| |
| |||||||
Log-Analyse und Auswertung: Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.02.2023, 13:21
| #1 |
| |  Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. Hey, auf dem Latop meiner Eltern poppte plötzich eine riesen Meldung auf, dass Windos gesperrt würde. Zugleich wurde eine Audio-Nachricht abgespielt (im Loop), welche mitteilte, dass das System gesperrt wurde, und auch online Banking mit gesperrt wird (genauen Wortlaut habe ich nicht, da ich nicht vor Ort war). Ich habe mich dann per TeamViewer aufgeschalten. Das Pop-Up Fenster hat den ganzen Screen eingenommen. Über STRG-ALT-ENTF habe ich dann im Taksmanager gesehen, dass ein Task namens "Microsoft Teams" super viel Ressourcen fraß - ich wusste jedoch, dass auf dem Rechner kein Teams installiert war. (das Icon sah auch etws anders aus). Beim Erweitern dieses Tasks wurden aber viele Firefox Sub-Tasks gelistet, sodass ich deiese einfach mal gekillt habe - das Fenster war weg. (es schien über den Browser gelaufen zu sein). Jedoch hab es auch unten in der Windows Icon-Leiste einen eigenes Icon dafür.. Ich habe dann folgendes getan: - Norton einmal scannen lasse, der hat aber nichts gefunden - Malware Bytes AdwCleaner laufne lassen, der hatte "PUP.Optional.Fake.OpenOfficeUpdate" gefunden und behoben. (siehe Log) - uBlock für firefox installiert - FRST installiert und laufen lassen (siehe Logs) kann mir jemand sagen, ob noch was auf dme Rechner installiert ist? Meine Ma schwört, nichts installisert zu haben, sie hätte nur eine Seite aufgerufen.. geht das so einfach? FRST.txt Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 22-02-2023
durchgeführt von gabri (Administrator) auf NB-GABY (HP HP 250 G8 Notebook PC) (22-02-2023 13:00:43)
Gestartet von C:\Users\gabri\Downloads
Geladene Profile: gabri
Plattform: Microsoft Windows 11 Home Version 22H2 22621.1265 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Desktop.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(C:\Program Files\TeamViewer\TeamViewer_Service.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\tv_x64.exe
(C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe ->) (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6\win32\HPAudioSwitch.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.50\msedgewebview2.exe <12>
(DriverStore\FileRepository\cui_dch.inf_amd64_cb841b7c497d4503\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_cb841b7c497d4503\igfxEMN.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\SysInfoCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\BridgeCommunication.exe
(DriverStore\FileRepository\icss_extension.inf_amd64_0304b9d8e91ee308\UserAwarenessService.exe ->) (Intel(R) pGFX 2020 -> Intel Corp) C:\Windows\System32\DriverStore\FileRepository\icss_extension.inf_amd64_0304b9d8e91ee308\UserAwarenessHelper.exe
(ETDService.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDCtrl.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(SECOMN64.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(services.exe ->) (ELAN MICROELECTRONICS CORPORATION -> ELAN Microelectronics Corp.) C:\Windows\System32\ETDService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f23fc423d26e5d79\x64\TouchpointAnalyticsClientService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\SysInfoCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_cb841b7c497d4503\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_897ea327b3fe52f7\esif_uf.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_a5ea1b1d8db1527e\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_f94b71985382657d\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9b53505f87f3498b\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_a29135245e28a81a\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) pGFX 2020 -> Intel Corp) C:\Windows\System32\DriverStore\FileRepository\icss_extension.inf_amd64_0304b9d8e91ee308\UserAwarenessService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncHelper.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\Windows\System32\Sgrm\SgrmBroker.exe
(services.exe ->) (NortonLifeLock Inc. -> NortonLifelock Inc.) C:\Program Files\Norton Security\Engine\22.23.1.21\NortonSecurity.exe <2>
(services.exe ->) (NortonLifeLock Inc. -> NortonLifeLock Inc.) C:\Program Files\Norton Security\Engine\22.23.1.21\nsWscSvc.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.) C:\Windows\RtkWiFiManServ.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1c0a31316508effa\RtkAudUService64.exe <2>
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(sihost.exe ->) (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe
(svchost.exe ->) (Flexera Software LLC -> Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe
(svchost.exe ->) (Flexera Software LLC -> Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(svchost.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (HP Inc.) C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6\HP.MyHP.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22122.94.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (WhatsApp Inc.) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2304.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_1c0a31316508effa\RtkAudUService64.exe [1596800 2022-09-29] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3831808 2021-08-30] (Microsoft Windows Hardware Compatibility Publisher -> Logitech)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4509184 2012-12-27] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [BrStsInd00] => C:\Program Files (x86)\BrownyInd\Brother\BrIndicator.exe [1885184 2012-12-18] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [TeamsMachineInstaller] => C:\Program Files (x86)\Teams Installer\Teams.exe [122427152 2021-07-14] (Microsoft Corporation -> Microsoft Corporation)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 ] (Flexera Software LLC -> Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\System32\OneDriveSetup.exe [50312608 2022-05-07] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [536152 2022-10-13] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Run: [OpenOffice Updater] => C:\Users\gabri\AppData\Roaming\OpenOffice Updater\Updater.exe [367480 2021-07-28] (Arne Koenig -> ) <==== ACHTUNG
HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2629552 2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\gabri\AppData\Local\Microsoft\Teams\Update.exe [2587336 2023-01-28] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2075480 2013-06-24] (Flexera Software LLC -> Flexera Software LLC.)
HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Run: [MicrosoftEdgeAutoLaunch_E366E5E6AF98057EB6410578BC1FD47F] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4243360 2023-02-17] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {0100D0A6-9F3D-4CA2-92FC-3585C2005A7E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2023-01-10] (HP Inc. -> HP Inc.)
Task: {0600DD45-FAF2-4131-A006-0B17509B9F78} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\sc.exe start InventorySvc
Task: {07C19A67-C1F4-4C10-9E79-424C379A9911} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => C:\WINDOWS\system32\MusNotification.exe /RunOnBattery Reboot (Keine Datei)
Task: {10650654-D454-4607-ADBA-647FF8681220} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {17D5928D-77DD-46EA-A895-33978E4C0BEC} - System32\Tasks\GoogleUpdateTaskMachineUA{BC940E11-41FF-4FEE-8FF2-099447A32231} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-22] (Google LLC -> Google LLC)
Task: {18E436A0-3122-4D66-961E-AD08157D2251} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [674720 2023-02-16] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {1C5676DF-69ED-4B99-A1FD-74CF5AABF6CA} - System32\Tasks\Norton Security with Backup\Norton Security Error Analyzer => C:\Program Files\Norton Security\Engine\22.23.1.21\SymErr.exe [379024 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {2E02ECFD-AF94-4CB1-922D-CA5FBBFC266C} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2022-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {367A7FA4-C69D-411E-9AB5-D7210AEA42D4} - System32\Tasks\Norton Security with Backup\Norton Security Autofix => C:\Program Files\Norton Security\Engine\22.23.1.21\SymErr.exe [379024 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {4C440D64-E135-42B1-B102-49D3CAC2CF7B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [716192 2023-02-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {54259915-DFD6-4669-BE7E-7660185D79F4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1149464 2023-01-10] (HP Inc. -> HP Inc.)
Task: {72A61018-6C49-45AC-954D-D2BC1292AAB1} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1644472 2019-06-21] (HP Inc. -> HP Inc.)
Task: {796CC92E-8D9D-414A-828A-862C2434FD79} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2353000 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {81041C1E-3659-4BA6-8776-69BFEA958E20} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141240 2023-02-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {8130BAF2-A0B4-4134-85D3-ACD4EAB5C729} - System32\Tasks\Microsoft\Windows\WaaSMedic\MaintenanceWork => {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
Task: {90E25386-4E33-41A8-BA15-A34E3DBEE922} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => C:\WINDOWS\system32\MusNotification.exe /RunOnAC Reboot (Keine Datei)
Task: {96951949-D65A-47FD-87F5-510CBC5EE898} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [847392 2023-01-10] (HP Inc. -> HP Inc.)
Task: {A488682F-0EC6-489B-B629-7E8E1F4DB0FE} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4191152 2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {A51AB5C0-21FA-426B-B891-A3B521DC15B9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => C:\WINDOWS\system32\MusNotification.exe LogonUpdateResults (Keine Datei)
Task: {AD61B4CB-6BB8-4E9C-B398-DD861FA9DAD6} - System32\Tasks\HP\Consent Manager Launcher => sc start hptouchpointanalyticsservice
Task: {ADEA81E7-37CA-4B93-903B-3C10A8B7BFDE} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [141240 2023-02-20] (Microsoft Corporation -> Microsoft Corporation)
Task: {AF730CDC-7FD9-4C01-AE68-36A652BC2C78} - System32\Tasks\GoogleUpdateTaskMachineCore{B2DB0D50-3494-4A98-8D39-4F2E5DABF61D} => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [171480 2022-10-22] (Google LLC -> Google LLC)
Task: {B16CF0CB-F41A-4D72-B752-772964D7E249} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton Security\Engine\22.23.1.21\WSCStub.exe [646520 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe (Keine Datei)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => C:\WINDOWS\system32\MusNotification.exe (Keine Datei)
Task: {E869009B-908D-496B-A4B0-B1C7BF1DF7BF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [7056328 2022-10-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {EC38B38A-40DC-4037-BD83-8A8D6D5BD7DC} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [21864416 2022-12-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {F2D0283D-004B-4B3C-8832-95DF1BFD7FFF} - System32\Tasks\Norton Security with Backup\Norton Security Error Processor => C:\Program Files\Norton Security\Engine\22.23.1.21\SymErr.exe [379024 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
Task: {F83CFC1C-E4DC-406F-9BA7-4C9325F78140} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-206354118-824061166-57906184-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4191152 2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
Task: {FD74F76C-309E-4616-A41F-91E24A830A83} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [1149464 2023-01-10] (HP Inc. -> HP Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{51380dae-4a02-4a6e-9308-8532626f37b0}: [DhcpNameServer] 100.100.20.24
Tcpip\..\Interfaces\{c9c7e339-318b-4f90-927c-45dd1ec301c2}: [DhcpNameServer] 192.168.178.1
Edge:
=======
Edge Profile: C:\Users\gabri\AppData\Local\Microsoft\Edge\User Data\Default [2023-02-22]
FireFox:
========
FF DefaultProfile: xl01siw9.default
FF ProfilePath: C:\Users\gabri\AppData\Roaming\Mozilla\Firefox\Profiles\xl01siw9.default [2022-10-13]
FF ProfilePath: C:\Users\gabri\AppData\Roaming\Mozilla\Firefox\Profiles\1phivtl9.default-release-1677065467883 [2023-02-22]
FF Extension: (uBlock Origin) - C:\Users\gabri\AppData\Roaming\Mozilla\Firefox\Profiles\1phivtl9.default-release-1677065467883\Extensions\uBlock0@raymondhill.net.xpi [2023-02-22]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll [2018-09-24] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll [2018-09-24] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9198496 2022-12-27] (Microsoft Corporation -> Microsoft Corporation)
R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [151560 2018-09-24] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncHelper.exe [3486640 2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [905080 2020-03-18] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\AppHelperCap.exe [797600 2023-01-19] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\DiagsCap.exe [796584 2023-01-19] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\NetworkCap.exe [792984 2023-01-19] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_844fe58f152c16a8\x64\SysInfoCap.exe [796576 2023-01-19] (HP Inc. -> HP Inc.)
