| |
| |||||||
Log-Analyse und Auswertung: Windows 10: Trojan:Win32/Ludicrouz.PWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.05.2020, 08:52
| #1 |
 |  Windows 10: Trojan:Win32/Ludicrouz.P Hallo zusammen, der Windows Defender findet "Trojan:Win32/Ludicrouz.P" in einem Programm, dass bereits seit 2 Monaten in der offiziellen Testversion reibungslos läuft: Articulate 360. Hier sind meine FRST logs: FRST.txt 1/2: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2020 01
durchgeführt von Dr Mornje Pansen (Administrator) auf DESKTOP-UHC18K6 (Gigabyte Technology Co., Ltd. Z170X-UD3) (24-05-2020 08:40:42)
Gestartet von E:\Downloads
Geladene Profile: Dr Mornje Pansen
Platform: Windows 10 Pro Version 1909 18363.836 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
() [Datei ist nicht signiert] C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe <2>
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Systems Incorporated) C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Articulate Global, Inc. -> Articulate Global, Inc.) C:\Program Files (x86)\Articulate\360\Desktop Application\Articulate 360 Desktop App.exe
(Articulate Global, Inc. -> Articulate Global, Inc.) C:\Program Files (x86)\Articulate\360\Desktop Application\Articulate 360 Installer Service.exe
(Articulate Global, Inc. -> Articulate Global, Inc.) C:\Program Files (x86)\Articulate\360\Desktop Service\Articulate 360 Desktop Service.exe
(Articulate Global, Inc. -> Articulate Global, Inc.) C:\Program Files (x86)\Articulate\360\Peek\Peek.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Brother Industries, Ltd.) [Datei ist nicht signiert] C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Docker Inc -> Docker.Service) C:\Program Files\Docker\Docker\com.docker.service
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe <3>
(Dropbox, Inc -> Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc -> Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Dropbox, Inc -> The Qt Company Ltd.) C:\Program Files (x86)\Dropbox\Client\97.4.467\QtWebEngineProcess.exe <2>
(Electronic Arts, Inc. -> ) E:\Spiele\Origin\QtWebEngineProcess.exe <2>
(Electronic Arts, Inc. -> Electronic Arts) E:\Spiele\Origin\Origin.exe
(Electronic Arts, Inc. -> Electronic Arts) E:\Spiele\Origin\OriginWebHelperService.exe
(Epic Games Inc. -> Epic Games, Inc.) E:\Spiele\Epic Games\Launcher\Engine\Binaries\Win64\UnrealCEFSubProcess.exe
(Epic Games Inc. -> Epic Games, Inc.) E:\Spiele\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Even Balance, Inc. -> ) C:\Windows\SysWOW64\PnkBstrA.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngine.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft) C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe
(GOG Sp. z o.o. -> GOG.com) C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
(GOG Sp. z o.o. -> GOG.com) E:\Spiele\GOG\GOG Galaxy\GalaxyClient Helper.exe <2>
(GOG Sp. z o.o. -> GOG.com) E:\Spiele\GOG\GOG Galaxy\GalaxyClient.exe
(GOG Sp. z o.o. -> GOG.com) E:\Spiele\GOG\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <29>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Intel Corporation - Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Intel(R) Extreme Tuning Utility -> Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Logitech Inc -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\Dr Mornje Pansen\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12005.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeCP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MicrosoftEdgeSH.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\MsMpEng.exe
(Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2004.6-0\NisSrv.exe
(Nitro PDF Software -> Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nitro PDF Software -> Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe <2>
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Shanghai Microvirt Software Technology Co., Ltd. -> ) C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe
(The CefSharp Authors) [Datei ist nicht signiert] C:\Program Files (x86)\Articulate\360\Desktop Application\CefSharp.BrowserSubprocess.exe <3>
(Ubisoft Entertainment Sweden AB -> Ubisoft) E:\Spiele\Uplay\Ubisoft Game Launcher\upc.exe
(Ubisoft Entertainment Sweden AB -> Ubisoft) E:\Spiele\Uplay\Ubisoft Game Launcher\UplayWebCore.exe
(Valve -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve -> Valve Corporation) E:\Spiele\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(Valve -> Valve Corporation) E:\Spiele\Steam\steam.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9037832 2016-10-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18727048 2018-10-05] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942744 2018-12-17] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [Articulate 360 Desktop Service] => C:\Program Files (x86)\Articulate\360\Desktop Service\Articulate 360 Desktop Service.lnk [2481 2020-05-19] () [Datei ist nicht signiert]
HKLM\...\Run: [Articulate 360 Desktop Application] => C:\Program Files (x86)\Articulate\360\Desktop Application\Articulate 360 Desktop App.lnk [2481 2020-05-24] () [Datei ist nicht signiert]
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.) [Datei ist nicht signiert]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [6867968 2020-05-12] (Dropbox, Inc -> Dropbox, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1226240 2017-09-20] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKU\S-1-5-21-488159366-2186065710-1513345262-1001\...\Run: [Steam] => E:\Spiele\Steam\steam.exe [3372832 2020-05-15] (Valve -> Valve Corporation)
HKU\S-1-5-21-488159366-2186065710-1513345262-1001\...\Run: [EADM] => E:\Spiele\Origin\Origin.exe [3140368 2020-05-21] (Electronic Arts, Inc. -> Electronic Arts)
HKU\S-1-5-21-488159366-2186065710-1513345262-1001\...\Run: [GalaxyClient] => E:\Spiele\GOG\GOG Galaxy\GalaxyClient.exe [13971528 2020-05-07] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-488159366-2186065710-1513345262-1001\...\Run: [Battle.net] => E:\Spiele\Blizzard\Battle.net\Battle.net.exe [1142248 2020-05-09] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-488159366-2186065710-1513345262-1001\...\Run: [EpicGamesLauncher] => E:\Spiele\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [31867792 2020-05-19] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-488159366-2186065710-1513345262-1001\...\Run: [Ubisoft Game Launcher] => E:\Spiele\Uplay\Ubisoft Game Launcher\Uplay.exe [471360 2020-05-19] (Ubisoft Entertainment Sweden AB -> Ubisoft)
HKU\S-1-5-21-488159366-2186065710-1513345262-1001\...\Run: [Docker Desktop] => C:\Program Files\Docker\Docker\Docker Desktop.exe [1644728 2020-01-31] (Docker Inc -> Docker Desktop)
HKU\S-1-5-21-488159366-2186065710-1513345262-1001\...\Run: [OpenOffice Updater] => C:\Users\Dr Mornje Pansen\AppData\Roaming\OpenOffice Updater\Updater.exe [365680 2019-11-03] (Arne Koenig -> ) <==== ACHTUNG
HKU\S-1-5-21-488159366-2186065710-1513345262-1001\...\Run: [ArticulatePeek] => C:\Program Files (x86)\Articulate\360\Peek\Peek.exe [1113576 2019-05-08] (Articulate Global, Inc. -> Articulate Global, Inc.)
