| |
| |||||||
Log-Analyse und Auswertung: Windows 11 : E-Mail Trojaner ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.09.2024, 07:31
| #1 |
 |  Windows 11 : E-Mail Trojaner ? Hallo, ich bekomme seit einigen Tagen E-Mails mit folgendem Inhalt: Code:
ATTFilter Hallo!
IchjhabeWleiderpschlechteYNeuigkeitenKfürGSie.
VorxeinigenwMonatenOhabeVichTunautorisiertenxZugriffmaufVIhreNGeräteYerhalten,pdiemSieWzumvSurfenbimwInternetynutzen.rSeitdemDverfolgetichEallSIhregAktivitätenOimWNetz.
WasListepassiert?
ZugriffCaufLIhriE-Mail-Konto
IndderzVergangenheitQhabeOichldurchRdenbKaufAvonRZugangsdatenWvonXHackernomühelosTinYvieleyE-Mail-Kontenueingeloggto(dasZistBheutzutageoeineeziemlichBeinfacheVAufgabe).gSoskonnteIichTohneNSchwierigkeitenwauchrinvIhrtE-Mail-KontoKgelangen.
InstallationbeinesxTrojaners
EtwaJeinecWochewnachkdemTerstenAZugriffohabemichKesbgeschafft,WeinenlTrojanerwaufkallgIhrenuGerätenLzuPinstallieren,mdieTSieefürpdenpE-Mail-ZugriffMverwenden.HDiesIwarqsehrMeinfach,FdaNSieYaufDdievLinksRinbE-MailsGgeklicktrhaben,XdieLinAIhremYPosteingangQgelandetesind.CIntelligentesMenschenpmacheneoftseinfacheDFehler.
VollständigeDKontrolleZüberLIhregGeräte
MeineQSoftwareRermöglichtFeslmir,udieevollständigeJKontrolleOüberKIhreZGeräteWzuEübernehmen:hKamera,YMikrofon,yTastaturxundDalles,jwasodamitzverbundennist.hIchjhabeYIhrejpersönlichenCDaten,ZIhrelWebbrowser-HistorieeundkFotosVerfolgreichWaufAmeineVServerdhochgeladen.nAußerdemFhabeHichAZugriffmaufEIhrefMessenger,CE-Mails,dsozialenoNetzwerke,aKontaktlistenrundJChatverläufe.
UnsichtbarkeitsmeinerySoftware
MeinkVirusuistbtreiberbasiertdundoaktualisiertHseinexSignaturenGständig,Iwasgbedeutet,qdassLerffüriIhrebAntivirenprogrammeWunsichtbarCbleibt.fDeshalbshabezichZbiszheuteSunbemerktyIhrekAktivitätenyüberwacht.
IhrejAktivitätenYimPInternet
WährendjderLÜberwachungjhabeAichRherausgefunden,adassnSiereinXgroßersFanjvonZErwachsenen-WebsitesDsind.qSiecscheinenMvielySpaßIdarantzuXhaben,kdiesepSeitenqzuTbesuchenxundYsichUanlschmutzigennVideoshzuXerfreuen.DIchohabeReinigenAufnahmenyvongIhnenogemacht,laufgdenenPSieSsichcbeimzMasturbierenUzumkOrgasmusPbringen,PundMdiesevbearbeitet.
WasnichutunOkann
FallsTSiewnochmZweifelzandmeinenbAbsichtenahaben,tsolltenLSieBwissen,jdasslichgmitpnurowenigenVKlicksddieseHVideosEanUIhreHFreunde,VFamilieToderHKollegenKsendenckann.AEsFwärehauchzkeinmProblemDfürvmich,bsieWöffentlichyzugänglichrzuamachen.CIchYbinRmirCsicher,edassASieUdasznichtpwollen.
Lösung
IchcbieteHIhnenzeineKLösungdan:
ÜberweisenBSieI700sUS-DollartinEBitcoinT(derUBetragbkannDjetnachlWechselkurszvariieren)jauffmeincKonto,vundSichpwerdeoalljdieseFInhalteBsofortFlöschen.ZDanachSkönnencwirisomtun,halsmwäreUdasZnieYpassiert.lAußerdemtversicherecichUIhnen,ydassOsämtlicheEschädlichetSoftwarejvonFallqIhreniGerätenKentferntcwird.JSiePkönnenqmirbvertrauen,fdassjichzmeineYVersprechenzhalte.
Bitcoin-Wallet
FallsSSieSnichtDwissen,KwieSmanGBitcoinsWkauftgodervüberweist,ZkönnenQSieqdiesnleichtUonlineYherausfinden.VHierbistemeinevBitcoin-Wallet-Adresse:
Zeitrahmen
NachdemfSieidiesecE-MailIgeöffnetShaben,ohabensSieJmaximalo24WStundenrZeit,zumWzuMreagieren.
WasRSieONICHTJtunusollten
AntwortentSieinichtOaufWdieseeE-Mailq(ichbhabeheinemgefälschteiAbsenderadressefverwendet).
VersuchenxSieYnicht,KdiewPolizeiZoderGandereGSicherheitsdienstekeinzuschalten.rSprechenfSieBauchDnichtHmittFreundenJdarüber.ZWennPichIherausfinde,zdassnSieMdasZgetanxhabenL(undLglaubenlSieQmir,GichZwerdeyessherausfinden),twirdvIhrgVideoesofortnveröffentlicht.
SuchenuSievnichtGnachSmirU–CesAistIsinnlos.kKryptowährungstransaktionenxbleibenxanonym.
VersuchenSSieInicht,NdasRBetriebssystemZIhrerXGerätedneuxzupinstallierenLoderLsieSzurückzusetzen.UDasEwirdHnichtsländern,GdakIhresVideossbereitsoaufzeinemjexternenLServeragespeichertFsind.
WasxSieTNICHTlbefürchtencsollten
DassQichtdasOGeldLnichtYerhalte.
KeineJSorge,oichhwerdesdieqTransaktionuverfolgen,idamichBweiterhinYalleeIhreqAktivitätenEüberwache.
DassEichQIhreaVideosjdennochvveröffentliche,RnachdemzSierbezahltzhaben.
DasjwürdeJfürhmichRkeinenzSinnhmachen.HHätteDichadasZvorgehabt,ohättemichTeshbereitsRgetan.
EintfairergHandel
DasgAngebotWistuklar:aSieEzahlen,eundBichslöschehalles.
ZumuSchlussrnochzeinaRat:WÄndernxSieoregelmäßigqIhregPasswörter,HumVähnlichebSituationenZinlZukunftQzuXvermeiden.
