SPAM PDF attachement eMail

Status
Not open for further replies.

vmouse3

New Member
Thread author
Feb 4, 2024
2
Today I double clicked on a SPAM *.PDF attachement from well disguised spam (noreply @ booking.com - was not the original sender) landed in the regular INBOX.
Using Mozilla Thunderbird in the latest version with the built in preview of PDF in Mozilla Thunderbird as a standard setting to preview PDFs.
Got a message like "Kein PDF" after clicking on the file. Hope that message was a good sign?
Hope that the probability that (unwanted) process was further executed are low.
Did a Full-Scan with Win10 and Mircosoft Defender Offline indicating 0 threats.
 
  • Like
Reactions: [correlate]

nasdaq

Super Moderator
Verified
Staff Member
Nov 5, 2019
1,599
Hello, Welcome to MalwareTips.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

In order to give you sound advice I need additional information.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Ensure that you are in an Administrator Account
Double-click to run it. When the tool opens click Yes to disclaimer.
Check the boxes as seen here:
L7kNU5y.jpg[ Press Scan button.
Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Please attach the logs for my review.
How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
[img=[URL]http://deeprybka.trojaner-board.de/eset/eng/attachlogs.png[/URL]]

Wait for further instructions

p.s.
This program is updated often.
If it's identified as suspicious by your Anti-Virus program trust it if Downloaded from the link I provided.
OR, you should restore the program from the Quarantine folder.
====
 

