| |
| |||||||
Log-Analyse und Auswertung: MFResident-20230328-55Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
08.04.2023, 19:31
| #1 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  MFResident-20230328-55Zitat:
Weches Benuterkonto ist denn nun betroffen? Und wenn muss FRST mit Adminrechten ausgeführt werden.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.04.2023, 20:15
| #2 |
 | MFResident-20230328-55 Sinnfrei gehört zu meinen Kernkompetenzen :-))
__________________Hab das frst nochmals durchgeführt, jetzt zwar vom gleichen Benutzerkonto (Eltern, das ist kein Adminkonto) aber als Admimistrator ausgeführt. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-04-2023
Ran by Schilling Family (administrator) on SCHILLINGFAMILY (Gigabyte Technology Co., Ltd. GA-890GPA-UD3H) (08-04-2023 20:55:54)
Running from C:\Users\Eltern\Downloads
Loaded Profiles: Schilling Family & Eltern
Platform: Microsoft Windows 10 Pro Version 21H2 19044.2728 (X64) Language: Deutsch (Deutschland) -> Deutsch (Deutschland)
Default browser: Edge
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files (x86)\DataCardService\HWDeviceService64.exe ->) (Huawei Technologies Co.,Ltd. -> Huawei Technologies Co., Ltd.) C:\Program Files (x86)\DataCardService\DCSHelper.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MpCopyAccelerator.exe
(DeviceVM Inc. -> DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(explorer.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(services.exe ->) (DeviceVM Inc. -> DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
(services.exe ->) (Huawei Technologies Co.,Ltd. -> ) C:\Program Files (x86)\DataCardService\HWDeviceService64.exe
(services.exe ->) (JMicron Technology Corp. -> ) C:\Windows\SysWOW64\XSrvSetup.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Shenzhen iMyFone Technology Co., Ltd -> ) C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\LocalService.exe
(services.exe ->) (Silhouette Research & Technology Ltd -> ) C:\Program Files (x86)\Silhouette America\Silhouette Link\Resources\Resources\SPEC_LK\SilhouetteLinkServer.32.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10144288 2010-04-06] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM-x32\...\Run: [BCU] => C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe [375000 2009-10-15] (DeviceVM Inc. -> DeviceVM, Inc.)
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Windows Media Player\wmprph.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Roxio WinOnCD 2009\Roxio Central 4\Plugins\Launch.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\Setup_wm.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\ChessBase\ChessProgram12\ChessProgram12.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Windows Media Player\wmpnscfg.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Internet Explorer <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpsideshowgadget.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files\Windows Sidebar <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: c:\users\henrike\downloads\minecraft (1).exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpnetwk.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: c:\program files (x86)\adobe\reader 10.0\reader\eula.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Roxio WinOnCD 2009\Roxio Central 4\RoxioCentralFx.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Windows Media Player\wmlaunch.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Roxio WinOnCD 2009\Media Import 11\MediaCapture11.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmprph.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Windows Media Player\wmpsideshowgadget.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: c:\program files (x86)\java\jre7\bin\javaw.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Microsoft Office\Office14\Wordconv.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Windows Media Player\Setup_wm.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpconfig.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpnscfg.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: c:\users\henrike\downloads\minecraft.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: c:\users\henrike\desktop\minecraft (1).exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Windows Media Player\wmpshare.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Microsoft Office\Office14\excelcnv.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Microsoft Office\Office14\XLICONS.EXE <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Microsoft Office\Office14\PPTICO.EXE <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Windows Media Player\wmplayer.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Microsoft Office\Office14\WORDICON.EXE <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Roxio WinOnCD 2009\Creator Classic 11\Creator11.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Windows Sidebar <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Windows Media Player\wmpnscfg.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Roxio WinOnCD 2009\Retrieve 11\Launch_Retrieve.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmlaunch.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpnscfg.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Roxio WinOnCD 2009\Retrieve 11\Retrieve11.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Windows Media Player\wmpconfig.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files\Windows Defender <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Windows Media Player\wmpenc.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: c:\users\henrike\desktop\minecraft.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files\Internet Explorer <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Users\Schilling Family\AppData\Local\Google\Chrome\Application\chrome.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpshare.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1004 Group Policy restriction on software: C:\Program Files\Windows Media Player\wmpenc.exe <==== ATTENTION
HKU\S-1-5-21-607273383-903765569-4108737559-1001\...\Run: [Google Update] => C:\Users\Schilling Family\AppData\Local\Google\Update\1.3.33.7\GoogleUpdateCore.exe [601680 2017-11-25] (Google Inc -> Google Inc.)
