| |
| |||||||
Log-Analyse und Auswertung: Defenderfund BrowserModifier:Win32/Istuni. Nun Firefox lahm und aufgehängtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.11.2024, 20:07
| #1 |
| |  Defenderfund BrowserModifier:Win32/Istuni. Nun Firefox lahm und aufgehängt Hi, Derzeitige Situation: Firefox hängt sich bei Aufruf von Vistaprint.de zügig dauerhaft auf. Vorgeschichte: Ich habe ein paar recht alte SW-Versionen laufen, so z.B ACDSee pro 3.0, Palm Desktop, Palm Hotsync, etc. . Schon ewig am Laufen, gekaufte Software, tut ihren Job. Würde ich ungern löschen, da Konfiguration mühsam. Im Zuge eines (vergeblichen) Versuchs mittels Dongknows.com mein Win10 auf einer HP z420 Workstation auf win11 zu hieven, habe ich ein paar Programme runtergeladen, die ich zwar jeweils vor Ausführung mit Defender gescannt habe, aber vermutlich ist doch was schief gegangen (Sisoft Sandra lite noch dazu von Chip.de, selten dämlich). Es fing an damit dass Defender den Fund von BrowserModifier:Win32/Istuni meldete. Daraufhin habe ich das entsprechende Programm mittels Defender entfernt und zwei komplette Scans mit Defender gemacht. Dabei kamen dann mehrfach (wohl wg Backups auf meinen Platten) noch Meldung des bereits von Defender bemängelten BrowserModifier:Win32/Istuni sowie auch PUADlManager:Win32/DownloadSponsor PUABundler:Win32/FusionCore PUA:Win32/DownloadGuide PUA:Win32/AskToolbar Alle wurden per Defender entfernt/blockiert. Istuni.exe in einem Ordner FRANCZON habe ich danach noch per Dateisuche manuell in diversen Backups gelöscht. Danach forderte mich Chrome auf alle Sicherheitseinstellungen auf Standard zurückzusetzen, was ich tat. Dann war ein neuer Login im Googlekonto (2FA) fällig. Chrome war eigentlich nicht auffällig, und ist es auch nach wie vor nicht. Es folgen die FRST Logs Danke vorab! Thomas FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 10-11-2024 02
durchgeführt von thomas_hp (Administrator) auf HP-Z420TS (Hewlett-Packard HP Z420 Workstation) (10-11-2024 18:57:48)
Gestartet von C:\Users\info\Downloads\FRST64.exe
Geladene Profile: thomas_hp
Plattform: Microsoft Windows 10 Pro Version 22H2 19045.5011 (X64) Sprache: Englisch (Vereinigte Staaten) -> Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Anvsoft Inc. -> ) C:\Program Files (x86)\Anvsoft\Syncios\adb.exe
(Anvsoft Inc. -> ) C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe
(C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe ->) (Anvsoft Inc. -> ) C:\Program Files (x86)\Anvsoft\Syncios\androidnotifier.exe
(C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.911.1\DropboxCrashHandler.exe
(C:\Program Files (x86)\Portrait Displays\HP Display Assistant\dthtml.exe ->) (Portrait Displays, Inc. -> Portrait Displays Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\HookManager.exe
(C:\Program Files (x86)\Portrait Displays\HP Display Assistant\dthtml.exe ->) (Portrait Displays, Inc. -> Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelper.exe
(C:\Program Files\Tablet\Wacom\WacomHost.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> ) C:\Program Files\Tablet\Wacom\Wacom_UpdateUtil.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(C:\Users\info\AppData\Local\0install.net\implementations\sha256new_36U2IQ5XVNARHVTU3NY6GZASRDTKAPCCGSWYGGR5QVQU57PPNR4Q\DeepL.exe ->) (DeepL SE -> The CefSharp Authors) C:\Users\info\AppData\Local\0install.net\implementations\sha256new_NX54BP3MSRHNDMB5N5YOFJZWO5QE5I5W7JTPGB4XC7MEJNSXCC3A\CefSharp.BrowserSubprocess.exe <5>
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\ENS\SpaceRecall\EaseUSStartHelper.exe
(CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\ENS\SpaceRecall\SpacePop.exe
(DeepL SE -> DeepL SE) C:\Users\info\AppData\Local\0install.net\implementations\sha256new_36U2IQ5XVNARHVTU3NY6GZASRDTKAPCCGSWYGGR5QVQU57PPNR4Q\DeepL.exe
(explorer.exe ->) (Lansweeper -> Fing Ltd) C:\Program Files\Fing\Fing.exe <4>
(explorer.exe ->) (PalmSource, Inc) [Datei ist nicht signiert] C:\Program Files (x86)\Palm\Hotsync.exe
(explorer.exe ->) (pCloud International AG -> ) C:\Program Files\pCloud Drive\pCloud.exe
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(explorer.exe ->) (SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE
(explorer.exe ->) (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIKEE.EXE
(explorer.exe ->) (Steve Miller -> hxxp://SteveMiller.net/PureText/) C:\Program Files\PureText Clipboard\PureText.exe
(Generex GmbH) [Datei ist nicht signiert] C:\Users\info\upsman\UPSTray.exe
(Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(MiniTool Software Limited -> ) C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <17>
(Portrait Displays, Inc. -> Portrait Displays, Inc) C:\Program Files (x86)\Portrait Displays\HP Display Assistant\dthtml.exe
(SEIKO EPSON CORPORATION -> Seiko Epson Corporation) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Arvato Digital Services Canada Inc -> arvato digital services llc) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(services.exe ->) (CHENGDU YIWO Tech Development Co., Ltd. -> ) C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
(services.exe ->) (Code Sector -> ) C:\Program Files\TeraCopy\TeraCopyService.exe
(services.exe ->) (Cybereason) [Datei ist nicht signiert] C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe
(services.exe ->) (David Carpenter -> ) C:\Program Files\Everything\Everything.exe <2>
(services.exe ->) (Lansweeper -> Fing Limited) C:\Program Files\Fing\resources\extraResources\fingagent.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvwmi64.exe <2>