vmouse3

New Member
Thread author
Feb 4, 2024
2
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.02.2024 01
Ran by valentin (administrator) on DESKTOP-D44CAGN (LENOVO 20HES2SF00) (05-02-2024 16:39:51)
Running from C:\Users\valentin\Downloads\FRST64English.exe.exe
Loaded Profiles: valentin
Platform: Microsoft Windows 10 Education Version 22H2 19045.3930 (X64) Language: Deutsch (Deutschland)
Default browser: FF
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> ) C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
(C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Crash Processor.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe ->) (OpenJS Foundation -> Node.js) C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
(C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3>
(C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(C:\Program Files\Tablet\Wacom\WacomHost.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corp. -> Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(C:\Program Files\Tablet\Wacom\WTabletServicePro.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(explorer.exe ->) (Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(explorer.exe ->) (Aruba S.p.A. -> Aruba Spa) C:\Users\valentin\.asdk\web\arubasdk.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <13>
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(explorer.exe ->) (Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe <4>
(explorer.exe ->) (Notepad++ -> Don HO don.h@free.fr) C:\Program Files (x86)\Notepad++\notepad++.exe
(explorer.exe ->) (Palo Alto Networks -> Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64_4839_64bit.inf_amd64_d6aee56abac60177\igfxEM.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <15>
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(services.exe ->) (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.) C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
(services.exe ->) (ETH Zürich -> ETH Zurich) C:\Program Files (x86)\SafeExamBrowser\SebWindowsServiceWCF\SebWindowsServiceWCF.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_d372a4ea3b959b1c\aesm_service.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_c28b7f61e3210448\LMS.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64_4839_64bit.inf_amd64_d6aee56abac60177\igfxCUIService.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64_4839_64bit.inf_amd64_d6aee56abac60177\IntelCpHDCPSvc.exe
(services.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64_4839_64bit.inf_amd64_d6aee56abac60177\IntelCpHeciSvc.exe
(services.exe ->) (Lenovo -> Lenovo Group Limited) C:\Windows\SysWOW64\Lenovo\PowerMgr\EasyResume.exe
(services.exe ->) (Lenovo -> Lenovo) C:\Windows\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_7b52940a5893ba07\x64\ibmpmsvc.exe
(services.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe
(services.exe ->) (Palo Alto Networks -> Palo Alto Networks) C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(services.exe ->) (TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Wacom Technology Corporation -> Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
(svchost.exe ->) (Adobe Systems Incorporated -> ) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64_4839_64bit.inf_amd64_d6aee56abac60177\igfxext.exe
(svchost.exe ->) (Lenovo -> Lenovo) C:\Windows\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [MouseDriver] => TiltWheelMouse.exe (No File)
HKLM\...\Run: [bit4id csp store register (M x64)] => "RUNDLL32.EXE" "C:\WINDOWS\system32\bit4upki-store.dll",RunImportServer [265936 2017-03-29] (Bit4id -> bit4id srl)
HKLM\...\Run: [GlobalProtect] => C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe [10458464 2020-10-20] (Palo Alto Networks -> Palo Alto Networks)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [708496 2015-06-18] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [bit4id csp store register (M)] => "C:\WINDOWS\SysWOW64\RUNDLL32.EXE" "C:\WINDOWS\system32\bit4upki-store.dll",RunImportServer [213712 2017-03-29] (Bit4id -> bit4id srl)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2021-08-04] (Adobe Inc. -> )
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1131488 2023-12-12] (Adobe Inc. -> Adobe Inc.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
HKU\S-1-5-21-3959226384-3271273401-3608281751-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [44486048 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
HKU\S-1-5-21-3959226384-3271273401-3608281751-1001\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [193544 2024-01-12] (Adobe Inc. -> Adobe Inc.)
HKU\S-1-5-21-3959226384-3271273401-3608281751-1001\...\Run: [launchOnStartup] => C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe /launchViaAutoStart (No File)
HKU\S-1-5-21-3959226384-3271273401-3608281751-1001\...\Run: [ArubaSdk] => "C:\Users\valentin\.asdk\web\arubasdk.exe" "arubasdk://hxxps:/localhost/" (No File)
HKU\S-1-5-21-3959226384-3271273401-3608281751-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [8731040 2024-01-13] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-3959226384-3271273401-3608281751-1001\...\Run: [Microsoft Edge Update] => C:\Users\valentin\AppData\Local\Microsoft\EdgeUpdate\1.3.183.29\MicrosoftEdgeUpdateCore.exe [267832 2024-01-30] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-3959226384-3271273401-3608281751-1001\...\Run: [MicrosoftEdgeAutoLaunch_2C543C4CE8BC00615DBEE9644479832A] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3788840 2024-02-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Windows x64\Print Processors\Canon MG5300 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDAT.DLL [30208 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\Windows\System32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5300 series: C:\Windows\System32\CNMLMAT.DLL [385024 2012-03-14] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\121.0.6167.140\Installer\chrmstp.exe [2024-02-02] (Google LLC -> Google LLC)