HKU\S-1-5-21-488159366-2186065710-1513345262-1001\...\Run: [launchOnStartup] => E:\Spiele\GOG\GOG Galaxy\GalaxyClient.exe [13971528 2020-05-07] (GOG Sp. z o.o. -> GOG.com)
HKU\S-1-5-21-488159366-2186065710-1513345262-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe [5417008 2020-05-04] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-18\...\Run: [] => [X]
HKLM\Software\...\AppCompatFlags\Custom\1602.exe: [{b7082f5b-b3cc-44ac-a030-69ef3e35225d}.sdb] -> Anno 1602 Compatibility fix
HKLM\Software\...\AppCompatFlags\Custom\1602Edit.exe: [{b7082f5b-b3cc-44ac-a030-69ef3e35225d}.sdb] -> Anno 1602 Compatibility fix
HKLM\Software\...\AppCompatFlags\InstalledSDB\{b7082f5b-b3cc-44ac-a030-69ef3e35225d}: [DatabasePath] -> C:\WINDOWS\AppPatch\CustomSDB\{b7082f5b-b3cc-44ac-a030-69ef3e35225d}.sdb [2019-09-11]
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-08] (Google LLC -> Google LLC)
AppInit_DLLs: prio.dll => C:\Program Files\Prio\prio.dll [16800 2017-01-15] (O&K Software Ltd. -> O&K Software)
AppInit_DLLs-x32: prio32.dll => C:\Program Files\Prio\prio32.dll [15264 2017-01-15] (O&K Software Ltd. -> O&K Software)
Startup: C:\Users\Dr Mornje Pansen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk [2018-09-11]
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
GroupPolicy: Beschränkung ? <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {05CF484D-7C0B-4D3F-A64B-2FD600C91144} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {0B87D844-1973-4B2F-B51F-9E18165EAAE3} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {109A2F38-9966-4E98-8E21-9D79503471C8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23772552 2020-05-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {1BC0E975-488B-4B90-8285-8E63B5977005} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
Task: {2307B559-D0BF-4BF2-BF39-84262B0F95EB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124752 2020-05-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {2C26AE61-70D0-4F25-9360-DAF4C20F7EA5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {393BE35F-F76A-420B-8B79-602470DCE785} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [124752 2020-05-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {4755B931-7598-45C7-B22A-0C87C3A20970} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-06] (Google Inc -> Google Inc.)
Task: {4E6C1445-F986-4D6F-8E30-FA65A57F39D0} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3293168 2020-04-08] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {510924CD-A65C-4BC1-BF32-5A4365D245F6} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\Thunderbolt.exe [366792 2016-01-18] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {557B0158-CA91-4C41-9D83-A8DF131AA7E3} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_371_pepper.exe [1454136 2020-05-12] (Adobe Inc. -> Adobe)
Task: {5636D5B6-F4DF-4605-AABE-83E931230D88} - System32\Tasks\Articulate\Articulate360InstallerTask => C:\Program Files (x86)\Articulate\360\Desktop Application\Articulate 360 Installer Service.exe [248800 2020-05-18] (Articulate Global, Inc. -> Articulate Global, Inc.)
Task: {58EE54FD-0F19-446A-91CE-0A94488724F8} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646456 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5BDEB7AF-6655-47E0-8CB8-A948D055E9CC} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1242704 2020-02-25] (Adobe Inc. -> Adobe Systems)
Task: {651EFC86-17E1-46A1-80E2-B2A3B8BED5FC} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {66875C68-A01B-4574-A3DB-2A9E7BFF57B3} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {73F82B9E-242A-47A2-B6CE-5B52F044DA18} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7F4C0C1C-EB86-4500-BD71-CEAE52A1F5B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-06] (Google Inc -> Google Inc.)
Task: {9779B68B-FD14-45C1-B563-4B49E2D89A2C} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A88819AF-4C24-4DB7-A48B-D08DBAE82933} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1126888 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A90196DD-7168-45B4-8327-AAECBFC81650} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => C:\Program Files (x86)\Intel\Thunderbolt Software\\Thunderbolt.exe [366792 2016-01-18] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {ACBDDAA6-D3F3-4F31-A8A1-60C6B3C49997} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {ADDD4434-2CB7-4F13-9CE1-BA31148BEC13} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {BD25A057-84F0-47DF-A433-E49B93CCB1E4} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [23772552 2020-05-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {BF48C56B-C39F-4846-A2E3-6F7D7987D36D} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2020-05-12] (Adobe Inc. -> Adobe)
Task: {D3E543C9-0FDF-4ECE-800C-04B6D423038C} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => C:\Program Files (x86)\Intel\Thunderbolt Software\\tbtsvc.exe [1830088 2016-01-18] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
Task: {DB5EEBCC-E046-4D64-940A-7B99001BEF5C} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [1328392 2016-03-17] (Intel(R) Software -> Intel Corporation)
Task: {DC03F4F8-238A-4E40-A502-6CE7B89937E9} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E05F8EB9-0F79-4C0F-BAAA-1AC9122571BE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1429400 2020-05-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {E42C9C45-AC3B-4BE5-A743-ABDA4FC8FE19} - System32\Tasks\AsLiftRightsForClient_Sessionunknown LOGON_SESSION_ID id (0xf) => C:\Users\Dr Mornje Pansen\AppData\Local\pcvisit Software AG\caloa\pcvisit.Support.guest.15\release\15.0.22.8733\pcvisit_client.exe [7251840 2018-01-24] (pcvisit software ag -> pcvisit Software ag)
Task: {EAA2402C-056D-425B-87D8-BE60C450109B} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [127176 2020-05-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {EDD2C95B-E695-460B-A70B-6E305E1E101A} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MpCmdRun.exe [485944 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {F1509BEC-7E2C-4DBF-B640-8D4B8305F25D} - System32\Tasks\GraphicsCardEngine => C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\GraphicsCardEngine.exe [535472 2017-06-01] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
Task: {F400BAD7-1064-42B7-8E57-CF7019DA50D9} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {F4FBF2C3-6B23-4D00-A3F3-A21BE5B22AE1} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-27] (Dropbox, Inc -> Dropbox, Inc.)