R2 HpTouchpointAnalyticsService; C:\WINDOWS\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_f23fc423d26e5d79\x64\TouchpointAnalyticsClientService.exe [493712 2022-12-19] (HP Inc. -> HP Inc.)
R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_a29135245e28a81a\\AS\\IAS\\IntelAudioService.exe [532056 ] (Intel Corporation -> Intel)
R2 IntelContextService; C:\WINDOWS\System32\DriverStore\FileRepository\icss_extension.inf_amd64_0304b9d8e91ee308\UserAwarenessService.exe [148920 2020-10-22] (Intel(R) pGFX 2020 -> Intel Corp)
S3 InventorySvc; C:\WINDOWS\system32\inventorysvc.dll [304480 2022-12-07] (Microsoft Windows -> Microsoft Corporation)
R2 NortonSecurity; C:\Program Files\Norton Security\Engine\22.23.1.21\NortonSecurity.exe [344888 2023-02-02] (NortonLifeLock Inc. -> NortonLifelock Inc.)
R2 nsWscSvc; C:\Program Files\Norton Security\Engine\22.23.1.21\nsWscSvc.exe [1059176 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\23.023.0129.0002\OneDriveUpdaterService.exe [3857328 2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
R2 RtkWiFiManServ; C:\WINDOWS\RtkWiFiManServ.exe [826936 2021-12-27] (Realtek Semiconductor Corp. -> Realtek Semiconductor Corp.)
R2 SECOMNService; C:\WINDOWS\System32\SECOMN64.exe [743400 2022-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.)
R2 SgrmBroker; C:\WINDOWS\system32\Sgrm\SgrmBroker.exe [414632 2022-05-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [16907064 2023-02-20] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 TextInputManagementService; C:\WINDOWS\System32\TabSvc.dll [266240 2022-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\NisSrv.exe [3170576 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2209.7-0\MsMpEng.exe [133584 2022-10-14] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 wuauserv; C:\WINDOWS\system32\wuauserv.dll [137600 2023-02-15] (Microsoft Windows -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AmUStor; C:\WINDOWS\system32\drivers\AmUStorU.sys [135296 2020-10-22] (Alcorlink Corp. -> )
R2 bfs; C:\WINDOWS\system32\drivers\bfs.sys [91480 2022-12-07] (Microsoft Windows -> Microsoft Corporation)
R1 BHDrvx64; C:\Program Files\Norton Security\NortonData\22.22.9.11\Definitions\BASHDefs\20230221.001\BHDrvx64.sys [1705040 2022-10-20] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Datei ist nicht signiert]
R1 ccSet_NGC; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\ccSetx64.sys [198280 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [527864 2022-09-10] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [159720 2022-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 GenPass; C:\WINDOWS\System32\DriverStore\FileRepository\genpass.inf_amd64_bef88a423225ecdc\genpass.sys [62800 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys [25592 2021-09-15] (HP Inc. -> HP Inc.)
R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-07-19] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys [204440 2021-07-19] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_SPI_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_fc1ed3a5a1d514f2\iaLPSS2_SPI_TGL.sys [158352 2021-07-19] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_cd8c3a141c1b1284\iaLPSS2_UART2_TGL.sys [313504 2021-07-19] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1544912 2021-08-26] (Intel Corporation -> Intel Corporation)
R1 IDSVia64; C:\Program Files\Norton Security\NortonData\22.22.9.11\Definitions\IPSDefs\20230221.061\IDSvia64.sys [1527816 2023-02-21] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_2a3cc0b2d56e7a64\IntcUSB.sys [889944 2022-11-01] (Intel Corporation -> Intel(R) Corporation)
R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_19ceb7ce67a7cf8b\gna.sys [87200 2022-01-11] (Intel Corporation -> Intel Corporation)
S3 nsvst_NGC; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\nsvst.sys [57120 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
S0 pvscsi; C:\WINDOWS\System32\drivers\pvscsii.sys [45408 2022-05-07] (Microsoft Windows -> VMware, Inc.)
