| |
| |||||||
Log-Analyse und Auswertung: Windows 10: Win32/Triggre!rfn i.v.m. "APPSERVICE.:"Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
02.10.2021, 21:07
| #1 |
 |  Windows 10: Win32/Triggre!rfn i.v.m. "APPSERVICE.:" Hallo Zusammen, ich habe seit heute im Windows Defender folgende Meldung: Trojan:Win32/Triggre!rfn. Ich habe euch mal die Log Dateien in den Anhang. Sowie den Malwarebytes Log. Vielen vielen Dank im Voraus. Mit freundlichen Grüßen Kai |
|
02.10.2021, 21:22
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 10: Win32/Triggre!rfn i.v.m. "APPSERVICE.:" Und der nächste der Logs in den Anhang haut. Wir möchten keine Logs im Anhang. Bitte poste diese direkt in CODE-Tags.
__________________
__________________ |
|
02.10.2021, 21:29
| #3 |
| | passt es so? FRST Logfile:
__________________Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2021
durchgeführt von kaibe (Administrator) auf DESKTOP-FAM83KL (Microsoft Corporation Surface Book 2) (02-10-2021 21:01:02)
Gestartet von C:\Users\kaibe\Desktop
Geladene Profile: kaibe
Platform: Windows 10 Pro Version 20H2 19042.1237 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(File-New-Project) C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.1.8.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
(Firebit OU -> Rainmeter) C:\Program Files\Rainmeter\Rainmeter.exe
(Geek Software GmbH -> Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <32>
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\64jp8682.inf_amd64_ea97e317d6be70ec\IntelCpHDCPSvc.exe
(Intel(R) pGFX 2020 -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\64jp8682.inf_amd64_ea97e317d6be70ec\IntelCpHeciSvc.exe
(Kilonova LLC -> Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation -> ColorPickerUI) C:\Program Files\PowerToys\modules\ColorPicker\ColorPickerUI.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.14430.20234\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\FancyZones\PowerToys.FancyZones.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\KeyboardManager\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\modules\launcher\PowerLauncher.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\PowerToys\PowerToys.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\kaibe\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> PowerToys.Awake) C:\Program Files\PowerToys\modules\Awake\PowerToys.Awake.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCopyAccelerator.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(Nvidia Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvmsoi.inf_amd64_c28930fcde990595\Display.NvContainer\NVDisplay.Container.exe <2>
(Open Source Developer, Dominik Reichl -> Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(OpenVPN Technologies, Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\hdxsstm.inf_amd64_7d200f2580ecd8a5\RtkAudUService64.exe <2>
(voidtools -> voidtools) C:\Program Files\Everything\Everything.exe
(Wox) [Datei ist nicht signiert] C:\Users\kaibe\AppData\Local\Wox\app-1.4.1196\Wox.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [SurfaceDTX.exe] => C:\WINDOWS\System32\SurfaceDTX.exe [808976 2019-08-07] (Microsoft Corporation -> )
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [openvpn-gui] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [684160 2018-04-26] () [Datei ist nicht signiert]
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [331064 2020-09-09] (Apple Inc. -> Apple Inc.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\hdxsstm.inf_amd64_7d200f2580ecd8a5\RtkAudUService64.exe [835680 2020-12-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [Everything] => C:\Program Files\Everything\Everything.exe [2237256 2020-03-13] (voidtools -> voidtools)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [483976 2020-08-13] (Geek Software GmbH -> Geek Software GmbH)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-02-10] (Adobe Inc. -> )
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3091136 2020-09-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [601784 2020-05-13] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226728 2019-07-22] (Kilonova LLC -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [779504 2021-07-05] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [706344 2021-06-09] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5267168 2021-09-25] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [TeamsMachineUninstallerLocalAppData] => C:\Users\kaibe\AppData\Local\Microsoft\Teams\Update.exe [2452112 2020-09-26] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKLM-x32\...\Run: [TeamsMachineUninstallerProgramData] => %ProgramData%\Microsoft\Teams\Update.exe --uninstall --msiUninstall --source=default
HKU\S-1-5-21-3593820219-2832368027-3012111108-1001\...\Run: [HP ENVY 4500 series (NET)] => C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe [3487240 2014-07-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-3593820219-2832368027-3012111108-1001\...\Run: [Spotify] => C:\Users\kaibe\AppData\Roaming\Spotify\Spotify.exe [23360232 2020-10-01] (Spotify AB -> Spotify Ltd)
HKU\S-1-5-21-3593820219-2832368027-3012111108-1001\...\Run: [Discord] => C:\Users\kaibe\AppData\Local\Discord\Update.exe [1512760 2020-12-03] (Discord Inc. -> GitHub)
HKU\S-1-5-21-3593820219-2832368027-3012111108-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4110568 2021-07-21] (Valve -> Valve Corporation)