(services.exe ->) (Portrait Displays, Inc. -> Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Wacom Co., Ltd. -> Wacom Co. Ltd.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(svchost.exe ->) (Cybereason) [Datei ist nicht signiert] C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (Intel(R) Software Development Products -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14062848 2015-07-03] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2199656 2018-02-09] (David Carpenter -> )
HKLM\...\Run: [snpstd3] => C:\WINDOWS\vsnpstd3.exe (Keine Datei)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3246992 2023-02-08] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [MTPW] => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
HKLM-x32\...\Run: [DT HWP] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [122384 2013-10-11] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [970536 2023-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [1309992 2023-07-20] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Anvsoft\Syncios\SynciosDeviceService.exe [2443384 2018-06-29] (Anvsoft Inc. -> )
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [9235336 2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [UPSMANTray] => C:\Users\info\upsman\UPSTray.exe [253952 2012-12-06] (Generex GmbH) [Datei ist nicht signiert]
HKLM-x32\...\Run: [tsnpstd3] => C:\WINDOWS\tsnpstd3.exe [356352 2009-07-08] () [Datei ist nicht signiert]
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-21] (Kilonova LLC -> )
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2753808 2024-03-06] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\84.0.11.0\GoogleDriveFS.exe --startup_mode (Keine Datei)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\84.0.11.0\GoogleDriveFS.exe --startup_mode (Keine Datei)
HKU\S-1-5-21-2780452717-2781726665-2235346944-1002\...\Run: [PureText] => C:\Program Files\PureText Clipboard\PureText.exe [117704 2019-09-22] (Steve Miller -> hxxp://SteveMiller.net/PureText/)
HKU\S-1-5-21-2780452717-2781726665-2235346944-1002\...\Run: [E298801576DADFB4BC0BA4DA773B3C48CDA25660._service_run] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=service /prefetch:8 [3856464 2024-11-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2780452717-2781726665-2235346944-1002\...\Run: [pCloud] => C:\Program Files\pCloud Drive\pCloud.exe [394360 2024-08-27] (pCloud International AG -> )
HKU\S-1-5-21-2780452717-2781726665-2235346944-1002\...\Run: [Device Detector] => DevDetect.exe -autorun (Keine Datei)
HKU\S-1-5-21-2780452717-2781726665-2235346944-1002\...\Run: [MicrosoftEdgeAutoLaunch_DEE908A0CF799E4107F727695860A6BE] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3856464 2024-11-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2780452717-2781726665-2235346944-1002\...\Run: [electron.app.Fing] => C:\Program Files\Fing\Fing.exe [136140520 2024-09-20] (Lansweeper -> Fing Ltd)
HKU\S-1-5-21-2780452717-2781726665-2235346944-1002\...\Run: [EPSDNMON] => C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE [350032 2022-07-22] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
HKU\S-1-5-21-2780452717-2781726665-2235346944-1002\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKEE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION -> SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2780452717-2781726665-2235346944-1002\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-2780452717-2781726665-2235346944-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\ENDLES~2.SCR [22885648 2024-08-08] (Maksym Reva -> Extreme Internet Software)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\84.0.11.0\GoogleDriveFS.exe --startup_mode (Keine Datei)
HKLM\...\Windows x64\Print Processors\hpzppw72: C:\Windows\System32\spool\prtprocs\x64\hpzppw72.dll [257024 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\EPSON Universal Print Driver 64MonitorBE: C:\WINDOWS\system32\E_2LM0DE.DLL [237568 2021-09-21] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EPSON WF-3620 Series 64MonitorBE: C:\WINDOWS\system32\E_YLMBKEE.DLL [187392 2018-06-15] (Microsoft Windows Hardware Compatibility Publisher -> Seiko Epson Corporation)
HKLM\...\Print\Monitors\EpsonNet Print Port: C:\WINDOWS\system32\enppmon.dll [558592 2012-11-12] (SEIKO EPSON CORPORATION) [Datei ist nicht signiert]
HKLM\...\Print\Monitors\PCL hpz3lw72: C:\WINDOWS\system32\hpz3lw72.dll [46080 2009-07-14] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\pdfcmon: C:\WINDOWS\system32\pdfcmon.dll [116736 2019-09-27] (pdfforge GmbH) [Datei ist nicht signiert]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\130.0.6723.117\Installer\chrmstp.exe [2024-11-08] (Google LLC -> Google LLC)
Startup: C:\Users\info\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DeepL auto-start.lnk [2022-06-16]
ShortcutTarget: DeepL auto-start.lnk -> C:\Users\info\AppData\Roaming\0install.net\desktop-integration\stubs\1eae01f3cdb5ff0ecf683b15a60a1489573c1188cb34abc205fcf7a924b4e54d\auto-start.exe () [Datei ist nicht signiert]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk [2021-02-21]
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) [Datei ist nicht signiert]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bitmeter2.lnk [2018-10-28]
ShortcutTarget: Bitmeter2.lnk -> C:\Program Files (x86)\Codebox\BitMeter\BitMeter2.exe () [Datei ist nicht signiert]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HotSync Manager.lnk [2018-01-21]
ShortcutTarget: HotSync Manager.lnk -> C:\Program Files (x86)\Palm\Hotsync.exe (PalmSource, Inc) [Datei ist nicht signiert]
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {D28247E7-FC49-457E-9DDD-CBE2834249E8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1574856 2024-09-25] (Adobe Inc. -> Adobe Inc.)