S3 RoutePolicy; C:\WINDOWS\System32\drivers\RoutePolicy.sys [98304 2022-05-07] (Microsoft Windows -> )
R3 SRTSP; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\SRTSP64.SYS [956048 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SRTSPX; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\SRTSPX64.SYS [52872 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R0 SymEFASI; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\SYMEFASI64.SYS [2180248 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S0 SymELAM; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\SymELAM.sys [36016 2023-02-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Broadcom)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [100328 2022-10-22] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R3 SymEvnt; C:\Program Files\Norton Security\NortonData\22.22.9.11\SymPlatform\SymEvnt.sys [722400 2022-06-06] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymIRON; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\Ironx64.SYS [306824 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
R1 SymNetS; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\symnets.sys [492728 2023-02-02] (Microsoft Windows Hardware Compatibility Publisher -> Broadcom)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49616 2022-10-14] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [455968 2022-10-14] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [95520 2022-10-14] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40104 2022-06-17] (HP Inc. -> HP)
S3 wpCtrlDrv_NGC; C:\WINDOWS\System32\drivers\NGCx64\1617010.015\wpCtrlDrv.sys [1016792 2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
R2 wtd; C:\WINDOWS\System32\drivers\wtd.sys [118784 2022-12-18] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2023-02-22 13:00 - 2023-02-22 13:01 - 000031397 _____ C:\Users\gabri\Downloads\FRST.txt
2023-02-22 12:59 - 2023-02-22 13:00 - 000000000 ____D C:\FRST
2023-02-22 12:59 - 2023-02-22 12:59 - 002378752 _____ (Farbar) C:\Users\gabri\Downloads\FRST64.exe
2023-02-22 12:41 - 2023-02-22 12:41 - 000764278 _____ C:\WINDOWS\system32\perfh007.dat
2023-02-22 12:41 - 2023-02-22 12:41 - 000167026 _____ C:\WINDOWS\system32\perfc007.dat
2023-02-22 12:28 - 2023-02-22 12:28 - 000000000 ____D C:\AdwCleaner
2023-02-22 12:27 - 2023-02-22 12:27 - 008791352 _____ (Malwarebytes) C:\Users\gabri\Downloads\adwcleaner.exe
2023-02-22 12:25 - 2023-02-22 12:26 - 002555248 _____ (Malwarebytes) C:\Users\gabri\Downloads\MBSetup.exe
2023-02-22 11:46 - 2023-02-22 11:46 - 000000000 ____D C:\Program Files\Portrait Displays
2023-02-21 20:38 - 2023-02-21 20:38 - 000000000 ____D C:\WINDOWS\system32\Tasks\Remediation
2023-02-17 16:06 - 2023-02-17 16:06 - 004943318 _____ C:\Users\gabri\OneDrive\Dokumente\dokument.prn
2023-02-16 19:44 - 2023-02-16 20:26 - 000000000 ____D C:\Program Files\Mozilla Firefox
2023-02-16 18:46 - 2023-02-16 18:46 - 000000000 ___RD C:\Users\gabri\AppData\Roaming\Brother
2023-02-16 18:46 - 2023-02-16 18:46 - 000000000 ____D C:\Users\gabri\AppData\LocalLow\Brother
2023-02-16 18:13 - 2023-02-22 12:43 - 000000000 ____D C:\WINDOWS\system32\Tasks\Norton Security with Backup
2023-02-16 18:06 - 2023-02-16 19:47 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2023-02-16 18:06 - 2023-02-16 18:06 - 000003376 _____ C:\WINDOWS\system32\Tasks\Norton WSC Integration
2023-02-15 20:01 - 2023-02-15 20:01 - 000000000 ___HD C:\$WinREAgent
2023-02-10 19:12 - 2023-02-10 19:13 - 004576536 _____ (DeepLSetup) C:\Users\gabri\Downloads\DeepLSetup(1).exe
2023-02-07 07:46 - 2023-02-07 07:46 - 003814680 _____ (DeepLSetup) C:\Users\gabri\Downloads\DeepLSetup.exe
2023-01-28 11:02 - 2023-01-28 11:02 - 000002401 _____ C:\Users\gabri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams (work or school).lnk
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2023-02-22 13:00 - 2022-10-13 17:53 - 000000000 ____D C:\Users\gabri\AppData\LocalLow\Mozilla
2023-02-22 13:00 - 2022-10-13 17:53 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-22 12:58 - 2022-10-22 11:53 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-22 12:41 - 2022-12-07 15:17 - 001774666 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-02-22 12:41 - 2022-05-07 06:22 - 000000000 ____D C:\WINDOWS\INF
2023-02-22 12:37 - 2022-12-07 15:07 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-22 12:37 - 2022-10-13 15:16 - 000000000 ___RD C:\Users\gabri\OneDrive
2023-02-22 12:37 - 2022-05-07 06:24 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-22 12:37 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-22 12:37 - 2022-05-07 06:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-22 12:36 - 2022-12-07 15:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-02-22 12:36 - 2022-10-13 15:22 - 000000000 ____D C:\Program Files\TeamViewer
2023-02-22 12:36 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2023-02-22 12:36 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\ServiceState
2023-02-22 12:36 - 2022-05-07 06:17 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-02-22 12:36 - 2021-09-17 11:08 - 000000000 __SHD C:\Users\gabri\IntelGraphicsProfiles
2023-02-22 12:36 - 2020-12-05 10:31 - 000000000 ____D C:\Intel
2023-02-22 12:36 - 2020-05-06 09:58 - 000012288 ___SH C:\DumpStack.log.tmp
2023-02-22 12:31 - 2022-12-07 15:13 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-02-22 12:16 - 2021-09-17 11:08 - 000000000 ____D C:\Users\gabri\AppData\Local\D3DSCache
2023-02-22 11:53 - 2022-11-02 20:58 - 000000000 ____D C:\Users\gabri\AppData\LocalLow\Norton
2023-02-21 20:38 - 2022-10-29 16:33 - 000000000 ____D C:\Users\gabri\OneDrive\Dokumente\Buch
2023-02-21 19:59 - 2021-09-17 11:08 - 000000000 ____D C:\Users\gabri\AppData\Local\Packages
2023-02-21 19:29 - 2022-10-22 14:48 - 000000000 ____D C:\Program Files\Microsoft Office
2023-02-18 16:36 - 2022-12-01 17:40 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-02-18 16:36 - 2020-12-05 10:32 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-17 14:14 - 2022-10-27 10:32 - 000000000 ____D C:\Program Files\Common Files\AV
