| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Eventuell Fund durch Emsisoft Emergency KitWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.06.2025, 12:26
| #1 |
 |  Eventuell Fund durch Emsisoft Emergency Kit Liebes Forum, ich scanne meinen PC regelmäßig mit dem Emsisoft Emergency Kit (EEK), welches ich von einem USB Stick aus starte. Nun kam es zu folgendem angeblichen Fund: Code:
ATTFilter Scanner Detection Malware "Generic.Exploit.CVE-2020-1472.2.9364262A (B)" in "netlogon.dll" (SHA1: 60535b4f045c021b400602c529a12756d1d88e8c) and 2 other objects
Scanner Detection Malware "Gen:Variant.Babar.518968 (B)" in "FileSyncShell.dll" (SHA1: f3e4655ab7587522d1b6f48635b4bac14f55e54e)
Scanner detected Malware "Generic.Exploit.CVE-2020-1472.2.9364262A (B)" in "C:\Windows\System32\netlogon.dll" (SHA1: 60535b4f045c021b400602c529a12756d1d88e8c)
Scanner detected Malware "Generic.Exploit.CVE-2020-1472.2.9364262A (B)" in "C:\Windows\WinSxS\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_10.0.26100.3912_none_99445d6de8287896\netlogon.dll" (SHA1: 60535b4f045c021b400602c529a12756d1d88e8c)
Scanner detected Malware "Generic.Exploit.CVE-2020-1472.2.9364262A (B)" in "C:\Windows\WinSxS\Backup\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_10.0.26100.3912_none_99445d6de8287896_netlogon.dll_90e0458e" (SHA1: 60535b4f045c021b400602c529a12756d1d88e8c)
Scanner detected Malware "Gen:Variant.Babar.518968 (B)" in "C:\Program Files\Microsoft OneDrive\25.085.0504.0002\i386\FileSyncShell.dll" (SHA1: f3e4655ab7587522d1b6f48635b4bac14f55e54e)
Darauf folgte ein Malwarebytes-Scan, welcher nichts fand. Dann habe ich noch den ESET Online Scanner verwendet. Dieser fand folgendes: Code:
ATTFilter C:\Users\***\AppData\Roaming\Thunderbird\Profiles\4xnouhxy.default-release\ImapMail\imap.gmx.net\INBOX multiple detections,Win32/Exploit.Agent.NLK trojan,PDF/Fraud.DW trojan contained infected files
Wie schätzt ihr die Lage ein? Hier sind die Logs aus FRST (persönliche Infos habe ich mit *** anonymisiert): Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-06-2025
Ran by *** (administrator) on *** (Microsoft Corporation Surface Pro 9) (09-06-2025 12:48:24)
Running from C:\Users\***\Desktop\FRST64.exe
Loaded Profiles: ***
Platform: Microsoft Windows 11 Home Version 24H2 26100.4061 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(C:\Program Files\WindowsApps\Microsoft.SurfaceHub_75.5150.121.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SurfaceHub_75.5150.121.0_x64__8wekyb3d8bbwe\Services\WindowsUpdatesDm.exe
(DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_f99162a78d742d5a\DAX3API.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\DAX3_S~4.INF\DAX3API.exe
(dwm.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\ISM.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 2024 Organizer\Adobe Elements 2024 Update Service.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories) C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_f99162a78d742d5a\DAX3API.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_589bf55713b88872\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_cdf3ca3c77d5f267\logi_lamparray_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\DriverStore\FileRepository\devicestelemetryservicedriver.inf_amd64_76b122cc166d309c\DevicesTelemetryService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft) C:\Program Files\WindowsApps\Microsoft.SurfaceHub_75.5150.121.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\ehdxsstmd3a4.inf_amd64_daa1b2b779c60f86\RtkAudUService64.exe <2>
(sihost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
(svchost.exe ->) (EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3 -> Intel Corporation) C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt\IGCC.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.22.2.0_x64__8wekyb3d8bbwe\MicrosoftStartFeedProvider\MicrosoftStartFeedProvider.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.325.5191.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.325.5191.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.10401.30.0_x64__cw5n1h2txyewy\WidgetBoard.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SpatialAudioLicenseSrv.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\ehdxsstmd3a4.inf_amd64_daa1b2b779c60f86\RtkAudUService64.exe [835952 2024-05-26] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobePSE24AutoAnalyzer] => C:\Program Files\Adobe\Elements 2024 Organizer\Elements Auto Creations 2024.exe [3859424 2024-06-16] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-4100307629-3901963809-4256482930-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4966712 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4100307629-3901963809-4256482930-1001\...\Run: [MicrosoftEdgeAutoLaunch_B61073CA21D4843E892239215E794014] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4141136 2025-06-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4100307629-3901963809-4256482930-1002\...\Run: [MicrosoftEdgeAutoLaunch_D107E4BC9B1B43026836B2DB446BF632] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4141136 2025-06-06] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4100307629-3901963809-4256482930-1002\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [4966712 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-4100307629-3901963809-4256482930-1002\...\Run: [CiscoMeetingDaemon] => C:\Users\***\AppData\Local\WebEx\WebexHost.exe [7292504 2025-04-03] (Cisco WebEx LLC -> Cisco Webex LLC)
HKU\S-1-5-21-4100307629-3901963809-4256482930-1002\...\Run: [Nextcloud] => C:\Program Files\Nextcloud\nextcloud.exe [5932808 2025-06-02] (Nextcloud GmbH -> Nextcloud GmbH)
HKLM\...\Windows x64\Print Processors\KOAXPA_P: C:\Windows\System32\spool\prtprocs\x64\KOAXPA_P.DLL [50648 2018-03-11] (Microsoft Windows Hardware Compatibility Publisher -> KONICA MINOLTA, INC.)
HKLM\...\Print\Monitors\C658SeriesPS Language Monitor: C:\WINDOWS\system32\KOAXPA_L.DLL [25560 2018-03-11] (Microsoft Windows Hardware Compatibility Publisher -> KONICA MINOLTA, INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MP640 series: C:\WINDOWS\system32\CNMLMA2.DLL [336896 2010-04-24] (CANON INC.) [File not signed]
HKLM\...\Print\Monitors\Canon BJNP Port: C:\WINDOWS\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [File not signed]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FiiO Control Panel Autostart.lnk [2024-05-14]
ShortcutTarget: FiiO Control Panel Autostart.lnk -> C:\Program Files\FiiO\FiiO_Driver\x64\FiiOCplApp.exe (Thesycon Software Solutions GmbH & Co. KG -> )
==================== Scheduled Tasks (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {236DE052-A218-429E-94E3-F99F985BF22B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1580992 2025-03-21] (Adobe Inc. -> Adobe Inc.)
