Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Amazon-Konto gehackt - Trojaner?

Amazon-Konto gehackt - Trojaner?


Log-Analyse und Auswertung: Amazon-Konto gehackt - Trojaner?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 31.05.2025, 10:48   #1
el_ukas
 
Amazon-Konto gehackt - Trojaner? - Standard

Amazon-Konto gehackt - Trojaner?


Hallo,

mein Amazon Konto wurde gehackt und ein AMD Ryzen Prozessor 9000 für 289 € an folgende Adresse bestellt:

Adresse entfernt /cosinus

Amazon habe ich bereits informiert, Passwort geändert (auch im Mail-Programm).

Jetzt möchte ich noch wissen, ob ich einen Trojaner auf dem PC habe. Könnt Ihr mir dabei helfen?

Frst habe ich ausgeführt - Hier die Log-Dateien:
Frst.txt:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-05-2025
Ran by Administrator (administrator) on FIREWALKER85 (LENOVO 80VR) (31-05-2025 11:39:13)
Running from C:\Users\el_uk\Downloads\FRST64.exe
Loaded Profiles: el_uk & Administrator
Platform: Microsoft Windows 10 Home Version 22H2 19045.5854 (X64) Language: Deutsch (Deutschland) -> Deutsch (Deutschland)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AO Kaspersky Lab -> AO Kaspersky Lab) C:\Users\Administrator\AppData\Local\Temp\{ccd5d27c-4e4c-4318-bbb2-86525d80ab34}\5661fa39.exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(GenericMessagingAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(LenovoGamingSystemAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
(C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantage-(VantageCoreAddin).exe
(C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe ->) (LENOVO -> Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\HotkeyMonitor.exe
(C:\Program Files\Mozilla Firefox\firefox.exe ->) (Mozilla Corporation -> Mozilla Foundation) C:\Program Files\Mozilla Firefox\crashhelper.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\NVIDIA Overlay.exe <5>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA app\ShadowPlay\nvsphelper64.exe
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Canon Inc. -> CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe
(DriverStore\FileRepository\igdlh64.inf_amd64_ba34b5e302b5992f\igfxCUIService.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ba34b5e302b5992f\igfxEM.exe
(explorer.exe ->) (LENOVO -> Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\OneDrive.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <12>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(services.exe ->) (Canon Inc. -> ) C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ba34b5e302b5992f\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ba34b5e302b5992f\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ba34b5e302b5992f\IntelCpHeciSvc.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (LENOVO -> Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe
(services.exe ->) (LENOVO -> Lenovo(beijing) Limited) C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderSVC.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe
(services.exe ->) (McAfee, LLC -> McAfee, Inc.) C:\Program Files\mcafee\WebAdvisor\servicehost.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\Locator.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <4>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_4bd2a3580753f54d\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Qualcomm Atheros, Inc. -> ) C:\Windows\System32\drivers\QcomWlanSrvx64.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(services.exe ->) (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(services.exe ->) (Shanghai Microvirt Software Technology Co., Ltd. -> ) C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(services.exe ->) (TomTom) [File not signed] C:\Program Files\TomTom HOME\TTHOMEService.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NerveCenterTray] => C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterTray.exe [258400 2017-09-29] (LENOVO -> Lenovo(beijing) Limited)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX2] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX2\CNMNSST2.exe [278440 2019-12-05] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [752208 2025-04-05] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\RunOnce: [84310deb-b913-4751-bf6b-86c29378722d] => "C:\Users\ADMINI~1\AppData\Local\Temp\{c770f825-5a2c-4882-9764-6610322f9424}\84310deb-b913-4751-bf6b-86c29378722d.cmd" (No File) <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-20\...\RunOnce: [OneDrive] => C:\Program Files (x86)\Microsoft OneDrive\OneDrive.exe /background /setautostart (No File)
HKU\S-1-5-21-1123935005-352909213-1317991075-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4966712 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1123935005-352909213-1317991075-1001\...\Run: [DAEMON Tools Lite Automount] => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun (No File)
HKU\S-1-5-21-1123935005-352909213-1317991075-1001\...\Run: [AviraBrowserAutoLaunch_C9C9E7BB767937189177C746692513E8] => "C:\Program Files\Avira\Browser\Application\AviraBrowser.exe" --check-run=src=logon --auto-launch-at-startup --profile-directory="Default" (No File)
HKU\S-1-5-21-1123935005-352909213-1317991075-1001\...\Run: [MicrosoftEdgeAutoLaunch_5992695A0DC19CA3D53C8CD847E686A4] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4141096 2025-05-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1123935005-352909213-1317991075-1001\...\MountPoints2: {f55a2aff-389b-11f0-af41-8c1645441d97} - "E:\HiSuiteDownLoader.exe" 
HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4966712 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\Run: [VLC] => C:\Program Files\VLC Plus Player\vlc-updater.exe [387992 2021-08-13] (Aller Media e.K. -> ) <==== ATTENTION
HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\Run: [MicrosoftEdgeAutoLaunch_98769996E24836F99EC8617644423B4C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4141096 2025-05-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  (No File) <==== ATTENTION
HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\Run: [BackProtection Festplattenreiniger II] => C:\ProgramData\JMMG Communications\BackProtection Festplattenreiniger II\Festplattenreiniger.exe [1447424 2020-03-03] (JMMG Communications, Jochen Moschko) [File not signed]
HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME\TTHOMERunner.exe [902656 2025-03-21] (TomTom) [File not signed]
HKU\S-1-5-21-1123935005-352909213-1317991075-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM\...\Windows x64\Print Processors\Canon TS7450i series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDHS.DLL [525824 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor TS7450i series: C:\Windows\system32\CNMLMHS.DLL [962560 2021-09-12] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\HP 5D12 Status Monitor: C:\Windows\system32\hpinksts5D12LM.dll [332176 2012-09-12] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\PDF-XChange Lite Port Monitor: C:\WINDOWS\system32\pxcpmL.dll [2187520 2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
HKLM\...\Print\Monitors\pdfcmon: C:\Windows\system32\pdfcmon.dll [116736 2019-03-26] (pdfforge GmbH) [File not signed]
HKLM\Software\...\AppCompatFlags\Custom\BLADE.EXE: [{55956d7b-35e0-49fa-8343-7adc8e1eb34b}.sdb] -> Games
HKLM\Software\...\AppCompatFlags\InstalledSDB\{55956d7b-35e0-49fa-8343-7adc8e1eb34b}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{55956d7b-35e0-49fa-8343-7adc8e1eb34b}.sdb [2020-02-01]
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {6360983A-48D3-4CAD-B742-A6BA182F4115} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [754472 2021-04-05] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {45481376-428F-4C9D-8577-96FAEC85DC7A} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [816960 2017-10-11] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {317E35B3-5FAF-4CE0-9E97-06C43B09D447} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {31F1F533-5089-4B1C-B4E2-897E61819DAC} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {4E24C148-65EE-4B86-82E4-27FDC6A94D82} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalAppStarter.exe [226024 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {11E206A7-F2BC-4CFA-B457-D1B1EFE6A61D} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [2302184 2018-02-27] (Intel(R) Client Connectivity Division SW -> Intel Corporation) -> C:\Program Files (x86)\Intel\Thunderbolt Software\\ConditionalServiceStart