2023-02-16 20:26 - 2022-10-13 17:53 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-16 19:49 - 2022-05-07 06:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-02-16 19:48 - 2022-10-13 17:53 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-02-16 19:47 - 2022-12-07 15:09 - 000002413 _____ C:\Users\Public\Desktop\Norton Security.lnk
2023-02-16 19:46 - 2022-12-19 15:04 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2023-02-16 19:34 - 2022-10-13 16:43 - 149955784 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-02-16 19:34 - 2022-10-13 16:43 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-02-16 18:09 - 2021-09-17 10:00 - 000000000 ____D C:\ProgramData\Packages
2023-02-16 18:07 - 2022-10-22 15:19 - 000000000 ____D C:\WINDOWS\system32\Drivers\NGCx64
2023-02-16 18:07 - 2022-05-07 06:17 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2023-02-16 18:06 - 2022-12-07 15:07 - 000624016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-02-16 18:06 - 2022-10-22 15:01 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\UUS
2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\SystemResources
2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\setup
2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-02-16 18:06 - 2022-05-07 06:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-02-16 17:14 - 2022-12-07 15:13 - 000003580 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-206354118-824061166-57906184-1001
2023-02-16 17:14 - 2022-12-07 15:13 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2023-02-16 17:14 - 2022-10-22 14:50 - 000002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-02-15 20:03 - 2022-12-07 15:09 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-02-08 15:09 - 2022-12-07 15:13 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-02-08 15:09 - 2022-12-07 15:13 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2023-02-02 16:15 - 2022-11-30 18:07 - 000000000 ____D C:\Users\gabri\AppData\Local\CrashDumps
2023-01-28 11:02 - 2022-10-22 15:01 - 000000000 ____D C:\Users\gabri\AppData\Local\SquirrelTemp
2023-01-27 16:51 - 2022-10-13 15:15 - 000000000 ____D C:\Users\gabri\AppData\Local\PlaceholderTileLogoFolder
2023-01-25 19:42 - 2022-10-13 16:45 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-01-23 17:57 - 2022-10-27 14:54 - 000000000 ____D C:\ProgramData\TEMP
2023-01-23 17:56 - 2022-10-22 15:17 - 000000000 ____D C:\ProgramData\Norton
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2022-10-27 15:12 - 2023-01-22 18:05 - 000000835 _____ () C:\Users\gabri\AppData\Roaming\SAS7_000.DAT
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Addition.txt Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 22-02-2023
durchgeführt von gabri (22-02-2023 13:01:31)
Gestartet von C:\Users\gabri\Downloads
Microsoft Windows 11 Home Version 22H2 22621.1265 (X64) (2022-12-07 14:14:05)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
Administrator (S-1-5-21-206354118-824061166-57906184-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-206354118-824061166-57906184-503 - Limited - Disabled)
gabri (S-1-5-21-206354118-824061166-57906184-1001 - Administrator - Enabled) => C:\Users\gabri
Gast (S-1-5-21-206354118-824061166-57906184-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-206354118-824061166-57906184-504 - Limited - Disabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security (Enabled - Up to date) {AECE2126-F4E7-6909-11F2-1B69D1FBCBD0}
FW: Norton Security (Enabled) {96F5A003-BE88-6851-3AAD-B25C2F288CAB}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Dragon (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)
Google Earth Pro (HKLM\...\{F27DBA46-80E1-4858-9285-19198FFFBF3D}) (Version: 7.3.6.9345 - Google)
HL-1110 series (HKLM-x32\...\{4F2442B7-A89E-42A4-8F0E-6937499855CA}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
HP Audio Switch (HKLM-x32\...\{3A5141D4-47DB-4302-9B1C-272BE585BC8A}) (Version: 1.0.179.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.17.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
Microsoft Edge (HKLM-x32\...\{EBCAB07F-EF8A-3941-83F7-1C84779015FA}) (Version: 110.0.1587.50 - Microsoft Corporation)
Microsoft Edge WebView2-Laufzeit (HKLM-x32\...\Microsoft EdgeWebView) (Version: 110.0.1587.50 - Microsoft Corporation)
Microsoft Office LTSC Professional Plus 2021 - de-de (HKLM\...\ProPlus2021Volume - de-de) (Version: 16.0.14332.20461 - Microsoft Corporation)
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 23.023.0129.0002 - Microsoft Corporation)
Microsoft Teams (HKU\S-1-5-21-206354118-824061166-57906184-1001\...\Teams) (Version: 1.5.00.36367 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{EF9EBC42-6969-45CE-A8D2-B9249B00C838}) (Version: 5.69.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 110.0 (x64 de)) (Version: 110.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 107.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Norton Security (HKLM-x32\...\NGC) (Version: 22.23.1.21 - NortonLifeLock Inc)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20461 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.14332.20461 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.14332.20461 - Microsoft Corporation) Hidden
OpenOffice 4.1.13 (HKLM-x32\...\{8BF457BB-5693-497F-B2D3-305905993C08}) (Version: 4.113.9810 - Apache Software Foundation)
OpenOffice Updater (HKU\S-1-5-21-206354118-824061166-57906184-1001\...\OpenOffice Updater) (Version: 1.1.10 - OpenOffice) <==== ACHTUNG
Teams Machine-Wide Installer (HKLM-x32\...\{731F6BAA-A986-45A4-8936-7C3AAAAA760B}) (Version: 1.4.0.19572 - Microsoft Corporation)
TeamViewer (HKLM\...\TeamViewer) (Version: 15.39.3 - TeamViewer)
Windows-PC-Integritätsprüfung (HKLM\...\{B3956CF3-F6C5-4567-AC38-1FD4432B319C}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Packages:
=========
Clipchamp -> C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.5.15.0_neutral__yxz26nhyzhsrt [2023-01-22] (Microsoft Corp.)