Task: {0E587FA1-6297-4A57-958F-88E8A3E83887} - System32\Tasks\CorelUpdateHelperTask-7296786A0577DC163C4A8C01A6C52278 => C:\Program Files (x86)\Corel\CUH\v2\CUH.EXE [3834384 2024-01-24] (Corel Corporation -> Corel Corporation)
Task: {5CCFC6E4-4F9C-4218-BD36-32C0C1811253} - System32\Tasks\CorelUpdateHelperTaskCore => C:\Program Files (x86)\Corel\CUH\v2\CUH.EXE [3834384 2024-01-24] (Corel Corporation -> Corel Corporation)
Task: {7F312732-C69E-43F1-B2A0-20734A710045} - System32\Tasks\Cybereason RansomFree Autostart => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [1065984 2017-11-20] (Cybereason) [Datei ist nicht signiert] -> C:\Program Files (x86)\Cybereason\RansomFree\\/startup
Task: {45FD0B6C-37F6-4ADD-BD6E-7F183193570F} - System32\Tasks\Cybereason RansomFree Keepalive => C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFree.exe [1065984 2017-11-20] (Cybereason) [Datei ist nicht signiert] -> C:\Program Files (x86)\Cybereason\RansomFree\\/keepalive
Task: {6ACF0DCD-012D-4C5D-A5CE-E49CA7BB2142} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {C81C3AC9-DE37-4088-B17F-9E7883AF6BC0} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
Task: {B4F18AF4-F149-49DC-B0F0-781D264B2349} - System32\Tasks\EPSON WF-3620 Series Invitation {03C92D0C-EFFC-40A4-BBAB-796A74E0ABFB} => C:\Windows\System32\spool\drivers\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {0959AF11-314A-4F3E-9D93-4FDC065EB629} - System32\Tasks\EPSON WF-3620 Series Update {03C92D0C-EFFC-40A4-BBAB-796A74E0ABFB} => C:\Windows\System32\spool\drivers\x64\3\E_YTSKEE.EXE [679488 2013-02-28] (SEIKO EPSON Corporation -> SEIKO EPSON CORPORATION)
Task: {6F110332-92C8-4A19-9E26-244CCFD4CD97} - System32\Tasks\G2MUpdateTask-S-1-5-21-2780452717-2781726665-2235346944-1002 => C:\Users\info\AppData\Local\GoToMeeting\19992\g2mupdate.exe [34872 2024-04-06] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {C8E41157-EF04-4F07-8A91-0637CC6FBF03} - System32\Tasks\G2MUploadTask-S-1-5-21-2780452717-2781726665-2235346944-1002 => C:\Users\info\AppData\Local\GoToMeeting\19992\g2mupload.exe [34872 2024-04-06] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {A820DD9A-A845-4B50-B44B-38C3D0DCE438} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem131.0.6776.0{E0C99221-F6B4-42BC-81DA-F0DE5C74C424} => C:\Program Files (x86)\Google\GoogleUpdater\131.0.6776.0\updater.exe [5507168 2024-10-14] (Google LLC -> Google LLC)
Task: {696285D2-2D63-4A1F-B9E1-83E04957054E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {D7CCD787-9CAB-4FF0-8C9D-A802E7036BCD} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [3087184 2020-03-10] (Intel(R) Software Development Products -> Intel Corporation)
Task: {83F5C62A-F563-4349-99C9-9CC8E200CEEB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (Keine Datei)
Task: {2747CB4D-BA70-4307-814A-D003F8C7899C} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {CC3E3DB1-C357-4B42-BD4E-0B699827FDE9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {8FE6BAB5-FFC1-4CAC-8D69-0B8BA92C463A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {197E4458-AF8B-4BDC-982A-8B06C59448EA} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {301BD1EC-1F58-40AA-B204-C35DC5FDC94C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C09EB993-8169-433F-A45A-309996996092} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {6BD84A7E-9967-42D9-B2AF-5C02F429484D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpCmdRun.exe [1687360 2024-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {31175B86-D746-4661-892E-86FC9BC8423D} - System32\Tasks\MiniToolPartitionWizard => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
Task: {0470C23E-1A51-4BB8-A02F-FDF302B73136} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671808 2024-11-05] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {E00BCB4A-1B45-45E1-9C07-849782C529BD} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2780452717-2781726665-2235346944-1002 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671808 2024-11-05] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {8D039339-4180-417F-8B0C-E21116CB3889} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34368 2024-11-05] (Mozilla Corporation -> Mozilla Foundation)
Task: {14D7BEB7-5B0F-489E-9F8C-8E820C24300F} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [1145 2021-03-24] () [Datei ist nicht signiert]
Task: {BA012ED0-C295-4292-BD76-8B5E17ED56C4} - System32\Tasks\nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2096064 2018-01-04] (NVIDIA Corporation -> ) -> C:\Program Files\NVIDIA Corporation\nview\/installquiet
Task: {BB42A2FE-0495-452F-B182-A6F0CCE2E167} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2780452717-2781726665-2235346944-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Keine Datei)
Task: {6C0092F5-9580-4C76-9FBA-DBD99DF373B6} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2780452717-2781726665-2235346944-1002 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [24064 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {D809B774-EBFF-481F-8BE9-CB9444578288} - System32\Tasks\update-S-1-5-21-2780452717-2781726665-2235346944-1002 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {1A62F7D1-CD83-4F91-BBD3-656AA930A9D8} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {0B9A2FC7-451D-44A5-B1C7-0BAB56D142A9} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe [196608 2024-07-12] (Microsoft Windows -> Microsoft Corporation) -> C:\Program Files\Intel\SUR\QUEENCREEK\x64\//B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {408FAAA4-4DE0-4D8B-B3AD-624782713B2E} - System32\Tasks\ZoomUpdateTaskUser-S-1-5-21-2780452717-2781726665-2235346944-1002 => C:\Users\info\AppData\Roaming\Zoom\bin\Zoom.exe [435016 2024-10-15] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {03C92D0C-EFFC-40A4-BBAB-796A74E0ABFB}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE
Task: C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {03C92D0C-EFFC-40A4-BBAB-796A74E0ABFB}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSKEE.EXE:/EXE:{03C92D0C-EFFC-40A4-BBAB-796A74E0ABFB} /F:UpdateWORKGROUP\HP-Z420TS$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2780452717-2781726665-2235346944-1002.job => C:\Users\info\AppData\Local\GoToMeeting\19992\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2780452717-2781726665-2235346944-1002.job => C:\Users\info\AppData\Local\GoToMeeting\19992\g2mupload.exe
Task: C:\WINDOWS\Tasks\update-S-1-5-21-2780452717-2781726665-2235346944-1002.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a5cb7f44-2e89-4a3b-96a9-86fcebfa8d42}: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{c8bed1aa-a388-4fb9-8d48-20e05cb95814}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{c8bed1aa-a388-4fb9-8d48-20e05cb95814}: [DhcpDomain] home
Edge:
=======
Edge Profile: C:\Users\info\AppData\Local\Microsoft\Edge\User Data\Default [2024-11-06]
Edge HomePage: Default -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
Edge Extension: (Google Docs Offline) - C:\Users\info\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-11-05]
Edge Extension: (Edge relevant text changes) - C:\Users\info\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-25]
FireFox:
========
FF DefaultProfile: inogjhmw.default
FF ProfilePath: C:\Users\info\AppData\Roaming\Mozilla\Firefox\Profiles\inogjhmw.default [2024-11-10]
FF user.js: detected! => C:\Users\info\AppData\Roaming\Mozilla\Firefox\Profiles\inogjhmw.default\user.js [2019-08-24]
FF NewTab: Mozilla\Firefox\Profiles\inogjhmw.default -> hxxp://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10420__180213
FF Session Restore: Mozilla\Firefox\Profiles\inogjhmw.default -> ist aktiviert.