Task: {FD2BCC12-3555-46FC-85D2-73705EC2045B} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [907240 2020-04-07] (NVIDIA Corporation -> NVIDIA Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{6ff78fff-afb0-4f63-8b30-2baf5b55fdda}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {1BCC2F36-782A-458D-8DD2-7201A863EB2A} URL = hxxps://www1.online/?w=RD2124&q={searchTerms}
SearchScopes: HKLM -> {1BCC2F36-782A-458D-8DD2-7201A863EB2A} URL = hxxps://www1.online/?w=RD2124&q={searchTerms}
SearchScopes: HKU\S-1-5-21-488159366-2186065710-1513345262-1001 -> {1BCC2F36-782A-458D-8DD2-7201A863EB2A} URL = hxxps://www1.online/?w=RD2124&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2020-01-10] (Microsoft Corporation -> Microsoft Corporation)
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:/Program Files (x86)/Internet Explorer/Citavi Picker/x64/SwissAcademic.Citavi.IEPicker.DLL => Keine Datei
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2020-01-10] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:/Program Files (x86)/Internet Explorer/Citavi Picker/SwissAcademic.Citavi.IEPicker.DLL => Keine Datei
DPF: HKLM-x32 {C752FF21-A8EF-468E-B507-5BBAFB84359E} hxxps://hbciweb.olb.de/financebrowser5/plugin/Signlet-Plugin-1.0.49.0.CAB
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-05-04] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2020-05-04] (Microsoft Corporation -> Microsoft Corporation)
Edge:
======
DownloadDir: C:\Users\Dr Mornje Pansen\Downloads
FireFox:
========
FF DefaultProfile: xBx5vKdp.default
FF DefaultProfile: 2nevvce2.default
FF ProfilePath: C:\Users\Dr Mornje Pansen\AppData\Roaming\Mozilla\Firefox\Profiles\pnrzgv1b.default-release [2020-05-15]
FF ProfilePath: C:\Users\Dr Mornje Pansen\AppData\Roaming\Mozilla\Firefox\Profiles\xBx5vKdp.default [2020-04-25]
FF Homepage: Mozilla\Firefox\Profiles\xBx5vKdp.default -> www1.online/?w=RD2124
FF Extension: (Avira Browser Safety) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Mozilla\Firefox\Profiles\xBx5vKdp.default\Extensions\abs@avira.com [2016-10-05] []
FF Extension: (Avira Password Manager) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Mozilla\Firefox\Profiles\xBx5vKdp.default\Extensions\passwordmanager@avira.com [2019-10-17]
FF ProfilePath: C:\Users\Dr Mornje Pansen\AppData\Roaming\kompozer.net\KompoZer\Profiles\veqjzsn0.default [2020-02-01]
FF ProfilePath: C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default [2020-02-01]
FF Extension: (Czech (CZ) Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-cs@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (Deutsch (DE) Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-de@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (English (US) Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-en-US@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (Español (España) Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-es-ES@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (Finnish Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-fi@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (Français Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-fr@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (Galego (España) Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-gl@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (Hebrew (IL) Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-he@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (Magyar (HU) Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-hu@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (Italiano (IT) Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-it@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (Japanese Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-ja@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (Korean (KR) Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-ko@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (Nederlands (NL) Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-nl@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (Polski Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-pl@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (Russian (RU) Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-ru@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (Slovenski jezik Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-sl@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (српски (sr) Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-sr@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (Svenska (SE) Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-sv-SE@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (Chinese Simplified (zh-CN) Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-zh-CN@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Extension: (Traditional Chinese (zh-TW) Language Pack) - C:\Users\Dr Mornje Pansen\AppData\Roaming\Disruptive Innovations SARL\BlueGriffon\Profiles\2nevvce2.default\Extensions\langpack-zh-TW@bluegriffon.org.xpi [2020-02-01] [] [ist nicht signiert]