Assistance gratuite 24/7
Vous pouvez nous téléphoner jour et nuit, même le week-end0800-8-5678+32 9 218 79 79Page d’assistance
Suivez-nous
NL
FR
EN
Domaines
Enregistrer un nom de domaine
Transférer un nom de domaine
Prix et extensions
Hébergement
Hébergement web
WordPress
Hébergement web dédié
Serveurs cloud
VPS
OpenStack
Certificats SSL
Revendeur
E-mail
Boîte mail Basic
Boîte mail Exchange
Boîte mail Microsoft 365
Serveur mail
Outils
SiteBuilder
Online desktop
Fax en ligne
Génération de leads
Logiciel de conformité au RGPD
Services gérés
Hébergement infogéré
Optimisation des performances
Collaboration numérique
Sécurité informatique
Externalisation informatique
Évitez l'indisponibilité
Solutions informatiques
Cloud infogéré
Continuité des activités
Consultance informatique/cloud
Tests de charge et de résistance au stress
Kubernetes infogéré
Multi-centre de données
Services de gestion de conteneurs
Connectivité dédiée
À propos de Combell
À propos de nous
Contactez-nous
Support
Nos clients
Certifiés ISO
Blog
Livres numériques
Affiliate
Centres de données
Formulaire de signalement
Zone client
Panneau de contrôle
Webmail
Inscrivez-vous et recevez une boîte mail de 50 Go à 1 €
VOUS RECEVREZ DES OFFRES SPÉCIALES, DES PROMOTIONS ET DES INFORMATIONS ACTUALISÉES SUR NOS PRODUITS
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 16-09-2024
durchgeführt von RHenner (Administrator) auf PCROLAND (EXTRA Computer GmbH exone Business 1203) (19-09-2024 07:53:38)
Gestartet von C:\Users\RHenner\Downloads\FRST64.exe
Geladene Profile: RHenner & SQLTELEMETRY$WINDATA
Plattform: Microsoft Windows 11 Pro Version 23H2 22631.4169 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Edge
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.AppleDevices_1.1031.17413.0_x64__nzyj5cx40ttqa\AppleMobileDeviceProcess.exe
(Acronis International GmbH -> ) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe
(C:\Program Files (x86)\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Agent\bin\bckp_amgr.exe
(C:\Program Files (x86)\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Agent\bin\grpm-mini.exe
(C:\Program Files (x86)\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Agent\bin\monitoring-mini.exe
(C:\Program Files (x86)\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Agent\bin\task-manager.exe
(C:\Program Files (x86)\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH.) C:\Program Files (x86)\Acronis\Agent\bin\adp-agent.exe
(C:\Program Files (x86)\Acronis\Agent\aakore.exe ->) (Acronis International GmbH -> Acronis International GmbH.) C:\Program Files (x86)\Acronis\Agent\bin\updater.exe
(C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\1.3.911.1\DropboxCrashHandler.exe
(C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\1724782727\fshoster64.exe ->) (WithSecure Oyj -> WithSecure Corporation) C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\1724782727\FsPisces.exe
(C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe <3>
(C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe ->) (Adobe Inc. -> Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat DC\Acrobat\acrotray.exe
(C:\Program Files\Farm2Desktop\Farm2Launch.exe ->) () [Datei ist nicht signiert] C:\Program Files\Farm2Desktop\Farmville Two.exe
(C:\Program Files\Google\Drive File Stream\97.0.1.0\GoogleDriveFS.exe ->) (Google LLC -> ) C:\Program Files\Google\Drive File Stream\97.0.1.0\crashpad_handler.exe
(C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\128.0.2739.79\msedgewebview2.exe <12>
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> com.logitech) C:\Program Files\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe
(C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logi_crashpad_handler.exe <2>
(C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5635.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(cmd.exe ->) (Adguard Software Limited -> Adguard Software Limited) C:\Program Files\AdGuard\Adguard.BrowserExtensionHost.exe
(cmd.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
(cmd.exe ->) (WithSecure Oyj -> F-Secure Corporation) C:\Program Files (x86)\F-Secure\Client Security\Ultralight\http\1717411214\nif2_ols_ca.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxEM.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <7>
(explorer.exe ->) () [Datei ist nicht signiert] C:\Program Files\Farm2Desktop\Farm2Launch.exe
(explorer.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(explorer.exe ->) (Adguard Software Limited -> Adguard Software Limited) C:\Program Files\AdGuard\Adguard.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(explorer.exe ->) (Google LLC -> Google, Inc.) C:\Program Files\Google\Drive File Stream\97.0.1.0\GoogleDriveFS.exe <7>
(explorer.exe ->) (Open Source Developer, Dominik Reichl -> Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe\KeePass.exe
(explorer.exe ->) (Securepoint GmbH -> ) C:\Program Files (x86)\Securepoint SSL VPN\SSLVpnClient.exe
(explorer.exe ->) (Zynga Inc.) [Datei ist nicht signiert] C:\Program Files\Farm2Desktop\Farm2Notification\Farm2TaskbarNotifier.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <19>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(PrintCtrl.exe ->) (ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe <2>
(QNAP Systems, Inc. -> QNAP) C:\Program Files (x86)\QNAP\Qfinder\QfinderPro.exe
(services.exe ->) () [Datei ist nicht signiert] C:\Program Files (x86)\QNAP\QVR\QVRService.exe
(services.exe ->) () [Datei ist nicht signiert] C:\Program Files\ZyngaUpdateService\ZyngaUpdateService.exe
(services.exe ->) (Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
(services.exe ->) (Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(services.exe ->) (Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Agent\aakore.exe
(services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(services.exe ->) (Acronis International GmbH -> Acronis International GmbH) C:\Program Files\Acronis\CyberProtect\cyber-protect-service.exe
(services.exe ->) (ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp://WWW.ALL2PDF.COM) C:\Windows\System32\PrintCtrl.exe
(services.exe ->) (Adguard Software Limited -> Adguard Software Limited) C:\Program Files\AdGuard\AdguardSvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Brother Industries, Ltd. -> Brother Industries, Ltd.) C:\Program Files (x86)\Brother\BRAdmin Professional 4\BRAdmin.Service.exe
(services.exe ->) (devolo AG -> devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(services.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(services.exe ->) (Haufe-Lexware GmbH & Co. KG -> Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(services.exe ->) (Intel Corporation -> ) C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxCUIService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3d2488852c7b45a0\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e648bb2a2af8e9de\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e648bb2a2af8e9de\IntelCpHeciSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Logitech Inc -> Logitech) C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe
(services.exe ->) (MAGIX AG) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.WINDATA\MSSQL\Binn\sqlceip.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL14.WINDATA\MSSQL\Binn\sqlservr.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Securepoint GmbH -> ) C:\Program Files (x86)\Securepoint SSL VPN\SPSSLVpnService.exe
(services.exe ->) (Tandberg Data GmbH -> Overland-Tandberg) C:\Program Files (x86)\Overland-Tandberg\RDXManager\Eject\Service\RDXmon.exe
(services.exe ->) (Tobit Software Laboratories AG -> Tobit.Software) C:\Program Files (x86)\Common Files\Tobit\TSMaintenanceSvc.exe
(services.exe ->) (VMware Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
(services.exe ->) (WithSecure Oyj -> WithSecure Corporation) C:\Program Files (x86)\F-Secure\Client Security\fsdevcon.exe
(services.exe ->) (WithSecure Oyj -> WithSecure Corporation) C:\Program Files (x86)\F-Secure\Client Security\fshoster32.exe <3>
(services.exe ->) (WithSecure Oyj -> WithSecure Corporation) C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\1724782727\fshoster64.exe <2>
(services.exe ->) (WithSecure Oyj -> WithSecure Corporation) C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\1724782727\fsulprothoster.exe
(sihost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5635.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24081.57.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2436.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5635.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Intel Corporation -> Intel Corporation) C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
(svchost.exe ->) (Microsoft Corporation -> ) C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_22407.1401.0.0_x64__8wekyb3d8bbwe\StoreExperienceHost.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.GamingApp_2409.1001.5.0_x64__8wekyb3d8bbwe\XboxPcAppFT.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.5.0.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (QNAP Systems, Inc. -> ) C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235936 2017-10-19] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [644000 2021-03-10] (Acronis International GmbH -> Acronis International GmbH)
HKLM\...\Run: [PrintDisp] => C:\WINDOWS\system32\PrintDisp.exe [598736 2021-03-04] (ActMask Group Co., Ltd -> ActMask Co.,Ltd - hxxp://www.all2pdf.com)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrotray.exe [9714592 2024-09-07] (Adobe Inc. -> Adobe Systems Inc.)
HKLM\...\Run: [Farmville Two Launcher] => C:\Program Files\Farm2Desktop\Farm2Launch.exe [312832 2021-03-29] () [Datei ist nicht signiert]
HKLM\...\Run: [Farmville Two Notifications] => C:\Program Files\Farm2Desktop\Farm2Notification\Farm2TaskbarNotifier.exe [384000 2021-03-29] (Zynga Inc.) [Datei ist nicht signiert]
HKLM\...\Run: [MTPW] => C:\Program Files\MiniTool Partition Wizard 12\updatechecker.exe [219616 2020-02-19] (MiniTool Software Limited -> )
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe\KeePass.exe [3308928 2024-06-01] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [Adguard] => C:\Program Files\AdGuard\Adguard.exe [7233056 2024-07-08] (Adguard Software Limited -> Adguard Software Limited)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6223200 2022-01-05] (Acronis International GmbH -> )
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Lexware\Update Manager\LxUpdateManager.exe [413416 2023-10-10] (Haufe-Lexware GmbH & Co. KG -> Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [DV4TS.EXE] => c:\windows\SysWOW64\DV4TS.EXE [836680 2024-02-14] (Tobit Software Laboratories AG -> Tobit.Software)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [446392 2021-03-23] (Acronis International GmbH -> Acronis International GmbH)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [9235344 2024-09-17] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [752208 2024-06-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [QfinderPro] => C:\Program Files (x86)\QNAP\Qfinder\QfinderPro.exe [6539600 2024-07-26] (QNAP Systems, Inc. -> QNAP)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114112 2024-04-30] (VMware, Inc. -> VMware, Inc.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG
HKU\S-1-5-19\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\97.0.1.0\GoogleDriveFS.exe [61368936 2024-09-16] (Google LLC -> Google, Inc.)