Task: {FCB840F8-70A6-4F8B-9D4A-C11E5A1F4C5D} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-*** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled (No File)
Task: {8F4A9C82-9BDD-4FC5-ADCE-89A752D7BCDD} - System32\Tasks\AdobeAAMUpdater-1.0-*** => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled (No File)
Task: {C7DA664F-E18E-4CB2-8A1F-EDCB23C6137B} - System32\Tasks\MATLAB R2023a Startup Accelerator => C:\Program Files\MATLAB\R2023a\bin\win64\MATLABStartupAccelerator.exe [98816 2022-11-20] () [File not signed]
Task: {B410E1E8-A505-48EA-89E4-21061768CC91} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28955376 2025-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {4FB1D575-EA15-4C20-A2B5-44F08C453908} - System32\Tasks\Microsoft\Office\Office Background Push Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe [68312 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {9C1E1CBD-7E20-47F7-843A-2BDEF764D65E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28955376 2025-05-27] (Microsoft Corporation -> Microsoft Corporation)
Task: {131256F6-A8BE-49F4-9D21-ED5F9BD9E737} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {D1DC33A2-15BB-4808-8CF3-EDB4468F0B45} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {976939C6-6704-4E5E-8233-BFAD140C5A06} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [225992 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {B2B36C33-0345-4A82-B265-F8415C8639D6} - System32\Tasks\Microsoft\Office\Office Startup Boost => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {35E97D96-906A-4357-92A0-9A8F2FBF2BBE} - System32\Tasks\Microsoft\Office\Office Startup Boost Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [309960 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {8C0F914A-4869-48BB-9C82-BE00ED80DB94} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {839B8990-9457-445A-A5FD-B1EC7B870587} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {DAB2826F-5643-4729-B6D0-7FA4E9CB98F5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {923F8B82-DAA3-42D6-802E-8A145CE359D2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpCmdRun.exe [1753416 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {9DFD074E-CEB3-4152-95C6-6730D513B9CA} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-05-30] (Mozilla Corporation -> Mozilla Foundation)
Task: {60E98266-401A-4DFE-B1B0-9A1F800A03FA} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223792 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {19677FE6-3335-4ADA-A374-3CEF72754C63} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4100307629-3901963809-4256482930-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223792 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {6C2BB76C-50A7-45E1-A80C-81E59AD338FE} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-4100307629-3901963809-4256482930-1002 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4223792 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {B28CFCC4-A55D-4107-81FF-7AF1987D6E4F} - System32\Tasks\OneDrive Startup Task-S-1-5-21-4100307629-3901963809-4256482930-1001 => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\OneDriveLauncher.exe [684856 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {71FF5D10-38BC-4352-BF9E-03D4B1CE2610} - System32\Tasks\OneDrive Startup Task-S-1-5-21-4100307629-3901963809-4256482930-1002 => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\OneDriveLauncher.exe [684856 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Task: {C9EA9530-8FB3-4C63-BBC5-5BE2702E99E5} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-4100307629-3901963809-4256482930-1001 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [65536 2024-11-13] (Microsoft Windows -> Microsoft Corporation)
Task: {4AA93734-B2DB-4C4B-A7F6-D0F823562130} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-4100307629-3901963809-4256482930-1002 => {201600D8-6EFF-48CE-B842-E14D37A0682D} C:\WINDOWS\System32\wpninprc.dll [65536 2024-11-13] (Microsoft Windows -> Microsoft Corporation)
Task: {8CD659B5-5709-431B-A598-38110588252D} - System32\Tasks\VivaldiUpdateCheck-41b71b131096ea56 => C:\Users\***\AppData\Local\Vivaldi\Application\update_notifier.exe [3801712 2025-06-03] (Vivaldi Technologies AS -> Vivaldi Technologies AS) -> C:\Users\***\AppData\Local\Vivaldi\Application\--from-scheduler
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\MATLAB R2023a Startup Accelerator.job => C:\Program Files\MATLAB\R2023a\bin\win64\MATLABStartupAccelerator.exe C:\Program Files\MATLAB\R2023a***.Sta
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8dcfb674-c6b8-4314-8f3e-940cea9a446d}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{e93996b0-5ff0-4809-b9f6-9e835b703a2b}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{e93996b0-5ff0-4809-b9f6-9e835b703a2b}\14C647374716464786F64756C6: [DhcpNameServer] 192.168.188.2
Tcpip\..\Interfaces\{e93996b0-5ff0-4809-b9f6-9e835b703a2b}\14C647374716464786F64756C6: [DhcpDomain] intern
Tcpip\..\Interfaces\{e93996b0-5ff0-4809-b9f6-9e835b703a2b}\5535D42565131383: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{e93996b0-5ff0-4809-b9f6-9e835b703a2b}\E43434D213730313: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{e93996b0-5ff0-4809-b9f6-9e835b703a2b}\E43434D213730313: [DhcpDomain] fritz.box
Edge:
=======
Edge Profile: C:\Users\***\AppData\Local\Microsoft\Edge\User Data\Default [2025-05-31]
Edge DownloadDir: Default -> C:\Users\***\Downloads
Edge Extension: (Google Docs Offline) - C:\Users\***\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-01-14]
Edge Extension: (Edge relevant text changes) - C:\Users\***\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-03]
FireFox:
========
FF DefaultProfile: 6s498k82.default
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\6s498k82.default [2024-01-22]
FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\us935q3v.default-release [2025-06-09]
FF DownloadDir: C:\Users\***\Desktop
FF Session Restore: Mozilla\Firefox\Profiles\us935q3v.default-release -> is enabled.
FF Extension: (Language: English (US)) - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\us935q3v.default-release\Extensions\langpack-en-US@firefox.mozilla.org.xpi [2025-05-30]
FF Extension: (uBlock Origin) - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\us935q3v.default-release\Extensions\uBlock0@raymondhill.net.xpi [2025-05-30]
FF Extension: (NoScript) - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\us935q3v.default-release\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2025-05-30]
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2025-04-24] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4100307629-3901963809-4256482930-1002: SkypeForBusinessPlugin-16.2 -> C:\Users\***\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin HKU\S-1-5-21-4100307629-3901963809-4256482930-1002: SkypeForBusinessPlugin64-16.2 -> C:\Users\***\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.511\npGatewayNpapi-x64.dll [2019-08-03] (Microsoft Corporation -> Microsoft Corporation)
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Adobe Elements 2024 Update Service; C:\Program Files\Adobe\Elements 2024 Organizer\Adobe Elements 2024 Update Service.exe [374240 2024-06-16] (Adobe Inc. -> Adobe Systems Incorporated)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [174520 2025-03-21] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13724376 2025-05-27] (Microsoft Corporation -> Microsoft Corporation)
R2 DevicesTelemetryService; C:\WINDOWS\System32\DriverStore\FileRepository\devicestelemetryservicedriver.inf_amd64_76b122cc166d309c\DevicesTelemetryService.exe [1218776 2024-08-14] (Microsoft Corporation -> Microsoft Corporation)
R2 DolbyDAXAPI; C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_f99162a78d742d5a\DAX3API.exe [2732672 2024-09-03] (Dolby Laboratories, Inc. -> Dolby Laboratories)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncHelper.exe [3610416 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
S4 IDBWM; C:\WINDOWS\System32\drivers\Intel\ICPS\IDBWMService.exe [88304 2023-12-04] (Intel Corporation -> Intel® Corporation)
S4 Intel Analytics Service; C:\WINDOWS\System32\drivers\Intel\ICPS\IntelAnalyticsService.exe [2098928 2023-12-04] (Intel Corporation -> Intel)
S4 Intel Connectivity Network Service; C:\WINDOWS\System32\drivers\Intel\ICPS\IntelConnectivityNetworkService.exe [2597104 2023-12-04] (Intel Corporation -> Intel)
S4 Intel Provider Data Helper Service; C:\WINDOWS\System32\drivers\Intel\ICPS\IntelProviderDataHelperService.exe [714992 2023-12-04] (Intel Corporation -> Intel)
S2 Intel(R) Platform License Manager Service; C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_c25dbc60ad3b371a\lib\PlatformLicenseManagerService.exe [742904 2024-08-07] (Intel Corporation -> Intel(R) Corporation)
R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe [530520 2023-10-18] (Intel Corporation -> Intel)
S4 IntelConnectService; C:\WINDOWS\System32\drivers\Intel\ICPS\IntelConnectService.exe [88304 2023-12-04] (Intel Corporation -> Intel® Corporation)
R2 logi_lamparray_service; C:\WINDOWS\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_cdf3ca3c77d5f267\logi_lamparray_service.exe [9903656 2024-04-17] (Logitech Inc -> Logitech, Inc.)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MpDefenderCoreService.exe [2050904 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\25.085.0504.0002\OneDriveUpdaterService.exe [3862840 2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
S3 SurfaceExperienceService-5.102; C:\Program Files\WindowsApps\Microsoft.SurfaceAppProxy_5.102.139.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe [10810440 2024-12-05] (Microsoft Corporation -> Microsoft)
R2 SurfaceExperienceService-75.5150.121; C:\Program Files\WindowsApps\Microsoft.SurfaceHub_75.5150.121.0_x64__8wekyb3d8bbwe\Services\SurfaceBroker.exe [10813496 2025-05-30] (Microsoft Corporation -> Microsoft)
S4 SurfaceMachineLearningService; C:\WINDOWS\System32\DriverStore\FileRepository\surfacemachinelearningservicenulldriver.inf_amd64_dfacf8ee92d05888\SurfaceMLService.exe [93320520 2023-07-09] (Microsoft Corporation -> Microsoft)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\NisSrv.exe [4525976 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe [278304 2025-05-22] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [X]
S3 Futuremark SystemInfo Service; "C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe" [X]
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 AcxHdAudio; C:\WINDOWS\System32\drivers\AcxHdAudio.sys [581632 2024-11-13] (Microsoft Windows -> Microsoft Corporation)
R3 AX88179A; C:\WINDOWS\System32\DriverStore\FileRepository\axusbeth.inf_amd64_fcd2bee5508b3c4d\AxUsbEth.sys [168072 2024-08-13] (WDKTestCert asix,133111579530933026 -> ASIX Electronics Corp.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 fiio_usbaudio; C:\WINDOWS\System32\drivers\fiio_usbaudio.sys [430288 2024-01-10] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 fiio_usbaudioks; C:\WINDOWS\System32\drivers\fiio_usbaudioks.sys [55504 2024-01-10] (Microsoft Windows Hardware Compatibility Publisher -> )
R0 fse; C:\WINDOWS\System32\drivers\fse.sys [222528 2024-11-13] (Microsoft Windows -> Microsoft Corporation)
R3 iaisp64; C:\WINDOWS\System32\DriverStore\FileRepository\iaisp64.inf_amd64_d2b7382a5720d9a5\iaisp64.sys [50296 2025-03-18] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_GPIO2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_0e92b4646ab70162\iaLPSS2_GPIO2_ADL.sys [140976 2023-12-04] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_35ed2fd5a51c2bc2\iaLPSS2_I2C_ADL.sys [210608 2023-12-04] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_UART2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_uart2_adl.inf_amd64_cafb511c07eb2595\iaLPSS2_UART2_ADL.sys [319672 2023-12-04] (Intel Corporation -> Intel Corporation)
S4 INTCCoSvc; C:\WINDOWS\System32\drivers\Intel\ICPS\IntcCo11X64.sys [223984 2023-12-04] (Intel Corporation -> Intel Corporation)
R3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_bc398e7169495415\IntcUSB.sys [922712 2023-10-18] (Intel Corporation -> Intel(R) Corporation)
R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_19ceb7ce67a7cf8b\gna.sys [87208 2023-12-04] (Intel Corporation -> Intel Corporation)
R3 IntelTHCBase; C:\WINDOWS\System32\DriverStore\FileRepository\intelthcbase.inf_amd64_2812a3a8790ffe6b\IntelTHCBase.sys [189064 2023-12-04] (Intel Corporation -> Intel Corporation)
R3 KslD; C:\WINDOWS\System32\drivers\wd\KslD.sys [331168 2025-04-10] (Microsoft Windows -> Microsoft Corporation)
S2 l1vhlwf; C:\WINDOWS\System32\drivers\l1vhlwf.sys [144840 2025-04-09] (Microsoft Windows -> Microsoft Corporation)
R3 logi_lamparray; C:\WINDOWS\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_cdf3ca3c77d5f267\logi_lamparray.sys [98864 2024-04-17] (Logitech Inc -> Logitech, Inc.)
