-06 12:06:55 :  <INFO>      [Loading paths] User Keys loaded
2024-09-06 12:06:55 :  <INFO>      [Module initialized]  "Folder"
2024-09-06 12:06:55 :  <INFO>      [Module initialized]  "File"
2024-09-06 12:06:55 :  <INFO>      [Module initialized]  "RegistryKey"
2024-09-06 12:06:55 :  <INFO>      [Module initialized]  "RegistryValue"
2024-09-06 12:06:55 :  <INFO>      [Module initialized]  "Winlogon"
2024-09-06 12:06:55 :  <INFO>      [Module initialized]  "RegAppInit"
2024-09-06 12:06:55 :  <INFO>      [Module initialized]  "RegGuid"
s"
2024-09-06 12:06:55 :  <INFO>      [Module initialized]  "TaskName"
"


2024-09-06 12:06:55 :  <INFO>      [Module initialized]  "RegIEElevationPolicy"
2024-09-06 12:06:55 :  <INFO>      [Module initialized]  "Service"
2024-09-06 12:06:55 :  <INFO>      [Module initialized]  "WMI"
2024-09-06 12:06:55 :  <INFO>      [Module initialized]  "ChromiumExt"
2024-09-06 12:06:55 :  <INFO>      [Module initialized]  "FirefoxExt"
2024-09-06 12:06:55 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2024-09-06 12:06:55 :  <INFO>      [Module initialized]  "URL"
2024-09-06 12:06:55 :  <INFO>      [Scan] Exclusions loaded
2024-09-06 12:07:00 :  <INFO>      [Telemetry] Sending to Influx
2024-09-06 12:07:00 :  <INFO>      [SslCert] Issued by ("Amazon RSA 2048 M03")
2024-09-06 12:07:00 :  <INFO>      [SslCert] Issued to ("malwarebytes.com")
2024-09-06 12:07:00 :  <INFO>      [SslCert] Locality Name ()
2024-09-06 12:07:00 :  <INFO>      [SslCert] Organization ()
2024-09-06 12:07:00 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Aug 5 00:00:00 2024 GMT"
2024-09-06 12:07:00 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Sep 3 23:59:59 2025 GMT"
2024-09-06 12:07:00 :  <INFO>      [SslCert] ALPN: Yes
2024-09-06 12:07:00 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2024-09-06 12:07:00 :  <INFO>      [SslCert] KXE:  "ECDH"
2024-09-06 12:07:00 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2024-09-06 12:07:00 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2024-09-06 12:07:00 :  <INFO>      [Telemetry] Sending to DSE
2024-09-06 12:07:02 :  <INFO>      [SslCert] Issued by ("Amazon RSA 2048 M03")
2024-09-06 12:07:02 :  <INFO>      [SslCert] Issued to ("telemetry.malwarebytes.com")
2024-09-06 12:07:02 :  <INFO>      [SslCert] Locality Name ()
2024-09-06 12:07:02 :  <INFO>      [SslCert] Organization ()
2024-09-06 12:07:02 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Mai 23 00:00:00 2024 GMT"
2024-09-06 12:07:02 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Jun 21 23:59:59 2025 GMT"
2024-09-06 12:07:02 :  <INFO>      [SslCert] ALPN: Yes
2024-09-06 12:07:02 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2024-09-06 12:07:02 :  <INFO>      [SslCert] KXE:  "ECDH"
2024-09-06 12:07:02 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2024-09-06 12:07:02 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2024-09-06 12:07:02 :  <INFO>      [Scan] Finished
2024-09-06 12:07:19 :  <INFO>      [Button clicked] Settings menu item
2024-09-06 12:07:34 :  <INFO>      [Button clicked] Dashboard menu item
2024-09-06 12:07:37 :  <INFO>      [Button clicked] Dashboard menu item
2024-09-06 12:07:38 :  <INFO>      [Button clicked] Dashboard menu item
2024-09-06 12:07:38 :  <INFO>      [Button clicked] Dashboard menu item
2024-09-06 12:07:38 :  <INFO>      [Button clicked] Dashboard menu item
2024-09-06 12:07:40 :  <INFO>      [Button clicked] Cancel
2024-09-06 12:07:41 :  <INFO>      [Button clicked] Scan
2024-09-06 12:07:41 :  <INFO>      [Scan] Started
2024-09-06 12:07:41 :  <INFO>      [Database] Downloading database
2024-09-06 12:07:42 :  <INFO>      [Database] Checking integrity
2024-09-06 12:07:42 :  <INFO>      [Database] Found  2689  families
2024-09-06 12:07:42 :  <INFO>      [Database] Database v "2024-03-04.1"
2024-09-06 12:07:42 :  <INFO>      [Loading paths] Local paths loaded
2024-09-06 12:07:42 :  <INFO>      [Loading paths] Chrome paths loaded
2024-09-06 12:07:42 :  <INFO>      [Loading paths] Edge paths loaded
2024-09-06 12:07:42 :  <INFO>      [Loading paths] Firefox paths loaded
2024-09-06 12:07:42 :  <INFO>      [Loading paths] User Keys loaded
2024-09-06 12:07:42 :  <INFO>      [Module initialized]  "File"
2024-09-06 12:07:42 :  <INFO>      [Module initialized]  "Folder"
2024-09-06 12:07:42 :  <INFO>      [Module initialized]  "Winlogon"
lue"
2024-09-06 12:07:42 :  <INFO>      [Module initialized]  "RegAppInit"
2024-09-06 12:07:42 :  <INFO>      [Module initialized]  "DNS"
asses"
2024-09-06 12:07:42 :  <INFO>      [Module initialized]  "RegOther"