HKU\S-1-5-21-3593820219-2832368027-3012111108-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\kaibe\AppData\Local\Microsoft\Teams\Update.exe [2452112 2020-09-26] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-3593820219-2832368027-3012111108-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5397216 2021-09-25] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3593820219-2832368027-3012111108-1001\...\Run: [CiscoMeetingDaemon] => C:\Users\kaibe\AppData\Local\WebEx\CiscoWebExStart.exe [4693832 2021-09-18] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-3593820219-2832368027-3012111108-1001\...\Run: [Nextcloud] => C:\Program Files\Nextcloud\nextcloud.exe [2683200 2021-06-24] (Nextcloud GmbH -> Nextcloud GmbH)
HKU\S-1-5-21-3593820219-2832368027-3012111108-1001\...\Run: [Wox] => C:\Users\kaibe\AppData\Local\Wox\app-1.4.1196\Wox.exe [218112 2021-07-19] (Wox) [Datei ist nicht signiert]
HKU\S-1-5-21-3593820219-2832368027-3012111108-1001\...\MountPoints2: {69dd3440-08ad-11ec-970f-70bc1080f115} - "F:\OnePlus_setup.exe" /s
HKLM\...\Providers\Internet Print Provider: inetpp.dll
HKLM\...\Providers\LanMan Print Services: win32spl.dll
HKLM\...\Windows x64\Print Processors\Canon MX470 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDC2.DLL [30208 2013-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: AdobePDF.dll
HKLM\...\Print\Monitors\Appmon: AppMon.dll
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX470 series: CNCALC2.DLL
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX470 series: CNMLMC2.DLL
HKLM\...\Print\Monitors\HP C511 Status Monitor: hpinkstsC511LM.dll
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP ENVY 4500 series): HPDiscoPMC511.dll
HKLM\...\Print\Monitors\KM Language Monitor: KMPJL64.DLL
HKLM\...\Print\Monitors\KX Language Monitor: KXPLM64.DLL
HKLM\...\Print\Monitors\Local Port: localspl.dll
HKLM\...\Print\Monitors\Microsoft Shared Fax Monitor: FXSMON.DLL
HKLM\...\Print\Monitors\Standard TCP/IP Port: tcpmon.dll
HKLM\...\Print\Monitors\USB Monitor: usbmon.dll
HKLM\...\Print\Monitors\WSD Port: APMon.dll
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\94.0.4606.61\Installer\chrmstp.exe [2021-09-24] (Google LLC -> Google LLC)
HKLM\Software\...\Winlogon\GPExtensions: [{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}] -> C:\Windows\SysWOW64\wlgpclnt.dll [2021-01-22] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{169EBF44-942F-4C43-87CE-13C93996EBBE}] -> C:\Windows\SysWOW64\AppManagementConfiguration.dll [2021-01-22] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{16be69fa-4209-4250-88cb-716cf41954e0}] -> auditcse.dll
HKLM\Software\...\Winlogon\GPExtensions: [{25537BA6-77A8-11D2-9B6C-0000F8080861}] -> C:\Windows\SysWOW64\fdeploy.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{2BFCC077-22D2-48DE-BDE1-2F618D9B476D}] -> C:\Windows\SysWOW64\AppManagementConfiguration.dll [2021-01-22] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{426031c0-0b47-4852-b0ca-ac3d37bfcb39}] -> C:\Windows\SysWOW64\gptext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{4d968b55-cac2-4ff5-983f-0a54603781a3}] -> WorkFoldersGPExt.dll
HKLM\Software\...\Winlogon\GPExtensions: [{7909AD9E-09EE-4247-BAB9-7029D5F0A278}] -> C:\Windows\SysWOW64\dmenrollengine.dll [2021-09-17] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{827D319E-6EAC-11D2-A4EA-00C04F79F83A}] -> C:\Windows\SysWOW64\scecli.dll [2021-01-22] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{9650FDBC-053A-4715-AD14-FC2DC65E8330}] -> hvsigpext.dll
HKLM\Software\...\Winlogon\GPExtensions: [{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}] -> C:\Windows\SysWOW64\dot3gpclnt.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{BA649533-0AAC-4E04-B9BC-4DBAE0325B12}] -> pwlauncher.dll
HKLM\Software\...\Winlogon\GPExtensions: [{C34B2751-1CF4-44F5-9262-C3FC39666591}] -> pwlauncher.dll
HKLM\Software\...\Winlogon\GPExtensions: [{c6dc5466-785a-11d2-84d0-00c04fb169f7}] -> C:\Windows\SysWOW64\appmgmts.dll [2021-01-22] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{cdeafc3d-948d-49dd-ab12-e578ba4af7aa}] -> C:\Windows\SysWOW64\gptext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{F312195E-3D9D-447A-A3F5-08DFFA24735E}] -> dggpext.dll
HKLM\Software\...\Winlogon\GPExtensions: [{f3ccc681-b74c-4060-9f26-cd84525dca2a}] -> auditcse.dll
HKLM\Software\...\Winlogon\GPExtensions: [{FB2CA36D-0B40-4307-821B-A13B252DE56C}] -> C:\Windows\SysWOW64\gptext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{fbf687e6-f063-4d9f-9f4f-fd9a26acdd5f}] -> C:\Windows\SysWOW64\gptext.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\...\Winlogon\GPExtensions: [{FC491EF1-C4AA-4CE1-B329-414B101DB823}] -> dggpext.dll
InternetURL: C:\Users\kaibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\https---calendar.google.com-.url -> URL: hxxps://calendar.google.com/
Startup: C:\Users\kaibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2021-07-18]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (Firebit OU -> Rainmeter)
Startup: C:\Users\kaibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Super Productivity.lnk [2021-01-07]
ShortcutTarget: Super Productivity.lnk -> (Keine Datei)
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {05756A54-F141-4A9F-8E5F-723C7F042040} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0AB99643-DD42-4E3D-A53E-08B806B588DC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1562376 2021-08-16] (Adobe Inc. -> Adobe Inc.)