S3 msu56cx22x64; C:\WINDOWS\System32\DriverStore\FileRepository\msu56cx22x64sta.inf_amd64_a03b25d8a2ed6f60\msu56cx22x64.sys [1180104 2024-12-12] (Realtek Semiconductor Corp. -> Realtek Corporation)
R3 ov13858; C:\WINDOWS\System32\DriverStore\FileRepository\ov13858.inf_amd64_4382786dbe6d4ffa\ov13858.sys [223328 2025-03-18] (Intel Corporation -> Intel Corporation)
S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v3.3.2\Resources\ProtonVPN.CalloutDriver.sys [37768 2024-07-30] (Proton AG -> Proton Technologies AG)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R0 SurfaceAcpiPlatformExtensionDriver; C:\WINDOWS\System32\DriverStore\FileRepository\surfaceacpiplatformextensiondriver.inf_amd64_151c14702b170a0b\SurfaceAcpiPlatformExtensionDriver.sys [375272 2023-12-04] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceBattery; C:\WINDOWS\System32\DriverStore\FileRepository\surfacebattery.inf_amd64_5c1a67596cf7f35c\SurfaceBattery.sys [433048 2023-12-04] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceButton; C:\WINDOWS\System32\DriverStore\FileRepository\surfacebutton.inf_amd64_27ccc57de18927c5\SurfaceButton.sys [437704 2023-12-04] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceHotPlug; C:\WINDOWS\System32\DriverStore\FileRepository\surfacehotplug.inf_amd64_99bbb88ef4492402\SurfaceHotPlug.sys [497152 2024-05-14] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceIhvCpuSmfClient; C:\WINDOWS\System32\DriverStore\FileRepository\surfaceihvcpusmfclient.inf_amd64_17181cbfbca14430\SurfaceIhvCpuSmfClient.sys [463592 2023-10-29] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\WINDOWS\System32\DriverStore\FileRepository\surfaceintegrationdriver.inf_amd64_766140fbf78f702b\SurfaceIntegrationDriver.sys [465728 2024-12-19] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfacePenBleLcAddrAdaptationDriver; C:\WINDOWS\System32\DriverStore\FileRepository\surfacepenblelcaddradaptationdriver.inf_amd64_1ab186533b51d2bd\SurfacePenBleLcAddrAdaptationDriver.sys [320728 2024-05-23] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfacePowerStateDriver; C:\WINDOWS\System32\DriverStore\FileRepository\surfacepowerstate.inf_amd64_0481bcd6adf3d446\SurfacePowerStateDriver.sys [298800 2023-12-04] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfacePowerTrackerCore; C:\WINDOWS\System32\DriverStore\FileRepository\surfacepowertrackercore.inf_amd64_0c56c2f655a7e9d9\SurfacePowerTrackerCore.sys [472704 2023-10-29] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceSerialHubDriver; C:\WINDOWS\System32\DriverStore\FileRepository\surfaceserialhubdriver.inf_amd64_705b8f3c22f61737\SurfaceSerialHubDriver.sys [487248 2024-05-13] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceSmfClient; C:\WINDOWS\System32\DriverStore\FileRepository\surfacesmfclient.inf_amd64_fb869ec9417eee98\SurfaceSmfClient.sys [376344 2023-12-04] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceSmfDisplayClient; C:\WINDOWS\System32\DriverStore\FileRepository\surfacesmfdisplayclient.inf_amd64_1e70493c5bcabb57\SurfaceSmfDisplayClient.sys [315752 2023-12-04] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceSystemManagementFrameworkDriver; C:\WINDOWS\System32\DriverStore\FileRepository\surfacesystemmanagementframeworkdriver.inf_amd64_947bdc7a3ee6bca3\SurfaceSystemManagementFrameworkDriver.sys [616248 2023-12-04] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceSystemTelemetry; C:\WINDOWS\System32\DriverStore\FileRepository\surfacesystemtelemetrydriver.inf_amd64_e3bef63cf1f4acf1\SurfaceSystemTelemetryDriver.sys [578168 2024-05-17] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceThermalPolicy; C:\WINDOWS\System32\DriverStore\FileRepository\surfacethermalpolicy.inf_amd64_d30965280376555d\SurfaceThermalPolicy.sys [339368 2023-12-04] (Microsoft Corporation -> Microsoft Corporation)
R3 SurfaceTimeAlarmAcpiFilter; C:\WINDOWS\System32\DriverStore\FileRepository\surfacetimealarmacpifilter.inf_amd64_0017a19a183478b7\SurfaceTimeAlarmAcpiFilter.sys [276440 2023-12-04] (Microsoft Corporation -> Microsoft Corporation)
S3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
S3 ThermalFilter; C:\WINDOWS\System32\DriverStore\FileRepository\c_thermal.inf_amd64_732a53ed1662b707\ThermalFilter.sys [75376 2025-04-09] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
R3 vd55g0; C:\WINDOWS\System32\DriverStore\FileRepository\vd55g0.inf_amd64_2b810928b82e0fa5\vd55g0.sys [253024 2025-03-18] (Intel Corporation -> Intel Corporation)
S3 vmbusproxy; C:\WINDOWS\system32\drivers\vmbusproxy.sys [98304 2024-11-13] (Microsoft Windows -> Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [19984 2025-05-22] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [606568 2025-05-22] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [100736 2025-05-22] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2024-01-28] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-06-09 12:48 - 2025-06-09 12:49 - 000031770 _____ C:\Users\***\Desktop\FRST.txt
2025-06-09 12:47 - 2025-06-09 12:47 - 000000000 ____D C:\WINDOWS\Panther
2025-06-09 12:27 - 2025-06-09 12:48 - 000000000 ____D C:\FRST
2025-06-09 12:25 - 2025-06-09 12:25 - 002406912 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe
2025-06-09 12:17 - 2025-06-09 12:17 - 000000000 ____D C:\Users\***\Desktop\Backup
2025-06-09 02:28 - 2025-06-09 04:54 - 000000000 ____D C:\Users\***\AppData\Local\CrashDumps
2025-06-08 16:10 - 2025-06-09 12:46 - 000000000 ____D C:\Users\***\Desktop\Scanner Logs
2025-06-08 14:10 - 2025-06-08 16:24 - 000001392 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2025-06-08 14:10 - 2025-06-08 14:10 - 000000000 ____D C:\Users\***\AppData\Local\ESET
2025-06-07 22:50 - 2025-06-08 14:01 - 000000000 ____D C:\Program Files\Mozilla Thunderbird
2025-06-04 20:56 - 2025-06-04 20:56 - 000000000 ____D C:\Users\***\Desktop\06_Grid_Cutting_Tool
2025-06-04 02:58 - 2025-06-04 02:58 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2025-06-04 02:22 - 2025-06-04 02:22 - 000003136 _____ C:\Users\***\AppData\Local\recently-used.xbel
2025-05-30 19:40 - 2025-05-30 19:41 - 000000000 ____D C:\Users\***\Documents\Wichtige Backups
2025-05-30 16:11 - 2025-05-30 16:11 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2025-05-30 12:26 - 2025-06-04 15:31 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-05-28 03:41 - 2025-06-09 00:59 - 000000528 _____ C:\Users\***\.vivaldi_reporting_data
2025-05-28 03:41 - 2025-06-04 12:31 - 000000000 ____D C:\Users\***\AppData\Local\Vivaldi
2025-05-28 03:41 - 2025-06-04 12:27 - 000002409 _____ C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2025-05-28 03:41 - 2025-05-28 03:41 - 000003838 _____ C:\WINDOWS\system32\Tasks\VivaldiUpdateCheck-41b71b131096ea56
2025-05-21 19:15 - 2025-05-21 19:15 - 000049759 _____ C:\Users\***\Downloads\End2end_schematic_diffuse_intake.vsdx
2025-05-14 14:16 - 2025-06-09 04:54 - 000000000 ____D C:\WINDOWS\CbsTemp
2025-05-14 12:32 - 2025-05-14 12:32 - 000030998 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2025-05-14 12:32 - 2025-05-14 12:32 - 000030998 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2025-06-09 12:47 - 2024-11-13 03:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2025-06-09 12:47 - 2024-11-13 03:29 - 000006570 _____ C:\WINDOWS\system32\5E37410B-D6F1-471D-AE27-563CEAC0D6B2
2025-06-09 12:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemTemp
2025-06-09 12:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ServiceState
2025-06-09 12:47 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\AppReadiness
2025-06-09 12:47 - 2024-04-01 09:26 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-06-09 12:47 - 2023-10-11 02:27 - 000012288 ___SH C:\DumpStack.log.tmp