HKU\S-1-5-21-607273383-903765569-4108737559-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-607273383-903765569-4108737559-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-607273383-903765569-4108737559-1003\...\Run: [Google Update] => C:\Users\Eltern\AppData\Local\Google\Update\1.3.36.152\GoogleUpdateCore.exe [230360 2022-08-29] (Google LLC -> Google LLC)
HKU\S-1-5-21-607273383-903765569-4108737559-1003\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Eltern\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] (Amazon Services LLC -> )
HKU\S-1-5-21-607273383-903765569-4108737559-1003\...\Run: [MicrosoftEdgeAutoLaunch_EB8D6C06E991CEDBC9E4E65F13805E5D] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4140496 2023-04-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-607273383-903765569-4108737559-1003\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-607273383-903765569-4108737559-1003\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-607273383-903765569-4108737559-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-607273383-903765569-4108737559-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKLM\...\Windows x64\Print Processors\Canon iP4300 Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPD86.DLL [27136 2006-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\hpzppw71: C:\Windows\System32\spool\prtprocs\x64\hpzppw71.dll [230400 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\Canon BJ FAX Language Monitor MX520 series: C:\WINDOWS\system32\CNCALBO.DLL [303104 2012-09-21] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJ Language Monitor iP4300: C:\WINDOWS\system32\CNMLM86.DLL [234496 2006-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX520 series: C:\WINDOWS\system32\CNMLMBO.DLL [390656 2012-09-20] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2012-07-31] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\LIDIL hpzllw71: C:\WINDOWS\system32\hpzllw71.dll [53248 2009-07-14] (Microsoft Windows -> Hewlett-Packard Corporation)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] ->
Startup: C:\Users\Eltern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2013-01-04]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\Users\Henrike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2014-04-08]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-607273383-903765569-4108737559-1004\User: Restriction <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0BBB9B25-3E0B-41C4-8417-BC0AA3E8469A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (No File)
Task: {0D20E039-9151-46FD-B974-33451D8D8893} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (No File)
Task: {0D32098A-3809-485B-B4B1-FB99532A9F8A} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {0F32F71B-0E80-453C-84AA-62B937EFC571} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe $(Arg0) (No File)
Task: {16715D28-05B1-4839-82FC-3FBDE0233F64} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe /StartRecording (No File)
Task: {1C55A462-FD73-403B-A09F-984CB07A8C39} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-607273383-903765569-4108737559-1003UA => C:\Users\Eltern\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {22BE8BFB-1E32-4605-8FE7-032BE3370959} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (No File)
Task: {2C9910E7-21E4-4BC3-A649-8476A15F8916} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2C9A41E5-EAA4-47BD-A47C-649959DD4C96} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe /RestartRecording (No File)
Task: {2D4F42E6-6553-4563-A4DA-5C64C00F3A24} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (No File)
Task: {2F254FB2-238A-4DDD-BB1A-5CD7BD36CFB9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe -crl -hms -pscn 15 (No File)
Task: {308E3245-B76B-4F4C-9420-DC711CD8B6AA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (No File)
Task: {355E2600-47CE-46FE-9A7E-1F5F735531F9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MpCmdRun.exe [1645904 2023-03-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {45381A70-9F15-40C7-9DAB-84FE23E9CA62} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (No File)
Task: {479F023B-EDFA-4153-B8AB-686E66D34909} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (No File)
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {48A446E7-59BC-49E8-B070-033DCC730F02} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269000 2015-08-16] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {4FEE6216-5B1C-4CCD-B930-8E7E961AED44} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-607273383-903765569-4108737559-1001Core => C:\Users\Schilling Family\AppData\Local\Google\Update\GoogleUpdate.exe [152216 2016-07-14] (Google Inc -> Google Inc.)
Task: {5235F070-0423-4841-A880-4C5C6E95D792} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {5288861F-AA80-42F5-965F-271A29651414} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {540F9B5D-6DB9-4419-8E0B-36E4220B76D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-607273383-903765569-4108737559-1001UA => C:\Users\Schilling Family\AppData\Local\Google\Update\GoogleUpdate.exe [152216 2016-07-14] (Google Inc -> Google Inc.)