2024-09-06 12:07:42 :  <INFO>      [Module initialized]  "TaskName"
tionPolicy"
2024-09-06 12:07:42 :  <INFO>      [Module initialized]  "Service"
2024-09-06 12:07:42 :  <INFO>      [Module initialized]  "WMI"
2024-09-06 12:07:42 :  <INFO>      [Module initialized]  "FirefoxExt"
2024-09-06 12:07:42 :  <INFO>      [Module initialized]  "ChromiumExt"
2024-09-06 12:07:42 :  <INFO>      [Module initialized]  "RegFirewallPolicy"
2024-09-06 12:07:42 :  <INFO>      [Module initialized]  "URL"
2024-09-06 12:07:42 :  <INFO>      [Scan] Exclusions loaded
2024-09-06 12:07:46 :  <INFO>      [Telemetry] Sending to Influx
2024-09-06 12:07:47 :  <INFO>      [SslCert] Issued by ("Amazon RSA 2048 M03")
2024-09-06 12:07:47 :  <INFO>      [SslCert] Issued to ("malwarebytes.com")
2024-09-06 12:07:47 :  <INFO>      [SslCert] Locality Name ()
2024-09-06 12:07:47 :  <INFO>      [SslCert] Organization ()
2024-09-06 12:07:47 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Aug 5 00:00:00 2024 GMT"
2024-09-06 12:07:47 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Sep 3 23:59:59 2025 GMT"
2024-09-06 12:07:47 :  <INFO>      [SslCert] ALPN: Yes
2024-09-06 12:07:47 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2024-09-06 12:07:47 :  <INFO>      [SslCert] KXE:  "ECDH"
2024-09-06 12:07:47 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2024-09-06 12:07:47 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2024-09-06 12:07:47 :  <INFO>      [Telemetry] Sending to DSE
2024-09-06 12:07:48 :  <INFO>      [SslCert] Issued by ("Amazon RSA 2048 M03")
2024-09-06 12:07:48 :  <INFO>      [SslCert] Issued to ("telemetry.malwarebytes.com")
2024-09-06 12:07:48 :  <INFO>      [SslCert] Locality Name ()
2024-09-06 12:07:48 :  <INFO>      [SslCert] Organization ()
2024-09-06 12:07:48 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Mai 23 00:00:00 2024 GMT"
2024-09-06 12:07:48 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Jun 21 23:59:59 2025 GMT"
2024-09-06 12:07:48 :  <INFO>      [SslCert] ALPN: Yes
2024-09-06 12:07:48 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2024-09-06 12:07:48 :  <INFO>      [SslCert] KXE:  "ECDH"
2024-09-06 12:07:48 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2024-09-06 12:07:48 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2024-09-06 12:07:48 :  <INFO>      [Scan] Finished
2024-09-06 12:07:53 :  <INFO>      [Button clicked] Basic repair
2024-09-06 12:07:54 :  <INFO>      [Button clicked] Dialog button clicked [ 2 ]
2024-09-06 12:07:54 :  <INFO>      [Cleaning] Started
2024-09-06 12:07:54 :  <WARNING>   [Cleaning] Unable to Open process -  "[System Process]"   0
2024-09-06 12:07:54 :  <WARNING>   [Cleaning] Unable to Open process -  "System"   0
2024-09-06 12:07:54 :  <WARNING>   [Cleaning] Unable to Open process -  "Registry"   0
2024-09-06 12:07:54 :  <WARNING>   [Cleaning] Unable to Open process -  "Memory Compression"   0
2024-09-06 12:07:54 :  <WARNING>   [Cleaning] Unable to Open process -  "MpDefenderCoreService.exe"   0
2024-09-06 12:07:54 :  <WARNING>   [Cleaning] Unable to Open process -  "NisSrv.exe"   0
2024-09-06 12:07:54 :  <WARNING>   [Cleaning] Unable to Open process -  "SgrmBroker.exe"   0
2024-09-06 12:07:54 :  <INFO>      [Engine Additional Action]  "Delete IFEO"
2024-09-06 12:07:55 :  <INFO>      [Engine Additional Action]  "Delete Prefetch"
2024-09-06 12:07:55 :  <INFO>      [Engine Additional Action]  "Delete Tracing Keys"
2024-09-06 12:07:55 :  <INFO>      [Engine Additional Action]  "Reset BITS"
2024-09-06 12:07:55 :  <INFO>      [Engine Additional Action]  "Reset Windows Firewall"
2024-09-06 12:07:55 :  <INFO>      [Engine Additional Action]  "Reset Hosts File"
2024-09-06 12:07:55 :  <INFO>      [Engine Additional Action]  "Reset IPSec"
2024-09-06 12:07:55 :  <INFO>      [Engine Additional Action]  "Reset Chromium Policies"
2024-09-06 12:07:55 :  <INFO>      [Engine Additional Action]  "Reset IE Policies"
2024-09-06 12:07:55 :  <INFO>      [Engine Additional Action]  "Reset Proxy Settings"
2024-09-06 12:07:55 :  <INFO>      [Engine Additional Action]  "Reset TCP/IP"
2024-09-06 12:07:55 :  <INFO>      [Engine Additional Action]  "Reset Winsock"
2024-09-06 12:07:55 :  <WARNING>   [Engine Additional Action]  "Reset Windows Installer" failed
2024-09-06 12:07:55 :  <INFO>      [Telemetry] Sending to Influx
2024-09-06 12:07:56 :  <INFO>      [SslCert] Issued by ("Amazon RSA 2048 M03")
2024-09-06 12:07:56 :  <INFO>      [SslCert] Issued to ("malwarebytes.com")
2024-09-06 12:07:56 :  <INFO>      [SslCert] Locality Name ()
2024-09-06 12:07:56 :  <INFO>      [SslCert] Organization ()
2024-09-06 12:07:56 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Aug 5 00:00:00 2024 GMT"