2025-06-09 12:46 - 2024-04-01 09:21 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2025-06-09 12:33 - 2024-04-01 09:24 - 000000000 ____D C:\WINDOWS\INF
2025-06-09 12:30 - 2024-01-23 01:38 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-06-09 12:21 - 2023-10-11 02:29 - 000002448 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-06-09 12:18 - 2024-11-13 03:36 - 000791274 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2025-06-09 06:13 - 2024-03-25 00:38 - 000000000 ___SD C:\Users\***\Nextcloud
2025-06-09 06:13 - 2024-03-24 19:53 - 000000000 ____D C:\Users\***\AppData\Roaming\Nextcloud
2025-06-09 06:12 - 2025-01-21 22:16 - 000000000 ____D C:\EEK
2025-06-09 04:52 - 2024-01-22 01:27 - 000000000 ____D C:\Users\***\AppData\Local\D3DSCache
2025-06-09 03:53 - 2024-01-27 21:58 - 000000000 ____D C:\Users\***\AppData\Local\D3DSCache
2025-06-09 02:43 - 2025-02-26 01:14 - 000000000 ____D C:\Users\***\Documents\My Games
2025-06-09 02:42 - 2024-03-28 19:31 - 000012067 _____ C:\Users\***\Documents\Akku_Recharge.xlsx
2025-06-09 02:40 - 2024-02-09 00:04 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Excel
2025-06-09 02:38 - 2024-04-01 09:26 - 000000000 ___HD C:\Program Files\WindowsApps
2025-06-09 02:38 - 2024-01-22 01:24 - 000000000 ____D C:\Users\***\AppData\Local\Packages
2025-06-09 02:37 - 2023-10-11 02:37 - 000000000 ____D C:\ProgramData\Packages
2025-06-09 02:24 - 2024-07-08 00:22 - 000000000 ____D C:\Users\***\AppData\Local\Blizzard Entertainment
2025-06-09 02:23 - 2024-01-23 02:04 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2025-06-09 02:23 - 2024-01-23 01:59 - 000000000 ____D C:\Users\***\AppData\Local\Steam
2025-06-08 16:19 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2025-06-08 14:01 - 2024-01-23 01:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-06-08 13:59 - 2024-04-01 09:26 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2025-06-08 05:52 - 2024-01-28 15:09 - 000000000 ____D C:\Users\***\AppData\Roaming\Signal
2025-06-08 03:51 - 2024-11-13 03:23 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2025-06-07 23:42 - 2024-03-20 01:25 - 000000000 ____D C:\Exchange
2025-06-07 23:24 - 2024-08-21 01:31 - 000001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2025-06-06 14:39 - 2024-01-28 15:54 - 000000000 ____D C:\Users\***\AppData\Roaming\Signal
2025-06-06 14:31 - 2024-06-13 16:49 - 000000000 ____D C:\Users\***\Documents\Citavi 6
2025-06-06 14:31 - 2024-03-05 20:19 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Word
2025-06-06 14:31 - 2024-01-31 03:21 - 000000000 ____D C:\Users\***\AppData\Local\CiscoSpark
2025-06-06 14:31 - 2024-01-27 21:58 - 000000000 ____D C:\Users\***\AppData\Local\Packages
2025-06-06 14:05 - 2024-02-19 10:57 - 000000000 ____D C:\ProgramData\boost_interprocess
2025-06-06 14:05 - 2024-01-31 03:21 - 000000000 ____D C:\Users\***\AppData\Local\WebEx
2025-06-06 12:41 - 2024-01-27 22:10 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Office
2025-06-04 15:31 - 2024-03-20 23:01 - 000000000 ____D C:\Program Files\Microsoft OneDrive
2025-06-04 15:30 - 2025-04-29 20:08 - 000001934 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nextcloud.lnk
2025-06-04 15:30 - 2025-04-29 20:08 - 000000000 ____D C:\Program Files\Nextcloud
2025-06-04 02:56 - 2023-10-11 02:33 - 000000000 ____D C:\Program Files\Microsoft Office
2025-06-04 02:22 - 2024-02-01 17:11 - 000000000 ____D C:\Users\***\AppData\Roaming\inkscape
2025-06-04 02:06 - 2024-02-01 17:11 - 000000000 ____D C:\Users\***\.dbus-keyrings
2025-06-03 12:27 - 2025-02-06 18:26 - 000003552 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-4100307629-3901963809-4256482930-1002
2025-06-03 12:27 - 2025-02-06 18:26 - 000003552 _____ C:\WINDOWS\system32\Tasks\OneDrive Startup Task-S-1-5-21-4100307629-3901963809-4256482930-1001
2025-06-03 12:27 - 2024-11-13 03:33 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4100307629-3901963809-4256482930-1002
2025-06-03 12:27 - 2024-11-13 03:33 - 000003596 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4100307629-3901963809-4256482930-1001
2025-06-03 12:27 - 2024-11-13 03:33 - 000003194 _____ C:\WINDOWS\system32\Tasks\OneDrive Per-Machine Standalone Update Task
2025-06-03 12:27 - 2024-03-20 02:16 - 000002142 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-05-30 16:11 - 2024-01-23 01:38 - 000001075 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-05-30 15:54 - 2024-05-22 23:30 - 000000000 ____D C:\Users\***\AppData\Roaming\texstudio
2025-05-29 00:49 - 2024-02-19 17:11 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\Excel
2025-05-28 19:02 - 2024-01-27 22:10 - 000000000 ____D C:\Users\***\AppData\Roaming\Microsoft\PowerPoint
2025-05-28 17:33 - 2024-11-13 03:25 - 000000000 ____D C:\Users\***
2025-05-25 14:32 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\SecurityHealth
2025-05-25 14:22 - 2024-01-31 03:21 - 000000000 ____D C:\Users\***\AppData\Local\CiscoSparkLauncher
2025-05-25 14:21 - 2024-11-13 03:23 - 000001623 _____ C:\WINDOWS\system32\config\VSMIDK
2025-05-22 23:14 - 2023-10-11 02:27 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2025-05-20 10:33 - 2024-11-13 03:33 - 000003536 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2025-05-20 10:33 - 2024-11-13 03:33 - 000003410 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2025-05-19 00:12 - 2024-12-02 17:39 - 000002490 ____H C:\Users\***\Documents\Default.rdp
2025-05-16 14:04 - 2024-04-27 15:26 - 000041480 _____ C:\WINDOWS\system32\OV5693.aiqd
2025-05-14 15:13 - 2024-11-13 03:23 - 000517440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2025-05-14 15:12 - 2024-11-13 12:18 - 000000000 ____D C:\WINDOWS\InboxApps
2025-05-14 15:12 - 2024-11-13 12:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\en-GB
2025-05-14 15:12 - 2024-04-01 10:08 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\UUS
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemResources
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\SystemApps
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\setup
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\oobe
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\migwiz
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\Dism
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\DDFs
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\system32\appraiser
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\ShellExperiences
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\Provisioning
2025-05-14 15:12 - 2024-04-01 09:26 - 000000000 ____D C:\WINDOWS\bcastdvr
2025-05-14 14:43 - 2024-01-22 01:30 - 000000000 ____D C:\WINDOWS\system32\MRT
2025-05-14 14:38 - 2024-01-22 01:30 - 214836568 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2025-05-14 12:32 - 2024-11-13 03:26 - 003369984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-06-2025
Ran by *** (09-06-2025 12:50:00)
Running from C:\Users\***\Desktop
Microsoft Windows 11 Home Version 24H2 26100.4061 (X64) (2024-11-13 01:34:01)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-4100307629-3901963809-4256482930-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4100307629-3901963809-4256482930-503 - Limited - Disabled)
Guest (S-1-5-21-4100307629-3901963809-4256482930-501 - Limited - Disabled)
*** (S-1-5-21-4100307629-3901963809-4256482930-1001 - Administrator - Enabled) => C:\Users\***
*** (S-1-5-21-4100307629-3901963809-4256482930-1002 - Administrator - Enabled) => C:\Users\***
WDAGUtilityAccount (S-1-5-21-4100307629-3901963809-4256482930-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat (64-bit) (HKLM\...\{AC76BA86-1031-1033-7760-BC15014EA700}) (Version: 25.001.20474 - Adobe)
Adobe Photoshop Elements 2024 (HKLM-x32\...\PSE_24_3) (Version: 24.0 - Adobe Inc.)