Task: {57B8B6B7-8B6E-4186-94DF-1155B3FB3CF1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (No File)
Task: {57F6E612-D826-46E6-86F9-C9951328AFB3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5BE104DB-21E9-45AE-90C2-1E8585816213} - \MetaCrawler -> No File <==== ATTENTION
Task: {60E899E7-67BD-4316-94B1-5F9C60C66F8F} - \BonanzaDealsLiveUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {62AB03D9-9674-4F82-9B03-79854C0C4188} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {68A2DC77-4326-45B0-A2EB-FC0A3F784C40} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6CE9B4C3-7B27-4764-9B0A-152BBAECC232} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6F37C2F7-DADB-49AE-A204-2C9AD19C6CFE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6F47A56B-CADB-4C5E-B30B-85487FC6CC88} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-607273383-903765569-4108737559-1003Core => C:\Users\Eltern\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {71C3C4D2-0F58-4A47-A69A-D46E959D7336} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (No File)
Task: {71D74DD1-F182-473C-A98A-587C247548CF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {73A44D9D-5152-45D9-B5ED-09FE3C3EA042} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (No File)
Task: {801268F4-4131-4543-95C3-8B78C47D63B5} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {83C55439-989B-45A6-A08E-F552847E1327} - \DigitalSite -> No File <==== ATTENTION
Task: {84608AB1-FDFC-4CBE-9B6E-87A86EC99DCE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (No File)
Task: {88F5F492-6208-4730-A9B2-F754D5D964BB} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {89AA7B43-6F43-4665-B455-35250B2775B6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-607273383-903765569-4108737559-1001Core1d36619e3cf49df => C:\Users\Schilling Family\AppData\Local\Google\Update\GoogleUpdate.exe [152216 2016-07-14] (Google Inc -> Google Inc.)
Task: {964B9BE3-0E0D-4477-9935-97A3378361C6} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MpCmdRun.exe [1645904 2023-03-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9B5544EC-58CA-4789-AAD4-BC7E3AC6823A} - \BonanzaDealsLiveUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {A25CFF11-8701-4725-B4FF-B3E3A26322F7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-607273383-903765569-4108737559-1001UA1d36619e3f56ec3 => C:\Users\Schilling Family\AppData\Local\Google\Update\GoogleUpdate.exe [152216 2016-07-14] (Google Inc -> Google Inc.)
Task: {A62B6259-A517-463A-87F7-5AC214BA12C1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-607273383-903765569-4108737559-1003UA1d264fa72e45b7c => C:\Users\Eltern\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {A644AF47-F72C-415B-87DA-AC26713AA924} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (No File)
Task: {A764CB31-E10A-4748-87C2-78B1A074C2C5} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {AE3B097F-0458-44AD-B075-30716ECFED1E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B48C01BC-3898-4438-ACBC-3CBB676128C9} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (No File)
Task: {BC82C7F7-E333-4612-B4DA-B144C7B04EC6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (No File)
Task: {C5CFDFCD-19A8-459D-B137-419863D933E0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MpCmdRun.exe [1645904 2023-03-28] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C81A5F30-FAB1-46FE-8C78-248273597C96} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C9CE2E2F-74C8-4420-A9A6-6C5270140972} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (No File)
Task: {CC1E0B3B-991C-48FD-A12D-87AD1C6A5AB4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CEC66727-43C2-4046-877F-5E52D2579E6A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (No File)
Task: {D4B27E49-E70B-42CF-9F59-391892C74007} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D8373EC5-C2D0-47AA-A6E5-134DB4404626} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (No File)
Task: {D8BBE133-E46B-46C1-91B4-19BE93F6CB55} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (No File)
Task: {E32C8471-92F1-4FDE-B901-8FB47EC87899} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E9EB6BC0-96CB-4A0D-888D-CE6AD2CFAA11} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1560056 2023-02-01] (Adobe Inc. -> Adobe Inc.)
Task: {EEF562D5-1A49-4011-9839-10FE2C739B33} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-607273383-903765569-4108737559-1003Core1d264fa72b23a21 => C:\Users\Eltern\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc -> Google Inc.)