2024-09-06 12:07:56 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Sep 3 23:59:59 2025 GMT"
2024-09-06 12:07:56 :  <INFO>      [SslCert] ALPN: Yes
2024-09-06 12:07:56 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2024-09-06 12:07:56 :  <INFO>      [SslCert] KXE:  "ECDH"
2024-09-06 12:07:56 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2024-09-06 12:07:56 :  <INFO>      [Telemetry] Status code:  QVariant(int, 204)
2024-09-06 12:07:56 :  <INFO>      [Telemetry] Sending to DSE
2024-09-06 12:07:57 :  <INFO>      [SslCert] Issued by ("Amazon RSA 2048 M03")
2024-09-06 12:07:57 :  <INFO>      [SslCert] Issued to ("telemetry.malwarebytes.com")
2024-09-06 12:07:57 :  <INFO>      [SslCert] Locality Name ()
2024-09-06 12:07:57 :  <INFO>      [SslCert] Organization ()
2024-09-06 12:07:57 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Do Mai 23 00:00:00 2024 GMT"
2024-09-06 12:07:57 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Sa Jun 21 23:59:59 2025 GMT"
2024-09-06 12:07:57 :  <INFO>      [SslCert] ALPN: Yes
2024-09-06 12:07:57 :  <INFO>      [SslCert] Cipher:  "ECDHE-RSA-AES256-GCM-SHA384"
2024-09-06 12:07:57 :  <INFO>      [SslCert] KXE:  "ECDH"
2024-09-06 12:07:57 :  <INFO>      [SslCert] Protocol:  "TLSv1.2"
2024-09-06 12:07:57 :  <INFO>      [Telemetry] Status code:  QVariant(int, 201)
2024-09-06 12:07:57 :  <INFO>      [Cleaning] Finished
2024-09-06 12:07:57 :  <INFO>      [MBBanner] Checking Iris
2024-09-06 12:07:57 :  <INFO>      [IRIS] Making request
2024-09-06 12:07:57 :  <INFO>      [SslCert] Issued by ("Amazon RSA 2048 M03")
2024-09-06 12:07:57 :  <INFO>      [SslCert] Issued to ("malwarebytes.com")
2024-09-06 12:07:57 :  <INFO>      [SslCert] Locality Name ()
2024-09-06 12:07:57 :  <INFO>      [SslCert] Organization ()
2024-09-06 12:07:57 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Aug 5 00:00:00 2024 GMT"
2024-09-06 12:07:57 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Sep 3 23:59:59 2025 GMT"
2024-09-06 12:07:57 :  <INFO>      [SslCert] ALPN: None
2024-09-06 12:07:57 :  <INFO>      [SslCert] Cipher:  "TLS_AES_128_GCM_SHA256"
2024-09-06 12:07:57 :  <INFO>      [SslCert] KXE:  "any"
2024-09-06 12:07:57 :  <INFO>      [SslCert] Protocol:  "TLSv1.3"
2024-09-06 12:07:57 :  <WARNING>   [File Downloader] Error downloading ( QNetworkReply::ContentNotFoundError )
2024-09-06 12:07:57 :  <INFO>      [IRIS] Failed
2024-09-06 12:07:58 :  <INFO>      [Button clicked] View Log
2024-09-06 12:08:35 :  <INFO>      [Application] Closing AdwCleaner
2024-09-06 12:10:40 :  <INFO>      [Application] AdwCleaner  8 . 4 . 2  launched
2024-09-06 12:10:40 :  <INFO>      [AdwUpgrade] Checking application updates
2024-09-06 12:10:40 :  <INFO>      [Telemetry] Sending hello
2024-09-06 12:10:41 :  <INFO>      [SslCert] Issued by ("Amazon RSA 2048 M03")
2024-09-06 12:10:41 :  <INFO>      [SslCert] Issued to ("malwarebytes.com")
2024-09-06 12:10:41 :  <INFO>      [SslCert] Locality Name ()
2024-09-06 12:10:41 :  <INFO>      [SslCert] Organization ()
2024-09-06 12:10:41 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Aug 5 00:00:00 2024 GMT"
2024-09-06 12:10:41 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Sep 3 23:59:59 2025 GMT"
2024-09-06 12:10:41 :  <INFO>      [SslCert] ALPN: None
2024-09-06 12:10:41 :  <INFO>      [SslCert] Cipher:  "TLS_AES_128_GCM_SHA256"
2024-09-06 12:10:41 :  <INFO>      [SslCert] KXE:  "any"
2024-09-06 12:10:41 :  <INFO>      [SslCert] Protocol:  "TLSv1.3"
2024-09-06 12:10:41 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2024-09-06 12:10:41 :  <INFO>      [Button clicked] Try MB
2024-09-06 12:10:47 :  <INFO>      [Application] Closing AdwCleaner
2024-09-27 20:07:15 :  <INFO>      [Application] AdwCleaner  8 . 4 . 2  launched
2024-09-27 20:07:17 :  <INFO>      [AdwUpgrade] Checking application updates
2024-09-27 20:07:17 :  <INFO>      [Telemetry] Sending hello
2024-09-27 20:07:17 :  <INFO>      [SslCert] Issued by ("Amazon RSA 2048 M03")
2024-09-27 20:07:17 :  <INFO>      [SslCert] Issued to ("malwarebytes.com")
2024-09-27 20:07:17 :  <INFO>      [SslCert] Locality Name ()
2024-09-27 20:07:17 :  <INFO>      [SslCert] Organization ()
2024-09-27 20:07:17 :  <INFO>      [SslCert] Certificate EffectiveDate:  "Mo Aug 5 00:00:00 2024 GMT"
2024-09-27 20:07:17 :  <INFO>      [SslCert] Certificate ExpirationDate:  "Mi Sep 3 23:59:59 2025 GMT"
2024-09-27 20:07:17 :  <INFO>      [SslCert] ALPN: None
2024-09-27 20:07:17 :  <INFO>      [SslCert] Cipher:  "TLS_AES_128_GCM_SHA256"
2024-09-27 20:07:17 :  <INFO>      [SslCert] KXE:  "any"
2024-09-27 20:07:17 :  <INFO>      [SslCert] Protocol:  "TLSv1.3"
2024-09-27 20:07:17 :  <INFO>      [Telemetry] Status code:  QVariant(int, 200)
2024-09-27 20:07:21 :  <INFO>      [Button clicked] Log files menu item