Adobe Refresh Manager (HKLM-x32\...\{AC76BA86-0804-1033-1959-018244601110}) (Version: 1.8.0 - Adobe Systems Incorporated) Hidden
Asian Language And Spelling Dictionaries Support For Adobe Acrobat Reader (HKLM\...\{AC76BA86-7AD7-0000-0000-BC17084FC500}) (Version: 23.008.20421 - Adobe Systems Incorporated)
Cisco Webex Meetings (HKU\S-1-5-21-4100307629-3901963809-4256482930-1002\...\ActiveTouchMeetingClient) (Version: 43.12.0 - Cisco Webex LLC)
Citavi 6 (HKLM-x32\...\{6A331045-8FF4-4BC9-9C56-E593ACAE28C2}) (Version: 6.19.2.1 - Lumivero, LLC)
FiiO Portable High-Res Music Player series v5.62.0 (HKLM\...\{D4E144D8-0E1D-4748-9510-48C650DB319E}) (Version: 5.62.0 - FiiO)
Inkscape (HKLM\...\{2AB0D298-5B41-4C70-BB32-46F153F7A1BF}) (Version: 1.3.2 - Inkscape)
KONICA MINOLTA Universal V4 PCL (HKLM\...\KONICA MINOLTA Universal V4 PCL) (Version: - KONICA MINOLTA)
MATLAB R2023a (HKLM\...\MATLAB R2023a) (Version: 9.14 - MathWorks)
Microsoft .NET Host - 5.0.3 (x64) (HKLM\...\{46BE0468-18E5-4BF3-9373-92BB9082C8B6}) (Version: 40.12.29722 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 5.0.3 (x64) (HKLM\...\{44B62A02-2BA8-4882-BC0F-B0050A052283}) (Version: 40.12.29722 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.3 (x64) (HKLM\...\{ACA0A1BB-E1DC-4CE9-8A36-D985EBC75CCF}) (Version: 40.12.29722 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 5.0.3 (x64) (HKLM-x32\...\{b31a87b9-6221-49be-83b4-e1aac673c551}) (Version: 5.0.3.29722 - Microsoft Corporation)
Microsoft 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.18827.20128 - Microsoft Corporation)
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18827.20128 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 137.0.3296.68 - Microsoft Corporation)
Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 137.0.3296.68 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKLM\...\OneDriveSetup.exe) (Version: 25.085.0504.0002 - Microsoft Corporation)
Microsoft OneNote - de-de (HKLM\...\OneNoteFreeRetail - de-de) (Version: 16.0.18827.20128 - Microsoft Corporation)
Microsoft OneNote - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 16.0.18827.20128 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.25.08601 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40664 (HKLM-x32\...\{042d26ef-3dbe-4c25-95d3-4c1b11b235a7}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 (HKLM-x32\...\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}) (Version: 12.0.40664.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.40664 (HKLM\...\{010792BA-551A-3AC0-A7EF-0FAB4156C382}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.40664 (HKLM\...\{53CF6934-A98D-3D84-9146-FC4EDF3D5641}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 (HKLM-x32\...\{D401961D-3A20-3AC7-943B-6139D5BD490A}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 (HKLM-x32\...\{8122DAB1-ED4D-3676-BB0A-CA368196543E}) (Version: 12.0.40664 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.42.34433 (HKLM-x32\...\{804e7d66-ccc2-4c12-84ba-476da31d103d}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.42.34433 (HKLM-x32\...\{e7802eac-3305-4da0-9378-e55d1ed05518}) (Version: 14.42.34433.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.42.34433 (HKLM\...\{E1902FC6-C423-4719-AB8A-AC7B2694B367}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.42.34433 (HKLM\...\{382F1166-A409-4C5B-9B1E-85ED538B8291}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.42.34433 (HKLM-x32\...\{84E3E712-6343-484B-8B6C-9F145F019A70}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.42.34433 (HKLM-x32\...\{C2BB95AA-90F3-4891-81C1-A7E565BB836C}) (Version: 14.42.34433 - Microsoft Corporation) Hidden
MiKTeX (HKU\S-1-5-21-4100307629-3901963809-4256482930-1002\...\MiKTeX) (Version: 24.1 - MiKTeX.org)
Mozilla Firefox (x64 de) (HKLM\...\Mozilla Firefox 139.0.1 (x64 de)) (Version: 139.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 128.1.0 - Mozilla)
Mozilla Thunderbird (x64 de) (HKLM\...\Mozilla Thunderbird 128.11.0 (x64 de)) (Version: 128.11.0 - Mozilla)
Nextcloud (HKLM\...\{C85D4BC5-BCBE-470D-9E7F-AF1CD130C922}) (Version: 3.16.5.20250602 - Nextcloud GmbH)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18827.20102 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18827.20128 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0407-1000-0000000FF1CE}) (Version: 16.0.18827.20102 - Microsoft Corporation) Hidden
Siemens NX (HKLM\...\{C0C625C8-F0D7-4FFB-965B-A600F8933159}) (Version: 22.06.1700.00000 - Siemens)
Signal 7.56.1 (HKU\S-1-5-21-4100307629-3901963809-4256482930-1001\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 7.56.1 - Signal Messenger, LLC)
Signal 7.56.1 (HKU\S-1-5-21-4100307629-3901963809-4256482930-1002\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 7.56.1 - Signal Messenger, LLC)
Skype Meetings App (HKLM-x32\...\{BC1D9E47-8927-4AA1-A891-7763BC2475B7}) (Version: 16.2.0.511 - Microsoft Corporation)
TeXstudio - TeXstudio is a fully featured LaTeX editor. (HKLM\...\TeXstudio) (Version: 4.8.6 - Benito van der Zander)
Vivaldi (HKU\S-1-5-21-4100307629-3901963809-4256482930-1002\...\Vivaldi) (Version: 7.4.3684.46 - Vivaldi Technologies AS.)