Task: {DB88C6B2-E763-4C2C-8C26-907BEB9C4D82} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => C:\Windows\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> C:\Program Files (x86)\Intel\Thunderbolt Software\\start ThunderboltService
Task: {308D92A1-3143-4F7D-8204-39CF53FFA92A} - System32\Tasks\ITE HID monitor => C:\Program Files\HIDKB\IHC.exe [3820992 2017-03-10] (ITE Tech. Inc. -> ITE Tech. Inc)
Task: {3957B129-77E8-4C2C-A797-157955B8C8C8} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [94496 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {AEF34C77-0025-4ADF-B765-C76F702FD082} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> START ImControllerService
Task: {56AD7924-713E-4497-876A-C3FA11EF4712} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => C:\WINDOWS\System32\reg.exe [77312 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
Task: {4A3C0504-5282-4DFE-9830-56ED64DFE15B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\b7535703-9d21-4518-8d91-0f597b5a5de4 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {FEE2B60B-E950-465F-B924-0735A6768B9B} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\c42c84f1-7055-4f94-8d49-6eeebe110a07 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {90B32B16-B821-46C8-97D2-942B60EC02DF} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\def4f47e-a8fb-4945-a403-629182561e1e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
Task: {3BB7EA31-A97E-47A7-84E2-9E032D55B6CC} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start LenovoVantageService
Task: {E43F1AFB-CC11-4B1B-8FD2-DD1AD39EBD97} - System32\Tasks\Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {772B07E8-8810-4C74-9FF4-348DBB372F47} - System32\Tasks\Lenovo\Vantage\Schedule\DailyTelemetryTransmission => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {73D343F6-C9A8-4CC2-A1BE-7E68ED8C5923} - System32\Tasks\Lenovo\Vantage\Schedule\GenericMessagingAddin => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {8E98EEE6-C90F-440B-897C-B7784EB2DE39} - System32\Tasks\Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {002114C4-665D-4D20-AA0D-F01EFF798B7A} - System32\Tasks\Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {9033549C-F03E-4FB2-8C81-AFD0DFCA18AD} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {B814943E-8B7F-47B0-A674-414F9AEBD9AC} - System32\Tasks\Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {43FA67F7-9939-4124-90F4-69DD1ED0DC6F} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoBatteryPartSalesMonthlyToast => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {314C3C66-8D96-4A55-8C41-BC5750B82F50} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {399AE945-4CFC-4ACC-9E33-33E5EC221B40} - System32\Tasks\Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {0DCD87B2-1348-4514-AB0A-40806435C182} - System32\Tasks\Lenovo\Vantage\Schedule\NotificationCenter => C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe  NotificationCenter (No File)
Task: {979D9FBF-EAEB-4385-9555-AAB31555F5B8} - System32\Tasks\Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {966B471E-FF0B-4905-B919-399C6FD53876} - System32\Tasks\Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {302B95B9-1214-4FCA-B53A-E1266E9A768C} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinIdleScheduleTask => C:\ProgramData\Lenovo\Vantage\Addins\VantageCoreAddin\1.0.0.190\x64\IdleScheduleEventAction.exe [143768 2025-01-17] (Lenovo -> )
Task: {67C17331-183C-4ACA-8996-79CA4432ABE6} - System32\Tasks\Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask => C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\ScheduleEventAction.exe [278016 2025-02-20] (Lenovo -> Lenovo)
Task: {1E3EB47D-B43E-45B7-A8E7-FE68290EF9EC} - System32\Tasks\Lenovo\Vantage\Schedule\VantageTelemetryAddinTask => C:\Program Files (x86)\Lenovo\VantageService\3.6.15.0\ScheduleEventAction.exe  VantageTelemetryAddinTask (No File)
Task: {7DF6C6B4-238C-4169-88C3-84546AADAE76} - System32\Tasks\Lenovo\Vantage\StartupFixPlan => C:\Program Files (x86)\Lenovo\VantageService\4.2.24.0\\uninstall.exe  /repair (No File)
Task: {9BB50AC0-9F74-4960-8294-1D7C47539215} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E5416A70-4108-44B2-A52C-A28C0FF9267F} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {E96AE9D8-2AF3-46CE-A6C6-9635B1C751A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {BD79D65B-1A64-4EC2-989F-C1D8BAC85FEF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {0605FAD8-8568-4EE1-B317-4013DD735945} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-05-30] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {E80C0B32-BE00-47DF-95FD-411C9480CA6B} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1123935005-352909213-1317991075-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-05-30] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {2EA9968D-AC51-4D1A-829F-3FE7646F912A} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1123935005-352909213-1317991075-500 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [695360 2025-05-30] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (the data entry has 6 more characters).
Task: {1A1E0E3D-7029-46DA-A8AF-C027E78C126E} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-05-30] (Mozilla Corporation -> Mozilla Foundation)
Task: {E1385361-8C06-45E1-8B3C-11A1FDF0D340} - System32\Tasks\NerveCenterUpdate => C:\Program Files\Lenovo\Nerve Center\bin\x64\LenovoNerveCenterUpdateAgent.exe [756064 2017-09-29] (LENOVO -> Lenovo(beijing) Limited)
Task: {65C14203-A4E3-431A-8348-C824A690AC8C} - System32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\NVIDIA App.exe [3275808 2025-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {8F3BF8DC-568F-415D-8565-6EC90D43E7B5} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223792 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {893153A9-C4FC-4C92-8F63-04C03DD93F3A} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1123935005-352909213-1317991075-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223792 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {F6E7847C-1A57-4E7E-8375-31D9B7BD89EE} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-1123935005-352909213-1317991075-500 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223792 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {5BE59266-6EB4-4CE7-B831-F0D5B434FF00} - System32\Tasks\OneDrive Startup Task-S-1-5-21-1123935005-352909213-1317991075-1001 => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\OneDriveLauncher.exe [684856 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {F2FC5947-DC4C-4850-ADBE-2C5AC4025A40} - System32\Tasks\OneDrive Startup Task-S-1-5-21-1123935005-352909213-1317991075-500 => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\OneDriveLauncher.exe [684856 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {68C304E7-EE25-4AD9-ABAD-18A3C7BC9E57} - System32\Tasks\Opera scheduled assistant Autoupdate 1716616574 => C:\Users\Administrator\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe  -> --scheduledtask --productiscomponent --bypasslauncher --installdir="C:\Users\Administrator\AppData\Local\Programs\Opera\assistant" --producttype=assistant $(Arg0)
Task: {D5C4E121-ED6B-4DA5-9DD7-F497CD465AEE} - System32\Tasks\Opera scheduled Autoupdate 1716616565 => C:\Users\Administrator\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe  --scheduledtask --bypasslauncher $(Arg0) (No File)
Task: {9AF31BA0-C8B0-4EA2-BF63-20BEFF2474DE} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe [10674072 2024-09-24] (Lespeed Technology Co., Ltd -> WiseCleaner.com) -> C:\Program Files (x86)\Wise\Wise Registry Cleaner\\$UAC