cosinus · 27.09.2024, 21:13

Da wurde doch schon alles entfernt. Und was soll sich bitte nicht entfernen lassen?

raphaelk · 27.09.2024, 21:22

Es taucht halt nach wie vor im Defender auf:
https://ibb.co/VYrgz9p

cosinus · 27.09.2024, 21:24

Und das hilft so nicht weiter!
Weil da nicht steht wo was gefunden wurde.

raphaelk · 27.09.2024, 21:32

Was würde denn weiterhelfen? Welches Programm soll ich nutzen, um ein bessere Analyse zu erhalten?

cosinus · 27.09.2024, 21:49

Darum gehts nicht. Wenn ein bestimmtes Programm was gefunden hat, dann hilft die Meinung eines völlig anderen Programms weiter. Ich will doch nur wissen wo der Defender da was gefunden hat. Lässt sich da nix ausklappen?

Poste nochmal neue FRST-Logs. Eigentlich sollte was im Event-Log stehen.

raphaelk · 27.09.2024, 21:57

Okay. Jetzt hab ich verstanden :-)

Man kann sich tatsächlich noch Details anzeigen lassen :-D
https://ibb.co/2sX8071
https://ibb.co/sjh36Sn

Soll ich auf D: das mal löschen und den Papierkorb leeren?

Und hier die neuen Logs.
FRST.txt

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2024
durchgeführt von lukas (Administrator) auf DESKTOP-0FD6U7K (Acer Spin SP513-51) (27-09-2024 22:53:08)
Gestartet von C:\Users\lukas\Downloads\FRST64.exe
Geladene Profile: lukas
Plattform: Microsoft Windows 10 Home Version 22H2 19045.4842 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\lukas\AppData\Local\Microsoft\OneDrive\24.171.0825.0002\Microsoft.SharePoint.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <21>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxEM.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MusNotifyIcon.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) CN -> Intel Corporation) C:\WINDOWS\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\IntelCpHeciSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe
(services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\backup\3C34117B-D5AB-421F-9628-63CD899224E3\OfficeC2RClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2408.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16709128 2016-10-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-10-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtkMbSvTool.exe] => C:\Program Files\Realtek\Audio\HDA\RtkMbSvTool.exe [2026464 2016-11-11] (Realtek Semiconductor Corp. -> TODO: <Company name>)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\lukas\AppData\Local\Microsoft\Teams\Update.exe [2454240 2021-08-06] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (Keine Datei)
HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe  --app-fallback-url=hxxps://www.disneyplus.com/ --app-id=mbjafbmjpcimpkkihihoideiofnoalmh --display-mode=minimal-ui --ip-aumid=Disney.37853 (Der Dateneintrag hat 178 weitere Zeichen). [3798464 2024-09-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\lukas\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (Keine Datei)
HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\lukas\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" [70969872 2024-09-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\...\RunOnce: [Uninstall 24.161.0811.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\lukas\AppData\Local\Microsoft\OneDrive\24.161.0811.0001" [0 2024-09-27] () <==== ACHTUNG [Null Byte Datei/Ordner]
HKLM\...\Windows x64\Print Processors\Canon MG5200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAE.DLL [28672 2010-08-25] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5200 series: C:\WINDOWS\system32\CNMLMAE.DLL [361472 2010-08-25] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {D149E61A-3B28-4B10-989E-8116B45D0566} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe  -> C:\Program Files (x86)\Acer\AOP Framework\\task
Task: {E13FE8AD-C3A2-4407-8805-D92BF7E9DADA} - System32\Tasks\FubToolByPLD => C:\OEM\Preload\FubTool\FubTool.exe [30976 2015-05-14] (Acer Incorporated -> )
Task: {9B29E88E-1C2C-4B65-AFF8-D91A3CC3446E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {C3D86DCE-11AB-4C25-A38E-8CDDABF49C8B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28605656 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {8A2D6296-0DFC-48A0-975F-34B0B0EF9FAB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28605656 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {55D15D87-3E93-47C6-8E13-7C16DB80404E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222872 2024-09-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {E06F5FCE-D2D4-45A0-9F16-DCF90DDC0D5B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222872 2024-09-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {275B1062-923E-49C1-982A-68B47666A89E} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4464024 2024-08-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {B13FD857-EB96-4F03-BDAE-4815F85D92CF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [71368 2024-09-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {13064E4B-E8AD-4610-B183-66565AFDFD4B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EC7EB29E-8AFC-4F7A-AC2D-0EA230577589} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2940C243-C21A-4137-86CC-335FC6F22BD4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E9E7E5F2-DAD6-4EEB-8CEA-267834ED96AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {100191A5-D33E-43C0-81C5-2B33B9DD5DE9} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [672328 2024-09-27] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {B1BE498D-6484-4B4F-85A5-9AF6987B9A93} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [34376 2024-09-27] (Mozilla Corporation -> Mozilla Foundation)
Task: {2B21EDD3-228E-48DC-86C6-A65AEF22AE99} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [473904 2016-09-13] (Acer Incorporated -> Acer Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ccb67769-ecf5-4e7c-a80c-000707f16eaf}: [DhcpNameServer] 172.18.128.24
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}: [DhcpDomain] lan
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}\35569666562747: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}\35569666562747: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}\75C414E4D2130353034343: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}\75C414E4D2130353034343: [DhcpDomain] speedport.ip
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}\960586F6E656021313022456368647C656: [DhcpNameServer] 172.20.10.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\lukas\AppData\Local\Microsoft\Edge\User Data\Default [2024-09-27]
Edge Extension: (Google Docs Offline) - C:\Users\lukas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-09-06]
Edge Extension: (Edge relevant text changes) - C:\Users\lukas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-26]