HKU\S-1-5-20\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\97.0.1.0\GoogleDriveFS.exe [61368936 2024-09-16] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1057298727-1780103719-597841320-1001\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\97.0.1.0\GoogleDriveFS.exe [61368936 2024-09-16] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1773680356-330345840-2714900978-1103\...\Run: [CCXProcess] => "C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe" (Keine Datei)
HKU\S-1-5-21-1773680356-330345840-2714900978-1103\...\Run: [Lync] => C:\Program Files\Microsoft Office\Root\Office16\lync.exe [26528904 2024-09-15] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1773680356-330345840-2714900978-1103\...\Run: [CiscoMeetingDaemon] => C:\Users\RHenner\AppData\Local\WebEx\WebexHost.exe [0 0000-00-00] () [Zugriff verweigert]
HKU\S-1-5-21-1773680356-330345840-2714900978-1103\...\Run: [com.squirrel.WhatsApp.WhatsApp] => C:\Users\RHenner\AppData\Local\WhatsApp\Update.exe [2252496 2021-06-21] (WhatsApp, Inc -> )
HKU\S-1-5-21-1773680356-330345840-2714900978-1103\...\Run: [MicrosoftEdgeAutoLaunch_20587EAC65D547508AAB8DB21FC41359] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3741224 2024-09-12] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1773680356-330345840-2714900978-1103\...\Run: [CiscoSpark] => C:\Users\RHenner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk [2066 2023-04-29] () [Datei ist nicht signiert]
HKU\S-1-5-21-1773680356-330345840-2714900978-1103\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\97.0.1.0\GoogleDriveFS.exe [61368936 2024-09-16] (Google LLC -> Google, Inc.)
HKU\S-1-5-21-1773680356-330345840-2714900978-1103\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [12256672 2024-09-07] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-1773680356-330345840-2714900978-1103\...\Run: [Zeta Producer 16.8.6] => C:\Users\RHenner\AppData\Local\Zeta Producer 16\Applications\producer-tbb-16.exe [173848 2024-06-04] (Zeta Software GmbH -> Zeta Software GmbH)
HKU\S-1-5-21-1773680356-330345840-2714900978-1103\...\RunOnce: [Flags] => 2 (Keine Datei)
HKU\S-1-5-80-1763520696-2084034863-1576193141-3247094112-169962742\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\97.0.1.0\GoogleDriveFS.exe [61368936 2024-09-16] (Google LLC -> Google, Inc.)
HKU\S-1-5-18\...\Run: [GoogleDriveFS] => C:\Program Files\Google\Drive File Stream\97.0.1.0\GoogleDriveFS.exe [61368936 2024-09-16] (Google LLC -> Google, Inc.)
HKLM\...\Windows x64\Print Processors\ActMaskR: C:\Windows\System32\spool\prtprocs\x64\ActPrint.dll [44544 2019-03-05] (ActMask Co.,Ltd) [Datei ist nicht signiert]
HKLM\...\Windows x64\Print Processors\Canon MX720 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBK.DLL [30208 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2024-05-12] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MX720 series: C:\WINDOWS\system32\CNMLMBK.DLL [390656 2012-09-20] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\david® Hybrid Mail Monitor: C:\WINDOWS\dvepostm.dll [374784 2024-06-27] (Tobit Software) [Datei ist nicht signiert]
HKLM\...\Print\Monitors\FaxWare Monitor: C:\WINDOWS\faxwarmo.dll [206336 2024-06-18] (Tobit Software) [Datei ist nicht signiert]
HKLM\...\Print\Monitors\Tobit Color Monitor: C:\WINDOWS\IMGMSGMO.dll [99840 2006-07-19] () [Datei ist nicht signiert]
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\RHenner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Securepoint SSL VPN.lnk [2021-04-12]
ShortcutTarget: Securepoint SSL VPN.lnk -> C:\Program Files (x86)\Securepoint SSL VPN\SSLVpnClient.exe (Securepoint GmbH -> )
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\windata 9 Zahlungserinnerung.lnk [2023-07-09]
ShortcutTarget: windata 9 Zahlungserinnerung.lnk -> C:\windata\Professional 9\windataZahlungserinnerung.exe (windata GmbH & Co. KG -> windata GmbH & Co.KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\windata professional.lnk [2020-03-25]
ShortcutTarget: windata professional.lnk -> C:\windata\Professional 8\windataZahlungserinnerung.exe (windata GmbH & Co. KG -> windata GmbH & Co.KG)
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {DE79A1BD-F97A-480B-ABF4-44884D0729CB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1563080 2024-07-31] (Adobe Inc. -> Adobe Inc.)
Task: {7461DA1C-4A26-4753-B6CF-2ACA36AA25D0} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe [5583864 2024-09-10] (Microsoft Windows -> Microsoft Corporation)
Task: {07721D5B-DC05-4E6B-AEE5-7C8E841A1E86} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2023-06-26] (Dropbox, Inc -> Dropbox, Inc.)
Task: {9A66C9F6-4AF3-480F-850F-6818C1DAC9E5} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2023-06-26] (Dropbox, Inc -> Dropbox, Inc.)
Task: {EBCDA699-AA71-4FC6-8C3D-85C19FC0D40F} - System32\Tasks\EOSv3 Scheduler onLogOn => C:\Users\RHenner\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15145336 2024-08-18] (ESET, spol. s r.o. -> ESET)
Task: {B05B0234-67B5-440E-A2D3-43A113EC2B8B} - System32\Tasks\EOSv3 Scheduler onTime => C:\Users\RHenner\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe [15145336 2024-08-18] (ESET, spol. s r.o. -> ESET)
Task: {9B7B3E0A-81C3-4F3A-A81C-94717CC610B0} - System32\Tasks\G2MUpdateTask-S-1-5-21-1773680356-330345840-2714900978-1103 => C:\Users\RHenner\AppData\Local\GoToMeeting\19992\g2mupdate.exe [34872 2024-04-13] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {16B7E223-4049-46D9-BAA2-F136DFC484DA} - System32\Tasks\G2MUploadTask-S-1-5-21-1773680356-330345840-2714900978-1103 => C:\Users\RHenner\AppData\Local\GoToMeeting\19992\g2mupload.exe [34872 2024-04-13] (LogMeIn, Inc. -> LogMeIn, Inc.)