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{89daff19-49dc-417a-a37c-44beb2374838}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{89daff19-49dc-417a-a37c-44beb2374838}: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{89daff19-49dc-417a-a37c-44beb2374838}\64259445A51224F6870273639303024534D2548545: [DhcpNameServer] 192.168.168.1 192.168.168.1
Tcpip\..\Interfaces\{89daff19-49dc-417a-a37c-44beb2374838}\64259445A51225560756164756270213230303021485: [DhcpNameServer] 192.168.178.2
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}: [DhcpNameServer] 192.168.168.1 192.168.168.1
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\64259445A51224F68702735333030285A4: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\64259445A51224F68702735333030285A4: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\64259445A51224F6870273639303024534: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\64259445A51224F6870273639303024534: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\77962756C6563737F5234344341334: [DhcpNameServer] 192.168.168.1 192.168.168.1
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\8507562796160285A5130234F6D607163647F543665693: [DhcpNameServer] 192.168.43.110
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\F623D275C414E46393: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\F623D275C414E46393: [DhcpDomain] localdomain
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\F623D275C414E4D224934303: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\F623D275C414E4D224934303: [DhcpDomain] localdomain
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\F623D275C414E4D283633303: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a0a6f412-b012-4b1c-906c-23a72f6f6b05}\F623D275C414E4D283633303: [DhcpDomain] localdomain
Tcpip\..\Interfaces\{ff05cf5c-2494-49ff-842d-56f6e895b828}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ff05cf5c-2494-49ff-842d-56f6e895b828}: [DhcpDomain] localdomain

Edge: 
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
Edge Profile: C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-25]
Edge Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-26]
Edge Extension: (Edge relevant text changes) - C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-03-26]