Energy Star -> C:\Program Files\WindowsApps\AD2F1837.HPInc.EnergyStar_1.2.0.0_x64__v10z8vjag6ke6 [2023-02-07] (HP Inc.)
HP Audio Center -> C:\Program Files\WindowsApps\AD2F1837.HPAudioCenter_1.38.277.0_x64__v10z8vjag6ke6 [2023-01-07] (HP Inc.)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.1.0.0_x64__v10z8vjag6ke6 [2023-01-17] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.1.54.0_x64__v10z8vjag6ke6 [2023-02-21] (HP Inc.)
HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6 [2022-12-07] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_142.3.139.0_x64__v10z8vjag6ke6 [2023-01-27] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.23.20.0_x64__v10z8vjag6ke6 [2023-01-22] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6 [2022-10-13] (HP Inc.)
Intel® Optane™ Memory and Storage Management -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_18.1.1037.0_x64__8j3eq9eme6ctt [2022-10-22] (INTEL CORP)
Media Engine-Add-On für Fotos -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2022-10-14] (Microsoft Corporation)
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.39.0_x64__8wekyb3d8bbwe [2023-01-06] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10114.505.0_x64__8wekyb3d8bbwe [2023-01-22] (Microsoft Corporation)
ms-resource://MicrosoftCorporationII.QuickAssist/resources/APP_WINDOW_NAME -> C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.16.0_x64__8wekyb3d8bbwe [2023-02-02] (Microsoft Corp.)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.AV1VideoExtension_1.1.52851.0_x64__8wekyb3d8bbwe [2022-12-16] (Microsoft Corporation)
ms-resource:AppStoreName -> C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.40041.0_x64__8wekyb3d8bbwe [2023-01-25] (Microsoft Corporation)
ms-resource:AppxManifest_DisplayName -> C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy [2022-12-07] (Microsoft Corporation)
ms-resource:System_Item_Title_IntelGraphicsControlPanel -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.4478.0_x64__8j3eq9eme6ctt [2023-01-17] (INTEL CORP) [Startup Task]
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_11.52247.86.0_x64__v10z8vjag6ke6 [2023-01-17] (HP Inc.) [Startup Task]
Netflix -> C:\Program Files\WindowsApps\4DF9E0F8.Netflix_6.98.1805.0_x64__mcm4njqhnhss8 [2022-10-13] (Netflix, Inc.)
Norton Security -> C:\Program Files\Norton Security\Engine\22.23.1.21 [2023-02-22] (0)
Prime Video for Windows -> C:\Program Files\WindowsApps\AmazonVideo.PrimeVideo_1.0.126.0_x64__pwbj9vvecjh7j [2023-02-13] (Amazon Development Centre (London) Ltd)
Solitaire & Casual Games -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.15.12020.0_x64__8wekyb3d8bbwe [2022-12-16] (Microsoft Studios) [MS Ad]
Spotify Music -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0 [2023-02-18] (Spotify AB) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2304.6.0_x64__cv1g1gvanyjgm [2023-02-12] (WhatsApp Inc.) [Startup Task]
Windows Feature Experience Pack -> C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy [2023-01-19] (Microsoft Windows)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x64__8wekyb3d8bbwe [2023-02-05] (Microsoft Corporation)
WindowsAppRuntime.1.2 -> C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.747.1945.0_x86__8wekyb3d8bbwe [2023-02-05] (Microsoft Corporation)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-206354118-824061166-57906184-1001_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\gabri\AppData\Local\Microsoft\TeamsMeetingAddin\1.0.22304.2\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-206354118-824061166-57906184-1001_Classes\CLSID\{D3E34B21-9D75-101A-8C3D-00AA001A1652}\localserver32 -> C:\Program Files\WindowsApps\Microsoft.Paint_11.2210.4.0_x64__8wekyb3d8bbwe\PaintApp\mspaint.exe () [Datei ist nicht signiert]
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_651bb78e61d538aa\OptaneShellExt.dll [2021-08-26] (Intel Corporation -> )
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ShellIconOverlayIdentifiers-x32: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers1: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.23.1.21\NavShExt.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers2: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.23.1.21\NavShExt.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_651bb78e61d538aa\OptaneShellExt.dll [2021-08-26] (Intel Corporation -> )
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\23.023.0129.0002\FileSyncShell64.dll [2023-02-16] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers6: [BUContextMenu] -> {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB} => C:\Program Files\Norton Security\Engine\22.23.1.21\buShell.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
ContextMenuHandlers6: [NortonLifeLock.Norton.Antivirus.IEContextMenu] -> {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} => C:\Program Files\Norton Security\Engine\22.23.1.21\NavShExt.dll [2023-02-02] (NortonLifeLock Inc. -> NortonLifeLock Inc.)