HKU\S-1-5-21-3959226384-3271273401-3608281751-1001\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {5B57C73F-D748-40C6-81BA-2B823631AF02} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {21315BEC-3317-4F48-B3EE-72287BC80DC1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1566200 2023-09-21] (Adobe Inc. -> Adobe Inc.)
Task: {DC6B4F60-DBA1-47C9-A3D6-7E3F0D98B8B3} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-D44CAGN-valentin => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {0616EFCC-2F66-4929-9A77-5D25905C2EC9} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [4096992 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {C3251877-32F1-4454-8359-1AB4C7B8ADB6} - System32\Tasks\Adobe-Genuine-Software-Integrity-Scheduler-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [4434400 2023-11-07] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {401590DF-DF14-4E17-86D9-4A0E7554A080} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [714256 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {C66EDE3E-0034-434D-913C-6E0A4CBD5B83} - System32\Tasks\CCleanerCrashReporting => C:\Program Files\CCleaner\CCleanerBugReport.exe [4703648 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software) -> --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "5616deb5-6733-4eb3-bae0-46b055980eea" --version "6.19.10858" --silent
Task: {842FC606-FBA3-484B-8BAA-FF34BC4B0B51} - System32\Tasks\CCleanerSkipUAC - valentin => C:\Program Files\CCleaner\CCleaner.exe [37458848 2023-12-05] (PIRIFORM SOFTWARE LIMITED -> Piriform Software Ltd)
Task: {F27345C9-9358-4B06-A100-3D437FF65AC5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-23] (Google Inc -> Google Inc.)
Task: {5F364C75-406F-46BE-98B4-971E00E0EA6C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153168 2018-03-23] (Google Inc -> Google Inc.)
Task: {0A14DAC2-BFCB-493F-9E07-84DE0E6BD555} - System32\Tasks\Lenovo\Power Manager\Background monitor => C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\PowerMgr.exe [129016 2022-12-04] (Lenovo -> Lenovo)
Task: {2BA21516-D714-4A09-9173-BC1F8C98B08B} - System32\Tasks\Lenovo\Power Manager\Uninstall task => C:\WINDOWS\SysWOW64\PowerMgrInst.exe [65016 2022-12-04] (Lenovo -> )
Task: {DDF2E756-B2F4-428D-A586-1A7EC980992A} - System32\Tasks\Microsoft\Windows\Display\Brightness\BrightnessReset => {2755524D-68F2-4B39-A816-9DB31839C897}
Task: {80AFAE68-38E3-45B9-87D8-E5386968D9C9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {29CC73E8-D1E1-4215-A8BE-0098A0C8F30B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {891D3FB5-B212-44B5-8654-2946473C0B16} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {502D7D0C-0219-4BD7-AEDB-FEAF68AFE1A4} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe [1608808 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {5AC3FD19-ECC1-47AD-88AB-D5D79AA4E518} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3959226384-3271273401-3608281751-1001Core{D28B0D63-06FE-4A82-9901-5F064DE78DD1} => C:\Users\valentin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206264 2022-12-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {4C7D0260-DB31-46C1-ADFD-744F483CA74C} - System32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3959226384-3271273401-3608281751-1001UA{BF663133-6FDF-4D08-A3E3-AB0DBF3BD909} => C:\Users\valentin\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe [206264 2022-12-15] (Microsoft Corporation -> Microsoft Corporation)
Task: {DDE64576-ED05-4FDA-80F6-841170E16DEA} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671648 2024-01-27] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {FF4B750A-0A41-4037-833F-A74E042CFD49} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-01-27] (Mozilla Corporation -> Mozilla Foundation)
Task: {A4FC594A-2742-4967-BB93-5115C2294C27} - System32\Tasks\RtHDVBg_Dolby => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618912 2022-05-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {64AA4176-AEA3-445F-A0AB-DDFFC84BE873} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618912 2022-05-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {E0F7829F-A99F-4640-BAFD-18DD3917E1E3} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [3618912 2022-05-17] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
Task: {11F8F9E4-4137-430D-9250-0CE3A261958F} - System32\Tasks\RtsCM => %windir%\RtsCM64.exe (No File)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CCleanerCrashReporting.job => C:\Program Files\CCleaner\CCleanerBugReport.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.59.223
Tcpip\..\Interfaces\{9542a29d-8532-4a84-b2d5-42ba38740281}: [DhcpNameServer] 212.186.211.21 195.34.133.21
Tcpip\..\Interfaces\{de7e0277-bcce-4939-846b-da451b3dadd0}: [DhcpNameServer] 192.168.59.223
Tcpip\..\Interfaces\{de7e0277-bcce-4939-846b-da451b3dadd0}\641696270786F6E6560233021405F563535323: [DhcpNameServer] 192.168.135.156
Tcpip\..\Interfaces\{de7e0277-bcce-4939-846b-da451b3dadd0}\64259445A51224F68702534393030214E4: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{de7e0277-bcce-4939-846b-da451b3dadd0}\64259445A51224F68702534393030214E4: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{de7e0277-bcce-4939-846b-da451b3dadd0}\65F6461666F6E656D253936343: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{de7e0277-bcce-4939-846b-da451b3dadd0}\65F6461666F6E656D4F62696C65675966496D2433423144323: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{de7e0277-bcce-4939-846b-da451b3dadd0}\65F6461666F6E656D4F62696C65675966496D2433423144323: [DhcpDomain] VodafoneMobile.wifivodafonemobile.api

Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\valentin\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-05]
Edge Notifications: Default -> hxxps://www.druck.at
Edge Extension: (Google Docs Offline) - C:\Users\valentin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-20]
Edge Extension: (Edge relevant text changes) - C:\Users\valentin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-27]

FireFox:
========
FF DefaultProfile: 5p5mcmla.default
FF ProfilePath: C:\Users\valentin\AppData\Roaming\Mozilla\Firefox\Profiles\5p5mcmla.default [2024-02-05]
FF Homepage: Mozilla\Firefox\Profiles\5p5mcmla.default -> hxxps://duckduckgo.com/
FF Extension: (Keepa - Amazon Price Tracker) - C:\Users\valentin\AppData\Roaming\Mozilla\Firefox\Profiles\5p5mcmla.default\Extensions\amptra@keepa.com.xpi [2022-12-14]
FF Extension: (Coupert - Coupon Assistent & Cashback) - C:\Users\valentin\AppData\Roaming\Mozilla\Firefox\Profiles\5p5mcmla.default\Extensions\appledev@soarinfotech.com.xpi [2024-01-16]
FF Extension: (SaveFrom.net Helfer) - C:\Users\valentin\AppData\Roaming\Mozilla\Firefox\Profiles\5p5mcmla.default\Extensions\helper@savefrom.net.xpi [2024-01-16]
FF Extension: (Privacy Badger) - C:\Users\valentin\AppData\Roaming\Mozilla\Firefox\Profiles\5p5mcmla.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2023-12-07]
FF Extension: (uBlock Origin) - C:\Users\valentin\AppData\Roaming\Mozilla\Firefox\Profiles\5p5mcmla.default\Extensions\uBlock0@raymondhill.net.xpi [2024-01-08]
FF Extension: (Kostenloser VPN Proxy und Werbeblocker - Planet VPN) - C:\Users\valentin\AppData\Roaming\Mozilla\Firefox\Profiles\5p5mcmla.default\Extensions\{1935b298-ac62-11ec-b909-0242ac120002}.xpi [2024-01-10]
FF Extension: (Return YouTube Dislike) - C:\Users\valentin\AppData\Roaming\Mozilla\Firefox\Profiles\5p5mcmla.default\Extensions\{762f9885-5a13-4abd-9c77-433dcd38b8fd}.xpi [2023-12-14]
FF Extension: (Video DownloadHelper) - C:\Users\valentin\AppData\Roaming\Mozilla\Firefox\Profiles\5p5mcmla.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2024-01-10]
FF Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\valentin\AppData\Roaming\Mozilla\Firefox\Profiles\5p5mcmla.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2024-01-27]
FF Extension: (Öffne Biet-O-Matic BE) - C:\Users\valentin\AppData\Roaming\Mozilla\Firefox\Profiles\5p5mcmla.default\Extensions\{ffa25be1-b079-4bbc-92da-0e5594c99fb2}.xpi [2021-01-23]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-05-02]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2023-12-12] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-01-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2024-01-13] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2023-12-12] (Adobe Inc. -> Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\valentin\AppData\Local\Google\Chrome\User Data\Default [2024-02-05]
CHR Extension: (Adobe Acrobat: Werkzeuge zum Bearbeiten, Konvertieren und Signieren von PDF-Dateien) - C:\Users\valentin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2023-03-03]
CHR Extension: (Google Docs Offline) - C:\Users\valentin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-02-14]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\valentin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-27]
CHR Profile: C:\Users\valentin\AppData\Local\Google\Chrome\User Data\System Profile [2024-01-19]
CHR HKU\S-1-5-21-3959226384-3271273401-3608281751-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2023-09-21] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2023-12-12] (Adobe Inc. -> Adobe Inc.)
R2 Dolby DAX2 API Service; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [189464 2020-06-02] (Dolby Laboratories, Inc. -> Dolby Laboratories, Inc.)
R2 IBMPMSVC; C:\WINDOWS\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_7b52940a5893ba07\x64\ibmpmsvc.exe [1031024 2023-06-20] (Lenovo -> Lenovo)
R2 Lenovo Instant On; C:\WINDOWS\SysWOW64\Lenovo\PowerMgr\EasyResume.exe [2352344 2022-12-04] (Lenovo -> Lenovo Group Limited)