Webex (HKLM\...\{364B559D-C99A-548E-80A2-1B12542FFCBF}) (Version: 44.1.0.28423 - Cisco Systems, Inc)
WireGuard (HKLM\...\{2FDB79CE-5193-4A39-82BB-E00158CC1533}) (Version: 0.5.3 - WireGuard LLC)
Packages:
=========
@{MicrosoftWindows.55182690.Taskbar_1000.26100.3775.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.55182690.Taskbar/Resources/ProductPkgDisplayName} -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-14] (Microsoft Windows)
Adobe Acrobat Reader -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Assets [2025-04-22] ()
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2025-02-27] (INTEL CORP) [Startup Task]
Click to Do (preview) -> C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CoreAI_cw5n1h2txyewy [2025-05-14] (Microsoft Windows)
Dolby Access OEM -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccessOEM_3.27.2830.0_x64__rz1tebttyb220 [2025-05-30] (Dolby Laboratories)
Dolby Digital Plus decoder for PC OEMs -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyDigitalPlusDecoderOEM_1.1.285.0_x64__rz1tebttyb220 [2025-02-27] (Dolby Laboratories)
Dolby Vision Extensions -> C:\Program Files\WindowsApps\DolbyLaboratories.DolbyVisionAccess_2.20500.483.0_x64__rz1tebttyb220 [2025-04-16] (Dolby Laboratories)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.850.1840.0_x64__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Ink.Handwriting.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.en-US.1.0_0.850.1840.0_x86__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Ink.Handwriting.Main.en-US.1.0 -> C:\Program Files\WindowsApps\Microsoft.Ink.Handwriting.Main.en-US.1.0.1_0.850.1840.0_x64__8wekyb3d8bbwe [2025-05-02] (Microsoft Corporation)
Intel® Connectivity Performance Suite -> C:\Program Files\WindowsApps\AppUp.IntelConnectivityPerformanceSuite_2.1123.505.0_x64__8j3eq9eme6ctt [2024-01-27] (INTEL CORP) [Startup Task]
Journal -> C:\Program Files\WindowsApps\Microsoft.MicrosoftJournal_1.25150.49.0_x64__8wekyb3d8bbwe [2025-06-05] (Microsoft Corporation)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2504.16004.0_x64__8wekyb3d8bbwe [2025-04-21] (Microsoft Corporation) [Startup Task]
Microsoft Teams Play Together -> C:\Program Files\WindowsApps\Microsoft.TeamsXboxGameBarWidget_1.2401.2901.0_x64__8wekyb3d8bbwe [2024-04-16] (Microsoft Corporation)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_55.20331.573.0_x64__8wekyb3d8bbwe [2025-04-09] (Microsoft Corporation)
Microsoft.Edge.GameAssist -> C:\Program Files\WindowsApps\Microsoft.Edge.GameAssist_1.0.3336.0_x64__8wekyb3d8bbwe [2025-06-05] (Microsoft Corporation)
Microsoft.StartExperiencesApp -> C:\Program Files\WindowsApps\Microsoft.StartExperiencesApp_1.22.2.0_x64__8wekyb3d8bbwe [2025-05-28] (Microsoft Corporation)
OfficePushNotificationsUtility -> C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16 [2025-06-04] ()
Reader Notification Client -> C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2024-03-25] (Adobe Systems Incorporated)
SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0 [2025-06-05] (Spotify AB) [Startup Task]
Surface -> C:\Program Files\WindowsApps\Microsoft.SurfaceHub_75.5150.121.0_x64__8wekyb3d8bbwe [2025-05-30] (Microsoft Corporation)
Surface Management Extension -> C:\Program Files\WindowsApps\Microsoft.SurfaceAppProxy_5.102.139.0_x64__8wekyb3d8bbwe [2024-12-05] (Microsoft Corporation)
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.373.1736.0_x64__8wekyb3d8bbwe [2025-01-29] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_7000.498.2246.0_x64__8wekyb3d8bbwe [2025-05-28] (Microsoft Corp.)
Windows Feature Experience Pack -> C:\WINDOWS\SystemApps\SxS\MicrosoftWindows.55182690.Taskbar_cw5n1h2txyewy [2025-05-14] (Microsoft Windows)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-4100307629-3901963809-4256482930-1001_Classes\CLSID\{0047ADBE-9F73-CAFE-3A65-ACE857BB2020}\localserver32 -> C:\Program Files\Adobe\Elements 2024 Organizer\Elements Auto Creations 2024.exe (Adobe Inc. -> Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-4100307629-3901963809-4256482930-1001_Classes\CLSID\{0047ADBE-9F73-CAFE-3A65-ACE857BB2024}\localserver32 -> C:\Program Files\Adobe\Elements 2024 Organizer\Elements Auto Creations 2024.exe (Adobe Inc. -> Adobe Systems Incorporated)
CustomCLSID: HKU\S-1-5-21-4100307629-3901963809-4256482930-1001_Classes\CLSID\{30DCA639-E65C-4F0C-98F5-0D432B654955}\InprocServer32 -> C:\Program Files\Mozilla Thunderbird\notificationserver.dll (Mozilla Corporation -> Mozilla Foundation)
CustomCLSID: HKU\S-1-5-21-4100307629-3901963809-4256482930-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe (Adobe Inc. -> Adobe)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [ NextcloudError] -> {E0342B74-7593-4C70-9D61-22F294AAFE05} => C:\Program Files\Nextcloud\NCOverlays.dll [2025-04-28] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudOK] -> {E1094E94-BE93-4EA2-9639-8475C68F3886} => C:\Program Files\Nextcloud\NCOverlays.dll [2025-04-28] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudOKShared] -> {E243AD85-F71B-496B-B17E-B8091CBE93D2} => C:\Program Files\Nextcloud\NCOverlays.dll [2025-04-28] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudSync] -> {E3D6DB20-1D83-4829-B5C9-941B31C0C35A} => C:\Program Files\Nextcloud\NCOverlays.dll [2025-04-28] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers: [ NextcloudWarning] -> {E4977F33-F93A-4A0A-9D3C-83DEA0EE8483} => C:\Program Files\Nextcloud\NCOverlays.dll [2025-04-28] (Nextcloud GmbH -> Nextcloud GmbH)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers3: [NextcloudContextMenuHandler] -> {BC6988AB-ACE2-4B81-84DC-DC34F9B24401} => C:\Program Files\Nextcloud\NCContextMenu.dll [2025-04-28] (Nextcloud GmbH -> Nextcloud GmbH)
ContextMenuHandlers4: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers5: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileSyncShell64.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2024-02-03 13:39 - 2010-04-24 06:00 - 000336896 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMLMA2.DLL
2024-02-03 13:40 - 2012-06-14 18:18 - 000359936 _____ (CANON INC.) [File not signed] C:\WINDOWS\System32\CNMN6PPM.DLL
2023-10-11 02:35 - 2023-10-11 02:35 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\AppvIsvSubsystems64.dll] C:\Program Files\Microsoft Office\Root\Office16\AppVIsvSubsystems64.dll
2023-10-11 02:35 - 2023-10-11 02:35 - 000000000 ____L (Microsoft Corporation) [symlink -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\C2R64.dll] C:\Program Files\Microsoft Office\Root\Office16\c2r64.dll
==================== Alternate Data Streams (Whitelisted) ========
==================== Safe Mode (Whitelisted) ==================
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) =============
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2025-06-03] (Microsoft Corporation -> Microsoft Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-4100307629-3901963809-4256482930-1002\...\sharepoint.com -> hxxps://***.sharepoint.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2022-05-07 07:24 - 2022-05-07 07:22 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4100307629-3901963809-4256482930-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img19.jpg
HKU\S-1-5-21-4100307629-3901963809-4256482930-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\***\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
Network Binding:
=============
Wi-Fi: Intel(R) Wi-Fi 6E AX211 160MHz -> Netwtw14.sys
Ethernet 3: ASIX USB to Gigabit Ethernet Family Adapter -> AxUsbEth.sys
vms_vsf: Hyper-V Virtual Switch Extension Filter
ms_l1vhlwf: Nested Network Virtualization
vms_vsp: Hyper-V Virtual Switch Extension Protocol
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "FiiO Control Panel Autostart.lnk"
HKLM\...\StartupApproved\Run: => "AdobePSE24AutoAnalyzer"
HKU\S-1-5-21-4100307629-3901963809-4256482930-1001\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_B61073CA21D4843E892239215E794014"
HKU\S-1-5-21-4100307629-3901963809-4256482930-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4100307629-3901963809-4256482930-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4100307629-3901963809-4256482930-1001\...\StartupApproved\Run: => "GogGalaxy"
HKU\S-1-5-21-4100307629-3901963809-4256482930-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_D107E4BC9B1B43026836B2DB446BF632"
HKU\S-1-5-21-4100307629-3901963809-4256482930-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4100307629-3901963809-4256482930-1002\...\StartupApproved\Run: => "CiscoMeetingDaemon"
HKU\S-1-5-21-4100307629-3901963809-4256482930-1002\...\StartupApproved\Run: => "Adobe Acrobat Synchronizer"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{662F1766-AE18-4115-BD32-BF9C89C26523}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe => No File
FirewallRules: [TCP Query User{59A6D30A-0B59-4576-A6FF-3773DAE2E9CC}C:\program files (x86)\battle.net\battle.net.exe] => (Allow) C:\program files (x86)\battle.net\battle.net.exe => No File
FirewallRules: [UDP Query User{4F0D75BC-CA46-4716-9E8A-ED57362D3EAE}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [TCP Query User{02966568-C76A-4B13-9741-E0611F23FDC2}C:\program files (x86)\overwatch\_retail_\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\_retail_\overwatch.exe => No File
FirewallRules: [UDP Query User{B6DDAA49-F20E-4E5B-8011-D62D56FAFF50}C:\gog games\settlers 3 ultimate\s3.exe] => (Allow) C:\gog games\settlers 3 ultimate\s3.exe => No File
FirewallRules: [TCP Query User{B1C0BD72-3BA9-42A6-A204-53E4CF40DA43}C:\gog games\settlers 3 ultimate\s3.exe] => (Allow) C:\gog games\settlers 3 ultimate\s3.exe => No File
FirewallRules: [UDP Query User{EB0EF2FF-C18E-42D2-9544-24F780872D96}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [TCP Query User{FF4772C4-CEA1-47BE-997D-CA0AE9BC7607}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [UDP Query User{2FB025FE-6BC6-4D3F-B24B-BF1E0D83397D}C:\users\***\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\***\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{C5A64E83-993B-4846-AF8F-939D13251600}C:\users\***\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe] => (Allow) C:\users\***\appdata\local\microsoft\skypeforbusinessplugin\16.2.0.511\pluginhost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C57A8CD8-37C1-40E7-AC38-9C25415B0AF3}] => (Allow) C:\Program Files\Siemens\NX2206\NXBIN\simcenter3d.exe (Siemens Industry Software Inc. -> Siemens Industry Software Inc.)