FireFox:
========
FF DefaultProfile: 5vvu71o2.default
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\5vvu71o2.default [2024-03-27]
FF Homepage: Mozilla\Firefox\Profiles\5vvu71o2.default -> hxxps://myfiresearch.com/homepage?hp=1&pId=CH210629&iDate=2024-03-27 07:30:22&bitmask=9996
FF NewTab: Mozilla\Firefox\Profiles\5vvu71o2.default -> hxxps://myfiresearch.com/homepage?hp=1&pId=CH210629&iDate=2024-03-27 07:30:22&bitmask=9996
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tnwddskx.default-release [2025-05-25]
FF Homepage: Mozilla\Firefox\Profiles\tnwddskx.default-release -> hxxps://myfiresearch.com/homepage?hp=1&pId=CH210629&iDate=2024-03-27 07:30:22&bitmask=9996
FF NewTab: Mozilla\Firefox\Profiles\tnwddskx.default-release -> hxxps://myfiresearch.com/homepage?hp=1&pId=CH210629&iDate=2024-03-27 07:30:22&bitmask=9996
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tnwddskx.default-release\searchplugins\My Firefox Search.xml [2024-03-27]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-02-22]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=3.0.10 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.9.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @vlc.de/vlc,version=3.0.11 -> C:\Program Files\VLC Plus Player\npvlc.dll [2021-08-13] (Aller Media e.K. -> VideoLAN)
FF Plugin: @vlc.de/vlc,version=3.0.16 -> C:\Program Files\VLC Plus Player\npvlc.dll [2021-08-13] (Aller Media e.K. -> VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.451.0 -> C:\Program Files (x86)\Java\jre1.8.0_451\bin\dtplugin\npDeployJava1.dll [2025-04-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.451.0 -> C:\Program Files (x86)\Java\jre1.8.0_451\bin\plugin2\npjp2.dll [2025-04-05] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\.DEFAULT: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1123935005-352909213-1317991075-1001: SkypeForBusinessPlugin-16.2 -> C:\Users\el_uk\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1123935005-352909213-1317991075-1001: SkypeForBusinessPlugin64-16.2 -> C:\Users\el_uk\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1123935005-352909213-1317991075-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2023-12-27] (Ubisoft Entertainment Sweden AB -> )
FF Plugin HKU\S-1-5-21-1123935005-352909213-1317991075-500: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1123935005-352909213-1317991075-500: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.adobe.xfdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1123935005-352909213-1317991075-500: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll [2019-04-22] (Tracker Software Products (Canada) Ltd. -> Tracker Software Products (Canada) Ltd.)

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki]