Task: {0D88153B-1E2A-4FE5-BC2A-FD1357BD74E2} - System32\Tasks\PowerToys\Autorun for kaibe => C:\Program Files\PowerToys\PowerToys.exe [1205128 2021-07-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {141EFB14-52D9-46B2-B3DF-D8E8A99C0482} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139096 2021-09-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {1DE49DBF-23D2-490C-A07D-E66DFF572B99} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {22139CE6-A40A-4182-B491-9D031A20194C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7053768 2021-09-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {244F9FAA-E85D-4DD7-80E7-6F5985A42757} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {2B2C06E6-254F-40CC-93B8-3D8778179C3A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {316CCD8B-7797-4C3B-91A1-F2B6C5C17D4D} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3B65C273-19C3-4454-8DA8-9376ECC05359} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-22] (Google LLC -> Google LLC)
Task: {51D3F887-0632-4C4E-81B0-158DD46B60A8} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5431C7C2-129F-454F-AFD2-A592FE01FDD6} - System32\Tasks\update-S-1-5-21-3593820219-2832368027-3012111108-1001 => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {5B16A634-30A3-411A-AEC0-CA6853AE05C0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {66A29F20-8F97-4A4B-A670-5C37045E3DA5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCmdRun.exe [851472 2021-09-19] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {66BDEEEF-2195-484A-8356-B32E6787D1DA} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6D0CAB02-6349-4E00-8685-DD5DFCF1FAA4} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {7D1FF4A6-AB65-46A7-A81B-F72C7111B063} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {960D8C39-3FB4-4AB5-B43C-0638D87AEAF3} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {9DB66BC9-151D-4665-8CE9-5E1CEA92A076} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7053768 2021-09-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {9EA5790B-79C0-4528-AB38-9448E0E862DA} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [139096 2021-09-18] (Microsoft Corporation -> Microsoft Corporation)
Task: {A297DF0C-E4C5-42A3-B461-C29293F77C64} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A685C74B-6C70-4EBC-9BF7-49F57B21EB4D} - System32\Tasks\update-sys => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe [414872 2017-04-12] (OOO Lightshot -> TODO: <Company name>)
Task: {AB05B368-13F7-468A-9B30-E553C06B5449} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\SysWOW64\BthUdTask.exe [38400 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {B5643108-DFEE-4A0F-9016-E93F1B00A408} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {B9FCD788-913E-42F6-B32F-1BA096E42426} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {BE030DC3-A9FC-485F-A753-E17382563F0F} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C5DC1B07-79AA-4046-B8E2-4DD1F1747FCD} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {C969EDE4-61D4-4745-B0FA-9E2719B05E09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [155592 2020-10-22] (Google LLC -> Google LLC)
Task: {D090A5A5-A025-4804-A633-B9C6D147DBCB} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {E62BFA1F-2BF6-4272-A64E-629CBE61050B} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3412736 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {EB417495-5B9D-4C1D-8749-38638A28B4CD} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21857672 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\update-S-1-5-21-3593820219-2832368027-3012111108-1001.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
Task: C:\WINDOWS\Tasks\update-sys.job => C:\Program Files (x86)\Skillbrains\Updater\Updater.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{93e5c563-c65c-4a7a-ac62-5ac593d5ee40}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c8b1b754-1c31-4189-93da-e1eb5ad1c5f8}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{ed358a37-58f7-42c8-8c10-a89e0bac9f4d}: [DhcpNameServer] 141.7.2.1 141.7.2.2
Edge:
=======
Edge Extension: (Kein Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [nicht gefunden]
Edge Extension: (Kein Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [nicht gefunden]
Edge Extension: (Kein Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [nicht gefunden]
Edge Extension: (Kein Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [nicht gefunden]
Edge DefaultProfile: Default
Edge Profile: C:\Users\kaibe\AppData\Local\Microsoft\Edge\User Data\Default [2021-10-02]
Edge Session Restore: Default -> ist aktiviert.
Edge Extension: (Cisco Webex Extension) - C:\Users\kaibe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cmihkeafcknlomclapaddfljaeegfbdl [2020-09-28]
Edge Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\kaibe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gmgoamodcdcjnbaobigkjelfplakmdhh [2021-09-10]
Edge Extension: (Amazon Order History Reporter) - C:\Users\kaibe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mgkilgclilajckgnedgjgnfdokkgnibi [2021-06-15]
Edge Extension: (Citavi Picker) - C:\Users\kaibe\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\mielbhbkcliienpdicphhecpodcaeefg [2021-09-10]
Edge HKLM-x32\...\Edge\Extension: [cmihkeafcknlomclapaddfljaeegfbdl]
Edge HKLM-x32\...\Edge\Extension: [mielbhbkcliienpdicphhecpodcaeefg]
FireFox:
========
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-07-23]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @java.com/DTPlugin,version=11.301.2 -> C:\Program Files\Java\jre1.8.0_301\bin\dtplugin\npDeployJava1.dll [2021-07-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.301.2 -> C:\Program Files\Java\jre1.8.0_301\bin\plugin2\npjp2.dll [2021-07-21] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.12 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2021-01-04] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2021-07-05] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2021-05-28] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @webex.com/npatgpc -> C:\Program Files (x86)\Webex\npatgpc.dll [2020-09-18] (Cisco WebEx LLC -> Cisco WebEx LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2021-09-25] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2021-07-05] (Adobe Inc. -> Adobe Systems)
Chrome:
=======
CHR Profile: C:\Users\kaibe\AppData\Local\Google\Chrome\User Data\Default [2021-10-02]
CHR Session Restore: Default -> ist aktiviert.