S2 LPlatSvc; C:\WINDOWS\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_7b52940a5893ba07\x64\LPlatSvc.exe [915824 2023-06-20] (Lenovo -> Lenovo)
R2 PanGPS; C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe [6873440 2020-10-20] (Palo Alto Networks -> Palo Alto Networks)
R2 SebWindowsServiceWCF; C:\Program Files (x86)\SafeExamBrowser\SebWindowsServiceWCF\SebWindowsServiceWCF.exe [406344 2019-02-22] (ETH Zürich -> ETH Zurich)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-14] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [14802240 2022-09-14] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2023-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [File not signed]
R3 IBMPMDRV; C:\WINDOWS\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_7b52940a5893ba07\x64\ibmpmdrv.sys [56128 2023-06-20] (Lenovo -> Lenovo)
R3 MpKsl05c0bb83; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1629943F-0567-4E69-B491-D5E5E13ADFF1}\MpKslDrv.sys [263560 2024-02-05] (Microsoft Windows -> Microsoft Corporation)
S3 PanGpd; C:\WINDOWS\system32\DRIVERS\pangpd.sys [67728 2020-10-20] (Palo Alto Networks -> Palo Alto Networks Inc.)
R1 PMDRVS; C:\WINDOWS\System32\DriverStore\FileRepository\ibmpmdrv.inf_amd64_7b52940a5893ba07\x64\pmdrvs.sys [41792 2023-06-20] (Lenovo -> Lenovo)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2023-06-09] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2015-06-18] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [55856 2023-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [594304 2023-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2023-12-07] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-02-05 16:31 - 2024-02-05 16:32 - 000048814 _____ C:\Users\valentin\Downloads\Addition.txt
2024-02-05 16:29 - 2024-02-05 16:40 - 000029645 _____ C:\Users\valentin\Downloads\FRST.txt
2024-02-05 16:27 - 2024-02-05 16:40 - 000000000 ____D C:\FRST
2024-02-05 16:26 - 2024-02-05 16:26 - 002389504 _____ (Farbar) C:\Users\valentin\Downloads\FRST64English.exe.exe
2024-02-05 14:23 - 2024-02-05 14:23 - 000363090 _____ C:\Users\valentin\Downloads\SBB - Nr. 19653 - Steuererklärung Mod. Redditi - 20.10.2023.pdf
2024-02-05 12:46 - 2024-02-05 12:46 - 000362241 _____ C:\Users\valentin\Downloads\WTB - Nr. 454 - Kursveranstaltung - 01.02.2024.pdf
2024-02-05 12:46 - 2024-02-05 12:46 - 000012746 _____ C:\Users\valentin\Downloads\Mod. REDDITI Bestätigung 2023 Steuerjahr 2022.pdf
2024-02-05 12:22 - 2024-02-05 12:22 - 000712416 _____ C:\Users\valentin\Downloads\osmodul-master(1).zip
2024-02-05 11:49 - 2024-02-05 11:49 - 003362224 _____ C:\Users\valentin\Downloads\gdpr_documentation-2.pdf
2024-02-05 09:38 - 2024-02-05 09:41 - 000000000 ___HD C:\$WinREAgent
2024-02-04 20:28 - 2024-02-04 20:28 - 083886080 _____ C:\WINDOWS\system32\config\SOFTWARE
2024-02-04 20:22 - 2024-02-04 20:28 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2024-02-04 18:51 - 2024-02-04 18:51 - 000000000 ___HD C:\$SysReset
2024-01-31 17:31 - 2024-01-31 17:31 - 000010023 _____ C:\Users\valentin\Downloads\Invoice_no_104109-135661-20240103_on_2024-01-03_-1.pdf
2024-01-31 17:30 - 2024-01-31 17:30 - 000010023 _____ C:\Users\valentin\Downloads\Invoice_no_104109-135661-20240103_on_2024-01-03_.pdf
2024-01-27 18:10 - 2024-02-04 20:28 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-01-27 11:43 - 2024-01-27 11:43 - 000261463 _____ C:\Users\valentin\Downloads\SUED_DMRICHTLINIEN_BADGE.pdf
2024-01-24 19:36 - 2024-01-26 17:55 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2024-01-22 17:47 - 2024-01-22 17:47 - 000019169 _____ C:\Users\valentin\Downloads\gdpr_configuration(4).json
2024-01-22 17:46 - 2024-01-22 17:46 - 000019169 _____ C:\Users\valentin\Downloads\gdpr_configuration(3).json
2024-01-22 17:44 - 2024-01-22 17:44 - 000020007 _____ C:\Users\valentin\Downloads\gdpr_configuration(2).json
2024-01-22 15:50 - 2024-01-19 18:44 - 000269962 _____ C:\Users\valentin\Desktop\grundriss-residence-astoria-neu.pdf