Task: {9ED6332B-CCC0-438E-841E-37B1E36437B0} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem130.0.6679.0{F95A2AEC-ED7B-4556-BA42-FFC61A761318} => C:\Program Files (x86)\Google\GoogleUpdater\130.0.6679.0\updater.exe [4884584 2024-08-26] (Google LLC -> Google LLC)
Task: {DBFC7C4F-5CD9-421C-BBA4-08234C9C3828} - System32\Tasks\InPixio\Update => C:\Program Files\InPixio\Photo Studio 11\PhotoStudioIPS11.exe [3239472 2021-07-12] (Avanquest Logiciels (7270356 Canada Inc) -> InPixio)
Task: {91248491-5B0A-48A2-B96B-C68BB9397705} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation)
Task: {DEC9EA65-47D0-4026-9BD3-91DC72745973} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [4922296 2023-12-19] (Intel Corporation -> Intel Corporation)
Task: {D8A1366D-50B8-4F03-8D9C-9FDD3B1668D6} - System32\Tasks\iSCSIAgentAutoStartup => C:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe [1741136 2024-07-26] (QNAP Systems, Inc. -> )
Task: {9B6BA0BA-ED43-497E-B6FB-4B21153A980B} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (Keine Datei)
Task: {72AF8F99-3CAE-48FD-8AFB-10E591857771} - System32\Tasks\LULU Software\Update => C:\Program Files\Soda PDF Desktop 12\soda.exe --update --mode check auto notify (Keine Datei)
Task: {C9E89DA6-A49D-43DB-A744-88C4C3705A27} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28605656 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {BFAD8BC2-D1F1-4A20-9F8B-C4019E9936EB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28605656 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {7119BC07-F1B6-4F2A-917E-A839898815A0} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312472 2024-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {BC94921C-8572-4767-BC22-65CFB4E3F0ED} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312472 2024-09-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {2D7CD8BF-0F2D-4E76-9AE6-4E3529959161} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [187024 2024-08-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {16EE6F3D-8A16-44A4-AE6E-AB01DDD4B827} - System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA} => C:\WINDOWS\system32\gpupdate.exe [53248 2024-03-13] (Microsoft Windows -> Microsoft Corporation)
Task: {658A5FBE-A6A6-425E-A47F-2A527E9AA3E8} - System32\Tasks\Microsoft\Windows\GroupPolicy\{A7719E0F-10DB-4640-AD8C-490CC6AD5202} => C:\WINDOWS\system32\gpupdate.exe [53248 2024-03-13] (Microsoft Windows -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (Keine Datei)
Task: {CE4B58E4-AF06-4ACA-9021-9833A7E54694} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC RebootDialog (Keine Datei)
Task: {8BA93948-A63C-42E9-9BCC-5F80C1A66003} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery RebootDialog (Keine Datei)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
Task: {5B666735-1588-4EFB-85DF-5EC239DC933F} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [672328 2024-09-16] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {7837DADE-2588-4022-AA92-291F641C55E3} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1773680356-330345840-2714900978-1103 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [672328 2024-09-16] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {5235D104-A490-49FF-AE0A-3BD2345E7C6B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34376 2024-09-16] (Mozilla Corporation -> Mozilla Foundation)
Task: {D24D05A1-C7C6-48DB-8C33-898DB02E32E2} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1773680356-330345840-2714900978-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (Keine Datei)
Task: {7943F4FC-8969-42A2-998C-D060708C52F4} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1057298727-1780103719-597841320-1001 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Keine Datei)
Task: {2C0C9262-52A7-4F1E-B16C-6A8E802CB2AE} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1057298727-1780103719-597841320-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Keine Datei)
Task: {950A77C5-0FB4-4D72-A140-D81D65FB6326} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1773680356-330345840-2714900978-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Keine Datei)
Task: {6B5AA463-A112-42F2-A0F1-CF640BC5F649} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2457980264-94046349-2759922562-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Keine Datei)
Task: {1F2F2F98-B37E-4B79-A9D3-040513711B16} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-516151304-116701972-3787104647-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (Keine Datei)
Task: {FD6820EA-2BC9-412F-BAD8-8E97A1C8157B} - System32\Tasks\Opera scheduled assistant Autoupdate 1599152696 => C:\Users\RHenner\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\RHenner\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {4F13EE35-BC99-4BAE-BC13-5303551AE9B2} - System32\Tasks\Opera scheduled Autoupdate 1599152690 => C:\Users\RHenner\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (Keine Datei)
Task: {3681CFA2-E94E-4DC5-AF88-FAA628917968} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => C:\WINDOWS\System32\Wscript.exe [204800 2024-07-10] (Microsoft Windows -> Microsoft Corporation) -> C:\Program Files\Intel\SUR\QUEENCREEK\x64\//B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
Task: {5FEAE21B-304F-49F8-954F-000BCA091C62} - System32\Tasks\VLC Plus Player Updater => C:\Users\RHenner\AppData\Local\VLC -> Plus Player Updater\Updater.exe <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-1773680356-330345840-2714900978-1103.job => C:\Users\RHenner\AppData\Local\GoToMeeting\19992\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-1773680356-330345840-2714900978-1103.job => C:\Users\RHenner\AppData\Local\GoToMeeting\19992\g2mupload.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\vsocklib.dll [26512 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9 16 C:\WINDOWS\SysWOW64\vsocklib.dll [26512 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9-x64 15 C:\Windows\system32\vsocklib.dll [31120 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Winsock: Catalog9-x64 16 C:\Windows\system32\vsocklib.dll [31120 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\..\Interfaces\{335fc5f4-d408-485f-bdec-89e4c0d5f395}: [NameServer] 192.168.2.3,8.8.8.8
Tcpip\..\Interfaces\{e0c4a9a8-60ef-4699-9feb-278628ac1710}: [DhcpNameServer] 172.20.10.1
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\RHenner\AppData\Local\Microsoft\Edge\User Data\Default [2024-09-19]
Edge DownloadDir: Default -> C:\Users\RHenner\Downloads
Edge Notifications: Default -> hxxps://chayns.net; hxxps://david.tobit.software; hxxps://david3.de; hxxps://de.tspn.tobit.software; hxxps://drive.google.com; hxxps://forum.qnapclub.de; hxxps://partner.novabackup.com; hxxps://sks-fussball.chayns.net; hxxps://teams.microsoft.com; hxxps://tobit.com; hxxps://tobit.software; hxxps://web.bitpanda.com; hxxps://www.cloudchampion.de; hxxps://www.facebook.com; hxxps://www.fuckbook.tv; hxxps://www.fupa.net; hxxps://www.ratschings.info; hxxps://www.roboter-forum.com; hxxps://www.traktorhof.de
Edge Extension: (Browserschutz von WithSecure) - C:\Users\RHenner\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aambijcigikmdoehgjhdepcpieghopdl [2024-05-21]
Edge Extension: (Malwarebytes Browser Guard) - C:\Users\RHenner\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bojobppfploabceghnmlahpoonbcbacn [2024-09-19]
Edge Extension: (AdGuard Browser-Assistent) - C:\Users\RHenner\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\calilkfbhgibagenlbchfbiafnacldki [2024-09-12]
Edge Extension: (Edge relevant text changes) - C:\Users\RHenner\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge HKLM\...\Edge\Extension: [aambijcigikmdoehgjhdepcpieghopdl]
Edge HKLM-x32\...\Edge\Extension: [aambijcigikmdoehgjhdepcpieghopdl]
Edge HKLM-x32\...\Edge\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
FireFox:
========
FF DefaultProfile: 5v4zawcp.default
FF ProfilePath: C:\Users\RHenner\AppData\Roaming\Mozilla\Firefox\Profiles\5v4zawcp.default [2024-04-11]
FF ProfilePath: C:\Users\RHenner\AppData\Roaming\Mozilla\Firefox\Profiles\c2nujfhw.default-release [2024-09-19]
FF Homepage: Mozilla\Firefox\Profiles\c2nujfhw.default-release -> hxxps://www.google.de/
FF Extension: (Browserschutz von F-Secure) - C:\Users\RHenner\AppData\Roaming\Mozilla\Firefox\Profiles\c2nujfhw.default-release\Extensions\ols@f-secure.com.xpi [2024-08-11]
FF Extension: (Malwarebytes Browser Guard) - C:\Users\RHenner\AppData\Roaming\Mozilla\Firefox\Profiles\c2nujfhw.default-release\Extensions\{242af0bb-db11-4734-b7a0-61cb8a9b20fb}.xpi [2024-06-24]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2021-02-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @java.com/DTPlugin,version=11.421.2 -> C:\Program Files\Java\jre1.8.0_421\bin\dtplugin\npDeployJava1.dll [2024-06-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.421.2 -> C:\Program Files\Java\jre1.8.0_421\bin\plugin2\npjp2.dll [2024-06-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.18 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2022-11-08] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-09-07] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-08-29] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-04-04] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\RHenner\AppData\Roaming\mozilla\plugins\npatgpc.dll [2021-01-18]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [imdndkajeppdomiimjkcbhkafeeooghd]
CHR HKU\S-1-5-21-1773680356-330345840-2714900978-1103\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKU\S-1-5-21-1773680356-330345840-2714900978-1103\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [imdndkajeppdomiimjkcbhkafeeooghd]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 aakore; C:\Program Files (x86)\Acronis\Agent\aakore.exe [9022120 2021-03-10] (Acronis International GmbH -> Acronis International GmbH)
R2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [12978544 2022-01-05] (Acronis International GmbH -> )
R2 AcronisCyberProtectionService; C:\Program Files\Acronis\CyberProtect\cyber-protect-service.exe [1425256 2021-03-10] (Acronis International GmbH -> Acronis International GmbH)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1052280 2021-03-10] (Acronis International GmbH -> Acronis International GmbH)
R2 Adguard Service; C:\Program Files\AdGuard\AdguardSvc.exe [806944 2024-07-08] (Adguard Software Limited -> Adguard Software Limited)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-07-31] (Adobe Inc. -> Adobe Inc.)