CHR Extension: (Präsentationen) - C:\Users\kaibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-22]
CHR Extension: (Docs) - C:\Users\kaibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-22]
CHR Extension: (Google Drive) - C:\Users\kaibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-22]
CHR Extension: (Get cookies.txt) - C:\Users\kaibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgaddhkoddajcdgocldbbfleckgcbcid [2021-01-22]
CHR Extension: (YouTube) - C:\Users\kaibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-22]
CHR Extension: (Honey) - C:\Users\kaibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2021-09-27]
CHR Extension: (Avira Safe Shopping) - C:\Users\kaibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2021-08-20]
CHR Extension: (OneTab) - C:\Users\kaibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\chphlpgkkbolifaimnlloiipkdnihall [2021-07-21]
CHR Extension: (Tabellen) - C:\Users\kaibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-22]
CHR Extension: (Google Docs Offline) - C:\Users\kaibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-09-24]
CHR Extension: (AdBlock*– der beste Ad-Blocker) - C:\Users\kaibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-09-28]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\kaibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-01-29]
CHR Extension: (Citavi Picker) - C:\Users\kaibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2021-07-27]
CHR Extension: (Google Mail) - C:\Users\kaibe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-24]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [jlhmfgmfgeifomenelglieieghnjghma]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-08-16] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [842480 2021-07-05] (Adobe Inc. -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3779840 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3547904 2021-07-14] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [96056 2020-09-09] (Apple Inc. -> Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9179528 2021-09-10] (Microsoft Corporation -> Microsoft Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7789240 2021-10-02] (Malwarebytes Inc -> Malwarebytes)
S3 OpenVpnService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24192 2018-03-06] (OpenVPN Technologies, Inc. -> )
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2556048 2021-06-22] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3474584 2021-06-22] (Electronic Arts, Inc. -> Electronic Arts)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [483976 2020-08-13] (Geek Software GmbH -> Geek Software GmbH)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5394872 2021-09-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe [2772856 2021-09-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WebexService; C:\Program Files (x86)\Webex\Webex\Applications\WebExService.exe [146240 2020-09-18] (Cisco WebEx LLC -> Cisco WebEx LLC)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe [136640 2021-09-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 CsrBtOBEX-Dienst; "C:\Program Files\CSR\CSR Harmony Wireless Software Stack\CsrBtOBEXService.exe" [X]
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvmsoi.inf_amd64_c28930fcde990595\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmsoi.inf_amd64_c28930fcde990595\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [20032 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35976 2020-10-09] (WDKTestCert build,132303256403278908 -> Apple Inc.)
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 CsrBtPort; C:\WINDOWS\system32\DRIVERS\CsrBtPort.sys [2784968 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrpan; C:\WINDOWS\System32\drivers\csrpan.sys [39616 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrserial; C:\WINDOWS\system32\DRIVERS\csrserial.sys [61128 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrusb; C:\WINDOWS\System32\Drivers\csrusb.sys [47296 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
S3 csrusbfilter; C:\WINDOWS\System32\Drivers\csrusbfilter.sys [23752 2012-03-22] (Cambridge Silicon Radio Ltd. -> Cambridge Silicon Radio Limited)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-10-05] (Logitech Inc -> Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2018-10-05] (Logitech -> Logitech Inc.)
R3 MaximPowerMeter; C:\WINDOWS\System32\drivers\MaximPowerMeter.sys [40728 2018-10-04] (WDKTestCert satertza,130571941058270086 -> Maxim Integrated)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [210344 2021-10-02] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2021-10-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248992 2021-10-02] (Malwarebytes Inc -> Malwarebytes)
R3 MpKsld185d4d0; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CCF8E153-B15C-43EF-97B2-30DD9CB753AA}\MpKslDrv.sys [130296 2021-10-02] (Microsoft Windows -> Microsoft Corporation)
S3 msump64x64; C:\WINDOWS\System32\DriverStore\FileRepository\msump64x64sta.inf_amd64_89698266d72b169e\msump64x64.sys [937472 2021-03-19] (Realtek Semiconductor Corp. -> Realtek Corporation)
S3 msux64w10; C:\WINDOWS\System32\DriverStore\FileRepository\msux64w10.inf_amd64_440fd3d3d9361452\msux64w10.sys [702304 2020-02-20] (Microsoft Corporation -> Microsoft)
R3 OemShZDigitizerIntegration; C:\WINDOWS\System32\drivers\Surface1832DigitizerIntegration.sys [35856 2018-10-04] (Microsoft Corporation -> Microsoft Corporation)
S3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-10-26] (Razer Inc. -> Razer Inc)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2020-05-06] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [48536 2021-09-19] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [433384 2021-09-19] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [86264 2021-09-19] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-10-02 21:01 - 2021-10-02 21:01 - 000039220 _____ C:\Users\kaibe\Desktop\FRST.txt