2024-01-22 11:04 - 2024-01-22 11:04 - 000044319 _____ C:\Users\valentin\Desktop\css-astoria-neu.css
2024-01-21 12:37 - 2024-01-21 12:37 - 000074551 _____ C:\Users\valentin\Downloads\golden_graph.zip
2024-01-19 18:11 - 2024-01-19 18:11 - 000001064 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 2024.lnk
2024-01-19 14:17 - 2024-01-19 14:17 - 001437654 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files (separate 01) 18-01-2024-01.svg
2024-01-18 08:58 - 2024-01-18 08:58 - 000000000 ____D C:\Users\valentin\Desktop\download
2024-01-17 20:07 - 2024-01-17 20:07 - 000247040 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files (2) 17-01-2024.pdf
2024-01-17 20:01 - 2024-01-17 20:01 - 000112728 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files (separate) 17-01-2024-09(1).ai
2024-01-17 19:58 - 2024-01-17 19:58 - 000110714 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files (separate) 17-01-2024-08.ai
2024-01-17 19:55 - 2024-01-17 19:55 - 000112728 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files (separate) 17-01-2024-09.ai
2024-01-17 19:26 - 2024-01-17 19:27 - 000709527 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files (2) 17-01-2024-01.svg
2024-01-17 19:20 - 2024-01-17 19:20 - 001270243 _____ C:\Users\valentin\Downloads\Wohnungen SVG (1).svg
2024-01-17 19:15 - 2024-01-17 19:15 - 001270243 _____ C:\Users\valentin\Downloads\Wohnungen SVG .svg
2024-01-17 17:52 - 2024-01-17 17:52 - 000292195 _____ C:\Users\valentin\Downloads\tinified(5).zip
2024-01-17 17:00 - 2024-01-17 17:00 - 000247863 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files (1) 17-01-2024 copy-4.pdf
2024-01-16 19:41 - 2024-01-16 19:41 - 000246238 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files (2) 16-01-2024-1.pdf
2024-01-16 19:39 - 2024-01-16 19:39 - 000250384 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files (2) 16-01-2024.ai
2024-01-16 19:29 - 2024-01-16 19:29 - 000246238 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files (2) 16-01-2024.pdf
2024-01-16 19:12 - 2024-01-16 19:18 - 000019354 _____ C:\Users\valentin\Desktop\biref-gemeinde-gebäude.odt
2024-01-16 19:04 - 2024-01-16 19:04 - 000730380 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files - 16-01-2024(2).svg
2024-01-16 18:58 - 2024-01-16 18:58 - 000730380 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files - 16-01-2024(1).svg
2024-01-16 18:57 - 2024-01-16 18:57 - 000246591 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files (1) 16-01-2024.pdf
2024-01-16 17:30 - 2024-01-16 17:30 - 000274576 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files - 16-01-2024.svg
2024-01-16 17:30 - 2024-01-16 17:30 - 000249862 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files (1) 16-01-2024.ai
2024-01-16 16:11 - 2024-01-16 16:11 - 000721053 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files (1)-01(2).svg
2024-01-16 16:11 - 2024-01-16 16:11 - 000249469 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files (1).ai
2024-01-15 18:49 - 2024-01-15 18:49 - 000721053 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files (1)-01(1).svg
2024-01-15 18:48 - 2024-01-15 18:48 - 000249469 _____ C:\Users\valentin\Downloads\Wohnungen SVG Filesxy.ai
2024-01-15 18:35 - 2024-01-15 18:35 - 000721053 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files (1)-01.svg
2024-01-15 17:47 - 2024-01-15 17:47 - 000250395 _____ C:\Users\valentin\Downloads\Wohnungen SVG Files.svg
2024-01-14 11:00 - 2024-01-14 11:00 - 006692827 _____ C:\Users\valentin\Downloads\convert_forms_4.2.5_pro(1).zip
2024-01-14 10:46 - 2024-01-14 10:46 - 000020791 _____ C:\Users\valentin\Downloads\Convert Forms Item (unverbindliche_anfrage).cnvf
2024-01-14 09:31 - 2024-01-14 09:31 - 001324460 _____ C:\Users\valentin\Downloads\extensionmanager-v9.0.0.zip
2024-01-13 20:34 - 2024-01-13 20:34 - 000560036 _____ C:\Users\valentin\Downloads\ignitegallery-component-5-0-4(1).zip
2024-01-13 18:16 - 2024-01-13 18:17 - 000000022 _____ C:\Users\valentin\Downloads\tinified(4).zip