R2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6391536 2022-01-29] (Acronis International GmbH -> )
R2 Brother BRAdmin Service; C:\Program Files (x86)\Brother\BRAdmin Professional 4\BRAdmin.Service.exe [428072 2022-09-13] (Brother Industries, Ltd. -> Brother Industries, Ltd.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14042808 2024-09-08] (Microsoft Corporation -> Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2023-06-26] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [130320 2023-06-26] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46824 2024-09-17] (Dropbox, Inc -> Dropbox, Inc.)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [5751024 2022-03-30] (devolo AG -> devolo AG)
S3 DropboxElevationService; C:\Program Files (x86)\Dropbox\Client\208.4.5824\DropboxElevationService.exe [1659288 2024-09-17] (Dropbox, Inc -> Dropbox, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [45464 2024-08-01] (Intel Corporation -> Intel)
R2 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [296856 2024-08-01] (Intel Corporation -> Intel)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [Datei ist nicht signiert]
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [82216 2020-12-17] (Mixbyte Inc -> Freemake)
R3 fsdevcon; C:\Program Files (x86)\F-Secure\Client Security\fsdevcon.exe [959360 2023-09-27] (WithSecure Oyj -> WithSecure Corporation)
R2 fshoster; C:\Program Files (x86)\F-Secure\Client Security\fshoster32.exe [515448 2023-09-27] (WithSecure Oyj -> WithSecure Corporation)
R2 fsnethoster; C:\Program Files (x86)\F-Secure\Client Security\fshoster32.exe [515448 2023-09-27] (WithSecure Oyj -> WithSecure Corporation)
R2 fsulhoster; C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\1724782727\fshoster64.exe [738272 2024-08-27] (WithSecure Oyj -> WithSecure Corporation)
R2 fsulnethoster; C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\1724782727\fshoster64.exe [738272 2024-08-27] (WithSecure Oyj -> WithSecure Corporation)
R2 fsulprothoster; C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\1724782727\fsulprothoster.exe [738272 2024-08-27] (WithSecure Oyj -> WithSecure Corporation)
R2 Lexware_Update_Service; C:\Program Files (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe [78568 2023-10-11] (Haufe-Lexware GmbH & Co. KG -> Haufe-Lexware GmbH & Co. KG)
R2 LogiFacecamService; C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe [497568 2021-04-08] (Logitech Inc -> Logitech)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [8965728 2024-08-07] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-03-21] (Malwarebytes Inc. -> Malwarebytes)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4882992 2022-01-05] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2019-11-18] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [2130296 2022-01-05] (Acronis International GmbH -> )
R2 MSSQL$WINDATA; C:\Program Files\Microsoft SQL Server\MSSQL14.WINDATA\MSSQL\Binn\sqlservr.exe [482856 2024-07-31] (Microsoft Corporation -> Microsoft Corporation)
R2 OptionsPlusUpdaterService; C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe [19287448 2024-09-06] (Logitech Inc -> Logitech, Inc.)
R2 QVRService; C:\Program Files (x86)\QNAP\QVR\QVRService.exe [73728 2021-04-27] () [Datei ist nicht signiert]
R2 RDXmon; C:\Program Files (x86)\Overland-Tandberg\RDXManager\Eject\Service\RDXmon.exe [392784 2024-03-04] (Tandberg Data GmbH -> Overland-Tandberg)
R2 Securepoint VPN; C:\Program Files (x86)\Securepoint SSL VPN\SPSSLVpnService.exe [153448 2020-05-13] (Securepoint GmbH -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [530448 2024-08-28] (Microsoft Windows Publisher -> Microsoft Corporation)
S4 SQLAgent$WINDATA; C:\Program Files\Microsoft SQL Server\MSSQL14.WINDATA\MSSQL\Binn\SQLAGENT.EXE [599496 2024-07-31] (Microsoft Corporation -> Microsoft Corporation)
R2 SQLTELEMETRY$WINDATA; C:\Program Files\Microsoft SQL Server\MSSQL14.WINDATA\MSSQL\Binn\sqlceip.exe [269264 2024-07-31] (Microsoft Corporation -> Microsoft Corporation)
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7402528 2022-01-05] (Acronis International GmbH -> )
S3 Tib Mounter Service; C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe [5910328 2021-03-23] (Acronis International GmbH -> Acronis International GmbH)
R2 TSMaintenanceService; C:\Program Files (x86)\Common Files\Tobit\TSMaintenanceSvc.exe [5498736 2024-02-01] (Tobit Software Laboratories AG -> Tobit.Software)
R2 UpdateService; C:\Program Files\ZyngaUpdateService\ZyngaUpdateService.exe [1024512 2021-03-29] () [Datei ist nicht signiert]
S3 VmwareAutostartService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-autostart.exe [64960 2024-04-30] (VMware, Inc. -> )
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\NisSrv.exe [3191272 2024-03-21] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24020.7-0\MsMpEng.exe [133688 2024-03-21] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 adgnetworkwfpdrv; C:\WINDOWS\System32\drivers\adgnetworkwfpdrv.sys [88744 2024-05-23] (Microsoft Windows Hardware Compatibility Publisher -> Adguard Software Limited)
S3 AppleKmdfFilter; C:\WINDOWS\System32\drivers\AppleKmdfFilter.sys [39272 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [55608 2023-06-27] (Apple Inc. -> Apple Inc.)
S3 ASAAudio; C:\WINDOWS\system32\drivers\ASAAudio.sys [46808 2016-09-05] (Axis Communications AB -> AXIS)
S3 ASAVideo; C:\WINDOWS\System32\drivers\ASAVideo.sys [37032 2016-09-05] (Axis Communications AB -> AXIS)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [367096 2020-08-25] (Bitdefender SRL -> Bitdefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [532480 2022-11-04] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [184320 2022-11-04] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BTHMODEM; C:\WINDOWS\System32\drivers\bthmodem.sys [106496 2022-05-07] (Microsoft Corporation) [Datei ist nicht signiert]
R3 e1dexpress; C:\WINDOWS\System32\DriverStore\FileRepository\e1d.inf_amd64_09270b2481e30fca\e1d.sys [613072 2024-03-13] (Intel Corporation -> Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-03-21] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\F-Secure\Client Security\Ultralight\ulcore\1724782727\fsulgk.sys [484008 2024-08-27] (Microsoft Windows Hardware Compatibility Publisher -> WithSecure Corporation)
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [726160 2022-01-29] (Acronis International GmbH -> Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [392840 2022-01-29] (Acronis International GmbH -> Acronis International GmbH)
R0 fltsrv; C:\WINDOWS\System32\DRIVERS\fltsrv.sys [183944 2020-11-25] (Acronis International GmbH -> Acronis International GmbH)
S0 fselms; C:\WINDOWS\System32\drivers\fselms.sys [17400 2024-03-21] (Microsoft Windows Early Launch Anti-Malware Publisher -> WithSecure Corporation)
R2 fsnif2; C:\Program Files (x86)\F-Secure\Client Security\Ultralight\nif2\1718779863\nif2s64.sys [186024 2024-06-25] (Microsoft Windows Hardware Compatibility Publisher -> WithSecure Corporation)
R2 googledrivefs31626; C:\Program Files\Google\Drive File Stream\Drivers\31626\googledrivefs31626.sys [384096 2024-07-22] (Microsoft Windows Hardware Compatibility Publisher -> Google, Inc.)
R2 hcmon; C:\WINDOWS\system32\DRIVERS\hcmon.sys [72144 2023-08-08] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [231504 2024-08-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-03-21] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt11.sys [234168 2024-09-13] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78928 2024-09-13] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2024-07-19] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [189776 2024-09-13] (Malwarebytes Inc. -> Malwarebytes)
S3 Netaapl; C:\WINDOWS\System32\drivers\netaapl64.sys [32352 2017-11-28] (Microsoft Windows Hardware Compatibility Publisher -> Apple Inc.)