FireFox:
========
FF DefaultProfile: ppdtvhm1.default
FF ProfilePath: C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ppdtvhm1.default [2024-09-27]
FF Homepage: Mozilla\Firefox\Profiles\ppdtvhm1.default -> hxxps://www.bing.com/?PC=B441
FF Notifications: Mozilla\Firefox\Profiles\ppdtvhm1.default -> hxxps://va.check-tl-ver-176-3.com; hxxps://cqbamvu071bc73d0c460.baseauthenticity.co.in
FF Extension: (German Dictionary, extended for Austria) - C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ppdtvhm1.default\Extensions\de-AT@dictionaries.addons.mozilla.org.xpi [2024-06-26]
FF Extension: (German Dictionary (Switzerland)) - C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ppdtvhm1.default\Extensions\de-CH@dictionaries.addons.mozilla.org.xpi [2024-06-26]
FF Extension: (German Dictionary) - C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ppdtvhm1.default\Extensions\de-DE@dictionaries.addons.mozilla.org.xpi [2024-06-26]
FF Extension: (Language: Deutsch (German)) - C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ppdtvhm1.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2024-09-06]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-08-31] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14042808 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe [1427024 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [22384 2023-11-18] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe [3199648 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe [133704 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated -> Acer Incorporated)
R3 MpKslb139ef56; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A616F2DC-F4CD-4BDE-AD04-9499FA6A0275}\MpKslDrv.sys [267552 2024-09-27] (Microsoft Windows -> Microsoft Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated -> Acer Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-09-06] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602504 2024-09-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2024-09-06] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2024-09-27 19:17 - 2024-09-27 19:17 - 000000000 ____D C:\WINDOWS\nskB9D1.tmp
2024-09-27 17:09 - 2024-09-27 17:09 - 000000000 ___HD C:\$WinREAgent
2024-09-27 16:29 - 2024-09-27 22:53 - 000018078 _____ C:\Users\lukas\Downloads\FRST.txt
2024-09-27 16:28 - 2024-09-27 16:28 - 002397696 _____ (Farbar) C:\Users\lukas\Downloads\FRST64.exe
2024-09-27 16:22 - 2024-09-27 19:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2024-09-07 12:27 - 2024-09-07 12:27 - 000002557 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk
2024-09-07 10:34 - 2024-09-07 10:34 - 106168320 _____ C:\WINDOWS\system32\config\SOFTWARE
2024-09-06 14:12 - 2024-09-07 09:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-09-06 14:03 - 2024-09-06 14:03 - 008790880 _____ (Malwarebytes) C:\Users\lukas\Downloads\adwcleaner.exe
2024-09-06 14:02 - 2024-09-06 14:06 - 000000000 ____D C:\AdwCleaner
2024-09-06 13:51 - 2024-09-27 22:53 - 000000000 ____D C:\FRST
2024-09-06 12:04 - 2024-09-06 12:04 - 000000000 ____D C:\Program Files\RUXIM
2024-09-06 11:53 - 2024-09-06 11:53 - 000000000 ____D C:\Users\lukas\Documents\SOLIDWORKS Downloads
2024-09-06 11:49 - 2024-09-06 11:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\Oem
2024-09-06 11:47 - 2024-09-06 11:47 - 000000000 ____D C:\Users\lukas\AppData\Local\IIIQF
2024-09-06 11:45 - 2024-09-06 11:45 - 000000337 _____ C:\UBT_UninstallLog.txt
2024-09-06 11:38 - 2024-09-06 11:38 - 000000000 ____D C:\Users\lukas\Mobile Uploads

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2024-09-27 22:51 - 2021-04-15 09:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-09-27 22:51 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-09-27 19:17 - 2017-03-08 02:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-09-27 17:19 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-09-27 17:09 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-09-27 17:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-09-27 17:05 - 2020-10-19 13:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-09-27 17:04 - 2020-10-19 13:10 - 199688632 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-09-27 16:24 - 2021-12-19 23:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-09-27 16:24 - 2020-10-29 11:38 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-09-27 16:24 - 2020-10-29 11:38 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-09-27 16:23 - 2022-02-18 19:17 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-09-27 16:23 - 2017-03-08 02:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-09-27 16:20 - 2021-12-11 15:00 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3665627448-2874417480-1659816315-1001
2024-09-27 16:20 - 2021-04-15 09:53 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3665627448-2874417480-1659816315-1001
2024-09-27 16:20 - 2021-04-15 09:48 - 000002403 _____ C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-09-27 16:20 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2024-09-27 16:16 - 2021-04-15 09:53 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-09-27 16:16 - 2021-04-15 09:53 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-09-27 16:16 - 2020-10-02 20:30 - 000000000 __SHD C:\Users\lukas\IntelGraphicsProfiles
2024-09-07 10:34 - 2024-07-24 17:05 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2024-09-07 09:39 - 2021-04-15 09:57 - 001722792 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-09-07 09:39 - 2019-12-07 16:50 - 000744968 _____ C:\WINDOWS\system32\perfh007.dat
2024-09-07 09:39 - 2019-12-07 16:50 - 000150354 _____ C:\WINDOWS\system32\perfc007.dat
2024-09-07 09:35 - 2021-04-15 09:46 - 000008192 ___SH C:\DumpStack.log.tmp
2024-09-07 09:34 - 2021-04-15 09:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-09-07 09:34 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-09-07 09:33 - 2019-12-07 11:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2024-09-07 09:13 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-09-06 14:08 - 2021-08-29 19:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-09-06 14:08 - 2017-03-08 02:36 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-09-06 14:06 - 2020-10-02 17:08 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-09-06 14:06 - 2017-03-08 02:35 - 000000000 ____D C:\ProgramData\Acer
2024-09-06 12:47 - 2021-04-15 09:46 - 000436480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\schemas
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-09-06 12:34 - 2021-04-15 09:47 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-09-06 12:17 - 2020-10-02 16:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-09-06 11:59 - 2020-10-02 20:30 - 000000000 ____D C:\Users\lukas\AppData\Local\Packages
2024-09-06 11:56 - 2020-10-29 11:15 - 000000000 ____D C:\Program Files\Common Files\SOLIDWORKS Shared
2024-09-06 11:51 - 2024-07-21 14:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2024-09-06 11:51 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-09-06 11:51 - 2017-03-08 02:37 - 000000000 ____D C:\ProgramData\Norton
2024-09-06 11:49 - 2017-03-08 02:35 - 000000000 ____D C:\Program Files (x86)\Acer
2024-09-06 11:45 - 2017-03-08 02:35 - 000000000 ____D C:\ProgramData\OEM
2024-09-06 11:45 - 2017-03-08 02:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2024-09-06 11:44 - 2020-10-13 09:24 - 000000000 ____D C:\Users\lukas\AppData\Local\OEM
2024-09-06 11:42 - 2020-10-02 17:12 - 000000000 ___HD C:\OEM
2024-09-06 11:38 - 2021-04-15 09:48 - 000000000 ____D C:\Users\lukas
2024-09-06 11:35 - 2020-10-19 13:14 - 000000000 ____D C:\Users\lukas\AppData\Local\D3DSCache