FirewallRules: [{DD5F8A60-1313-4503-B54D-522889656207}] => (Allow) C:\Program Files\Siemens\NX2206\NXBIN\ugraf.exe (Siemens Industry Software Inc. -> Siemens Industry Software Inc.)
FirewallRules: [{46894B82-9E6B-4FE4-B4F7-EF682E039440}] => (Allow) C:\Program Files\Siemens\NX2206\AUTOMATION_DESIGNER\adagent\Siemens.IndustrialElectricalDesign.ELDAgentUI.exe (Siemens AG) [File not signed]
FirewallRules: [UDP Query User{78C74FA7-79FE-4762-977B-4421ECFC2C7A}C:\users\***\appdata\local\programs\signal-desktop\signal.exe] => (Allow) C:\users\***\appdata\local\programs\signal-desktop\signal.exe (Signal Messenger, LLC -> Signal Messenger, LLC)
FirewallRules: [TCP Query User{FD203855-6159-48A2-B2C0-1726A4F1749C}C:\users\***\appdata\local\programs\signal-desktop\signal.exe] => (Allow) C:\users\***\appdata\local\programs\signal-desktop\signal.exe (Signal Messenger, LLC -> Signal Messenger, LLC)
FirewallRules: [{890A130F-C236-49D6-95A2-49DE92A4465A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe => No File
FirewallRules: [{4A736397-6910-4BF9-932C-15BEC83333A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\3DMark\bin\x64\3DMark.exe => No File
FirewallRules: [{A7DFD623-1B23-49EF-9682-99C806AE3C06}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{A37F42DB-03C7-43A1-8ED7-11DB7A546209}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe => No File
FirewallRules: [{7D132802-5564-4245-B676-072EF97CC43F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{6B7CE97B-080B-492B-BBA1-E53DACD6931E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe => No File
FirewallRules: [{2E627133-B88E-458D-A371-54D9E24C78CF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{D04362EA-5374-41BA-93C2-162E7A545CC1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{C9696AE8-CFD6-47F4-B8C8-3F38B912E4AA}] => (Allow) C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForAndroid_2302.40000.9.0_x64__8wekyb3d8bbwe\WsaClient\WsaClient.exe => No File
FirewallRules: [TCP Query User{378C9E64-FD17-448E-A761-8E5E9886A5AE}C:\users\***\appdata\local\programs\signal-desktop\signal.exe] => (Allow) C:\users\***\appdata\local\programs\signal-desktop\signal.exe (Signal Messenger, LLC -> Signal Messenger, LLC)
FirewallRules: [UDP Query User{F2C3BB77-23BB-4FF2-B577-EE3EF0381D7D}C:\users\***\appdata\local\programs\signal-desktop\signal.exe] => (Allow) C:\users\***\appdata\local\programs\signal-desktop\signal.exe (Signal Messenger, LLC -> Signal Messenger, LLC)
FirewallRules: [{6A9D78CD-2CC9-4554-B4AA-0E3BFD96016F}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24348.803.3361.7776_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{D445AF76-451F-4263-AC5A-D25C1F81FF02}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24348.803.3361.7776_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-V2] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [FPS-SpoolWorker-In-TCP-NoScope] => (Allow) C:\WINDOWS\system32\spoolsvworker.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{E0CF126E-C33E-4502-B8AF-D88CECE36793}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1D8578DB-BE1B-4C74-AADB-9DA0D9513BED}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25094.310.3616.953_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{AB0C713F-24E8-4A93-8FBF-ABD19CF53B7B}] => (Allow) C:\Program Files\WindowsApps\MSTeams_25094.310.3616.953_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{E3CB2C51-AB9D-4964-8B2B-89DCCA92DB6A}C:\users\***\appdata\local\vivaldi\application\vivaldi.exe] => (Block) C:\users\***\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [UDP Query User{694C8EC9-2274-4EB1-8F74-F7C5CC40A534}C:\users\***\appdata\local\vivaldi\application\vivaldi.exe] => (Block) C:\users\***\appdata\local\vivaldi\application\vivaldi.exe (Vivaldi Technologies AS -> Vivaldi Technologies AS)
FirewallRules: [{3E8A6F66-61EC-4B04-824F-70F146728DA9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F0B3C049-BC8B-40A4-9BB3-A0B47B9618EE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{624A42B2-9255-44C2-9B0D-AABCABD8CC35}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{E0D5E2FE-6F98-4EEF-9FC1-D94290154DD3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B75E0531-10E2-4766-BEC2-07C018CE8ADD}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F64E1829-A575-41B7-A5D0-7FCD2217E708}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{5A63DA43-0778-4698-BD49-AA29D559242F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{193C4EAA-9D48-44D1-8C7A-6903AAB1CA35}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{B8C03E53-144B-4903-9C3D-2D50B87234BF}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{97D9A718-260E-4C89-9B09-903B40B13843}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.265.255.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{32B0E19D-9C8C-40B8-82A1-FEB29F2CEA9B}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\137.0.3296.68\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)
==================== Restore Points =========================
04-06-2025 02:56:48 Windows Update
09-06-2025 02:26:49 Removed Futuremark SystemInfo
==================== Faulty Device Manager Devices ============
==================== Event log errors: ========================
Application errors:
==================
Error: (06/09/2025 04:53:38 AM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: The program Taskmgr.exe version 10.0.26100.3912 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
Error: (06/09/2025 04:52:18 AM) (Source: Application Error) (EventID: 1005) (User: ***)
Description: a2emergencykit.exe0xc00000980x0
Error: (06/09/2025 04:52:18 AM) (Source: Application Error) (EventID: 1000) (User: ***)
Description: Faulting application name: a2emergencykit.exe, version: 0.0.0.0, time stamp: 0x6765c33f
Faulting module name: ntdll.dll, version: 10.0.26100.4061, time stamp: 0x1d4ecf98
Exception code: 0xc0000006
Fault offset: 0x000000000008c6cc
Faulting process id: 0x228c
Faulting application start time: 0x1dbd8e30755bf14
Faulting application path: F:\EEK\bin64\a2emergencykit.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 3bbc2bee-4a69-4809-9208-a8a4b3c0eb1f
Faulting package full name:
Faulting package-relative application ID:
Error: (06/09/2025 03:51:43 AM) (Source: Application Error) (EventID: 1000) (User: ***)
Description: Faulting application name: a2emergencykit.exe, version: 0.0.0.0, time stamp: 0x6765c33f
Faulting module name: ntdll.dll, version: 10.0.26100.4061, time stamp: 0x1d4ecf98
Exception code: 0xc0000005
Fault offset: 0x00000000000898d9
Faulting process id: 0x3568
Faulting application start time: 0x1dbd8da6ddca923
Faulting application path: F:\EEK\bin64\a2emergencykit.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 48eddc7c-c729-4a04-be1c-698bcc931fcf
Faulting package full name:
Faulting package-relative application ID:
Error: (06/09/2025 02:37:45 AM) (Source: Application Error) (EventID: 1000) (User: ***)
Description: Faulting application name: GalaxyClient.exe, version: 2.0.77.22, time stamp: 0x66cc3d7a
Faulting module name: Qt5Network.dll, version: 5.15.2.0, time stamp: 0x5fa4dd7a
Exception code: 0xc0000005
Fault offset: 0x0006a5ca
Faulting process id: 0x49ec
Faulting application start time: 0x1dbd8d6b5e3ad13
Faulting application path: C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe
Faulting module path: C:\Program Files (x86)\GOG Galaxy\Qt5Network.dll
Report Id: 3f2ebac2-d93a-4706-8d56-6bb14cb95be7
Faulting package full name:
Faulting package-relative application ID:
Error: (06/09/2025 02:28:39 AM) (Source: Application Error) (EventID: 1000) (User: ***)
Description: Faulting application name: GalaxyClient Helper.exe, version: 2.0.77.22, time stamp: 0x66cc3b2e
Faulting module name: ucrtbase.dll, version: 10.0.26100.4061, time stamp: 0xc5be9f96
Exception code: 0xc0000409
Fault offset: 0x0002da51
Faulting process id: 0x3e48
Faulting application start time: 0x1dbd8d571d3dab2
Faulting application path: C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 24f2b625-a229-44d2-a342-6f9a259de29e
Faulting package full name:
Faulting package-relative application ID:
Error: (06/09/2025 02:28:33 AM) (Source: Application Error) (EventID: 1000) (User: ***)
Description: Faulting application name: GalaxyClient Helper.exe, version: 2.0.77.22, time stamp: 0x66cc3b2e
Faulting module name: ucrtbase.dll, version: 10.0.26100.4061, time stamp: 0xc5be9f96
Exception code: 0xc0000409
Fault offset: 0x0002da51
Faulting process id: 0x52f4
Faulting application start time: 0x1dbd8d56ea99d21
Faulting application path: C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: fdbe5f45-afb6-49eb-ad68-d34cf35cd48a
Faulting package full name:
Faulting package-relative application ID:
Error: (06/09/2025 02:28:28 AM) (Source: Application Error) (EventID: 1000) (User: ***)
Description: Faulting application name: GalaxyClient Helper.exe, version: 2.0.77.22, time stamp: 0x66cc3b2e
Faulting module name: ucrtbase.dll, version: 10.0.26100.4061, time stamp: 0xc5be9f96
Exception code: 0xc0000409
Fault offset: 0x0002da51
Faulting process id: 0x46b4
Faulting application start time: 0x1dbd8d56b72efe4
Faulting application path: C:\Program Files (x86)\GOG Galaxy\GalaxyClient Helper.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report Id: 3a79f87e-3922-4796-b451-849b5f88dfbf
Faulting package full name:
Faulting package-relative application ID:
System errors:
=============
Error: (06/09/2025 12:47:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The l1vhlwf service failed to start due to the following error:
A hypervisor feature is not available to the user.