==================== Codecs (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Drivers32: [msacm.pspgru] => C:\Windows\SysWOW64\pspgru.acm [401920 2010-03-22] (Philips Austria GmbH - Speech Processing) [Datei ist nicht signiert]
==================== Verknüpfungen & WMI ========================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gratistests.lnk -> C:\Program Files (x86)\Online Services\Adobe\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?type=203&RedeemCode=jxqnsxXiIRT2CO6S5tw5A1vmhXU3smUlDuzeabiydy%2fUZ0feuXsvK3fFNq%2fcAknYFb3ItYXXJLjMGeIrxUsBUGM6JH0Nr0gAy2SDHsqWhn0t7OhmEd68332XrOMG3eQpMQR2Is0PhRNCFlKf4g%2beRpoR3%2fWvtlob9Zhazd%2f%2fAcI%3d
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass.lnk -> C:\Program Files (x86)\Online Services\LastPass\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=lastpass&c=*&locale=*&pf=*&s=*&tp=edge
==================== Geladene Module (Nicht auf der Ausnahmeliste) =============
2022-10-22 14:34 - 2009-02-27 15:38 - 000139264 ____R () [Datei ist nicht signiert] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2023-02-11 19:22 - 2023-02-11 19:22 - 103364608 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2304.6.0_x64__cv1g1gvanyjgm\WhatsApp.dll
2023-02-11 19:22 - 2023-02-11 19:22 - 008704512 _____ () [Datei ist nicht signiert] C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2304.6.0_x64__cv1g1gvanyjgm\WhatsAppNative.dll
2023-02-18 18:03 - 2023-02-18 18:03 - 000138240 _____ () [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\2d30f7ea748931b45f2d69c609d6bc47\Interop.IWshRuntimeLibrary.ni.dll
2022-10-22 14:34 - 2008-08-18 17:27 - 000122880 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\brlmw03a.dll
2022-10-22 14:34 - 2012-07-13 12:09 - 000385024 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrMonitor.dll
2022-10-22 14:34 - 2011-02-28 10:32 - 000208896 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrFirmUpdateCheck.dll
2022-10-22 14:34 - 2012-08-30 14:30 - 002040832 ____N (Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonWRes.dll
2023-02-18 18:03 - 2023-02-18 18:03 - 000134656 _____ (hardcodet.net) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\87f74a71a204bf7fde39f622924c4f3f\Hardcodet.Wpf.TaskbarNotification.ni.dll
2021-09-17 10:13 - 2021-09-17 10:13 - 000014336 _____ (HP Inc.) [Datei ist nicht signiert] C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6\SystemEventUtility\NativeRpcClient.DLL
2023-02-18 18:03 - 2023-02-18 18:03 - 001701376 _____ (Mark Heath & Contributors) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\9341642fab995e2f3a1c93d48a0e07f6\NAudio.ni.dll
2023-02-18 18:03 - 2023-02-18 18:03 - 003060736 _____ (Newtonsoft) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\2f079fd0a6ce77092bdcbab1ce035231\Newtonsoft.Json.ni.dll
2023-02-18 18:03 - 2023-02-18 18:03 - 000793088 _____ (The Apache Software Foundation) [Datei ist nicht signiert] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\8d542123be4595a204d30ab91330deac\log4net.ni.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [254]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TextInputManagementService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => ""="Memory"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{5099944A-F6B9-4057-A056-8C550228544C} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HidSpiCx.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TextInputManagementService => ""="Service"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) =================
==================== Internet Explorer (Nicht auf der Ausnahmeliste) ==========
SearchScopes: HKLM -> {263BD5CF-9CB1-4BD1-9368-2B63121864BE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {263BD5CF-9CB1-4BD1-9368-2B63121864BE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-206354118-824061166-57906184-1001 -> {263BD5CF-9CB1-4BD1-9368-2B63121864BE} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll [2018-09-24] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2023-01-10] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2022-10-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Norton Password Manager -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Security\Engine32\22.22.10.9\coIEPlg.dll => Keine Datei
BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll [2018-09-24] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2023-01-10] (HP Inc. -> HP Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security\Engine32\22.22.10.9\coIEPlg.dll Keine Datei
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2022-10-22] (Microsoft Corporation -> Microsoft Corporation)
==================== Hosts Inhalt: =========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2019-12-07 10:14 - 2019-12-07 10:12 - 000000824 ____N C:\WINDOWS\system32\drivers\etc\hosts
==================== Andere Bereiche ===========================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-206354118-824061166-57906184-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
HKU\S-1-5-21-206354118-824061166-57906184-1001\...\StartupApproved\Run: => "com.squirrel.Teams.Teams"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{EC99D474-3AEF-438D-BC61-E721623E749F}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{18EE6AED-A4CF-4E91-825E-4BAAACBA81C9}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3207037E-4482-41A1-84A3-4E2860C95315}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{3C66A91E-4523-4238-A329-FEFE905E2688}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{3BE99318-7704-46C2-8E02-5FA1D7DAF758}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_23002.403.1788.1930_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{5B7F7A3C-0712-4D2B-A9C7-9B4AC1DD661C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{965B8C2A-4683-441C-8C75-DFD582F85FE4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{6A17E5B1-B85E-42A9-8846-7E6F4F8674C8}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{486D80C0-8314-4EC0-91F4-C731A0A82293}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{CF0DCE0F-8F66-47E7-AA5E-3FC307618CB1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{E601B53B-56DD-419E-B13B-A43A84660295}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{33137D3F-F6F2-4FA6-8ABB-0604987583C7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{4F39CAD2-684C-4028-8C11-D4D2FDBFBA05}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.205.1006.0_x86__zpdnekdrzrea0\Spotify.exe (Spotify AB -> Spotify Ltd)