FF Notifications: Mozilla\Firefox\Profiles\inogjhmw.default -> hxxps://gcx.aliexpress.com; hxxps://www.opodo.de; hxxps://app.n26.com; hxxps://aquarea-smart.panasonic.com; hxxps://web.wallapop.com; hxxps://kundenportal.dr-peters.de; hxxps://my.pcloud.com; hxxps://meet.google.com; hxxps://e.pcloud.com
FF Extension: (Facebook Container) - C:\Users\info\AppData\Roaming\Mozilla\Firefox\Profiles\inogjhmw.default\Extensions\@contain-facebook.xpi [2023-07-21]
FF Extension: (Abstract – Bold) - C:\Users\info\AppData\Roaming\Mozilla\Firefox\Profiles\inogjhmw.default\Extensions\abstract-bold-colorway@mozilla.org.xpi [2023-03-28]
FF Extension: (I don't care about cookies) - C:\Users\info\AppData\Roaming\Mozilla\Firefox\Profiles\inogjhmw.default\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2023-12-07]
FF Extension: (Simple Form Fill) - C:\Users\info\AppData\Roaming\Mozilla\Firefox\Profiles\inogjhmw.default\Extensions\simpleformfill@sblask.xpi [2021-12-03]
FF Extension: (uBlock Origin) - C:\Users\info\AppData\Roaming\Mozilla\Firefox\Profiles\inogjhmw.default\Extensions\uBlock0@raymondhill.net.xpi [2024-10-07]
FF Extension: (NoScript) - C:\Users\info\AppData\Roaming\Mozilla\Firefox\Profiles\inogjhmw.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2024-11-07]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2018-01-24] [] [ist nicht signiert]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-11-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [Keine Datei]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL [Keine Datei]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-04] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Datei ist nicht signiert]
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-04] (NVIDIA Corporation PE Sign v2016 -> NVIDIA Corporation) [Datei ist nicht signiert]
FF Plugin-x32: @palmsource.com/installer,version=1.0 -> C:\PROGRA~2\Palm\PACKAG~1\NPInstal.dll [2007-03-19] () [Datei ist nicht signiert]
Chrome:
=======
CHR Profile: C:\Users\info\AppData\Local\Google\Chrome\User Data\Default [2024-11-10]
CHR StartupUrls: Default -> "hxxps://calendar.google.com/calendar/u/0/r?tab=rc"
CHR Extension: (I don't care about cookies) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Default\Extensions\fihnjjcciajhdojfnbdddfaoknhalnja [2024-06-26]
CHR Extension: (Google Docs Offline) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-11-06]
CHR Extension: (Sprache in Text umwandeln) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdcdafhjjjfnkoeilnjmnadadaoehgdc [2023-03-08]
CHR Extension: (Anwendungs-Launcher für Drive (von Google)) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2023-08-23]
CHR Extension: (Google Input Tools) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Default\Extensions\mclkkofklkfljcocdinagocijmpgbhab [2024-09-27]
CHR Extension: (Ghostery Tracker- & Werbeblocker | Datenschutz AdBlocker) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2024-11-10]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2024-11-06]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\info\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-01]
CHR Profile: C:\Users\info\AppData\Local\Google\Chrome\User Data\System Profile [2018-03-01]
CHR HKLM\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]
CHR HKU\S-1-5-21-2780452717-2781726665-2235346944-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [nladljmabboanhihfkjacnnkgjhnokhj]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-09-25] (Adobe Inc. -> Adobe Inc.)
S4 Asset Management Daemon; C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe [134672 2013-10-11] (Portrait Displays, Inc. -> )
S4 brlapi; C:\WINDOWS\brltty\bin\brltty.exe [847886 2019-10-15] (Microsoft Windows -> )
S4 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [Datei ist nicht signiert]
R2 CybereasonRansomFree; C:\Program Files (x86)\Cybereason\RansomFree\CybereasonRansomFreeServiceHost.exe [13824 2017-11-20] (Cybereason) [Datei ist nicht signiert]
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2021-11-12] (Dropbox, Inc -> Dropbox, Inc.)
S4 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
S4 DNACore; C:\Program Files (x86)\D-Link Network Assistant\nssm.exe [368640 2017-04-26] (Iain Patterson) [Datei ist nicht signiert] <==== ACHTUNG
S4 DropboxElevationService; C:\Program Files (x86)\Dropbox\Client\211.4.6008\DropboxElevationService.exe [1659280 2024-10-29] (Dropbox, Inc -> Dropbox, Inc.)
S4 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2013-10-11] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
R2 EaseUS UPDATE SERVICE; C:\Program Files (x86)\EaseUS\ENS\ensserver.exe [36808 2024-09-26] (CHENGDU YIWO Tech Development Co., Ltd. -> )
S4 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (SEIKO EPSON Corporation -> Seiko Epson Corporation)
R2 Everything; C:\Program Files\Everything\Everything.exe [2199656 2018-02-09] (David Carpenter -> )
S4 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [Datei ist nicht signiert]
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 MTAgentService; C:\Program Files\MiniTool ShadowMaker\AgentService.exe [783344 2021-01-28] (MiniTool Software Limited -> )
S4 MTSchedulerService; C:\Program Files\MiniTool ShadowMaker\SchedulerService.exe [226800 2021-01-28] (MiniTool Software Limited -> )
S4 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R2 NVWMI; C:\WINDOWS\system32\nvwmi64.exe [4436272 2018-01-04] (NVIDIA Corporation -> NVIDIA Corporation)
R2 PSI_SVC_2; c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (Arvato Digital Services Canada Inc -> arvato digital services llc)
S4 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2021\RpcAgentSrv.exe [141816 2023-03-31] (SiSoftware SPC -> SiSoftware) [Datei ist nicht signiert]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [530488 2024-09-12] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 StarMoney 10 OnlineUpdate; C:\Program Files (x86)\StarMoney 10\ouservice\StarMoneyOnlineUpdate.exe [701760 2016-11-25] (Star Finanz - Software Entwicklung und Vertriebs GmbH -> Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [22679856 2024-10-25] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TeraCopyService; C:\Program Files\TeraCopy\TeraCopyService.exe [112944 2020-08-15] (Code Sector -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-11-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 Fing.Agent; "C:\Program Files\Fing\resources\extraResources\fingagent.exe" --servicemode Fing.Agent --agentroot "C:\Users\info\AppData\Roaming"
S2 PDF Architect 6 Creator; "C:\Program Files\PDF Architect 6\creator\common\creator-ws.exe" [X]
S3 rpcapd; "%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini" [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AceecaUSBDx64; C:\WINDOWS\system32\DRIVERS\AceecaUSBDx64.sys [66552 2018-01-20] (Aceeca International Ltd. -> PalmSource, Inc.)
S2 Aspi32; C:\Windows\SysWOW64\drivers\aspi32.sys [16512 2002-07-17] (Adaptec) [Datei ist nicht signiert]
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [282624 2023-11-14] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [147968 2023-11-14] (Microsoft Corporation) [Datei ist nicht signiert]
R1 cbfs20; C:\WINDOWS\System32\drivers\cbfs20.sys [457768 2022-11-09] (Microsoft Windows Hardware Compatibility Publisher -> Callback Technologies, Inc. - www.callback.com)
S3 ebrntdrv; C:\WINDOWS\system32\ebrntdrv.sys [27728 2024-09-06] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 epmdkdrv; C:\WINDOWS\system32\epmdkdrv.sys [27728 2024-09-06] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 EPMVolFl; C:\WINDOWS\System32\drivers\EPMVolFl.sys [30136 2024-09-06] (CHENGDU YIWO Tech Development Co., Ltd. -> Windows (R) Codename Longhorn DDK provider)
R0 EUDCPEPM; C:\WINDOWS\System32\drivers\EUDCPEPM.sys [76344 2024-09-06] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 EUEDKEPM; C:\WINDOWS\System32\drivers\EUEDKEPM.sys [24656 2024-09-06] (Microsoft Windows Hardware Compatibility Publisher -> CHENGDU YIWO Tech Development Co., Ltd)
R1 googledrivefs31357; C:\WINDOWS\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys [384712 2023-10-25] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
S1 gvm; C:\WINDOWS\system32\DRIVERS\gvm.sys [390144 2024-01-13] (Google LLC -> Google LLC)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [71736 2021-08-30] (Insecure.Com LLC -> Insecure.Com LLC.)