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2022-01-11 18:48 - 2022-01-11 18:53 - 000000000 _____ () C:\Users\lukas\AppData\Local\Temptable.xml

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================

Addition.txt

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2024
durchgeführt von lukas (Administrator) auf DESKTOP-0FD6U7K (Acer Spin SP513-51) (27-09-2024 22:53:08)
Gestartet von C:\Users\lukas\Downloads\FRST64.exe
Geladene Profile: lukas
Plattform: Microsoft Windows 10 Home Version 22H2 19045.4842 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12132.3.2017.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\lukas\AppData\Local\Microsoft\OneDrive\24.171.0825.0002\Microsoft.SharePoint.exe
(C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <21>
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxEM.exe
(Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\MusNotifyIcon.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) CN -> Intel Corporation) C:\WINDOWS\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\IntelCpHeciSvc.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe
(services.exe ->) (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\backup\3C34117B-D5AB-421F-9628-63CD899224E3\OfficeC2RClient.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2408.4.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\WINDOWS\System32\smartscreen.exe

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16709128 2016-10-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1467400 2016-10-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [RtkMbSvTool.exe] => C:\Program Files\Realtek\Audio\HDA\RtkMbSvTool.exe [2026464 2016-11-11] (Realtek Semiconductor Corp. -> TODO: <Company name>)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\lukas\AppData\Local\Microsoft\Teams\Update.exe [2454240 2021-08-06] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default (Keine Datei)
HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe  --app-fallback-url=hxxps://www.disneyplus.com/ --app-id=mbjafbmjpcimpkkihihoideiofnoalmh --display-mode=minimal-ui --ip-aumid=Disney.37853 (Der Dateneintrag hat 178 weitere Zeichen). [3798464 2024-09-19] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\...\RunOnce: [Delete Cached Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\lukas\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" (Keine Datei)
HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\lukas\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" [70969872 2024-09-27] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3665627448-2874417480-1659816315-1001\...\RunOnce: [Uninstall 24.161.0811.0001] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\lukas\AppData\Local\Microsoft\OneDrive\24.161.0811.0001" [0 2024-09-27] () <==== ACHTUNG [Null Byte Datei/Ordner]
HKLM\...\Windows x64\Print Processors\Canon MG5200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAE.DLL [28672 2010-08-25] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5200 series: C:\WINDOWS\system32\CNMLMAE.DLL [361472 2010-08-25] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {D149E61A-3B28-4B10-989E-8116B45D0566} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe  -> C:\Program Files (x86)\Acer\AOP Framework\\task
Task: {E13FE8AD-C3A2-4407-8805-D92BF7E9DADA} - System32\Tasks\FubToolByPLD => C:\OEM\Preload\FubTool\FubTool.exe [30976 2015-05-14] (Acer Incorporated -> )
Task: {9B29E88E-1C2C-4B65-AFF8-D91A3CC3446E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [909112 2016-07-26] (Intel(R) Trusted Connect Service -> Intel(R) Corporation)
Task: {C3D86DCE-11AB-4C25-A38E-8CDDABF49C8B} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28605656 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {8A2D6296-0DFC-48A0-975F-34B0B0EF9FAB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28605656 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {55D15D87-3E93-47C6-8E13-7C16DB80404E} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222872 2024-09-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {E06F5FCE-D2D4-45A0-9F16-DCF90DDC0D5B} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [222872 2024-09-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {275B1062-923E-49C1-982A-68B47666A89E} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4464024 2024-08-25] (Microsoft Corporation -> Microsoft Corporation)
Task: {B13FD857-EB96-4F03-BDAE-4815F85D92CF} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonx86\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe [71368 2024-09-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {13064E4B-E8AD-4610-B183-66565AFDFD4B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {EC7EB29E-8AFC-4F7A-AC2D-0EA230577589} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {2940C243-C21A-4137-86CC-335FC6F22BD4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E9E7E5F2-DAD6-4EEB-8CEA-267834ED96AF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpCmdRun.exe [1687320 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {100191A5-D33E-43C0-81C5-2B33B9DD5DE9} - System32\Tasks\Mozilla\Firefox Background Update E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\firefox.exe [672328 2024-09-27] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {B1BE498D-6484-4B4F-85A5-9AF6987B9A93} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [34376 2024-09-27] (Mozilla Corporation -> Mozilla Foundation)
Task: {2B21EDD3-228E-48DC-86C6-A65AEF22AE99} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [473904 2016-09-13] (Acer Incorporated -> Acer Incorporated)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ccb67769-ecf5-4e7c-a80c-000707f16eaf}: [DhcpNameServer] 172.18.128.24
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}: [DhcpDomain] lan
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}\35569666562747: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}\35569666562747: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}\75C414E4D2130353034343: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}\75C414E4D2130353034343: [DhcpDomain] speedport.ip
Tcpip\..\Interfaces\{e6d84f9a-daa0-4eba-bb98-8c484a0e8228}\960586F6E656021313022456368647C656: [DhcpNameServer] 172.20.10.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\lukas\AppData\Local\Microsoft\Edge\User Data\Default [2024-09-27]
Edge Extension: (Google Docs Offline) - C:\Users\lukas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-09-06]
Edge Extension: (Edge relevant text changes) - C:\Users\lukas\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-26]