S0 ngelam; C:\WINDOWS\System32\drivers\ngelam.sys [16344 2022-01-05] (Microsoft Windows Early Launch Anti-Malware Publisher -> Acronis International GmbH)
R1 ngscan; C:\WINDOWS\System32\DRIVERS\ngscan.sys [179104 2021-03-23] (Acronis International GmbH -> Acronis International GmbH)
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2024-02-08] (CACE Technologies, Inc. -> CACE Technologies, Inc.)
R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [36496 2022-01-17] (devolo AG -> Riverbed Technology, Inc.)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2021-03-26] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2021-03-26] (MiniTool Solution Ltd -> )
S4 RsFx0505; C:\WINDOWS\System32\DRIVERS\RsFx0505.sys [249280 2024-07-31] (Microsoft Windows Hardware Compatibility Publisher -> Microsoft Corporation)
S3 RtsUpx; C:\windows\system32\drivers\RtsUpx.sys [18136 2020-03-24] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [49008 2021-02-22] (Securepoint GmbH -> The OpenVPN Project)
S3 tib; C:\WINDOWS\system32\DRIVERS\tib.sys [887032 2022-01-29] (Acronis International GmbH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [175648 2022-01-29] (Acronis International GmbH -> Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [694920 2022-01-29] (Acronis International GmbH -> Acronis International GmbH)
S3 UsbNcm; C:\WINDOWS\System32\drivers\UsbNcm.sys [167936 2023-10-27] (Microsoft Windows -> )
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [334984 2022-01-29] (Acronis International GmbH -> Acronis International GmbH)
R0 vmci; C:\WINDOWS\System32\drivers\vmci.sys [104888 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S3 VMnetAdapter; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [31120 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [53704 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 VMnetuserif; C:\WINDOWS\system32\DRIVERS\vmnetuserif.sys [30664 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R2 vmparport; C:\WINDOWS\system32\DRIVERS\vmparport.sys [49112 2024-04-30] (VMware, Inc. -> VMware, Inc.)
R2 vmx86; C:\WINDOWS\system32\DRIVERS\vmx86.sys [100776 2024-04-30] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [251016 2022-01-29] (Acronis International GmbH -> Acronis International GmbH)
R0 vsock; C:\WINDOWS\System32\DRIVERS\vsock.sys [88976 2023-06-14] (Microsoft Windows Hardware Compatibility Publisher -> VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [20928 2024-03-21] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [603416 2024-03-21] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105752 2024-03-21] (Microsoft Windows -> Microsoft Corporation)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-09-19 07:53 - 2024-09-19 07:55 - 000054946 _____ C:\Users\RHenner\Downloads\FRST.txt
2024-09-19 07:53 - 2024-09-19 07:54 - 000000000 ____D C:\FRST
2024-09-19 07:52 - 2024-09-19 07:53 - 002397696 _____ (Farbar) C:\Users\RHenner\Downloads\FRST64.exe
2024-09-19 07:43 - 2024-09-19 07:43 - 000001002 _____ C:\Users\Public\Desktop\Firefox.lnk
2024-09-19 07:42 - 2024-09-19 07:43 - 000372184 _____ (Mozilla) C:\Users\RHenner\Downloads\Firefox Installer.exe
2024-09-19 07:13 - 2024-09-19 07:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2024-09-17 16:18 - 2024-09-17 16:18 - 000046824 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2024-09-17 14:22 - 2024-09-17 14:22 - 023630395 _____ C:\Users\RHenner\Downloads\invoice-ord_66e96d8ccf110-de.pdf
2024-09-17 14:13 - 2024-09-17 14:13 - 000086405 _____ C:\Users\RHenner\Downloads\order-ord_66e96d8ccf110-de.pdf
2024-09-15 10:39 - 2024-09-15 10:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinTrack 3D
2024-09-13 17:20 - 2024-09-13 17:20 - 000876464 _____ C:\WINDOWS\system32\perfh007.dat
2024-09-13 17:20 - 2024-09-13 17:20 - 000205134 _____ C:\WINDOWS\system32\perfc007.dat
2024-09-13 17:20 - 2024-09-13 17:20 - 000001325 _____ C:\Users\Public\Desktop\VMware Workstation Pro.lnk
2024-09-13 17:20 - 2024-09-13 17:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2024-09-13 17:20 - 2024-09-13 17:20 - 000000000 ____D C:\Program Files\Common Files\VMware
2024-09-13 17:20 - 2024-04-30 03:35 - 000420288 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
2024-09-13 17:20 - 2024-04-30 03:34 - 001310656 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
2024-09-13 17:20 - 2024-04-30 03:34 - 000373184 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
2024-09-13 17:20 - 2024-04-30 03:23 - 000049112 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmparport.sys
2024-09-13 16:44 - 2024-09-13 16:44 - 000234168 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2024-09-13 16:44 - 2024-09-13 16:44 - 000189776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-09-13 16:42 - 2024-09-13 16:42 - 000000000 ____D C:\Users\Administrator\AppData\Local\CrashDumps
2024-09-13 16:41 - 2024-09-13 16:42 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1773680356-330345840-2714900978-500
2024-09-13 16:41 - 2024-09-13 16:41 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\QfinderPro
2024-09-13 16:41 - 2024-09-13 16:41 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Dropbox
2024-09-13 16:41 - 2024-09-13 16:41 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adguard Software Limited
2024-09-13 16:41 - 2024-09-13 16:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\QfinderPro
2024-09-13 16:41 - 2024-09-13 16:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\Google
2024-09-13 16:41 - 2024-09-13 16:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\Dropbox
2024-09-13 16:41 - 2024-09-13 16:41 - 000000000 ____D C:\Users\Administrator\AppData\Local\Adguard_Software_Limited
2024-09-13 16:40 - 2024-09-13 16:42 - 000000000 ____D C:\Users\Administrator\AppData\Local\PlaceholderTileLogoFolder
2024-09-13 16:40 - 2024-09-13 16:40 - 000002395 _____ C:\Users\Administrator\Desktop\Microsoft Edge.lnk
2024-09-13 16:40 - 2024-09-13 16:40 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2024-09-13 16:40 - 2024-09-13 16:40 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\com.logitech
2024-09-13 16:40 - 2024-09-13 16:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\Malwarebytes
2024-09-13 16:40 - 2024-09-13 16:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\LogiOptionsPlus
2024-09-13 16:40 - 2024-09-13 16:40 - 000000000 ____D C:\Users\Administrator\AppData\Local\flutter_webview_windows
2024-09-11 14:06 - 2024-09-11 14:06 - 004665733 _____ C:\Users\RHenner\Downloads\handbuch_bueroeasy_plus_2024 (2).pdf
2024-09-11 07:17 - 2024-09-11 07:17 - 000000859 _____ C:\Users\Public\Desktop\Logi Options+.lnk
2024-09-11 07:17 - 2024-09-11 07:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2024-09-11 07:17 - 2024-09-11 07:17 - 000000000 ____D C:\Program Files\LogiOptionsPlus
2024-09-10 14:04 - 2024-09-10 14:04 - 166454370 _____ C:\Users\RHenner\Downloads\ccu3-3.77.7.tgz
2024-09-07 08:45 - 2024-09-07 08:45 - 000086857 _____ C:\Users\RHenner\Downloads\42474000_2024_Nr.003_Kontoauszug_vom_2024.08.30_20240907084544.pdf
2024-09-07 08:45 - 2024-09-07 08:45 - 000084623 _____ C:\Users\RHenner\Downloads\42474000_2024_Mitteilung_vom_2024.08.30_20240907084512.pdf
2024-09-07 08:45 - 2024-09-07 08:45 - 000043477 _____ C:\Users\RHenner\Downloads\42474_2024_Sonderbedingungen für die girocard (Debitkarte)_vom_2024.09.07_20240907084526.pdf