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 PdiPorts; C:\WINDOWS\System32\drivers\PdiPorts.sys [22824 2013-06-18] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
S3 PSSDK50; C:\WINDOWS\system32\Drivers\pssdk50.sys [55424 2021-04-11] (Microolap technologies -> microOLAP Technologies LTD)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2021-03-26] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2021-03-26] (MiniTool Solution Ltd -> )
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2021\WNt600x64\Sandra.sys [23112 2009-08-07] (SiSoftware Ltd -> SiSoftware)
S3 SCL01164; C:\WINDOWS\system32\DRIVERS\SCL01164.sys [72320 2010-05-07] (Microsoft Windows Hardware Compatibility Publisher -> SCM Microsystems Inc.)
S3 scsiscan; C:\WINDOWS\System32\drivers\scsiscan.sys [21504 2023-11-14] (Microsoft Windows -> Microsoft Corporation)
S3 Ser2pl; C:\WINDOWS\system32\DRIVERS\ser2pl64.sys [282272 2021-03-10] (WDKTestCert charles-yeh,132058328970830801 -> Prolific Technology Inc.)
S3 swtoolsdriver; C:\WINDOWS\system32\drivers\swtoolsdriver.sys [19128 2024-09-27] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [49744 2021-06-13] (nordvpn s.a. -> The OpenVPN Project)
R3 tilfilter; C:\WINDOWS\System32\drivers\TIxHCIlfilter.sys [34424 2016-08-20] (Texas Instruments, Inc. -> Texas Instruments, Inc.)
R3 tiufilter; C:\WINDOWS\System32\drivers\TIxHCIufilter.sys [39032 2016-08-20] (Texas Instruments, Inc. -> Texas Instruments, Inc.)
U5 TMUSB; C:\WINDOWS\System32\DRIVERS\TMUSB64.SYS [77272 2022-04-15] (SEIKO EPSON CORPORATION -> Seiko Epson Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206976 2017-07-27] (Oracle Corporation -> Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [22104 2024-11-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606624 2024-11-02] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-11-02] (Microsoft Windows -> Microsoft Corporation)
S3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2022-11-01] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2023-11-14] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 EuGdiDrv; \SystemRoot\system32\EuGdiDrv.sys [X]
U4 npcap_wifi; kein ImagePath
S3 PSSDK6; \??\C:\WINDOWS\system32\Drivers\pssdk6.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-11-10 18:57 - 2024-11-10 18:57 - 000000000 ____D C:\Users\info\Downloads\FRST-OlderVersion
2024-11-10 18:47 - 2024-11-10 18:47 - 000000000 __SHD C:\Users\info\OneDrive\Desktop\0K, this directory is for Ransomware detection (just leave it here)
2024-11-10 18:47 - 2024-11-10 18:47 - 000000000 ___HD C:\Users\vrp2
2024-11-10 18:47 - 2024-11-10 18:47 - 000000000 ___HD C:\Users\info\OneDrive\Dokumente\Zpworking34
2024-11-10 18:47 - 2024-11-10 18:47 - 000000000 ___HD C:\Users\info\OneDrive\Dokumente\Amtransfer206
2024-11-10 18:47 - 2024-11-10 18:47 - 000000000 ___HD C:\Users\Abqb49d
2024-11-10 18:47 - 2024-11-10 18:47 - 000000000 ____D C:\Zselect14
2024-11-10 18:47 - 2024-11-10 18:47 - 000000000 ____D C:\aadata86
2024-11-09 23:50 - 2024-11-09 23:53 - 000103046 _____ C:\Users\info\Downloads\Addition.txt
2024-11-09 23:46 - 2024-11-10 18:58 - 000042385 _____ C:\Users\info\Downloads\FRST.txt
2024-11-09 23:46 - 2024-11-10 18:58 - 000000000 ____D C:\FRST
2024-11-09 23:45 - 2024-11-10 18:57 - 002400768 _____ (Farbar) C:\Users\info\Downloads\FRST64.exe
2024-11-08 11:47 - 2024-11-08 11:47 - 000013175 _____ C:\Users\info\Downloads\TSCSO_elster_08.11.2024_11.43.pfx
2024-11-07 17:55 - 2024-11-07 17:55 - 071459864 _____ (TeamViewer Germany GmbH) C:\Users\info\Downloads\TeamViewer_Setup_x64.exe
2024-11-07 17:54 - 2024-11-07 17:54 - 032895136 _____ (TeamViewer) C:\Users\info\Downloads\TeamViewerQS_x64.exe
2024-11-07 17:44 - 2024-11-10 18:47 - 000000000 ____D C:\Program Files\TeamViewer
2024-11-07 17:44 - 2024-11-07 17:44 - 000000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer.lnk
2024-11-06 23:33 - 2024-11-07 00:32 - 000000000 ___HD C:\$WINDOWS.~BT
2024-11-06 20:17 - 2024-11-06 20:17 - 000000410 __RSH C:\ProgramData\ntuser.pol
2024-11-06 17:45 - 2024-11-06 17:45 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\pCloud Drive.lnk
2024-11-06 17:45 - 2024-11-06 17:45 - 000000000 ____D C:\Program Files\pCloud Drive
2024-11-05 12:40 - 2024-11-06 00:19 - 2411323392 _____ C:\Users\info\Downloads\Win11_23H2_English_All_Hardware_DKT.iso
2024-11-05 12:37 - 2024-11-06 17:43 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-11-04 19:44 - 2024-11-04 19:44 - 000215959 _____ C:\Users\info\Downloads\801993518_2024_Erträge_vom_2024.11.01_20241104194416.pdf
2024-11-04 19:44 - 2024-11-04 19:44 - 000093805 _____ C:\Users\info\Downloads\1993518_2024_Mitteilung_vom_2024.09.30_20241104194439.pdf
2024-11-04 19:40 - 2024-11-04 19:40 - 000992124 _____ C:\Users\info\Downloads\199351_801993518_199351_Schulze, Thomas - ausgewo.pdf
2024-11-04 19:39 - 2024-11-04 19:39 - 001145268 _____ C:\Users\info\Downloads\199351_199351_801993518_Schulze, Thomas - ausgewo-1.pdf
2024-11-04 19:37 - 2024-11-04 19:37 - 001145268 _____ C:\Users\info\Downloads\199351_199351_801993518_Schulze, Thomas - ausgewo.pdf
2024-11-02 18:32 - 2024-11-02 18:32 - 000005776 _____ C:\Users\info\Downloads\Pazo_de_Chaioso_registro_viajeros_2024_Q4 (2).csv
2024-11-02 17:48 - 2024-11-02 17:48 - 000215959 _____ C:\Users\info\Downloads\801993518_2024_Erträge_vom_2024.11.01_20241102174826.pdf