FireFox:
========
FF DefaultProfile: ppdtvhm1.default
FF ProfilePath: C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ppdtvhm1.default [2024-09-27]
FF Homepage: Mozilla\Firefox\Profiles\ppdtvhm1.default -> hxxps://www.bing.com/?PC=B441
FF Notifications: Mozilla\Firefox\Profiles\ppdtvhm1.default -> hxxps://va.check-tl-ver-176-3.com; hxxps://cqbamvu071bc73d0c460.baseauthenticity.co.in
FF Extension: (German Dictionary, extended for Austria) - C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ppdtvhm1.default\Extensions\de-AT@dictionaries.addons.mozilla.org.xpi [2024-06-26]
FF Extension: (German Dictionary (Switzerland)) - C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ppdtvhm1.default\Extensions\de-CH@dictionaries.addons.mozilla.org.xpi [2024-06-26]
FF Extension: (German Dictionary) - C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ppdtvhm1.default\Extensions\de-DE@dictionaries.addons.mozilla.org.xpi [2024-06-26]
FF Extension: (Language: Deutsch (German)) - C:\Users\lukas\AppData\Roaming\Mozilla\Firefox\Profiles\ppdtvhm1.default\Extensions\langpack-de@firefox.mozilla.org.xpi [2024-09-06]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-09-07] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-08-31] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14042808 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MpDefenderCoreService.exe [1427024 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [22384 2023-11-18] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\NisSrv.exe [3199648 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24070.5-0\MsMpEng.exe [133704 2024-09-06] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [31000 2018-05-15] (Acer Incorporated -> Acer Incorporated)
R3 MpKslb139ef56; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A616F2DC-F4CD-4BDE-AD04-9499FA6A0275}\MpKslDrv.sys [267552 2024-09-27] (Microsoft Windows -> Microsoft Corporation)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [25368 2018-05-15] (Acer Incorporated -> Acer Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22080 2024-09-06] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [602504 2024-09-06] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105864 2024-09-06] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2024-09-27 19:17 - 2024-09-27 19:17 - 000000000 ____D C:\WINDOWS\nskB9D1.tmp
2024-09-27 17:09 - 2024-09-27 17:09 - 000000000 ___HD C:\$WinREAgent
2024-09-27 16:29 - 2024-09-27 22:53 - 000018078 _____ C:\Users\lukas\Downloads\FRST.txt
2024-09-27 16:28 - 2024-09-27 16:28 - 002397696 _____ (Farbar) C:\Users\lukas\Downloads\FRST64.exe
2024-09-27 16:22 - 2024-09-27 19:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2024-09-07 12:27 - 2024-09-07 12:27 - 000002557 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sticky Notes (new).lnk
2024-09-07 10:34 - 2024-09-07 10:34 - 106168320 _____ C:\WINDOWS\system32\config\SOFTWARE
2024-09-06 14:12 - 2024-09-07 09:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-09-06 14:03 - 2024-09-06 14:03 - 008790880 _____ (Malwarebytes) C:\Users\lukas\Downloads\adwcleaner.exe
2024-09-06 14:02 - 2024-09-06 14:06 - 000000000 ____D C:\AdwCleaner
2024-09-06 13:51 - 2024-09-27 22:53 - 000000000 ____D C:\FRST
2024-09-06 12:04 - 2024-09-06 12:04 - 000000000 ____D C:\Program Files\RUXIM
2024-09-06 11:53 - 2024-09-06 11:53 - 000000000 ____D C:\Users\lukas\Documents\SOLIDWORKS Downloads
2024-09-06 11:49 - 2024-09-06 11:49 - 000000000 ____D C:\WINDOWS\system32\Tasks\Oem
2024-09-06 11:47 - 2024-09-06 11:47 - 000000000 ____D C:\Users\lukas\AppData\Local\IIIQF
2024-09-06 11:45 - 2024-09-06 11:45 - 000000337 _____ C:\UBT_UninstallLog.txt
2024-09-06 11:38 - 2024-09-06 11:38 - 000000000 ____D C:\Users\lukas\Mobile Uploads