Task: {FCAE2C9E-7790-484C-B719-C3622CADC1D6} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (No File)
Task: {FD4F3315-361A-4584-98C3-A29243C37660} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MpCmdRun.exe [1645904 2023-03-28] (Microsoft Windows Publisher -> Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DigitalSite.job => C:\Users\SCHILL~1\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-607273383-903765569-4108737559-1001Core.job => C:\Users\Schilling Family\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-607273383-903765569-4108737559-1001UA.job => C:\Users\Schilling Family\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-607273383-903765569-4108737559-1003Core.job => C:\Users\Eltern\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-607273383-903765569-4108737559-1003UA.job => C:\Users\Eltern\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}.job => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
Task: C:\WINDOWS\Tasks\MetaCrawler.job => C:\Users\SCHILL~1\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{1533b570-916a-43ef-a95f-2771cf3347c2}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{63e8b743-5869-48f3-b34a-8f4038bdaffe}: [NameServer] 10.74.210.210 10.74.210.211
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
FireFox:
========
FF ProfilePath: C:\Users\Schilling Family\AppData\Roaming\Nvu\Profiles\0l2t5pjb.default [2012-11-29]
FF HKLM\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru => not found
FF HKLM-x32\...\Firefox\Extensions: [speedanalysis@SpeedAnalysis.com] - C:\Users\Schilling Family\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF Extension: (SpeedAnalysis.com) - C:\Users\Schilling Family\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com [2013-04-02] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_A07576A3CEBC4A72A8CF2C925907DB05@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKU\S-1-5-21-607273383-903765569-4108737559-1001\...\Firefox\Extensions: [speedanalysis@SpeedAnalysis.com] - C:\Users\Schilling Family\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2023-03-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.) [File not signed]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc. -> Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2013-02-14] (Sony Network Entertainment International LLC) [File not signed]
FF Plugin HKU\S-1-5-21-607273383-903765569-4108737559-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Schilling Family\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-25] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-607273383-903765569-4108737559-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Schilling Family\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-25] (Google Inc -> Google Inc.)
FF Plugin HKU\S-1-5-21-607273383-903765569-4108737559-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll [2012-12-07] (Amazon.com, Inc.) [File not signed]
FF Plugin HKU\S-1-5-21-607273383-903765569-4108737559-1003: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Eltern\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon Services LLC -> Amazon.com, Inc.)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-10-06] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-10-06] <==== ATTENTION
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Schilling Family\AppData\Local\Google\Chrome\User Data\Default [2018-01-28]
CHR HomePage: Default -> hxxp://www.google.com
CHR Extension: (Präsentationen) - C:\Users\Schilling Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-25]
CHR Extension: (Docs) - C:\Users\Schilling Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-25]
CHR Extension: (Google Drive) - C:\Users\Schilling Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-25]
CHR Extension: (YouTube) - C:\Users\Schilling Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-25]
CHR Extension: (Complitly plugin for chrome) - C:\Users\Schilling Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda [2017-11-25] [UpdateUrl:hxxp://www.predictad.com/update/chrome/?si=28188&ver=1.1] <==== ATTENTION
CHR Extension: (Metacrawler Neuer Tab) - C:\Users\Schilling Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\doobfiogmfmpjnoofjhhgjehmlofngfp [2017-11-25] [UpdateUrl:hxxp://update.speedial.com/addons/metacrawler-ch.xml] <==== ATTENTION
CHR Extension: (Tabellen) - C:\Users\Schilling Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-25]
CHR Extension: (Kaspersky Protection) - C:\Users\Schilling Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-11-25]
CHR Extension: (Google Docs Offline) - C:\Users\Schilling Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-01-28]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Schilling Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-25]
CHR Extension: (Google Mail) - C:\Users\Schilling Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-25]
CHR Extension: (Chrome Media Router) - C:\Users\Schilling Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-28]
CHR HKLM\...\Chrome\Extension: [doobfiogmfmpjnoofjhhgjehmlofngfp] - C:\Users\Schilling Family\AppData\Local\metacrawler-speeddial.crx [2013-11-16]
CHR HKU\S-1-5-21-607273383-903765569-4108737559-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [doobfiogmfmpjnoofjhhgjehmlofngfp] - C:\Users\SCHILL~1\AppData\Local\metacrawler-speeddial.crx [2013-11-16]
CHR HKU\S-1-5-21-607273383-903765569-4108737559-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [cfcbmgbfdbijmjgjihagbomfbjfjmgon] - C:\Users\Schilling Family\AppData\Roaming\SpeedanAlysis\speedanalysis.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dlfienamagdnkekbbbocojppncdambda] - C:\Program Files (x86)\Complitly\chrome\ComplitlyChrome.crx [2012-05-28]
CHR HKLM-x32\...\Chrome\Extension: [doobfiogmfmpjnoofjhhgjehmlofngfp] - C:\Users\Schilling Family\AppData\Local\metacrawler-speeddial.crx [2013-11-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
StartMenuInternet: Google Chrome - C:\Users\Schilling Family\AppData\Local\Google\Chrome\Application\chrome.exe
StartMenuInternet: Google Chrome.Eltern - C:\Users\Eltern\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-02-01] (Adobe Inc. -> Adobe Inc.)