2021-10-02 21:00 - 2021-10-02 21:01 - 000000000 ____D C:\FRST
2021-10-02 21:00 - 2021-10-02 21:00 - 002304512 _____ (Farbar) C:\Users\kaibe\Desktop\FRST64.exe
2021-10-02 20:59 - 2021-10-02 21:00 - 002304512 _____ (Farbar) C:\Users\kaibe\Downloads\FRST64.exe
2021-10-02 14:34 - 2021-10-02 14:34 - 000210344 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2021-10-02 14:13 - 2021-10-02 14:13 - 000989584 _____ (GridinSoft LLC) C:\Users\kaibe\Downloads\gsam-install.exe
2021-10-02 14:10 - 2021-10-02 21:02 - 000000000 ____D C:\Users\kaibe\AppData\LocalLow\IGDump
2021-10-02 14:07 - 2021-10-02 14:07 - 000248992 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2021-10-02 14:07 - 2021-10-02 14:07 - 000160176 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2021-10-02 14:07 - 2021-10-02 14:07 - 000019912 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamElam.sys
2021-10-02 14:07 - 2021-10-02 14:07 - 000002043 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2021-10-02 14:07 - 2021-10-02 14:07 - 000002031 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2021-10-02 14:06 - 2021-10-02 14:06 - 000000000 ____D C:\Program Files\Malwarebytes
2021-10-02 14:05 - 2021-10-02 14:06 - 002101944 _____ (Malwarebytes) C:\Users\kaibe\Downloads\MBSetup.exe
2021-10-02 13:57 - 2021-10-02 13:57 - 000018625 _____ C:\Users\kaibe\AppData\LocalLow\sqlite3.dll
2021-10-02 13:56 - 2021-10-02 13:56 - 000002220 _____ C:\Users\kaibe\Desktop\dfControl.ini
2021-10-02 13:56 - 2021-10-02 13:56 - 000000000 _____ C:\Users\kaibe\AppData\Roaming\1549.tmp
2021-10-02 13:55 - 2021-10-02 13:55 - 000000000 _____ C:\Users\kaibe\AppData\Roaming\Microsoft\Windows\Start Menu\PlsWnEU2.exe
2021-10-02 09:44 - 2021-10-02 09:44 - 000001866 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMind.lnk
2021-10-02 09:44 - 2021-10-02 09:44 - 000001854 _____ C:\Users\Public\Desktop\XMind.lnk
2021-10-02 08:02 - 2021-10-02 08:02 - 000393736 _____ (Cisco Webex LLC) C:\Users\kaibe\Downloads\webex.exe
2021-10-01 11:07 - 2021-10-01 11:07 - 000001105 _____ C:\Users\kaibe\Downloads\portfolio_Portfolio_01-10-2021.csv
2021-10-01 08:10 - 2021-10-01 08:10 - 000003208 _____ C:\Users\kaibe\Downloads\Abrechnung-Bar (3).csv
2021-09-30 17:25 - 2021-09-30 17:25 - 001305184 _____ C:\Users\kaibe\Downloads\Webinar Bewerbungstraining_Heilbronn.pdf
2021-09-29 20:28 - 2021-09-29 20:28 - 003483720 _____ C:\Users\kaibe\Downloads\Master_Thesis_Belenkiy.pdf
2021-09-29 20:11 - 2021-09-29 20:11 - 000477184 _____ C:\Users\kaibe\Downloads\Planungsblatt.xls
2021-09-29 20:07 - 2021-09-29 20:07 - 000149504 _____ C:\Users\kaibe\Downloads\TopSim_GMII_Kalkulation_Ansicht.xls
2021-09-29 08:50 - 2021-09-29 08:50 - 000537134 _____ C:\Users\kaibe\Downloads\Airbnb_ Ferienwohnungen, Blockhütten, Strandhäuser, besondere Unterkünfte*& Entdeckungen.html
2021-09-29 08:50 - 2021-09-29 08:50 - 000000000 ____D C:\Users\kaibe\Downloads\Airbnb_ Ferienwohnungen, Blockhütten, Strandhäuser, besondere Unterkünfte*& Entdeckungen_files
2021-09-29 08:17 - 2021-09-29 08:17 - 000000000 ____D C:\Users\kaibe\AppData\Roaming\figma-desktop
2021-09-28 14:59 - 2021-09-28 15:00 - 3217355677 _____ C:\Users\kaibe\Downloads\AnKing V10.apkg
2021-09-28 14:35 - 2021-09-28 15:43 - 000000000 ____D C:\Users\kaibe\AppData\Local\Skitch
2021-09-28 14:01 - 2021-09-28 14:01 - 006133891 _____ C:\Users\kaibe\Downloads\KundenManagement_Skript-Version 2021.pptx
2021-09-27 12:37 - 2021-09-27 12:37 - 000455814 _____ C:\Users\kaibe\Downloads\dControl (3).zip
2021-09-27 12:37 - 2021-09-27 12:37 - 000455814 _____ C:\Users\kaibe\Downloads\dControl (2).zip
2021-09-27 12:36 - 2021-09-27 12:36 - 000455218 _____ C:\Users\kaibe\Downloads\d20Control.zip
2021-09-26 22:33 - 2021-09-26 22:33 - 001444775 _____ C:\Users\kaibe\Downloads\Prüfungsleistung e-Business 1, Kai Beerhenke, Jasmin Probsteder,
2021-09-26 16:32 - 2021-09-26 16:32 - 000000539 _____ C:\Users\kaibe\Downloads\PinCCF.zip
2021-09-24 20:38 - 2021-09-24 20:38 - 000001974 _____ C:\Users\Public\Desktop\OpenAudible.lnk
2021-09-24 20:38 - 2021-09-24 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenAudible
2021-09-24 19:44 - 2021-09-24 19:44 - 000024199 _____ C:\Users\kaibe\Downloads\Stundenplan_HHN (1).pdf
2021-09-24 17:08 - 2021-09-24 17:08 - 000036804 _____ C:\Users\kaibe\Downloads\Finanzfluss_Haushaltsbuch.xlsx
2021-09-24 12:32 - 2021-09-24 12:32 - 000966656 _____ C:\Users\kaibe\Downloads\Dividendenplaner.xls
2021-09-24 12:30 - 2021-09-24 12:30 - 002488299 _____ C:\Users\kaibe\Downloads\09_2021_Diamantenliste.pdf
2021-09-24 12:30 - 2021-09-24 12:30 - 000769843 _____ C:\Users\kaibe\Downloads\Checkliste-Branchenmischung-August-2021.pdf
2021-09-23 09:16 - 2021-10-02 14:08 - 000000000 ____D C:\Users\kaibe\AppData\Roaming\Breitbandmessung
2021-09-23 09:15 - 2021-09-23 09:15 - 133636656 _____ (zafaco GmbH) C:\Users\kaibe\Downloads\Breitbandmessung-win.exe
2021-09-23 09:15 - 2021-09-23 09:15 - 000002364 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Breitbandmessung.lnk
2021-09-23 09:15 - 2021-09-23 09:15 - 000002352 _____ C:\Users\Public\Desktop\Breitbandmessung.lnk
2021-09-23 09:15 - 2021-09-23 09:15 - 000000000 ____D C:\Users\kaibe\AppData\Local\breitbandmessung-updater
2021-09-23 09:15 - 2021-09-23 09:15 - 000000000 ____D C:\Program Files\Breitbandmessung
2021-09-22 22:45 - 2021-09-22 22:45 - 000046337 _____ C:\Users\kaibe\Downloads\Browsermessung _ Breitbandmessung 2.pdf
2021-09-22 21:55 - 2021-09-22 21:55 - 000045905 _____ C:\Users\kaibe\Downloads\Browsermessung _ Breitbandmessung.pdf