Opera: 
=======
OPR DefaultProfile: Default

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2019-02-10] (Adobe Systems) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9880840 2023-10-31] (BattlEye Innovations e.K. -> )
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [18709600 2025-04-17] (Electronic Arts, Inc. -> Electronic Arts)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. -> Epic Games, Inc.)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncHelper.exe [3610416 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [1959776 2022-03-12] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6484832 2022-03-12] (GOG Sp. z o.o. -> GOG.com)
R3 GameRecorderSVC; C:\Program Files\Lenovo\Nerve Center\bin\x86\GameRecorderSVC.exe [458592 2017-09-29] (LENOVO -> Lenovo(beijing) Limited)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [460488 2024-04-03] (Canon Inc. -> )
R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [113224 2024-06-26] (Lenovo -> Lenovo Group Ltd.)
R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\4.3.21.0\LenovoVantageService.exe [34816 2025-02-20] (Lenovo -> Lenovo)
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [920656 2020-02-22] (McAfee, LLC -> McAfee, Inc.)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe [2050904 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MEmuSVC; C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe [85304 2019-07-02] (Shanghai Microvirt Software Technology Co., Ltd. -> )
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_4bd2a3580753f54d\Display.NvContainer\NVDisplay.Container.exe [1275016 2025-04-28] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.085.0504.0002\OneDriveUpdaterService.exe [3862840 2025-05-31] (Microsoft Corporation -> Microsoft Corporation)
R2 PluginLoaderSvc; C:\Program Files\Lenovo\Nerve Center\bin\x64\PluginLoaderSvc.exe [1016672 2017-09-29] (LENOVO -> Lenovo(beijing) Limited)
R2 QcomWlanSrv; C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe [188736 2021-07-20] (Qualcomm Atheros, Inc. -> )
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2024-10-18] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [933432 2024-10-18] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 TTHOMEService; C:\Program Files\TomTom HOME\TTHOMEService.exe [437248 2025-03-21] (TomTom) [File not signed]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe [4525976 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe [278304 2025-05-23] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U3 8a19351c; C:\WINDOWS\System32\Drivers\8a19351c.sys [377392 2025-05-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
S3 BlueStacksDrv; C:\Program Files\BlueStacks\BstkDrv.sys [313112 2019-09-25] (Bluestack Systems, Inc. -> Bluestack System Inc.)
R3 BtFilter; C:\WINDOWS\System32\drivers\btfilter.sys [65448 2018-01-08] (WDKTestCert aswbldsv,131431045756648395 -> Qualcomm)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [287744 2022-05-16] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [147968 2022-04-15] (Microsoft Corporation) [File not signed]
S3 Ch64PS2; C:\WINDOWS\System32\drivers\Ch64PS2.sys [149632 2010-01-21] (ZF Electronics GmbH) [File not signed]
S3 CH64PS2M; C:\WINDOWS\System32\drivers\CH64PS2M.sys [60288 2010-07-30] (Microsoft Windows Hardware Compatibility Publisher -> Cherry GmbH)
R3 Ch64USB; C:\WINDOWS\System32\drivers\Ch64USB.sys [147584 2010-01-21] (Microsoft Windows Hardware Compatibility Publisher -> Cherry GmbH)
R3 Ch64USBM; C:\WINDOWS\System32\drivers\Ch64USBM.sys [66688 2007-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Cherry GmbH)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [175824 2024-10-18] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [42256 2019-02-01] (AVB Disc Soft, SIA -> Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [59360 2019-02-01] (AVB Disc Soft, SIA -> Disc Soft Ltd)
U3 FBNetFilter; C:\Windows\system32\Drivers\FBNetFlt.sys [55256 2017-09-29] (Lenovo (Beijing) Co., Ltd. -> Lenovo(beijing) Limited)
R3 ITEHIDfilter; C:\WINDOWS\System32\drivers\ITEHIDfilter.sys [28104 2017-10-30] (ITE Tech. Inc. -> ITE Tech. Inc.)
U0 klupd_8a19351ca_arkmon; C:\WINDOWS\System32\Drivers\klupd_8a19351ca_arkmon.sys [412080 2025-05-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
U3 klupd_8a19351ca_arkmon_84FCBD88; C:\KVRT2020_Data\Temp\84FCBD88EC82AED75574C99DD7CA2538\klupd_8a19351ca_arkmon.sys [412080 2025-05-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
U3 klupd_8a19351ca_klark; C:\WINDOWS\System32\Drivers\klupd_8a19351ca_klark.sys [364584 2025-05-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
U0 klupd_8a19351ca_klbg; C:\WINDOWS\System32\Drivers\klupd_8a19351ca_klbg.sys [204480 2025-05-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
U3 klupd_8a19351ca_mark; C:\WINDOWS\System32\Drivers\klupd_8a19351ca_mark.sys [266488 2025-05-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
R2 libwamf; C:\WINDOWS\System32\DRIVERS\libwamf.sys [35400 2020-04-15] (Opswat Inc. -> OPSWAT, Inc.)
R2 libwasys; C:\WINDOWS\system32\DRIVERS\libwasys.sys [38472 2020-04-15] (Opswat Inc. -> OPSWAT, Inc.)
R1 MEmuDrv; C:\WINDOWS\system32\DRIVERS\MEmuDrv.sys [319448 2019-04-15] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Bruce James -> Scarlet.Crush Productions)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174264 2024-10-18] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [19984 2025-05-23] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606568 2025-05-23] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100736 2025-05-23] (Microsoft Windows -> Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 LenovoDiagnosticsDriver; \??\C:\ProgramData\Lenovo\Vantage\Addins\LenovoHardwareScanAddin\3.7.0.16\LenovoDiagnosticsDriver.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-05-31 11:39 - 2025-05-31 11:40 - 000045487 _____ C:\Users\el_uk\Downloads\FRST.txt
2025-05-31 11:38 - 2025-05-31 11:39 - 000000000 ____D C:\FRST
2025-05-31 11:31 - 2025-05-31 11:31 - 002405888 _____ (Farbar) C:\Users\el_uk\Downloads\FRST64.exe
2025-05-31 11:07 - 2025-05-31 11:07 - 000000000 ____D C:\KVRT2020_Data
2025-05-31 11:06 - 2025-05-31 11:06 - 115177320 _____ (AO Kaspersky Lab) C:\Users\el_uk\Downloads\KVRT.exe
2025-05-30 12:39 - 2020-05-11 13:37 - 000000000 ____D C:\Users\el_uk\Downloads\T-MST10PDEUC
2025-05-30 12:37 - 2025-05-30 12:37 - 160756230 _____ C:\Users\el_uk\Downloads\T-MST10PDEUC_2010.0.exe
2025-05-30 12:35 - 2025-05-30 12:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-05-28 16:21 - 2025-05-28 16:21 - 000001273 _____ C:\WINDOWS\system32\Drivers\mozart_12338422546372_fw_dump.cmm
2025-05-28 16:08 - 2025-05-28 16:08 - 000001273 _____ C:\WINDOWS\system32\Drivers\mozart_12337689034039_fw_dump.cmm
2025-05-26 10:14 - 2025-05-26 10:16 - 1477584034 _____ C:\Users\el_uk\Downloads\Europe_Central_1145_12621_tmp_0.zip
2025-05-26 10:03 - 2025-05-26 10:03 - 001545614 _____ C:\Users\el_uk\Downloads\TTActivator-v1.20.rar
2025-05-26 09:03 - 2025-05-26 10:07 - 000000000 ____D C:\Program Files (x86)\MyDrive Connect
2025-05-26 09:03 - 2025-05-26 09:03 - 000000000 ____D C:\Users\el_uk\AppData\Local\TomTom
2025-05-26 09:03 - 2025-05-26 09:03 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TomTom
2025-05-26 09:02 - 2025-05-26 09:02 - 072346880 _____ (TomTom International B.V.) C:\Users\el_uk\Downloads\InstallTomTomMyDriveConnect.exe