S3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [269000 2015-08-16] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [99104 2021-08-20] (Apple Inc. -> Apple Inc.)
S3 ElfoService; C:\Program Files (x86)\ElsterFormular Update Service\bin\elfoService.exe [1113864 2020-07-04] (Bayerisches Landesamt fuer Steuern -> )
S2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] (Giga-Byte Technology -> )
R2 HWDeviceService64.exe; C:\Program Files (x86)\DatacardService\HWDeviceService64.exe [351888 2016-03-24] (Huawei Technologies Co.,Ltd. -> )
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 Internet Manager. RunOuc; C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [682072 2015-07-06] (Huawei Technologies Co.,Ltd. -> )
R2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72304 2010-01-19] (JMicron Technology Corp. -> )
R2 MFLocalService; C:\Program Files (x86)\Common Files\iMyFone\Components\Resident\LocalService.exe [54664 2022-04-28] (Shenzhen iMyFone Technology Co., Ltd -> )
S4 Roxio UPnP Renderer 11; C:\Program Files (x86)\Roxio WinOnCD 2009\Digital Home 11\RoxioUPnPRenderer11.exe [313840 2008-08-14] (Sonic Solutions -> Sonic Solutions)
S4 Roxio Upnp Server 11; C:\Program Files (x86)\Roxio WinOnCD 2009\Digital Home 11\RoxioUpnpService11.exe [367088 2008-08-14] (Sonic Solutions -> Sonic Solutions)
S4 RoxMediaDB11; C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [1122304 2009-01-09] (Sonic Solutions) [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [226976 2023-03-18] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 SilhouetteLink; C:\Program Files (x86)\Silhouette America\Silhouette Link\Resources\Resources\SPEC_LK\SilhouetteLinkServer.32.exe [897200 2016-12-06] (Silhouette Research & Technology Ltd -> )
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\NisSrv.exe [3224328 2023-03-28] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe [133544 2023-03-28] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTeK Computer Inc. -> ASUSTek Computer Inc.)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices, Inc. -> Advanced Micro Devices)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 gdrv; C:\Windows\gdrv.sys [25640 2023-04-08] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2014-02-08] (GIGA-BYTE TECHNOLOGY CO., LTD -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-10] (Microsoft Windows Hardware Compatibility Publisher -> Apple, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49608 2023-03-28] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [495896 2023-03-28] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99624 2023-03-28] (Microsoft Windows -> Microsoft Corporation)
U3 idsvc; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-04-08 19:09 - 2023-04-08 19:14 - 000072558 _____ C:\Users\Eltern\Downloads\Addition.txt
2023-04-08 19:04 - 2023-04-08 20:57 - 000043570 _____ C:\Users\Eltern\Downloads\FRST.txt
2023-04-08 19:03 - 2023-04-08 20:56 - 000000000 ____D C:\FRST
2023-04-08 19:01 - 2023-04-08 19:02 - 002379776 _____ (Farbar) C:\Users\Eltern\Downloads\FRST64.exe
2023-04-08 00:27 - 2023-04-08 20:36 - 113508352 _____ C:\WINDOWS\system32\config\SOFTWARE
2023-04-08 00:11 - 2023-04-08 00:27 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2023-03-18 17:05 - 2023-03-18 17:05 - 000000000 ___HD C:\$WinREAgent
2023-03-09 23:24 - 2023-03-09 23:24 - 000000000 ____D C:\Users\Eltern\AppData\Local\SolidDocuments
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2023-04-08 20:49 - 2014-03-03 21:44 - 000000000 ____D C:\Program Files (x86)\Motorola Mobility
2023-04-08 20:49 - 2012-05-05 21:20 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2023-04-08 20:46 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2023-04-08 20:39 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-04-08 20:38 - 2012-05-05 21:40 - 000025640 _____ (Windows (R) Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2023-04-08 20:37 - 2021-06-21 11:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-04-08 20:37 - 2017-12-28 22:49 - 000000000 ____D C:\ProgramData\NVIDIA