2021-09-22 21:54 - 2021-09-22 21:54 - 000000268 _____ C:\Users\kaibe\Downloads\Breitbandmessung_22_09_2021_21_54_40.csv
2021-09-21 19:30 - 2021-09-21 19:30 - 000035385 _____ C:\Users\kaibe\Downloads\Stundenplan_HHN.pdf
2021-09-21 19:27 - 2021-09-21 19:27 - 000039261 _____ C:\Users\kaibe\Downloads\Stundenplan_HHN_BM7P.pdf
2021-09-20 18:37 - 2021-09-20 18:37 - 000086235 _____ C:\Users\kaibe\Downloads\Download.pdf
2021-09-19 19:41 - 2021-09-19 19:42 - 000000000 ____D C:\Users\kaibe\Documents\Image-Line
2021-09-19 19:41 - 2021-09-19 19:41 - 000000000 ____D C:\Users\kaibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2021-09-19 19:41 - 2021-09-19 19:41 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2021-09-19 19:40 - 2021-09-24 19:36 - 000000000 ____D C:\Users\kaibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2021-09-19 19:40 - 2021-09-19 19:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2021-09-19 19:40 - 2021-09-19 19:40 - 000000000 ____D C:\Program Files\Common Files\VST2
2021-09-19 19:40 - 2021-09-19 19:40 - 000000000 ____D C:\Program Files\Common Files\Propellerhead Software
2021-09-19 19:38 - 2021-09-19 19:41 - 000000000 ____D C:\Program Files\Image-Line
2021-09-19 19:36 - 2021-09-19 19:37 - 971123472 _____ (Image-Line) C:\Users\kaibe\Downloads\flstudio_win_20.8.4.2576.exe
2021-09-17 13:50 - 2021-09-17 13:50 - 000000000 ___RD C:\Users\kaibe\OneDrive
2021-09-17 13:45 - 2021-09-29 22:12 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3593820219-2832368027-3012111108-1001
2021-09-17 13:45 - 2021-09-29 22:12 - 000002409 _____ C:\Users\kaibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-09-17 09:57 - 2021-09-17 09:57 - 002295296 _____ (Digimarc) C:\WINDOWS\system32\DMRCDecoder.dll
2021-09-17 09:57 - 2021-09-17 09:57 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll
2021-09-17 09:57 - 2021-09-17 09:57 - 002111488 _____ (Digimarc) C:\WINDOWS\SysWOW64\DMRCDecoder.dll
2021-09-17 09:57 - 2021-09-17 09:57 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-09-17 09:57 - 2021-09-17 09:57 - 001393480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2021-09-17 09:57 - 2021-09-17 09:57 - 001333760 _____ C:\WINDOWS\SysWOW64\TextInputMethodFormatter.dll
2021-09-17 09:57 - 2021-09-17 09:57 - 001328376 _____ C:\WINDOWS\system32\FaceTrackerInternal.dll
2021-09-17 09:57 - 2021-09-17 09:57 - 001324032 _____ C:\WINDOWS\system32\FaceProcessor.dll
2021-09-17 09:57 - 2021-09-17 09:57 - 001313608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2021-09-17 09:57 - 2021-09-17 09:57 - 001164288 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2021-09-17 09:57 - 2021-09-17 09:57 - 000672768 _____ C:\WINDOWS\system32\FsNVSDeviceSource.dll
2021-09-17 09:57 - 2021-09-17 09:57 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2021-09-17 09:57 - 2021-09-17 09:57 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2021-09-17 09:57 - 2021-09-17 09:57 - 000512864 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2021-09-17 09:57 - 2021-09-17 09:57 - 000452096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2021-09-17 09:57 - 2021-09-17 09:57 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2021-09-17 09:57 - 2021-09-17 09:57 - 000272384 _____ C:\WINDOWS\system32\TpmTool.exe
2021-09-17 09:57 - 2021-09-17 09:57 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe
2021-09-17 09:57 - 2021-09-17 09:57 - 000170496 _____ C:\WINDOWS\system32\DeviceUpdateCenterCsp.dll
2021-09-17 09:57 - 2021-09-17 09:57 - 000162816 _____ C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2021-09-17 09:57 - 2021-09-17 09:57 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2021-09-17 09:57 - 2021-09-17 09:57 - 000122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2021-09-17 09:57 - 2021-09-17 09:57 - 000098816 _____ C:\WINDOWS\system32\Drivers\cimfs.sys
2021-09-17 09:57 - 2021-09-17 09:57 - 000011355 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-09-17 09:51 - 2021-09-17 09:51 - 000000000 ___HD C:\$WinREAgent
2021-09-11 21:41 - 2021-09-29 15:20 - 000000000 ____D C:\Users\kaibe\AppData\Roaming\Figma
2021-09-11 21:41 - 2021-09-11 21:41 - 000002151 _____ C:\Users\kaibe\Desktop\Figma.lnk
2021-09-11 21:41 - 2021-09-11 21:41 - 000000000 ____D C:\Users\kaibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Figma, Inc
2021-09-11 21:40 - 2021-09-29 08:16 - 000000000 ____D C:\Users\kaibe\AppData\Local\Figma
2021-09-10 22:50 - 2021-09-10 22:50 - 083320032 _____ (Figma, Inc.) C:\Users\kaibe\Downloads\FigmaSetup.exe
2021-09-10 22:11 - 2021-09-10 22:11 - 002076672 _____ C:\Users\kaibe\Downloads\SurfaceDock2_DriverOnly_Win10_17763_20.054.29700.0.msi
2021-09-10 17:47 - 2021-09-10 17:47 - 000000407 _____ C:\Users\kaibe\Downloads\tax-report-2021.csv
2021-09-08 17:04 - 2021-09-08 17:04 - 001305184 _____ C:\Users\kaibe\Downloads\Webinar Bewerbungserstellung_11_03-2021.pdf
2021-09-06 19:12 - 2021-09-06 19:12 - 017283813 _____ C:\Users\kaibe\Downloads\wordpress-5.8-de_DE.zip
2021-09-05 14:52 - 2021-09-05 14:52 - 000159574 _____ C:\Users\kaibe\Downloads\206576-Immatrikulationsbescheinigung(HHN).pdf
2021-09-05 14:52 - 2021-09-05 14:52 - 000159274 _____ C:\Users\kaibe\Downloads\206576-Immatrikulationsbescheinigung(HHN) (1).pdf
2021-09-05 14:48 - 2021-09-05 14:48 - 000144984 _____ C:\Users\kaibe\Downloads\Report4a567355-eaae-40e7-9e69-2a3d0221281e.pdf
2021-09-03 10:21 - 2021-09-03 10:21 - 000012592 _____ C:\Users\kaibe\Downloads\2021.08.09_Rechnung_Kundennr_492863301.pdf
2021-09-03 10:06 - 2021-09-03 10:06 - 000001407 _____ C:\Users\kaibe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2021-09-03 10:05 - 2021-09-03 10:05 - 000002655 _____ C:\Users\kaibe\Downloads\Abrechnung-Bar (2).csv