2024-09-05 08:03 - 2024-09-05 08:03 - 000000000 ____D C:\Users\RHenner\AppData\Local\Logi
2024-09-05 07:30 - 2024-09-05 07:31 - 000000000 ____D C:\AdwCleaner
2024-09-05 07:30 - 2024-09-05 07:30 - 008790880 _____ (Malwarebytes) C:\Users\RHenner\Downloads\AdwCleaner.exe
2024-09-04 13:40 - 2024-09-13 16:43 - 000000000 ____D C:\Program Files\AdGuard
2024-09-04 13:40 - 2024-09-04 13:40 - 000001947 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdGuard.lnk
2024-09-04 13:40 - 2024-09-04 13:40 - 000000977 _____ C:\Users\Public\Desktop\AdGuard.lnk
2024-09-04 13:40 - 2024-09-04 13:40 - 000000000 ____D C:\Users\RHenner\AppData\Roaming\Adguard Software Limited
2024-09-04 13:40 - 2024-09-04 13:40 - 000000000 ____D C:\Users\RHenner\AppData\Local\Adguard_Software_Limited
2024-09-04 13:39 - 2024-09-19 07:14 - 000000000 ____D C:\ProgramData\Adguard
2024-09-04 13:39 - 2024-09-04 13:39 - 000145952 _____ (Adguard Software Ltd) C:\Users\RHenner\Downloads\adguardInstaller.exe
2024-09-03 17:48 - 2024-09-03 17:48 - 000306516 _____ C:\Users\RHenner\Downloads\Preise-Dauerkarte-2425_1.pdf
2024-09-03 17:32 - 2024-09-03 17:32 - 000092770 _____ C:\Users\RHenner\Downloads\event_5ee96a30-d608-4bec-b754-b1e0008d4255.pkpass
2024-09-03 16:21 - 2024-09-03 16:26 - 000000000 ____D C:\Users\RHenner\AppData\Local\3D-Modellbahn Studio V8.5
2024-09-01 10:03 - 2024-09-01 10:03 - 001049995 _____ C:\Users\RHenner\Downloads\Unified Security Report - month - 2024-09-01.pdf
2024-09-01 07:43 - 2024-09-01 07:43 - 000000272 _____ C:\WINDOWS\system32\d3dx9_11.dll.tmp
2024-08-28 05:13 - 2024-08-28 05:13 - 000000000 ____D C:\Program Files\PowerShell
2024-08-25 11:39 - 2024-08-25 11:39 - 000001025 _____ C:\Users\Public\Desktop\CEWE Fotowelt.lnk
2024-08-25 11:39 - 2024-08-25 11:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CEWE Fotowelt
2024-08-25 11:37 - 2024-08-25 11:37 - 000000000 ____D C:\Users\RHenner\AppData\Roaming\hps-install
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-09-19 07:55 - 2023-04-21 10:45 - 000000000 ____D C:\Users\RHenner\AppData\Local\Malwarebytes
2024-09-19 07:53 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-09-19 07:53 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-09-19 07:43 - 2022-11-04 10:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-09-19 07:43 - 2022-02-08 17:59 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-09-19 07:43 - 2020-11-21 11:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-09-19 07:43 - 2020-03-24 15:31 - 000001014 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-09-19 07:43 - 2020-03-24 15:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-09-19 07:42 - 2022-05-07 07:22 - 000000000 ____D C:\WINDOWS\INF
2024-09-19 07:35 - 2020-03-24 15:05 - 000000128 _____ C:\WINDOWS\system32\config\netlogon.ftl
2024-09-19 07:19 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-09-19 07:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-09-19 07:18 - 2024-07-30 07:29 - 000000000 ____D C:\Users\RHenner\AppData\Local\Deployment
2024-09-19 07:18 - 2020-03-24 15:06 - 000000000 ____D C:\Users\RHenner\AppData\Local\Packages
2024-09-19 07:16 - 2020-03-24 15:15 - 000002416 ____H C:\Users\RHenner\Documents\Default.rdp
2024-09-19 07:14 - 2023-06-26 13:05 - 000000000 ____D C:\Users\RHenner\AppData\Local\Dropbox
2024-09-19 07:14 - 2023-06-26 13:04 - 000000000 ____D C:\Users\RHenner\AppData\Roaming\Dropbox
2024-09-19 07:14 - 2021-04-12 19:45 - 000000000 ____D C:\Users\RHenner\AppData\Roaming\Securepoint SSL VPN
2024-09-19 07:13 - 2024-07-30 07:26 - 000000000 ____D C:\Users\RHenner\AppData\Local\LogiOptionsPlus
2024-09-19 07:13 - 2023-06-26 13:04 - 000000000 ____D C:\Program Files (x86)\Dropbox
2024-09-19 07:13 - 2020-03-24 15:06 - 000000000 __SHD C:\Users\RHenner\IntelGraphicsProfiles
2024-09-19 07:13 - 2020-03-24 15:06 - 000000000 ___SD C:\Users\RHenner\AppData\Roaming\Microsoft\Credentials
2024-09-19 07:12 - 2022-11-04 10:40 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-09-18 07:12 - 2022-10-25 17:03 - 000000000 ____D C:\Users\RHenner\AppData\Roaming\VMware
2024-09-18 07:12 - 2022-10-25 17:02 - 000000000 ____D C:\ProgramData\VMware
2024-09-17 19:00 - 2022-11-04 10:04 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2024-09-17 18:35 - 2023-03-13 10:59 - 000000000 ____D C:\Users\RHenner\AppData\Roaming\atomic
2024-09-17 18:35 - 2020-03-25 08:17 - 000000000 ____D C:\Users\RHenner\AppData\Roaming\KeePass
2024-09-17 18:35 - 2020-03-24 18:35 - 000000000 ____D C:\Users\RHenner\AppData\Local\D3DSCache
2024-09-17 17:24 - 2023-06-26 13:06 - 000000000 ___RD C:\Users\RHenner\Dropbox
2024-09-17 14:41 - 2020-03-24 15:13 - 000000000 ____D C:\Users\RHenner\AppData\Roaming\Microsoft\Word
2024-09-17 08:45 - 2020-04-23 16:04 - 000000000 ____D C:\Users\RHenner\AppData\Roaming\Microsoft\Excel
2024-09-17 07:14 - 2020-03-24 18:19 - 000000000 ____D C:\Users\RHenner\AppData\Local\Adobe
2024-09-17 07:14 - 2020-03-24 15:06 - 000000000 ____D C:\Users\RHenner\AppData\Roaming\Adobe
2024-09-17 01:29 - 2024-05-31 15:02 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-09-17 01:29 - 2023-03-31 11:44 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-09-17 01:29 - 2023-03-31 11:44 - 000002082 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-09-17 01:29 - 2023-03-31 11:44 - 000002070 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-09-16 16:48 - 2022-10-04 07:07 - 000002175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive.lnk
2024-09-16 16:48 - 2022-10-04 07:07 - 000002053 _____ C:\Users\RHenner\Desktop\Google Drive.lnk
2024-09-16 15:45 - 2020-03-24 19:17 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-09-16 11:54 - 2022-10-25 17:03 - 000000000 ____D C:\Users\RHenner\AppData\Local\VMware
2024-09-16 11:09 - 2020-03-25 18:36 - 000000000 ____D C:\ProgramData\Lexware
2024-09-16 11:02 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ServiceState
2024-09-15 19:34 - 2020-02-05 05:02 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-09-15 19:33 - 2020-02-05 05:00 - 000000000 ____D C:\Program Files\Microsoft Office
2024-09-15 11:04 - 2021-04-18 16:49 - 000000000 ____D C:\Modelleisenbahn
2024-09-15 11:04 - 2020-09-18 12:55 - 000000000 ____D C:\Users\RHenner\AppData\Roaming\WinTrack
2024-09-15 10:39 - 2022-10-18 14:14 - 000001042 _____ C:\Users\Public\Desktop\WinTrack 16.0.lnk
2024-09-15 10:39 - 2020-09-18 12:55 - 000000000 ____D C:\Program Files (x86)\WinTrack
2024-09-14 13:52 - 2020-08-17 14:53 - 000002485 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-09-13 17:34 - 2020-03-24 16:05 - 000000000 ____D C:\Download
2024-09-13 17:20 - 2022-10-25 17:02 - 002114158 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2024-09-13 17:20 - 2022-10-25 17:02 - 000000000 ____D C:\Program Files (x86)\VMware
2024-09-13 17:20 - 2020-08-23 10:24 - 000000000 ____D C:\Users\RHenner\AppData\Local\CrashDumps
2024-09-13 16:48 - 2022-11-04 10:45 - 002084778 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-09-13 16:43 - 2022-11-04 10:47 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-09-13 16:43 - 2022-05-07 07:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2024-09-13 16:43 - 2020-05-30 10:30 - 000012288 ___SH C:\DumpStack.log.tmp
2024-09-13 16:43 - 2020-03-14 17:15 - 000000000 ____D C:\Intel
2024-09-13 16:42 - 2020-06-06 13:54 - 000000000 ____D C:\Users\Administrator\AppData\Local\D3DSCache