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (Electronic Sports Network i Sverige AB -> ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) [Datei ist nicht signiert]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2019-12-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @webex.com/npatgpc -> C:\Program Files (x86)\Webex\npatgpc.dll [2020-04-11] (Cisco WebEx LLC -> Cisco WebEx LLC)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-05-04] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-488159366-2186065710-1513345262-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Dr Mornje Pansen\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-04-24] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR Profile: C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default [2020-05-24]
CHR Notifications: Default -> hxxp://slither.io; hxxps://calendar.google.com;
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Extension: (Präsentationen) - C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-10-05]
CHR Extension: (YouTube) - C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-10-05]
CHR Extension: (uBlock Origin) - C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2020-04-22]
CHR Extension: (Slate) - C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmhmcmgkegfffbbfobhjpdbimgmoohap [2019-02-28]
CHR Extension: (Tabellen) - C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-04-21]
CHR Extension: (No Coin - Block miners on the web!) - C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojamcfopckidlocpkbelmpjcgmbgjcl [2018-09-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2020-05-15]
CHR Extension: (Cisco Webex Extension) - C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-05-18]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-10-04]
CHR Extension: (Citavi Picker) - C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgndokldibnndfnjnagojmheejlengn [2020-04-28]
CHR Extension: (Google Mail) - C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-30]
CHR Extension: (Chrome Media Router) - C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-04-24]
CHR Extension: (RSS Feed Reader) - C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2020-05-08]
CHR Extension: (Stadia) - C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnkcfpnngfokcnnijgkllghjlhkailce [2020-04-11]
CHR Profile: C:\Users\Dr Mornje Pansen\AppData\Local\Google\Chrome\User Data\System Profile [2018-12-23]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [ohgndokldibnndfnjnagojmheejlengn]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8423760 2019-09-28] (BattlEye Innovations e.K. -> )
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [Datei ist nicht signiert]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [10612592 2020-05-07] (Microsoft Corporation -> Microsoft Corporation)
R2 com.docker.service; C:\Program Files\Docker\Docker\com.docker.service [16600 2020-01-31] (Docker Inc -> Docker.Service)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-27] (Dropbox, Inc -> Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-10-27] (Dropbox, Inc -> Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [44552 2020-05-12] (Dropbox, Inc -> Dropbox, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [803440 2019-11-12] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
R2 EasyTuneEngineService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\EasyTuneEngineService.exe [147376 2017-06-01] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2017-05-19] (FUTUREMARK INC -> Futuremark)
R2 gadjservice; C:\Program Files (x86)\GIGABYTE\AppCenter\AdjustService.exe [17920 2015-06-25] () [Datei ist nicht signiert]
S3 GalaxyClientService; E:\Spiele\GOG\GOG Galaxy\GalaxyClientService.exe [1748552 2020-05-07] (GOG Sp. z o.o. -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6821960 2020-02-25] (GOG Sp. z o.o. -> GOG.com)
R2 Gservice; C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe [19888 2016-11-16] (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [535544 2019-12-02] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-10-05] (Logitech Inc -> Logitech Inc.)