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2021-10-02 20:57 - 2021-04-20 08:16 - 000000000 ____D C:\Users\kaibe\Documents\Outlook-Dateien
2021-10-02 20:54 - 2020-06-22 06:16 - 000000000 ____D C:\ProgramData\NVIDIA
2021-10-02 20:52 - 2021-07-16 14:18 - 000000000 ____D C:\WINDOWS\system32\Tasks\PowerToys
2021-10-02 20:52 - 2020-08-23 16:18 - 000000000 ____D C:\Program Files (x86)\Google
2021-10-02 20:51 - 2021-07-19 08:41 - 000000000 ____D C:\Users\kaibe\AppData\Local\Everything
2021-10-02 20:51 - 2021-07-19 08:37 - 000000000 ____D C:\Users\kaibe\AppData\Roaming\Everything
2021-10-02 20:40 - 2021-01-22 14:21 - 001863144 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-10-02 20:40 - 2019-12-07 16:51 - 000805256 _____ C:\WINDOWS\system32\perfh007.dat
2021-10-02 20:40 - 2019-12-07 16:51 - 000168730 _____ C:\WINDOWS\system32\perfc007.dat
2021-10-02 20:40 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2021-10-02 20:33 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-10-02 14:33 - 2021-05-07 22:24 - 000041448 _____ C:\WINDOWS\system32\OV8865_REAR.aiqd
2021-10-02 14:33 - 2021-01-22 14:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-10-02 14:33 - 2021-01-22 14:09 - 000008192 ___SH C:\DumpStack.log.tmp
2021-10-02 14:33 - 2020-09-27 00:28 - 000041448 _____ C:\WINDOWS\system32\OV5693_FRONT.aiqd
2021-10-02 14:33 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-10-02 14:33 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2021-10-02 14:07 - 2019-12-07 11:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2021-10-02 14:03 - 2021-07-27 09:27 - 000000000 ____D C:\Users\kaibe\Documents\Citavi 6
2021-10-02 13:58 - 2020-10-02 09:46 - 000000000 ____D C:\Users\kaibe\AppData\Local\Webex
2021-10-02 13:57 - 2020-11-03 15:37 - 000000000 ____D C:\Users\kaibe\AppData\Roaming\KeePass
2021-10-02 13:56 - 2020-09-27 12:35 - 000000448 __RSH C:\ProgramData\ntuser.pol
2021-10-02 13:28 - 2021-01-22 14:09 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-10-02 13:05 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-10-02 13:05 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-10-02 09:44 - 2021-05-15 12:49 - 000000000 ____D C:\Program Files\XMind
2021-10-02 09:44 - 2020-08-23 19:13 - 000000000 ____D C:\Users\kaibe\AppData\Roaming\WhatsApp
2021-10-02 09:43 - 2020-10-02 09:45 - 000000000 ____D C:\Users\kaibe\AppData\LocalLow\WebEx
2021-10-02 08:45 - 2020-08-30 11:36 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2021-10-02 08:04 - 2020-08-29 18:06 - 000000000 ____D C:\Users\kaibe\AppData\Local\D3DSCache
2021-10-01 09:28 - 2021-05-04 18:15 - 000000000 ____D C:\Users\kaibe\AppData\Roaming\Anki2
2021-10-01 08:30 - 2021-08-01 23:16 - 000002124 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2021-10-01 08:30 - 2021-08-01 23:16 - 000002113 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2021-10-01 08:17 - 2020-08-29 20:28 - 000000000 ____D C:\Users\kaibe\AppData\Local\CrashDumps
2021-10-01 08:10 - 2021-01-22 14:17 - 000003632 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-10-01 08:10 - 2021-01-22 14:17 - 000003508 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-09-29 20:11 - 2020-08-22 11:45 - 000000000 ____D C:\Users\kaibe\AppData\Local\Packages
2021-09-29 19:50 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2021-09-27 12:17 - 2020-09-29 09:16 - 000073288 _____ C:\WINDOWS\system32\Drivers\SurfaceTconPrediction.bin
2021-09-26 23:35 - 2020-10-06 15:46 - 000000000 ____D C:\Users\kaibe\AppData\Roaming\vlc
2021-09-26 22:12 - 2020-09-05 10:18 - 000002446 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-09-26 22:12 - 2020-09-05 10:18 - 000002284 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2021-09-26 17:41 - 2021-07-07 13:49 - 000000000 ____D C:\Users\kaibe\AppData\Roaming\Nextcloud
2021-09-24 21:43 - 2020-12-13 01:10 - 000000000 ____D C:\Users\kaibe\OpenAudible
2021-09-24 20:38 - 2020-12-13 01:10 - 000000000 ____D C:\Program Files\OpenAudible
2021-09-24 20:30 - 2020-12-13 01:18 - 000001120 _____ C:\Users\Public\Desktop\AAX Audio Converter.lnk
2021-09-24 20:30 - 2020-12-13 01:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\audiamus
2021-09-24 10:00 - 2020-10-22 14:43 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-09-24 10:00 - 2020-10-22 14:43 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2021-09-23 13:27 - 2020-10-21 21:52 - 000000000 ____D C:\Users\kaibe\AppData\Roaming\Mp3tag
2021-09-22 20:48 - 2020-10-09 11:47 - 000000000 ____D C:\Users\kaibe\AppData\Local\ElevatedDiagnostics
2021-09-22 20:29 - 2020-12-24 12:10 - 000000000 ____D C:\Users\kaibe\AppData\Roaming\audacity
2021-09-21 19:52 - 2020-08-29 18:06 - 000000000 ____D C:\Users\kaibe\AppData\Roaming\Telegram Desktop
2021-09-19 19:50 - 2019-03-13 00:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2021-09-19 19:40 - 2020-08-22 11:49 - 000803176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2021-09-19 15:11 - 2020-08-23 16:29 - 000000000 ____D C:\Program Files\Microsoft Office
2021-09-17 13:50 - 2021-01-22 14:12 - 000000000 ____D C:\Users\kaibe
2021-09-17 10:29 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2021-09-17 10:28 - 2021-01-22 14:09 - 000454536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-09-17 10:27 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-09-17 10:27 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-09-17 10:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2021-09-17 10:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2021-09-17 10:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2021-09-17 10:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-09-17 10:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2021-09-17 10:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-09-17 10:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2021-09-17 10:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2021-09-17 10:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\DDFs