2024-10-31 18:19 - 2024-11-10 18:47 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2024-10-31 16:22 - 2024-10-31 16:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2024-10-29 11:49 - 2024-10-29 11:49 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2024-10-28 18:29 - 2024-10-28 18:29 - 000166858 _____ C:\Users\info\Downloads\ilovepdf_split(1).zip
2024-10-28 18:21 - 2024-10-28 18:21 - 000165992 _____ C:\Users\info\Downloads\ilovepdf_split.zip
2024-10-28 18:20 - 2024-10-28 18:20 - 000171542 _____ C:\Users\info\Downloads\2024-10-19 SSD u adapter AMAZON invoice-1-2.pdf
2024-10-28 12:41 - 2024-10-28 12:41 - 000105064 _____ C:\Users\info\Downloads\Factura_PARTEE_22657.pdf
2024-10-28 12:36 - 2024-10-28 12:36 - 000230932 _____ C:\Users\info\Downloads\DatosRegistroArrendadorAcuse.pdf
2024-10-28 12:36 - 2024-10-28 12:36 - 000172703 _____ C:\Users\info\Downloads\DatosRegistroArrendador.pdf
2024-10-27 18:35 - 2024-10-27 18:35 - 000000028 _____ C:\WINDOWS\OutLog.txt
2024-10-27 18:06 - 2024-10-27 18:35 - 000000000 _____ C:\WINDOWS\BcdLog.txt
2024-10-27 17:59 - 2024-10-27 18:10 - 000003200 ____H C:\WINDOWS\EPMBatch.ept
2024-10-26 15:30 - 2024-10-26 15:30 - 000003463 _____ C:\Users\info\Downloads\Pazo_de_Chaioso_registro_viajeros_2024_Q4 (1).csv
2024-10-26 15:29 - 2024-10-26 15:29 - 000016053 _____ C:\Users\info\Downloads\Pazo_de_Chaioso_registro_viajeros_2024_Q3 (15).csv
2024-10-25 18:45 - 2024-11-08 17:58 - 000000000 ____D C:\Users\info\OneDrive\Dokumente\Sandra
2024-10-25 18:44 - 2024-10-25 18:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
2024-10-25 18:43 - 2024-10-25 18:43 - 000000000 ____D C:\Program Files\SiSoftware
2024-10-25 17:29 - 2024-10-25 17:29 - 004188424 _____ C:\Users\info\Downloads\aav_anlage_v_2023.pdf
2024-10-24 16:02 - 2024-10-24 16:02 - 004234102 _____ C:\Users\info\Downloads\aav_mantelbogen_beschraenkt_2023.pdf
2024-10-18 23:05 - 2024-10-18 23:07 - 000000000 ____D C:\Users\info\AppData\Local\HP
2024-10-18 23:05 - 2024-10-18 23:05 - 000000000 ____D C:\Temp
2024-10-18 23:05 - 2024-10-18 23:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2024-10-18 23:05 - 2024-10-18 23:05 - 000000000 ____D C:\Program Files (x86)\HP
2024-10-18 23:05 - 2024-10-18 23:05 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2024-10-18 23:04 - 2024-10-18 23:04 - 008685568 _____ C:\Users\info\Downloads\Advisor.msi
2024-10-18 17:10 - 2024-10-27 17:26 - 000000000 ____D C:\WINDOWS\system32\config\regsave
2024-10-18 16:38 - 2024-10-18 16:38 - 000000027 _____ C:\Users\info\AppData\Roaming\epm_user.ini
2024-10-18 16:37 - 2024-10-18 16:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master
2024-10-18 16:37 - 2024-09-26 09:55 - 006629832 _____ C:\WINDOWS\system32\BootMan.exe
2024-10-18 16:37 - 2024-09-26 09:55 - 000021960 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2024-10-18 16:37 - 2024-09-06 12:21 - 000174024 _____ C:\WINDOWS\system32\setupdrvx64.exe
2024-10-18 16:37 - 2024-09-06 12:21 - 000030136 _____ (Windows (R) Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\EPMVolFl.sys
2024-10-18 16:37 - 2024-09-06 12:21 - 000000010 _____ C:\WINDOWS\system32\setupdrv.ini
2024-10-18 16:36 - 2024-10-18 16:36 - 002360712 _____ C:\Users\info\Downloads\epm_free_installer.1760288apz13406065.exe
2024-10-18 12:00 - 2024-10-18 16:38 - 000000000 ____D C:\Program Files (x86)\EaseUS
2024-10-18 12:00 - 2024-10-18 12:00 - 000000000 ____D C:\Users\info\AppData\Roaming\SystemAcCrux
2024-10-18 12:00 - 2024-10-18 12:00 - 000000000 ____D C:\Users\info\AppData\Local\EPMUI
2024-10-18 11:59 - 2024-11-09 16:56 - 000000000 ____D C:\ProgramData\SystemAcCrux
2024-10-18 11:59 - 2024-10-18 12:00 - 000000000 ____D C:\Program Files\EaseUS
2024-10-18 11:59 - 2024-09-06 12:21 - 000174216 _____ C:\WINDOWS\system32\setupepmdrvx64.exe
2024-10-18 11:59 - 2024-09-06 12:21 - 000000057 _____ C:\WINDOWS\system32\setupepmdrv.ini
2024-10-18 11:58 - 2024-10-18 11:58 - 122179264 _____ (EaseUS ) C:\Users\info\Downloads\epm1920_free_ob_B.exe
2024-10-18 11:58 - 2024-10-18 11:58 - 002360712 _____ C:\Users\info\Downloads\epm_free_installer.17292491019410b1126311.exe
2024-10-18 10:27 - 2024-10-18 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2024-10-18 10:25 - 2024-10-18 10:25 - 002786328 _____ (Skillbrains ) C:\Users\info\Downloads\setup-lightshot (1).exe
2024-10-15 15:39 - 2024-10-15 15:39 - 000004266 _____ C:\WINDOWS\system32\Tasks\ZoomUpdateTaskUser-S-1-5-21-2780452717-2781726665-2235346944-1002
2024-10-15 15:39 - 2024-10-15 15:39 - 000001993 _____ C:\Users\info\OneDrive\Desktop\Zoom Workplace.lnk
2024-10-15 15:39 - 2024-10-15 15:39 - 000000000 ____D C:\Users\info\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2024-10-13 16:11 - 2024-10-13 16:35 - 000000939 _____ C:\WINDOWS\Tasks\EPSON WF-3620 Series Update {03C92D0C-EFFC-40A4-BBAB-796A74E0ABFB}.job
2024-10-13 16:11 - 2024-10-13 16:35 - 000000753 _____ C:\WINDOWS\Tasks\EPSON WF-3620 Series Invitation {03C92D0C-EFFC-40A4-BBAB-796A74E0ABFB}.job
2024-10-13 16:11 - 2024-10-13 16:11 - 000004138 _____ C:\WINDOWS\system32\Tasks\EPSON WF-3620 Series Update {03C92D0C-EFFC-40A4-BBAB-796A74E0ABFB}
2024-10-13 16:11 - 2024-10-13 16:11 - 000003960 _____ C:\WINDOWS\system32\Tasks\EPSON WF-3620 Series Invitation {03C92D0C-EFFC-40A4-BBAB-796A74E0ABFB}
2024-10-13 09:03 - 2024-10-13 09:03 - 000000000 ____D C:\Users\info\Downloads\Sofa Salon
2024-10-13 09:01 - 2024-10-13 09:01 - 019085706 _____ C:\Users\info\Downloads\Photos-001.zip