R2 MEmuSVC; C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe [85304 2019-02-20] (Shanghai Microvirt Software Technology Co., Ltd. -> )
S3 MixedRealityOpenXRSvc; C:\WINDOWS\System32\MixedRealityRuntime.dll [139952 2020-05-13] (Microsoft Windows -> Microsoft Corporation)
S3 MixedRealityOpenXRSvc; C:\WINDOWS\SysWOW64\MixedRealityRuntime.dll [105840 2020-05-13] (Microsoft Windows -> Microsoft Corporation)
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2010-06-24] (Nitro PDF Software -> Nitro PDF Software)
R2 nlsX86cc; C:\Windows\SysWOW64\NLSSRV32.EXE [65856 2010-06-24] (Nitro PDF Software -> Nalpeiron Ltd.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [850928 2020-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [874472 2020-04-03] (NVIDIA Corporation -> NVIDIA Corporation)
S2 OcButtonService; C:\Program Files (x86)\GIGABYTE\EasyTuneEngineService\OcButtonService.exe [123824 2017-06-01] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S4 Origin Client Service; E:\Spiele\Origin\OriginClientService.exe [2496816 2020-05-21] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; E:\Spiele\Origin\OriginWebHelperService.exe [3449656 2020-05-21] (Electronic Arts, Inc. -> Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-11-03] (Even Balance, Inc. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5930136 2020-04-15] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1830088 2016-01-18] (Intel(R) Client Connectivity Division SW -> Intel Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\NisSrv.exe [3304992 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WebexService; C:\Program Files (x86)\Webex\Webex\Applications\WebExService.exe [146240 2020-04-11] (Cisco WebEx LLC -> Cisco WebEx LLC)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2004.6-0\MsMpEng.exe [103376 2020-05-01] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18736 2018-09-06] (Intel(R) Extreme Tuning Utility -> Intel(R) Corporation)
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 e1dexpress; C:\WINDOWS\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_b44028fc7fdf4fca\e1d68x64.sys [599920 2019-09-13] (Intel(R) INTELND1820 -> Intel Corporation)
R3 gdrv; C:\WINDOWS\gdrv.sys [26192 2020-05-24] (Giga-Byte Technology -> Windows (R) Server 2003 DDK provider)
R1 HWiNFO; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [65320 2018-12-21] (Martin Malik - REALiX -> REALiX(tm))
R1 HWiNFO32; C:\Windows\SysWoW64\drivers\HWiNFO64A.SYS [27552 2016-10-05] (Martin Malik - REALiX -> REALiX(tm))
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [15470584 2019-12-02] (Intel(R) Wireless Connectivity Solutions -> Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37104 2018-05-09] (Intel Corporation -> Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-09-29] (Logitech Inc -> Logitech Inc.)
R1 MEmuDrv; C:\WINDOWS\system32\DRIVERS\MEmuDrv.sys [319448 2019-04-15] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
R3 Netwtw08; C:\WINDOWS\System32\drivers\Netwtw08.sys [8835528 2020-03-05] (Intel Wireless Driver -> Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9952681a7bb1dfac\nvlddmkm.sys [23446968 2020-04-11] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2020-04-01] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69840 2019-03-19] (NVIDIA Corporation -> NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [67456 2020-03-11] (NVIDIA Corporation -> NVIDIA Corporation)
S3 se64a; C:\WINDOWS\System32\drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan -> EnTech Taiwan)
R2 speedfan; C:\Windows\SysWoW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2016-08-12] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [45960 2020-05-01] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [394680 2020-05-01] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [64944 2020-05-01] (Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
|
| Themen zu Windows 10: Trojan:Win32/Ludicrouz.P |
| administrator, adobe, avira, bonjour, defender, explorer, firefox, flash player, geforce, google, homepage, internet, monitor, mozilla, node.js, nvcontainer.exe, nvidia, programm, prozesse, realtek, rundll, scan, software, trojan, updates, usb, windows, windowsapps |
Baum-Darstellung