2021-09-17 10:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2021-09-17 10:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2021-09-17 10:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-09-17 10:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-09-17 10:27 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-09-17 10:27 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2021-09-17 09:59 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-09-17 09:50 - 2020-08-23 16:28 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-09-17 09:47 - 2020-08-23 16:28 - 135637312 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-09-15 09:27 - 2021-04-08 11:03 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2021-09-11 21:41 - 2020-08-23 19:13 - 000000000 ____D C:\Users\kaibe\AppData\Local\SquirrelTemp
2021-09-11 14:47 - 2020-08-29 18:05 - 000000000 ____D C:\Users\kaibe\AppData\Local\Ubisoft Game Launcher
2021-09-05 18:25 - 2020-11-03 11:39 - 000000000 ____D C:\Users\kaibe\AppData\Local\WhatsApp
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2021-10-02 13:56 - 2021-10-02 13:56 - 000000000 _____ () C:\Users\kaibe\AppData\Roaming\1549.tmp
2020-09-03 16:10 - 2020-09-03 16:10 - 000000000 _____ () C:\Users\kaibe\AppData\Local\oobelibMkey.log
2021-01-22 16:36 - 2021-01-22 16:36 - 000000752 _____ () C:\Users\kaibe\AppData\Local\recently-used.xbel
2021-08-29 20:31 - 2021-08-29 20:31 - 000007605 _____ () C:\Users\kaibe\AppData\Local\Resmon.ResmonCfg
2021-01-04 15:20 - 2021-01-04 15:20 - 000000003 _____ () C:\Users\kaibe\AppData\Local\updater.log
2021-01-04 15:20 - 2021-01-04 15:20 - 000000424 _____ () C:\Users\kaibe\AppData\Local\UserProducts.xml
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 02.10.21
Scan-Zeit: 21:13
Protokolldatei: cb87aba4-23b4-11ec-bebd-00ffed358a37.json
-Softwaredaten-
Version: 4.4.7.134
Komponentenversion: 1.0.1464
Version des Aktualisierungspakets: 1.0.45516
Lizenz: Abgelaufen
-Systemdaten-
Betriebssystem: Windows 10 (Build 19042.1237)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-FAM83KL\kaibe
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 381493
Erkannte Bedrohungen: 34
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 17 Min., 11 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 22
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicea, Keine Aktion durch Benutzer, 5182, 954951, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiceb, Keine Aktion durch Benutzer, 5182, 954952, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicec, Keine Aktion durch Benutzer, 5182, 954953, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiced, Keine Aktion durch Benutzer, 5182, 954954, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicee, Keine Aktion durch Benutzer, 5182, 954955, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicef, Keine Aktion durch Benutzer, 5182, 954956, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiceh, Keine Aktion durch Benutzer, 5182, 954958, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicei, Keine Aktion durch Benutzer, 5182, 954960, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicej, Keine Aktion durch Benutzer, 5182, 954961, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicek, Keine Aktion durch Benutzer, 5182, 954962, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicel, Keine Aktion durch Benutzer, 5182, 954963, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicea\PARAMETERS, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiceb\PARAMETERS, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicec\PARAMETERS, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiced\PARAMETERS, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicee\PARAMETERS, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicef\PARAMETERS, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiceh\PARAMETERS, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicei\PARAMETERS, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicej\PARAMETERS, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicek\PARAMETERS, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicel\PARAMETERS, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Registrierungswert: 11
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicea\PARAMETERS|SERVICEDLL, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiceb\PARAMETERS|SERVICEDLL, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicec\PARAMETERS|SERVICEDLL, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiced\PARAMETERS|SERVICEDLL, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicee\PARAMETERS|SERVICEDLL, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicef\PARAMETERS|SERVICEDLL, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServiceh\PARAMETERS|SERVICEDLL, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicei\PARAMETERS|SERVICEDLL, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicej\PARAMETERS|SERVICEDLL, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicek\PARAMETERS|SERVICEDLL, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Backdoor.Farfli, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AppServicel\PARAMETERS|SERVICEDLL, Keine Aktion durch Benutzer, 5182, 954916, 1.0.45516, , ame, , ,
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 1
Backdoor.Farfli, C:\WINDOWS\SYSTEM32\37V80O0246.TMP, Keine Aktion durch Benutzer, 5182, 954951, , , , , 8074F73F7742309B033676CD03EB0928, BE94DF270ACFC8E5470FA161B808D0DE1C9E85EFEEFF4A5D82F5FD09629AFA8E
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
|
Linear-Darstellung