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-11-10 18:57 - 2022-02-11 10:04 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-11-10 18:52 - 2020-09-11 13:48 - 000838610 _____ C:\WINDOWS\system32\perfh00A.dat
2024-11-10 18:52 - 2020-09-11 13:48 - 000174774 _____ C:\WINDOWS\system32\perfc00A.dat
2024-11-10 18:52 - 2020-09-11 13:12 - 002968948 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-11-10 18:52 - 2019-12-07 15:51 - 000836314 _____ C:\WINDOWS\system32\perfh007.dat
2024-11-10 18:52 - 2019-12-07 15:51 - 000184534 _____ C:\WINDOWS\system32\perfc007.dat
2024-11-10 18:52 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-11-10 18:51 - 2024-02-06 19:35 - 000000000 ____D C:\Users\info\AppData\Roaming\Fing
2024-11-10 18:47 - 2023-09-02 19:14 - 000000000 ____D C:\Users\info\AppData\Roaming\WTablet
2024-11-10 18:47 - 2021-12-18 10:57 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-11-10 18:47 - 2020-09-11 13:14 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-11-10 18:47 - 2020-09-11 13:06 - 000008192 ___SH C:\DumpStack.log.tmp
2024-11-10 18:47 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-11-10 18:47 - 2018-01-19 00:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-11-10 18:47 - 2018-01-12 11:09 - 000000000 ____D C:\ProgramData\NVIDIA
2024-11-10 18:46 - 2020-09-11 13:06 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2024-11-10 18:46 - 2020-03-16 09:35 - 000000000 ____D C:\Users\info\AppData\Roaming\Everything
2024-11-10 18:46 - 2020-03-16 09:35 - 000000000 ____D C:\Users\info\AppData\Local\Everything
2024-11-10 18:46 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2024-11-10 18:45 - 2024-08-06 18:10 - 000000000 ____D C:\Users\info\AppData\Roaming\Endless Slideshow Screensaver 2
2024-11-10 18:24 - 2018-01-21 10:18 - 000001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2024-11-10 18:11 - 2019-12-07 15:52 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2024-11-10 17:51 - 2024-04-06 10:01 - 000003454 _____ C:\WINDOWS\system32\Tasks\CorelUpdateHelperTask-7296786A0577DC163C4A8C01A6C52278
2024-11-10 17:47 - 2020-09-11 13:06 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-11-09 16:56 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-11-09 16:56 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-11-09 16:43 - 2020-09-22 16:43 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-11-09 16:37 - 2020-09-22 16:43 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-11-09 16:37 - 2020-09-22 16:43 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-11-09 16:20 - 2023-03-07 16:36 - 000000000 ____D C:\Users\info\AppData\Roaming\DeepL_SE
2024-11-08 18:55 - 2020-10-26 10:52 - 000000000 ____D C:\Windows10Upgrade
2024-11-08 18:44 - 2022-10-15 08:48 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-11-08 18:44 - 2022-03-27 17:14 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-11-08 18:23 - 2018-01-22 20:45 - 000000000 ____D C:\Users\info\AppData\Roaming\Telegram Desktop
2024-11-08 12:16 - 2018-02-28 10:09 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-11-08 11:51 - 2018-01-20 17:35 - 000000000 ____D C:\Users\info\AppData\Roaming\TeraCopy
2024-11-08 11:29 - 2020-09-11 13:06 - 000723176 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-11-08 11:28 - 2018-01-19 00:43 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2024-11-07 18:56 - 2018-02-07 13:08 - 000000000 ____D C:\Users\info\AppData\Local\CrashDumps
2024-11-07 18:54 - 2018-01-20 18:17 - 866658200 _____ C:\WINDOWS\system32\Drivers\TRACES.TXT
2024-11-07 18:54 - 2018-01-20 17:52 - 000000000 ____D C:\Users\info\OneDrive\Dokumente\Palm OS Desktop
2024-11-07 17:59 - 2019-12-12 10:50 - 000000000 ____D C:\Users\info\AppData\Local\TeamViewer
2024-11-07 17:47 - 2018-06-02 18:35 - 000000000 ____D C:\Users\info\AppData\Local\D3DSCache
2024-11-07 17:38 - 2018-01-19 00:44 - 000000000 ____D C:\Users\info\AppData\Roaming\TeamViewer
2024-11-07 13:31 - 2018-01-29 21:00 - 000000000 ____D C:\Users\info\Downloads\Telegram Desktop
2024-11-07 00:17 - 2020-09-11 13:14 - 000003734 _____ C:\WINDOWS\diagerr.xml
2024-11-07 00:17 - 2020-09-02 16:14 - 000000000 ___DC C:\WINDOWS\Panther
2024-11-06 23:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\Registration
2024-11-06 23:33 - 2020-09-11 13:14 - 000001890 _____ C:\WINDOWS\diagwrn.xml
2024-11-06 23:24 - 2018-01-18 19:46 - 000000000 ___SD C:\Users\info\AppData\Roaming\Microsoft\Credentials
2024-11-06 21:27 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ServiceState
2024-11-06 21:26 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-11-06 18:50 - 2024-09-14 16:52 - 000000000 ____D C:\Program Files\ACD Systems
2024-11-06 18:50 - 2018-01-20 17:15 - 000000000 ____D C:\Users\info\AppData\Local\ACD Systems
2024-11-06 18:50 - 2018-01-20 17:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
2024-11-06 17:47 - 2021-10-21 18:23 - 000000000 ____D C:\Users\info\AppData\Local\pCloud
2024-11-06 17:47 - 2018-01-24 12:30 - 000000000 ____D C:\ProgramData\Package Cache
2024-11-06 10:42 - 2018-01-19 00:53 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-11-06 10:36 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2024-11-06 10:36 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-11-06 10:36 - 2019-12-07 15:54 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2024-11-06 10:36 - 2019-12-07 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2024-11-06 10:36 - 2019-12-07 15:51 - 000000000 ____D C:\WINDOWS\system32\WCN