FirewallRules: [{D7A45C89-A6AE-4EB7-AF94-7558CAA8C7EF}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\110.0.1587.50\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{EED7A55D-22B5-4995-B884-EEAD0D81837F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{07EAB059-4549-4D16-B1F5-EA6FD53347BB}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{788BA7F7-3828-48B9-883E-2374F770A113}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{BAF9B331-CB5F-4852-9795-F78646323051}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{63EDDFB0-6689-489A-9F1C-5AC2537FB2F3}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D0FFE334-2576-4DCE-A695-A495DFBC6D8A}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7D39EB22-FF8F-421A-B148-B1B48BD4AAFD}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{18CDA9CE-46A2-4E5F-B8BF-ED8DA46453B1}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
==================== Wiederherstellungspunkte =========================
15-02-2023 20:01:41 Windows Modules Installer
==================== Fehlerhafte Geräte im Gerätemanager ============
==================== Fehlereinträge in der Ereignisanzeige: ========================
Applikationsfehler:
==================
Error: (02/21/2023 10:02:21 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Event-ID 0
Error: (02/20/2023 08:59:18 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Event-ID 0
Error: (02/20/2023 07:48:55 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Event-ID 0
Error: (02/20/2023 07:46:56 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Event-ID 0
Error: (02/20/2023 07:40:05 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Event-ID 0
Error: (02/19/2023 09:36:16 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Event-ID 0
Error: (02/19/2023 09:35:53 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Event-ID 0
Error: (02/19/2023 05:18:01 PM) (Source: DNS logging) (EventID: 0) (User: )
Description: Event-ID 0
Systemfehler:
=============
Error: (02/22/2023 12:36:08 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/22/2023 12:36:08 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/22/2023 12:36:08 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/22/2023 12:36:08 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/22/2023 12:36:08 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/22/2023 12:36:08 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/22/2023 12:36:08 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error: (02/22/2023 12:36:08 PM) (Source: DCOM) (EventID: 10010) (User: NB-GABY)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
CodeIntegrity:
===============
Date: 2023-02-22 12:39:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MpCmdRun.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.23.1.21\symamsi.dll that did not meet the Microsoft signing level requirements.
Date: 2023-02-22 12:38:55
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Norton Security\Engine\22.23.1.21\symamsi.dll that did not meet the Windows signing level requirements.
==================== Speicherinformationen ===========================
BIOS: Insyde F.46 07/27/2021
Hauptplatine: HP 881D
Prozessor: 11th Gen Intel(R) Core(TM) i3-1115G4 @ 3.00GHz
Prozentuale Nutzung des RAM: 79%
Installierter physikalischer RAM: 7948.62 MB
Verfügbarer physikalischer RAM: 1636.76 MB
Summe virtueller Speicher: 8460.62 MB
Verfügbarer virtueller Speicher: 1327.55 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:237.21 GB) (Free:170.34 GB) (Model: NVMe SAMSUNG MZVLQ256HBJD-00BH1) (Protected) NTFS
\\?\Volume{303f1acf-dd6b-4b7b-941c-030bb8f02be3}\ () (Fixed) (Total:0.99 GB) (Free:0.08 GB) NTFS
\\?\Volume{75de0296-dc89-4739-bbeb-f0e0cafbd866}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.18 GB) FAT32
==================== MBR & Partitionstabelle ====================
==========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: A67FC905)
Partition: GPT.
==================== Ende von Addition.txt =======================
AdwCleaner[S00].txt Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.0.0
# -------------------------------
# Build: 08-30-2022
# Database: 2022-10-10.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-22-2023
# Duration: 00:00:07
# OS: Windows 11 (Build 22621.1265)
# Scanned: 32094
# Detected: 23
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
PUP.Optional.Fake.OpenOfficeUpdater C:\Users\gabri\AppData\Roaming\OpenOffice Updater
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Optional.Fake.OpenOfficeUpdater HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|OpenOffice Updater
PUP.Optional.Fake.OpenOfficeUpdater HKCU\Software\Microsoft\Windows\CurrentVersion\Run|OpenOffice Updater
PUP.Optional.Fake.OpenOfficeUpdater HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\OpenOffice Updater
PUP.Optional.Fake.OpenOfficeUpdater HKCU\Software\OpenOffice Updater
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.HPAudioSwitch Folder C:\Program Files (x86)\HP\HPAUDIOSWITCH
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{72A61018-6C49-45AC-954D-D2BC1292AAB1}
Preinstalled.HPAudioSwitch Registry HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HPAudioSwitch
Preinstalled.HPAudioSwitch Task C:\Windows\System32\Tasks\HPAUDIOSWITCH
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|HPSEU_Host_Launcher
Preinstalled.HPCleanFLC Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Run|HPSEU_Host_Launcher
Preinstalled.HPRegistrationService Folder C:\ProgramData\HP\HP REGISTRATION SERVICE
Preinstalled.HPSupportAssistant Folder C:\HP\SUPPORT
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\gabri\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
Preinstalled.HPSureConnect Folder C:\Program Files\HPCOMMRECOVERY
Preinstalled.HPSureConnect Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{6468C4A5-E47E-405F-B675-A70A70983EA6}
Preinstalled.HPTouchpointAnalyticsClient Folder C:\ProgramData\HP\HP TOUCHPOINT ANALYTICS CLIENT
Preinstalled.HPTouchpointAnalyticsClient Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E5FB98E0-0784-44F0-8CEC-95CD4690C43F}
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
|
| Themen zu Fake Windows Defender Pop-Up mit Audio - Windows wurde aus Sicherheitgründen gesperrt. |
| adobe, browser, defender, error, firefox, gesperrt, google, home, internet, internet explorer, malware, monitor, mozilla, prozesse, realtek, registry, scan, security, services.exe, software, svchost.exe, symantec, system, updates, windows |
Baum-Darstellung