Error: (06/09/2025 12:44:55 PM) (Source: DCOM) (EventID: 10001) (User: ***)
Description: Unable to start a DCOM Server: NcsiUwpApp_1000.25128.1000.0_neutral_neutral_8wekyb3d8bbwe!App.AppXw175g9nmx2zykh9fyt6xjc0xf8vmj1w6.mca as Unavailable/Unavailable. The error:
"2147942402"
Happened while starting this command:
"C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXxw3e32mpkfkfbh0tznpwwqfw96t0tfx6.mca
Error: (06/09/2025 12:44:26 PM) (Source: DCOM) (EventID: 10000) (User: ***)
Description: Unable to start a DCOM Server: {94269C4E-071A-4116-90E6-52E557067E4E}. The error:
"2147942522"
Happened while starting this command:
"C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileCoAuth.exe" -Embedding
Error: (06/09/2025 12:44:26 PM) (Source: DCOM) (EventID: 10000) (User: ***)
Description: Unable to start a DCOM Server: {94269C4E-071A-4116-90E6-52E557067E4E}. The error:
"2147942522"
Happened while starting this command:
"C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileCoAuth.exe" -Embedding
Error: (06/09/2025 12:44:26 PM) (Source: DCOM) (EventID: 10000) (User: ***)
Description: Unable to start a DCOM Server: {94269C4E-071A-4116-90E6-52E557067E4E}. The error:
"2147942522"
Happened while starting this command:
"C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileCoAuth.exe" -Embedding
Error: (06/09/2025 12:44:26 PM) (Source: DCOM) (EventID: 10000) (User: ***)
Description: Unable to start a DCOM Server: {94269C4E-071A-4116-90E6-52E557067E4E}. The error:
"2147942522"
Happened while starting this command:
"C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileCoAuth.exe" -Embedding
Error: (06/09/2025 12:39:29 PM) (Source: DCOM) (EventID: 10000) (User: ***)
Description: Unable to start a DCOM Server: {07CA83F0-DF06-4E67-89DD-E80924A49512}. The error:
"2147942522"
Happened while starting this command:
"C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileCoAuth.exe" -Embedding
Error: (06/09/2025 12:22:03 PM) (Source: DCOM) (EventID: 10000) (User: ***)
Description: Unable to start a DCOM Server: {94269C4E-071A-4116-90E6-52E557067E4E}. The error:
"2147942522"
Happened while starting this command:
"C:\Program Files\Microsoft OneDrive\25.085.0504.0002\FileCoAuth.exe" -Embedding
Windows Defender:
================
Date: 2025-06-08 14:24:19
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: RPC connection rundown
Date: 2025-06-08 02:58:13
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: RPC connection rundown
Date: 2025-06-08 02:40:50
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: RPC connection rundown
Date: 2025-06-08 02:22:42
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: RPC connection rundown
Date: 2025-06-06 01:15:01
Description:
Microsoft Defender Antivirus scan has been stopped before completion.
Scan Type: Antimalware
Scan Parameters: Quick Scan
Stop Reason: Scheduled scan was skipped because the last successful scan was within the last 7 days
Event[0]
Date: 2025-02-26 00:12:39
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.423.78.0
Update Source: Microsoft Update Server
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.25010.7
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
Date: 2025-01-07 03:41:05
Description:
Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
Date: 2024-12-28 23:02:46
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.985.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2024-12-28 23:02:46
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.985.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
Date: 2024-12-28 23:02:46
Description:
Microsoft Defender Antivirus has encountered an error trying to update security intelligence.
New security intelligence Version:
Previous security intelligence Version: 1.421.985.0
Update Source: Microsoft Malware Protection Center
Security intelligence Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.24090.11
Error code: 0x80072ee7
Error description: The server name or address could not be resolved
CodeIntegrity:
===============
Date: 2025-06-09 12:47:28
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.25040.2-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\ControlLib.dll that did not meet the Custom 3 / Antimalware signing level requirements.
==================== Memory info ===========================
BIOS: Microsoft Corporation 19.114.143 03/13/2025
Motherboard: Microsoft Corporation Surface Pro 9
Processor: 12th Gen Intel(R) Core(TM) i7-1255U
Percentage of memory in use: 37%
Total physical RAM: 16208.3 MB
Available physical RAM: 10210.34 MB
Total Virtual: 23888.3 MB
Available Virtual: 18052.49 MB
==================== Drives ================================
Drive c: (Local Disk) (Fixed) (Total:929.86 GB) (Free:570.8 GB) (Model: Corsair MP600 MINI) (Protected) NTFS
Drive f: (USB) (Removable) (Total:28.62 GB) (Free:22.82 GB) FAT32
\\?\Volume{f122c07d-f462-49f9-8251-82f64605d699}\ (Windows RE tools) (Fixed) (Total:1.39 GB) (Free:0.62 GB) NTFS
\\?\Volume{f15227f5-415f-4596-92b7-5414b338e375}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0C635D9F)
Partition: GPT.
==========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 28.6 GB) (Disk ID: EC789828)
Partition 1: (Active) - (Size=28.6 GB) - (Type=FAT32)
==================== End of Addition.txt =======================
|
|
09.06.2025, 15:25
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Eventuell Fund durch Emsisoft Emergency Kit Das sind alles Fehlalarme.
__________________Der Fund in Thunderbird ist irrelevant, weil man immer mit Spam rechnen muss, der virulenten Anhang tragen kann. Einfach solche Mails löschen und den Virenscanner nicht in den Dateien herumsuchen lassen. Also regelmäßig aufräumen und alle Ordner mit Thunderbird komprimieren
__________________ Geändert von cosinus (09.06.2025 um 15:35 Uhr) |
|
Gestern, 16:57
| #3 |
| | Eventuell Fund durch Emsisoft Emergency Kit Lieber Cosinus,
__________________vielen Dank für die Einschätzung, das ist sehr beruhigend. Jetzt bin ich aber noch neugierig: Hilft denn das Komprimieren der Ordner im Thunderbird, um solche Schädlinge einzudämmen? |
|
Gestern, 19:29
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Eventuell Fund durch Emsisoft Emergency Kit Nein. Das Komprimieren ist auch eigentlich der falsche Begriff, aber der wurde so gewählt. Aus Effizienzgründen werden nicht einzelne sondern viele Mails in einer Textdatei von Thunderbird angelegt. Wenn du nun eine Mail löscht, sorgt das nur dafür, dass Thunderbird diese nicht mehr anzeigt. Erst beim Komprmieren löscht Thunderbird den eigentlichen Inhalt aus seinen MBOX-Dateien. Und eben weil beim normalen/einfachen Löschen auch Mails mit virulentem Anhang drinbleiben kann es sein, dass Virenscanner dort noch Schädlinge anzeigen. Schlimmer noch: wenn Virenscanner und Anwender das nicht begreifen was da los ist, kann es sein, dass der Virenscanner einfach eine ganze MBOX-Datei löscht und somit alle E-Mail in einem Unterordner komplett weg sind.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Eventuell Fund durch Emsisoft Emergency Kit |
| adware, antivirus, browser, desktop, failed, firefox, google, home, internet, internet explorer, mozilla, port, problem, realtek, registry, scan, software, stick, svchost.exe, system, trojan, udp, usb, virus, windows |
Linear-Darstellung