2024-11-06 10:36 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-11-06 10:36 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-11-06 10:36 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-11-06 10:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2024-11-06 10:36 - 2019-12-07 10:14 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2024-11-06 10:32 - 2018-01-18 19:53 - 000000000 ____D C:\Users\info\AppData\Roaming\Microsoft\Spelling
2024-11-06 10:05 - 2019-12-07 15:53 - 000000000 ____D C:\WINDOWS\OCR
2024-11-06 10:03 - 2018-01-18 20:10 - 000000000 ____D C:\Users\info\AppData\Local\PlaceholderTileLogoFolder
2024-11-02 18:57 - 2018-01-18 19:52 - 000000000 ____D C:\Users\info\AppData\Local\Packages
2024-11-02 16:47 - 2018-02-19 15:24 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-10-31 18:43 - 2024-09-07 16:41 - 000000000 ____D C:\Users\info\AppData\Roaming\obsidian
2024-10-31 18:34 - 2023-06-12 16:19 - 000000000 ____D C:\Users\info\AppData\Roaming\Papyrus Autor 11
2024-10-31 16:23 - 2019-04-06 10:48 - 000000000 ____D C:\Users\info\AppData\Roaming\Dropbox
2024-10-31 16:23 - 2019-04-06 10:45 - 000000000 ____D C:\Users\info\AppData\Local\Dropbox
2024-10-31 16:22 - 2019-04-06 10:45 - 000000000 ____D C:\Program Files (x86)\Dropbox
2024-10-31 16:07 - 2018-11-15 19:08 - 000000000 ____D C:\Users\info\AppData\Roaming\Syncios
2024-10-28 12:29 - 2018-11-06 18:53 - 000000000 ____D C:\Users\info\.afirma
2024-10-27 17:59 - 2020-09-11 13:07 - 000000000 ____D C:\Users\info
2024-10-27 17:19 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-10-22 11:44 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\appcompat
2024-10-18 11:17 - 2022-02-18 09:39 - 000000416 _____ C:\WINDOWS\Tasks\update-S-1-5-21-2780452717-2781726665-2235346944-1002.job
2024-10-18 10:27 - 2022-02-18 09:39 - 000003414 _____ C:\WINDOWS\system32\Tasks\update-S-1-5-21-2780452717-2781726665-2235346944-1002
2024-10-18 10:27 - 2022-02-18 09:39 - 000000424 _____ C:\Users\info\AppData\Local\UserProducts.xml
2024-10-15 15:39 - 2022-12-06 10:45 - 000000000 ____D C:\Users\info\AppData\Local\Zoom
2024-10-15 15:39 - 2022-02-11 10:08 - 000000000 ____D C:\Users\info\AppData\Roaming\Zoom
2024-10-13 18:38 - 2024-09-07 15:38 - 000000000 ____D C:\Users\info\Downloads\Endless Slideshow Screensaver 2
2024-10-13 16:34 - 2019-12-07 15:52 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2024-10-13 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-10-13 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2024-10-13 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-10-13 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-10-13 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-10-13 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-10-13 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2024-10-13 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-10-13 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-10-13 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-10-13 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-10-13 16:34 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-10-13 16:14 - 2023-10-06 09:39 - 000000000 ____D C:\Program Files\RUXIM
2024-10-13 16:11 - 2018-01-21 10:01 - 000000000 ____D C:\Users\info\AppData\Local\ElevatedDiagnostics
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2019-07-03 17:59 - 2019-07-03 17:59 - 000004666 _____ () C:\Users\info\WindowMetrics.reg
2021-02-22 10:32 - 2014-05-16 11:43 - 000009662 _____ () C:\Program Files\Common Files\xin.ico
2018-02-08 11:54 - 2021-07-08 18:00 - 000000244 _____ () C:\Users\info\AppData\Roaming\.RESOL_RPT.properties
2024-10-18 16:38 - 2024-10-18 16:38 - 000000027 _____ () C:\Users\info\AppData\Roaming\epm_user.ini
2021-02-07 11:54 - 2023-12-07 11:50 - 000000128 _____ () C:\Users\info\AppData\Roaming\PUTTY.RND
2018-02-04 17:08 - 2024-04-13 16:53 - 000037376 _____ () C:\Users\info\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2018-02-04 12:08 - 2018-02-04 12:08 - 000003072 _____ () C:\Users\info\AppData\Local\https_kunden.commerzbank.de_0.localstorage
2018-02-04 12:09 - 2019-10-31 19:07 - 000003072 _____ () C:\Users\info\AppData\Local\https_www.amazon.de_0.localstorage
2021-01-31 12:08 - 2024-01-20 20:39 - 000000128 _____ () C:\Users\info\AppData\Local\PUTTY.RND
2022-03-06 19:19 - 2022-03-06 19:19 - 000000866 _____ () C:\Users\info\AppData\Local\recently-used.xbel
2022-02-18 09:39 - 2022-02-18 09:39 - 000000003 _____ () C:\Users\info\AppData\Local\updater.log
2022-02-18 09:39 - 2024-10-18 10:27 - 000000424 _____ () C:\Users\info\AppData\Local\UserProducts.xml
2023-02-24 18:23 - 2023-02-24 18:25 - 000000000 _____ () C:\Users\info\AppData\Local\{E75AA9EB-B141-44BB-A0CD-CD5CB24BAE5D}
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Geändert von PazoT (10.11.2024 um 20:07 Uhr) Grund: wurde gerne logs anhängen mittels code/code |
| Themen zu Defenderfund BrowserModifier:Win32/Istuni. Nun Firefox lahm und aufgehängt |
| aufruf, dateisuche, defender, desktop, diverse, entfernt, firefox, folge, fund, gen, hängt, konfiguration, lahm, löschen, meldung, neuer, ordner, platte, programme, sicherheitseinstellungen, situation, software, standard, win, win11, workstation |
Baum-Darstellung