==================== Ein Monat (geänderte) ==================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2024-09-27 22:51 - 2021-04-15 09:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-09-27 22:51 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-09-27 19:17 - 2017-03-08 02:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-09-27 17:19 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-09-27 17:09 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-09-27 17:09 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-09-27 17:05 - 2020-10-19 13:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-09-27 17:04 - 2020-10-19 13:10 - 199688632 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-09-27 16:24 - 2021-12-19 23:10 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-09-27 16:24 - 2020-10-29 11:38 - 000002440 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-09-27 16:24 - 2020-10-29 11:38 - 000002278 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-09-27 16:23 - 2022-02-18 19:17 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-09-27 16:23 - 2017-03-08 02:04 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-09-27 16:20 - 2021-12-11 15:00 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3665627448-2874417480-1659816315-1001
2024-09-27 16:20 - 2021-04-15 09:53 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3665627448-2874417480-1659816315-1001
2024-09-27 16:20 - 2021-04-15 09:48 - 000002403 _____ C:\Users\lukas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-09-27 16:20 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2024-09-27 16:16 - 2021-04-15 09:53 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-09-27 16:16 - 2021-04-15 09:53 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-09-27 16:16 - 2020-10-02 20:30 - 000000000 __SHD C:\Users\lukas\IntelGraphicsProfiles
2024-09-07 10:34 - 2024-07-24 17:05 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2024-09-07 09:39 - 2021-04-15 09:57 - 001722792 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-09-07 09:39 - 2019-12-07 16:50 - 000744968 _____ C:\WINDOWS\system32\perfh007.dat
2024-09-07 09:39 - 2019-12-07 16:50 - 000150354 _____ C:\WINDOWS\system32\perfc007.dat
2024-09-07 09:35 - 2021-04-15 09:46 - 000008192 ___SH C:\DumpStack.log.tmp
2024-09-07 09:34 - 2021-04-15 09:53 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-09-07 09:34 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-09-07 09:33 - 2019-12-07 11:03 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2024-09-07 09:13 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-09-06 14:08 - 2021-08-29 19:02 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-09-06 14:08 - 2017-03-08 02:36 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-09-06 14:06 - 2020-10-02 17:08 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2024-09-06 14:06 - 2017-03-08 02:35 - 000000000 ____D C:\ProgramData\Acer
2024-09-06 12:47 - 2021-04-15 09:46 - 000436480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\schemas
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2024-09-06 12:46 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-09-06 12:34 - 2021-04-15 09:47 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-09-06 12:17 - 2020-10-02 16:18 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-09-06 11:59 - 2020-10-02 20:30 - 000000000 ____D C:\Users\lukas\AppData\Local\Packages
2024-09-06 11:56 - 2020-10-29 11:15 - 000000000 ____D C:\Program Files\Common Files\SOLIDWORKS Shared
2024-09-06 11:51 - 2024-07-21 14:28 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2024-09-06 11:51 - 2019-12-07 11:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2024-09-06 11:51 - 2017-03-08 02:37 - 000000000 ____D C:\ProgramData\Norton
2024-09-06 11:49 - 2017-03-08 02:35 - 000000000 ____D C:\Program Files (x86)\Acer
2024-09-06 11:45 - 2017-03-08 02:35 - 000000000 ____D C:\ProgramData\OEM
2024-09-06 11:45 - 2017-03-08 02:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2024-09-06 11:44 - 2020-10-13 09:24 - 000000000 ____D C:\Users\lukas\AppData\Local\OEM
2024-09-06 11:42 - 2020-10-02 17:12 - 000000000 ___HD C:\OEM
2024-09-06 11:38 - 2021-04-15 09:48 - 000000000 ____D C:\Users\lukas
2024-09-06 11:35 - 2020-10-19 13:14 - 000000000 ____D C:\Users\lukas\AppData\Local\D3DSCache

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========

2022-01-11 18:48 - 2022-01-11 18:53 - 000000000 _____ () C:\Users\lukas\AppData\Local\Temptable.xml

==================== SigCheck ============================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

==================== Ende von FRST.txt ========================

cosinus · 27.09.2024, 22:02

Das auf D: wurde schon längst gelöscht und das andere ist ein Element im Papierkorb. Da gibt es nix mehr zu löschen. Aber wir leeren mal die TMP-Pfade und Papierkörbe mit FRST:

Scripting/Repair mit FRST64

WARNUNG AN ALLE MITLESER !!!
Dieses FRST-Script ist ausschließlich für diesen Nutzer gedacht und sollte niemals 1:1 für ein anderes System angewendet werden!

Kopiere den gesamten Inhalt der folgenden Code-Box:

Code:

ATTFilter

Start::
CloseProcesses:
AV: Norton Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Norton Security (Disabled - Out of date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AV: Norton Security (Disabled - Out of date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton Security (Disabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton Security (Disabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
FW: Norton Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
emptytemp:
End::

Starte nun FRST und klicke direkt den Reparieren Button.Wichtig: Du brauchst den Inhalt der Code-Box nirgends einfügen, da sich FRST den Code aus der Zwischenablage holt!
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich FRST befindet.
Gegebenenfalls muss dein Rechner neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

raphaelk · 27.09.2024, 22:12

Okay, verstehe. Habe ich ausgeführt. Ist aber nach wie vor im Papierkorb:
https://ibb.co/z23YMT7
https://ibb.co/r2rnRN4

Soll ich den Papierkorb mal manuell leeren?

Fixlog.txt

Code:

ATTFilter

Entfernungsergebnis von Farbar Recovery Scan Tool (x64) Version: 16-09-2024
durchgeführt von lukas (27-09-2024 23:04:10) Run:1
Gestartet von C:\Users\lukas\Downloads
Geladene Profile: lukas
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
Start::
CloseProcesses:
AV: Norton Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Disabled - Out of date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
AV: Norton Security (Disabled - Out of date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security (Disabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton Security (Disabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
FW: Norton Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
emptytemp:
End::
        
*****************

Prozesse erfolgreich geschlossen.
"AV: Norton Security (Disabled - Out of date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}" => erfolgreich entfernt
"AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}" => erfolgreich entfernt
"AV: Norton Security (Disabled - Out of date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}" => erfolgreich entfernt
"AV: Norton Security (Disabled - Out of date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}" => erfolgreich entfernt
"AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}" => erfolgreich entfernt
"FW: Norton Security (Disabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}" => erfolgreich entfernt
"FW: Norton Security (Disabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}" => erfolgreich entfernt
"FW: Norton Security (Disabled) {6BFC5632-188D-B806-D13E-C607121B42A0}" => erfolgreich entfernt

=========== EmptyTemp: ==========

FlushDNS => abgeschlossen
BITS transfer queue => 1572864 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 226065809 B
Java, Discord, Steam htmlcache, WinHttpAutoProxySvc/winhttp *.cache => 0 B
Windows/system/drivers => 10555282 B
Edge => 0 B
Firefox => 1126401241 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 652920 B
NetworkService => 1647962 B
lukas => 111502424 B

RecycleBin => 37666532 B
EmptyTemp: => 1.4 GB temporäre Dateien entfernt.

================================


Das System musste neu gestartet werden.

==== Ende von Fixlog 23:04:57 ====

27.09.2024, 21:13	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 10: PUA/DownloadSponsor entfernen Da wurde doch schon alles entfernt. Und was soll sich bitte nicht entfernen lassen? __________________ Logfiles bitte immer in CODE-Tags posten

27.09.2024, 21:24	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows 10: PUA/DownloadSponsor entfernen Und das hilft so nicht weiter! Weil da nicht steht wo was gefunden wurde. __________________ Logfiles bitte immer in CODE-Tags posten

Windows 10: PUA/DownloadSponsor entfernen

Log-Analyse und Auswertung: Windows 10: PUA/DownloadSponsor entfernen