2024-09-13 16:42 - 2020-06-06 13:53 - 000002468 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-09-13 16:42 - 2020-06-06 13:53 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2024-09-13 16:41 - 2022-11-04 10:13 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Spelling
2024-09-13 16:41 - 2020-06-06 13:54 - 000000000 ___RD C:\Users\Administrator\OneDrive
2024-09-13 16:40 - 2022-11-04 10:13 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows
2024-09-13 16:40 - 2022-11-04 10:13 - 000000000 ____D C:\Users\Administrator
2024-09-13 16:40 - 2022-05-07 07:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-09-13 16:40 - 2020-06-06 13:53 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2024-09-13 16:40 - 2020-02-05 04:59 - 000000000 __RHD C:\Users\Public\AccountPictures
2024-09-13 16:38 - 2020-07-24 19:50 - 000000000 ____D C:\Users\RHenner\AppData\Roaming\XnViewMP
2024-09-13 09:06 - 2023-01-27 18:36 - 000000000 ____D C:\Users\RHenner\AppData\Roaming\Breitbandmessung
2024-09-12 09:15 - 2022-11-04 10:13 - 000000000 ____D C:\Users\RHenner
2024-09-11 12:27 - 2021-07-19 14:51 - 000000000 ____D C:\Program Files\TeamViewer
2024-09-11 10:15 - 2024-07-30 07:26 - 000000000 ____D C:\Users\RHenner\AppData\Roaming\logioptionsplus
2024-09-11 07:30 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-09-11 07:14 - 2023-09-27 07:35 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-09-11 07:14 - 2022-11-04 10:40 - 000496424 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-09-11 07:14 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-09-11 07:13 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-09-10 19:20 - 2022-05-07 07:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-09-10 19:15 - 2023-07-09 14:00 - 000000000 ____D C:\WINDOWS\SysWOW64\1033
2024-09-10 19:15 - 2023-07-09 14:00 - 000000000 ____D C:\WINDOWS\system32\1033
2024-09-10 19:15 - 2022-05-07 07:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-09-10 19:13 - 2023-07-09 14:00 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2024-09-10 19:13 - 2023-07-09 14:00 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2024-09-10 19:07 - 2020-03-24 19:17 - 199688632 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-09-10 09:47 - 2024-08-18 12:07 - 000001429 _____ C:\Users\RHenner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2024-09-10 09:47 - 2024-08-18 12:07 - 000001323 _____ C:\Users\RHenner\Desktop\ESET Online Scanner.lnk
2024-09-09 10:47 - 2022-11-04 10:47 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-09-09 10:47 - 2022-11-04 10:47 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-09-08 17:50 - 2024-08-18 18:13 - 000003850 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onLogOn
2024-09-08 17:50 - 2024-08-18 18:13 - 000003408 _____ C:\WINDOWS\system32\Tasks\EOSv3 Scheduler onTime
2024-09-07 16:54 - 2020-03-30 14:10 - 000000000 ____D C:\Users\RHenner\AppData\Roaming\Microsoft\Teams
2024-09-07 13:37 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\NDF
2024-09-07 02:31 - 2020-02-26 22:01 - 000000000 ____D C:\ProgramData\Packages
2024-09-07 02:16 - 2020-03-24 15:30 - 000000000 ____D C:\Users\RHenner\AppData\Local\PlaceholderTileLogoFolder
2024-09-05 15:09 - 2022-05-25 16:13 - 000000000 ____D C:\Program Files\David Client
2024-09-05 13:29 - 2024-02-17 11:45 - 000284224 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingservicesproxy_4.dll
2024-09-05 13:29 - 2022-10-21 12:12 - 000124344 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2024-09-05 13:29 - 2022-10-21 12:12 - 000075192 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2024-09-05 13:29 - 2021-11-26 15:25 - 002799144 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2024-09-05 13:29 - 2021-11-26 15:25 - 000783912 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2024-09-05 13:29 - 2021-11-26 15:25 - 000243240 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2024-09-05 13:29 - 2021-11-26 15:25 - 000210360 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2024-09-05 13:29 - 2021-11-26 15:25 - 000149032 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2024-09-04 19:24 - 2023-06-14 17:26 - 000001909 _____ C:\ProgramData\Microsoft\Windows\Start Menu\David Client.LNK
2024-09-04 17:32 - 2022-11-04 10:47 - 000000000 ____D C:\WINDOWS\system32\Tasks\NCH Software
2024-09-04 13:39 - 2019-11-25 23:23 - 000000000 ____D C:\ProgramData\Package Cache
2024-09-02 13:50 - 2023-12-07 11:05 - 000002473 _____ C:\Users\RHenner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Teams classic (work or school).lnk
2024-08-28 16:28 - 2024-08-02 09:06 - 000000000 ____D C:\Lerchenberg
2024-08-28 07:19 - 2022-05-07 12:39 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2024-08-28 07:19 - 2022-05-07 12:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-08-28 07:19 - 2022-05-07 07:24 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2024-08-28 07:19 - 2022-05-07 07:24 - 000000000 ___SD C:\WINDOWS\system32\F12
2024-08-28 07:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\WUModels
2024-08-28 07:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-08-28 07:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-08-28 07:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-08-28 07:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-08-28 07:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-08-28 07:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\Provisioning
2024-08-28 07:19 - 2022-05-07 07:24 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2024-08-28 05:20 - 2022-11-04 10:41 - 003212800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-08-28 05:13 - 2022-04-01 08:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerShell
2024-08-27 15:34 - 2020-04-12 10:48 - 000000000 ____D C:\Users\RHenner\Documents\Benutzerdefinierte Office-Vorlagen
2024-08-27 14:57 - 2024-03-21 11:46 - 000231504 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2024-08-25 11:37 - 2022-10-24 09:56 - 000000000 ____D C:\Users\RHenner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CEWE Fotowelt
2024-08-20 11:42 - 2023-11-23 09:09 - 000002169 _____ C:\Users\Public\Desktop\Lexware büro easy.lnk
2024-08-20 11:42 - 2020-03-25 18:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2024-01-11 07:51 - 2024-01-11 07:51 - 000000272 _____ () C:\ProgramData\fontcacheev1.dat
2021-05-21 10:56 - 2021-05-21 10:56 - 000225280 ____T (TODO: <Company name>) C:\Users\RHenner\AppData\Roaming\Microsoft\AdjMmsVista.dll
2020-05-12 16:23 - 2023-03-31 08:03 - 000000615 _____ () C:\Users\RHenner\AppData\Local\oobelibMkey.log
2023-07-30 10:46 - 2023-07-30 10:46 - 000000872 _____ () C:\Users\RHenner\AppData\Local\recently-used.xbel
==================== FLock ==============================
2024-09-07 16:54 C:\Users\RHenner\AppData\Roaming\Microsoft\Teams
2023-04-30 18:29 C:\Users\RHenner\AppData\Local\WebEx
2023-03-01 11:18 C:\Users\RHenner\AppData\LocalLow\WebEx
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
|
| Themen zu Windows 11 : E-Mail Trojaner ? |
| .dll, administrator, adobe, bonjour, computer, defender, e-mail, e-mail trojaner, firefox, google, homepage, karte, mozilla, opera, ordner, prozesse, realtek, registry, scan, security, services.exe, svchost.exe, trojaner, usb, windows, zugriff verweigert |
Baum-Darstellung