2023-04-08 20:36 - 2019-12-07 11:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2023-04-08 20:21 - 2012-06-14 08:40 - 000000000 ____D C:\Users\Schilling Family\AppData\Roaming\DVDVideoSoft
2023-04-08 17:47 - 2023-01-24 22:03 - 000000000 ____D C:\Users\Eltern\AppData\Local\CrashDumps
2023-04-07 22:32 - 2021-06-21 10:56 - 000002396 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-04-07 22:32 - 2021-06-21 10:56 - 000002234 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2023-04-07 22:32 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-04-07 22:32 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-04-07 22:28 - 2012-05-06 09:23 - 000002540 _____ C:\Users\Eltern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-04-07 22:28 - 2012-05-06 09:23 - 000002503 _____ C:\Users\Eltern\Desktop\Google Chrome.lnk
2023-04-07 22:27 - 2021-06-21 11:40 - 000004170 _____ C:\WINDOWS\system32\Tasks\User_Feed_Synchronization-{7B8873E7-2F6A-4D04-BC4D-C1178DC4E0A8}
2023-04-07 22:26 - 2021-12-11 16:19 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-607273383-903765569-4108737559-1003
2023-04-07 22:26 - 2021-06-21 11:40 - 000003378 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-607273383-903765569-4108737559-1003
2023-04-07 22:26 - 2021-06-21 10:59 - 000002443 _____ C:\Users\Eltern\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-04-04 23:44 - 2021-06-21 10:50 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-04-04 21:51 - 2021-06-24 07:57 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2023-04-04 21:51 - 2021-06-24 07:57 - 000003662 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore1d7667dcba7b542
2023-04-02 11:37 - 2021-06-21 11:15 - 001917326 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-04-02 11:37 - 2019-12-07 16:51 - 000820884 _____ C:\WINDOWS\system32\perfh007.dat
2023-04-02 11:37 - 2019-12-07 16:51 - 000177416 _____ C:\WINDOWS\system32\perfc007.dat
2023-03-28 01:10 - 2018-05-27 22:26 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2023-03-25 15:07 - 2021-06-21 11:40 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2023-03-25 15:06 - 2023-03-07 09:26 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2023-03-25 15:06 - 2023-03-07 09:26 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2023-03-19 01:32 - 2021-06-21 10:50 - 000523208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-03-19 01:28 - 2019-12-07 16:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2023-03-19 01:28 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2023-03-19 01:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-03-19 01:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-03-19 01:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2023-03-19 01:28 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-03-18 17:41 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-03-18 17:29 - 2021-06-21 10:55 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-03-18 16:56 - 2013-08-03 13:53 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-03-18 16:35 - 2012-05-05 17:39 - 153620824 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-03-09 23:24 - 2012-05-06 09:25 - 000000000 ____D C:\Users\Eltern\AppData\Roaming\Adobe
==================== Files in the root of some directories ========
2015-07-14 15:52 - 2013-06-26 13:51 - 000884736 _____ () C:\Program Files (x86)\vkaraoke.exe
2014-02-08 16:11 - 2014-02-08 16:11 - 000000047 _____ () C:\Users\Schilling Family\AppData\Roaming\WB.CFG
2013-11-16 13:11 - 2013-11-16 13:11 - 000356766 _____ () C:\Users\Schilling Family\AppData\Local\metacrawler-speeddial.crx
2012-05-12 00:26 - 2012-05-12 10:48 - 000007597 _____ () C:\Users\Schilling Family\AppData\Local\Resmon.ResmonCfg
2012-05-05 18:17 - 2012-05-05 18:17 - 000017408 _____ () C:\Users\Schilling Family\AppData\Local\WebpageIcons.db
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
|
|
| Themen zu MFResident-20230328-55 |
| adobe, antivirus, backdoor, computer, defender, desktop, excel, flash player, google, home, installation, internet, internet explorer, kaspersky, mfresident-20230328-55, mozilla, port, prozesse, realtek, registry, scan, sekunden, software, temp, udp, windows |
Hybrid-Darstellung