2024-01-13 17:15 - 2019-02-26 20:30 - 000000870 _____ C:\Users\valentin\Desktop\custom.css
2024-01-13 16:23 - 2024-01-13 16:23 - 000006365 _____ C:\Users\valentin\Downloads\W5-4.pdf
2024-01-13 16:04 - 2024-01-13 16:04 - 000000022 _____ C:\Users\valentin\Downloads\tinified(3).zip
2024-01-13 15:51 - 2024-01-13 15:51 - 000006365 _____ C:\Users\valentin\Downloads\W5-3.pdf
2024-01-13 15:50 - 2024-01-13 15:50 - 000006365 _____ C:\Users\valentin\Downloads\W5-2.pdf
2024-01-13 15:46 - 2024-01-13 15:46 - 000006365 _____ C:\Users\valentin\Downloads\W5-1.pdf
2024-01-13 15:45 - 2024-01-13 15:45 - 000006047 _____ C:\Users\valentin\Downloads\W3.pdf
2024-01-13 11:29 - 2024-01-13 11:29 - 000007230 _____ C:\Users\valentin\Downloads\W2-7.pdf
2024-01-13 11:29 - 2024-01-13 11:29 - 000007230 _____ C:\Users\valentin\Downloads\W2-6.pdf
2024-01-13 11:26 - 2024-01-13 11:26 - 000007319 _____ C:\Users\valentin\Downloads\W4.pdf
2024-01-13 11:22 - 2024-01-13 11:22 - 000006365 _____ C:\Users\valentin\Downloads\W5.pdf
2024-01-13 11:10 - 2024-01-13 11:10 - 000006444 _____ C:\Users\valentin\Downloads\W1-3.pdf
2024-01-13 11:01 - 2024-01-13 11:01 - 000006444 _____ C:\Users\valentin\Downloads\W1-2.pdf
2024-01-13 10:50 - 2024-01-13 10:50 - 000007230 _____ C:\Users\valentin\Downloads\W2-5.pdf
2024-01-13 10:50 - 2024-01-13 10:50 - 000006444 _____ C:\Users\valentin\Downloads\W1-1.pdf
2024-01-13 10:49 - 2024-01-13 10:49 - 000006444 _____ C:\Users\valentin\Downloads\W1.pdf
2024-01-12 08:36 - 2024-01-12 08:36 - 000006866 _____ C:\Users\valentin\Downloads\W2-4.pdf
2024-01-11 22:22 - 2024-01-11 22:22 - 006692827 _____ C:\Users\valentin\Downloads\convert_forms_4.2.5_pro.zip
2024-01-11 22:00 - 2024-01-11 22:00 - 000006866 _____ C:\Users\valentin\Downloads\W2-3.pdf
2024-01-11 21:57 - 2024-01-11 21:57 - 000006442 _____ C:\Users\valentin\Downloads\W1 -9.pdf
2024-01-11 20:36 - 2024-01-11 20:36 - 000006866 _____ C:\Users\valentin\Downloads\W2-2.pdf
2024-01-11 19:38 - 2024-01-11 19:38 - 000006442 _____ C:\Users\valentin\Downloads\W1 -8.pdf
2024-01-11 19:33 - 2024-01-11 19:33 - 000006866 _____ C:\Users\valentin\Downloads\W2-1.pdf
2024-01-11 19:33 - 2024-01-11 19:33 - 000006442 _____ C:\Users\valentin\Downloads\W1 -7.pdf
2024-01-11 18:49 - 2024-01-11 18:49 - 000006442 _____ C:\Users\valentin\Downloads\W1 -6.pdf
2024-01-11 18:34 - 2024-01-11 18:34 - 000006866 _____ C:\Users\valentin\Downloads\W2.pdf
2024-01-11 18:31 - 2024-01-11 18:31 - 000006442 _____ C:\Users\valentin\Downloads\W1 -5.pdf
2024-01-11 18:28 - 2024-01-11 18:28 - 000006442 _____ C:\Users\valentin\Downloads\W1 -4.pdf
2024-01-11 18:26 - 2024-01-11 18:26 - 000006442 _____ C:\Users\valentin\Downloads\W1 -3.pdf
2024-01-11 18:24 - 2024-01-11 18:24 - 000006442 _____ C:\Users\valentin\Downloads\W1 -2.pdf
2024-01-11 18:21 - 2024-01-11 18:21 - 000006442 _____ C:\Users\valentin\Downloads\W1 -1.pdf
2024-01-11 15:11 - 2024-01-11 15:11 - 000006819 _____ C:\Users\valentin\Downloads\W1 .pdf
2024-01-11 12:17 - 2024-01-11 12:17 - 009268101 _____ C:\Users\valentin\Downloads\yootheme_j_4.2.11.zip
2024-01-09 15:50 - 2024-01-09 15:50 - 000174570 _____ C:\Users\valentin\Downloads\Wohnungen-Astoria.pdf
2024-01-09 12:41 - 2024-01-09 12:41 - 000042474 _____ C:\Users\valentin\Downloads\5382287.pdf
2024-01-09 12:39 - 2024-01-09 12:39 - 000056795 _____ C:\Users\valentin\Downloads\5771961.pdf
2024-01-08 19:10 - 2024-01-31 21:17 - 000000000 ____D C:\Users\valentin\Desktop\pension-astoria-neu
2024-01-08 16:54 - 2024-01-08 16:54 - 000095099 _____ C:\Users\valentin\Desktop\AF01 1_24.pdf
2024-01-08 16:07 - 2024-01-08 16:07 - 000094969 _____ C:\Users\valentin\Desktop\TD17_20240108_160658.pdf
2024-01-08 12:14 - 2024-01-08 12:14 - 000352886 _____ C:\Users\valentin\Desktop\293433777795.htm
2024-01-06 11:42 - 2024-01-06 11:42 - 002766248 _____ C:\Users\valentin\Downloads\Richtlinien - Anlage A - Vorhaben und Objekte-1.pdf
2024-01-06 11:42 - 2024-01-06 11:42 - 000310321 _____ C:\Users\valentin\Downloads\Preisliste-2023_maximal_anerkennbare_Kosten-1.pdf