2025-05-26 08:57 - 2025-05-26 08:57 - 000229002 _____ C:\Users\el_uk\Downloads\TTActivator-Anleitung.pdf
2025-05-25 19:23 - 2025-05-25 19:23 - 000000000 _____ C:\WINDOWS\RestPupils
2025-05-25 19:23 - 2025-05-25 19:23 - 000000000 _____ C:\WINDOWS\ProcessorsEntertaining
2025-05-25 19:16 - 2025-05-25 19:17 - 152244720 _____ (PortableApps.com) C:\Users\el_uk\Downloads\firefoxportable_138.0.4_german.paf.exe
2025-05-25 19:09 - 2025-05-25 19:09 - 001213959 _____ C:\Users\el_uk\Downloads\EasyUseTools.zip
2025-05-25 18:34 - 2025-05-25 18:34 - 000617982 _____ C:\Users\el_uk\Downloads\Activator_2019_Installer.rar
2025-05-25 17:56 - 2025-05-25 17:56 - 000000000 ____D C:\Users\el_uk\Desktop\TTactivator
2025-05-25 17:49 - 2025-05-25 17:49 - 091899157 _____ C:\Users\el_uk\Downloads\NAV3-Navi (Toolbox) Anleitungen mit Videos upd.12.07.2024.rar
2025-05-25 09:48 - 2024-10-18 04:14 - 000175824 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudbus2.sys
2025-05-25 09:48 - 2024-10-18 04:14 - 000174264 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2025-05-25 09:45 - 2025-05-25 09:45 - 000000000 ____D C:\Program Files\Samsung
2025-05-25 09:44 - 2025-05-25 09:44 - 037218768 _____ (Samsung Electronics Co., Ltd.) C:\Users\el_uk\Downloads\SAMSUNG_USB_Driver_for_Mobile_Phones_v1.9.0.0.exe
2025-05-25 09:35 - 2025-03-29 17:09 - 000000000 ____D C:\Users\el_uk\Desktop\scrcpy-win64-v3.2
2025-05-25 09:18 - 2025-05-25 09:18 - 007138793 _____ C:\Users\el_uk\Downloads\platform-tools-latest-windows.zip
2025-05-25 09:11 - 2025-05-25 09:11 - 006950959 _____ C:\Users\el_uk\Downloads\scrcpy-win64-v3.2.zip
2025-05-23 18:51 - 2025-05-23 18:51 - 000000000 ____D C:\Users\el_uk\AppData\Roaming\Samsung
2025-05-23 18:47 - 2025-05-25 10:30 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Samsung
2025-05-23 18:47 - 2025-05-23 18:50 - 000000000 ____D C:\ProgramData\Samsung
2025-05-23 18:47 - 2022-01-25 11:29 - 000144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2025-05-23 18:46 - 2025-05-25 10:30 - 000000000 ____D C:\Program Files (x86)\Samsung
2025-05-23 18:45 - 2025-05-23 18:45 - 005331520 _____ (CHIP Digital GmbH) C:\Users\el_uk\Downloads\Samsung Smart Switch - CHIP Installer _aQisv.exe
2025-05-23 12:08 - 2025-05-23 12:08 - 000001258 _____ C:\WINDOWS\system32\Drivers\mozart_123958425463_fw_dump.cmm
2025-05-23 11:52 - 2025-05-23 12:07 - 000000000 ____D C:\Users\el_uk\AppData\Local\TomTomUpgrade
2025-05-23 11:52 - 2025-05-23 11:52 - 000000000 ____D C:\Users\el_uk\TomTomUpgrade
2025-05-23 11:52 - 2025-05-23 11:52 - 000000000 ____D C:\Users\el_uk\Documents\TomTomUpgrade
2025-05-23 11:52 - 2025-05-23 11:52 - 000000000 ____D C:\Users\el_uk\AppData\Roaming\TomTomUpgrade
2025-05-23 11:52 - 2025-05-23 11:52 - 000000000 ____D C:\ProgramData\TomTom
2025-05-23 11:51 - 2025-05-23 11:51 - 000000723 _____ C:\Users\Administrator\Desktop\TomTom HOME.lnk
2025-05-23 11:51 - 2025-05-23 11:51 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TomTom Intl
2025-05-23 11:50 - 2025-05-23 11:50 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\H2CU_VCR
2025-05-23 11:50 - 2025-05-23 11:50 - 000000000 ____D C:\Program Files\TomTom HOME
2025-05-23 11:49 - 2025-05-23 11:49 - 112844144 _____ (TomTom International B.V.) C:\Users\el_uk\Downloads\TomTomHOME2win.exe
2025-05-18 10:33 - 2025-05-18 10:33 - 000022680 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-05-17 15:03 - 2025-05-17 15:03 - 000022680 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2025-05-17 14:45 - 2025-05-17 14:45 - 000000000 ___HD C:\$WinREAgent
2025-05-08 17:54 - 2025-05-08 17:54 - 000001273 _____ C:\WINDOWS\system32\Drivers\mozart_12333177617336_fw_dump.cmm
2025-05-06 17:05 - 2025-05-06 17:05 - 000001270 _____ C:\WINDOWS\system32\Drivers\mozart_12326033317713_fw_dump.cmm
2025-05-04 10:19 - 2025-05-04 10:19 - 000001258 _____ C:\WINDOWS\system32\Drivers\mozart_12314265062847_fw_dump.cmm
2025-05-03 08:36 - 2025-05-03 08:36 - 014549704 _____ C:\Users\el_uk\Downloads\technik-satt.pdf
2025-05-02 12:10 - 2025-05-02 12:10 - 000001270 _____ C:\WINDOWS\system32\Drivers\mozart_1234909489476_fw_dump.cmm
2025-05-02 10:31 - 2025-04-28 01:16 - 000125048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2025-05-02 10:30 - 2025-04-28 09:12 - 002072424 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2025-05-02 10:30 - 2025-04-28 09:12 - 002072424 _____ C:\WINDOWS\system32\vulkaninfo.exe
2025-05-02 10:30 - 2025-04-28 09:12 - 001614184 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2025-05-02 10:30 - 2025-04-28 09:12 - 001614184 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2025-05-02 10:30 - 2025-04-28 09:12 - 001576808 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2025-05-02 10:30 - 2025-04-28 09:12 - 001576808 _____ C:\WINDOWS\system32\vulkan-1.dll
2025-05-02 10:30 - 2025-04-28 09:12 - 001389928 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2025-05-02 10:30 - 2025-04-28 09:12 - 001389928 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2025-05-02 10:30 - 2025-04-28 09:12 - 000477832 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2025-05-02 10:30 - 2025-04-28 09:12 - 000374920 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2025-05-02 10:30 - 2025-04-28 09:09 - 001260184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2025-05-02 10:30 - 2025-04-28 09:09 - 000674968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2025-05-02 10:30 - 2025-04-28 09:09 - 000509080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2025-05-02 10:30 - 2025-04-28 09:08 - 026001520 _____ C:\WINDOWS\system32\nvidia-pcc.exe
2025-05-02 10:30 - 2025-04-28 09:08 - 002313880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2025-05-02 10:30 - 2025-04-28 09:08 - 001713824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2025-05-02 10:30 - 2025-04-28 09:08 - 001569432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2025-05-02 10:30 - 2025-04-28 09:08 - 001220768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2025-05-02 10:30 - 2025-04-28 09:08 - 001053832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2025-05-02 10:30 - 2025-04-28 09:08 - 000942216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2025-05-02 10:30 - 2025-04-28 09:08 - 000809608 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2025-05-02 10:30 - 2025-04-28 09:07 - 023034016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2025-05-02 10:30 - 2025-04-28 09:07 - 020516976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2025-05-02 10:30 - 2025-04-28 09:07 - 007323272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2025-05-02 10:30 - 2025-04-28 09:07 - 005240448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2025-05-02 10:30 - 2025-04-28 09:07 - 003994248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2025-05-02 10:30 - 2025-04-28 09:07 - 000467592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2025-05-02 10:30 - 2025-04-28 09:06 - 005913712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2025-05-02 10:30 - 2025-04-28 09:06 - 005600456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2025-05-02 10:30 - 2025-04-28 09:06 - 004901640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2025-05-02 10:30 - 2025-04-28 09:06 - 000853128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2025-05-02 10:30 - 2025-04-28 01:16 - 000142952 _____ C:\WINDOWS\system32\nvinfo.pb
2025-05-02 10:15 - 2025-05-02 10:15 - 000001270 _____ C:\WINDOWS\system32\Drivers\mozart_12345672243774_fw_dump.cmm

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2025-05-31 11:40 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-05-31 11:30 - 2022-02-09 19:13 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-05-31 11:29 - 2019-04-03 15:49 - 000000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2025-05-31 11:04 - 2019-02-01 18:05 - 000000000 __SHD C:\Users\el_uk\IntelGraphicsProfiles
2025-05-31 10:56 - 2018-12-04 19:50 - 000000000 ____D C:\ProgramData\NVIDIA
2025-05-31 10:51 - 2021-12-17 19:57 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-05-31 09:52 - 2025-02-06 18:10 - 000003546 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-1123935005-352909213-1317991075-1001
2025-05-31 09:52 - 2025-02-06 18:10 - 000003540 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-1123935005-352909213-1317991075-500
2025-05-31 09:52 - 2023-01-17 23:45 - 000002285 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-05-31 09:52 - 2022-01-24 23:28 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1123935005-352909213-1317991075-500
2025-05-31 09:52 - 2021-12-11 10:07 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1123935005-352909213-1317991075-1001
2025-05-31 09:52 - 2021-09-12 09:29 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-05-31 09:52 - 2021-03-12 21:26 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-05-31 09:52 - 2020-06-24 09:07 - 000002447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-05-31 09:52 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-05-31 09:52 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-05-31 09:52 - 2019-10-02 00:32 - 000002159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-05-31 09:52 - 2019-02-01 18:05 - 000000000 ____D C:\Users\el_uk\AppData\Local\Packages
2025-05-30 16:20 - 2021-03-12 21:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-05-30 14:42 - 2021-10-10 11:07 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2025-05-30 14:42 - 2019-10-12 18:33 - 000001132 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-05-26 09:03 - 2022-01-26 14:04 - 000000000 ____D C:\Users\el_uk\AppData\Local\cache
2025-05-26 09:03 - 2019-12-07 11:13 - 000000000 ____D C:\WINDOWS\INF
2025-05-25 21:02 - 2019-10-18 11:28 - 000000000 ____D C:\Users\el_uk\AppData\Local\Spotify
2025-05-25 19:42 - 2019-10-12 18:33 - 000000000 ____D C:\Users\el_uk\AppData\Roaming\Mozilla
2025-05-25 19:23 - 2019-10-18 11:27 - 000000000 ____D C:\Users\el_uk\AppData\Roaming\Spotify
2025-05-25 15:28 - 2021-03-12 21:30 - 001632024 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-05-25 15:28 - 2019-12-07 16:50 - 000707316 _____ C:\WINDOWS\system32\perfh007.dat
2025-05-25 15:28 - 2019-12-07 16:50 - 000142574 _____ C:\WINDOWS\system32\perfc007.dat
2025-05-25 14:45 - 2021-03-12 21:26 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-05-25 14:45 - 2021-03-12 21:18 - 000008192 ___SH C:\DumpStack.log.tmp
2025-05-25 14:45 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ServiceState
2025-05-25 10:32 - 2024-03-27 21:29 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Lavasoft
2025-05-25 10:32 - 2023-10-31 08:32 - 000000000 ____D C:\Users\Administrator\AppData\LocalLow\NVIDIA
2025-05-25 10:30 - 2019-02-01 19:14 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2025-05-25 10:08 - 2024-03-27 21:28 - 000800672 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bddci.sys
2025-05-24 20:41 - 2019-02-01 18:08 - 000000000 ____D C:\Users\el_uk\AppData\Local\PlaceholderTileLogoFolder
2025-05-23 18:53 - 2019-02-02 00:14 - 000000000 ____D C:\ProgramData\Packages
2025-05-23 12:03 - 2018-04-17 21:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-05-23 11:53 - 2019-10-12 18:33 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-05-23 11:52 - 2021-03-12 18:49 - 000000000 ____D C:\Users\el_uk
2025-05-23 11:51 - 2019-12-07 11:03 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2025-05-21 15:12 - 2021-03-12 21:26 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-05-21 15:12 - 2021-03-12 21:26 - 000003630 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-05-18 10:57 - 2021-03-12 21:18 - 000269328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\PrintDialog
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\SystemResources
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\setup
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2025-05-18 10:56 - 2019-12-07 11:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-05-18 10:56 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\servicing
2025-05-18 10:42 - 2019-02-01 20:35 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-05-18 10:38 - 2019-12-07 11:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-05-18 10:38 - 2019-02-01 20:35 - 214836568 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-05-17 15:02 - 2021-03-12 21:18 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2025-05-03 09:27 - 2025-01-28 17:36 - 000000000 ____D C:\ProgramData\CanonIJPLM
2025-05-02 10:28 - 2019-02-01 18:07 - 000000000 ____D C:\Users\el_uk\AppData\Local\NVIDIA Corporation
2025-05-02 10:21 - 2023-10-29 12:14 - 000000000 ____D C:\Users\el_uk\AppData\LocalLow\NVIDIA
2025-05-02 10:21 - 2018-12-04 19:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2025-05-02 10:08 - 2024-08-18 16:39 - 000003834 _____ C:\WINDOWS\system32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2025-05-02 10:08 - 2024-08-18 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2025-05-02 10:08 - 2018-12-04 19:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation

==================== Files in the root of some directories ========

2019-12-11 15:51 - 2024-03-25 17:35 - 000007656 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
--- --- ---
Geändert von cosinus (31.05.2025 um 11:37 Uhr)

 

Themen zu Amazon-Konto gehackt - Trojaner?
administrator, browser, defender, desktop, festplatte, firefox, google, home, homepage, installation, internet, kaspersky, mozilla, port, prozessor, registry, scan, services.exe, software, svchost.exe, temp, trojaner, trojaner?, usb, windows


« Avira Meldung "Zu ihrer Sicherheit wurde der Zugriff auf die Hosts Datei blockiert" | PUABundler:Win32/uTorrent_BundleInstaller »


Ähnliche Themen: Amazon-Konto gehackt - Trojaner?


  1. Amazon- und (mutmaßlich) ebay-Konto gehackt
    Überwachung, Datenschutz und Spam - 20.12.2020 (7)
  2. (Win 10) Amazon und eBay Konto gekapert
    Überwachung, Datenschutz und Spam - 27.10.2020 (27)
  3. Schon 2x das Amazon-Konto gehackt - Keylogger aktiv?
    Plagegeister aller Art und deren Bekämpfung - 05.01.2019 (18)
  4. Spam-Mails über Telekom verschickt und Amazon Konto betroffen
    Log-Analyse und Auswertung - 30.12.2018 (9)
  5. Amazon Konto gehackt, Passwort geändert
    Log-Analyse und Auswertung - 16.12.2017 (4)
  6. Amazon Konto gehackt
    Plagegeister aller Art und deren Bekämpfung - 17.05.2017 (26)
  7. Fake Mail von Amazon---Transaktionscode xyz Konto gesperrt
    Plagegeister aller Art und deren Bekämpfung - 26.08.2016 (2)
  8. Banking Trojaner auf Smartphone, Online Konto gehackt, Login mit Laptop nicht möglich
    Log-Analyse und Auswertung - 03.07.2016 (15)
  9. Windows 10: Amazon Konto gehackt, kann keine Schadsoftware finden
    Log-Analyse und Auswertung - 30.04.2016 (1)
  10. Windows 7: Online-Konto gehackt- Verdacht Trojaner oder Spyware
    Log-Analyse und Auswertung - 24.12.2015 (7)
  11. Amazon Konto gehackt, Schädlinge PUP.OPTIONAL.MetacrawlerBAR.A + PUP.OPTIONAL.Crossrider.A gefunden
    Log-Analyse und Auswertung - 16.07.2015 (13)
  12. Amazon-Konto: Jemand hat mein Passwort geändert & Gutscheine bestellt
    Alles rund um Mac OSX & Linux - 12.01.2015 (5)
  13. Amazon-Konto geknackt
    Log-Analyse und Auswertung - 17.10.2013 (19)
  14. Amazon-Konto gehackt! Ist mein PC infiziert?
    Log-Analyse und Auswertung - 10.04.2013 (1)
  15. Amazon-Konto gehackt, Passwort geändert
    Log-Analyse und Auswertung - 02.11.2012 (12)
  16. Amazon Account gehackt. Trojaner?
    Log-Analyse und Auswertung - 16.10.2011 (1)
  17. Amazon Account gehackt + E-mail gehackt !
    Plagegeister aller Art und deren Bekämpfung - 05.05.2008 (16)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Amazon-Konto gehackt - Trojaner? - Hallo, mein Amazon Konto wurde gehackt und ein AMD Ryzen Prozessor 9000 für 289 € an folgende Adresse bestellt: Adresse entfernt /cosinus Amazon habe ich bereits informiert, Passwort geändert (auch - Amazon-Konto gehackt - Trojaner?...
Archiv
Du betrachtest: Amazon-Konto gehackt - Trojaner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55