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-02-05 16:32 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-02-05 16:25 - 2020-11-21 08:59 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-05 16:25 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-05 15:57 - 2021-12-18 22:45 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-05 15:57 - 2018-03-23 09:05 - 000000000 ____D C:\Program Files (x86)\Google
2024-02-05 14:09 - 2018-05-07 22:01 - 000000000 ____D C:\Users\valentin\Desktop\pension-astoria
2024-02-05 13:54 - 2019-10-04 10:13 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData
2024-02-05 12:36 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-05 12:36 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-05 09:41 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-05 09:37 - 2020-11-28 08:22 - 000000000 ___RD C:\Users\valentin\Creative Cloud Files Personal Account info@vazid.com 1328564C5FC1FA270A495FEC@AdobeID
2024-02-05 09:37 - 2020-11-21 09:01 - 000000000 ____D C:\Users\valentin
2024-02-05 09:36 - 2022-02-09 08:23 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-05 08:43 - 2018-04-14 14:54 - 000000000 ____D C:\Users\valentin\AppData\Roaming\WTablet
2024-02-05 08:43 - 2018-02-28 07:19 - 000000000 __SHD C:\Users\valentin\IntelGraphicsProfiles
2024-02-04 21:13 - 2020-11-21 09:14 - 001632020 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-04 21:13 - 2019-12-07 15:51 - 000707214 _____ C:\WINDOWS\system32\perfh007.dat
2024-02-04 21:13 - 2019-12-07 15:51 - 000142472 _____ C:\WINDOWS\system32\perfc007.dat
2024-02-04 21:10 - 2022-08-03 07:33 - 000000000 ____D C:\Users\valentin\AppData\Local\CrashDumps
2024-02-04 21:10 - 2020-11-21 09:11 - 000004210 _____ C:\WINDOWS\system32\Tasks\CCleaner Update
2024-02-04 20:28 - 2020-11-21 09:11 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-04 20:28 - 2020-11-21 08:59 - 000008192 ___SH C:\DumpStack.log.tmp
2024-02-04 20:28 - 2018-05-14 08:32 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2024-02-04 20:28 - 2018-02-27 14:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-02-04 20:22 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-02-04 18:59 - 2022-09-19 12:29 - 000000000 ____D C:\Users\valentin\Desktop\Hempel unterm Sofa
2024-02-04 10:51 - 2023-01-17 10:39 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-02-04 10:51 - 2020-08-02 07:34 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-02 18:42 - 2018-03-23 09:06 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-02 18:42 - 2018-03-23 09:06 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-02-02 18:01 - 2018-06-15 15:49 - 000000000 ___HD C:\adobeTemp
2024-02-02 18:01 - 2018-02-28 10:00 - 000000000 ____D C:\Program Files\Common Files\Adobe
2024-02-02 18:00 - 2021-12-13 09:40 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-3959226384-3271273401-3608281751-1001
2024-02-02 18:00 - 2020-11-21 09:11 - 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3959226384-3271273401-3608281751-1001
2024-02-02 18:00 - 2020-11-21 09:01 - 000002408 _____ C:\Users\valentin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-01 21:00 - 2020-11-21 09:11 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-01 21:00 - 2020-11-21 09:11 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-01 11:14 - 2018-06-04 22:46 - 000000000 ____D C:\Users\valentin\AppData\Local\D3DSCache
2024-01-31 21:17 - 2018-05-06 17:35 - 000001456 _____ C:\Users\valentin\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2024-01-31 20:12 - 2021-02-20 09:57 - 000000000 ____D C:\Users\valentin\AppData\Roaming\Telegram Desktop
2024-01-31 19:48 - 2018-09-08 20:43 - 000000000 ____D C:\Users\valentin\Desktop\pension-panorama
2024-01-30 20:54 - 2022-12-15 17:19 - 000004102 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3959226384-3271273401-3608281751-1001UA{BF663133-6FDF-4D08-A3E3-AB0DBF3BD909}
2024-01-30 20:54 - 2022-12-15 17:19 - 000004044 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskUserS-1-5-21-3959226384-3271273401-3608281751-1001Core{D28B0D63-06FE-4A82-9901-5F064DE78DD1}
2024-01-30 18:00 - 2021-07-07 16:08 - 000000000 ____D C:\Users\valentin\Downloads\Telegram Desktop
2024-01-29 13:40 - 2018-03-27 10:47 - 000000128 _____ C:\Users\valentin\AppData\Roaming\winscp.rnd
2024-01-28 11:13 - 2018-02-27 14:38 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-01-26 17:56 - 2020-11-21 08:59 - 000605080 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-01-26 17:55 - 2018-05-29 15:29 - 000000000 ____D C:\Program Files\CCleaner
2024-01-26 17:33 - 2019-12-07 10:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2024-01-26 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-01-26 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-01-26 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-01-26 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-01-26 17:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-01-25 11:47 - 2018-03-06 16:27 - 000001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbird.lnk
2024-01-20 13:41 - 2018-02-28 09:57 - 000000000 ____D C:\Program Files\Adobe
2024-01-20 12:17 - 2020-03-26 20:43 - 000000000 ____D C:\Program Files (x86)\GOG Galaxy
2024-01-20 12:17 - 2020-03-26 20:40 - 000000000 ____D C:\ProgramData\GOG.com
2024-01-19 18:38 - 2018-05-18 09:05 - 000000000 ____D C:\Users\valentin\Desktop\eberhoefer
2024-01-19 18:33 - 2018-02-28 09:38 - 000000000 ____D C:\Users\valentin\AppData\Local\Adobe
2024-01-19 18:26 - 2020-12-18 22:04 - 000000000 ____D C:\xampp
2024-01-19 18:18 - 2021-11-21 09:33 - 000000000 ____D C:\Users\valentin\AppData\Roaming\com.adobe.dunamis
2024-01-19 18:17 - 2022-12-07 10:10 - 000000000 ____D C:\Users\valentin\AppData\Roaming\Zoom
2024-01-19 18:16 - 2019-03-16 15:57 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2024-01-19 18:11 - 2018-02-24 20:39 - 000000000 ____D C:\Users\valentin\AppData\Roaming\Adobe
2024-01-19 17:56 - 2018-02-28 09:47 - 000000000 ____D C:\ProgramData\Adobe
2024-01-19 08:52 - 2020-11-21 09:11 - 000003926 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2024-01-19 08:52 - 2020-11-21 09:11 - 000003802 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2024-01-18 09:03 - 2022-10-13 12:27 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2024-01-16 12:56 - 2022-10-14 07:10 - 000002114 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller.lnk
2024-01-16 12:56 - 2022-10-14 07:10 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-01-13 11:06 - 2018-02-27 14:40 - 000918944 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2024-01-11 08:57 - 2018-02-28 07:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-01-11 08:55 - 2018-02-28 07:38 - 189718008 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories ========

2018-02-28 11:45 - 2018-10-07 17:40 - 000000033 _____ () C:\Users\valentin\AppData\Roaming\AdobeWLCMCache.dat
2018-03-27 10:47 - 2024-01-29 13:40 - 000000128 _____ () C:\Users\valentin\AppData\Roaming\winscp.rnd
2018-05-06 17:35 - 2024-01-31 21:17 - 000001456 _____ () C:\Users\valentin\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2018-09-29 15:10 - 2018-09-29 15:10 - 000000000 _____ () C:\Users\valentin\AppData\Local\oobelibMkey.log
2022-08-02 11:53 - 2022-08-02 12:21 - 000000456 _____ () C:\Users\valentin\AppData\Local\PUTTY.RND
2020-01-26 18:58 - 2020-01-26 18:58 - 000000736 _____ () C:\Users\valentin\AppData\Local\recently-used.xbel
2018-06-04 22:49 - 2018-06-04 22:49 - 000007605 _____ () C:\Users\valentin\AppData\Local\Resmon.ResmonCfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================
 

Attachments

  • Addition.txt
    47.9 KB · Views: 1
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top