| |
| |||||||
Log-Analyse und Auswertung: Windows 10: TR/AD.firehooker.BUWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.11.2020, 17:36
| #1 |
 |  Windows 10: TR/AD.firehooker.BU Hey zusammen, auch mich hat es vor kurzem erwischt, und Antivir (Schande über mein Haupt) meldet mir nach jedem Systemstart, das der Trojaner TR/AD.Firehooker.BU geblockt wurde. Gefunden wird er im Verzeichnis C:\Windows\Temp\ in einem Ordner bestehend aus einer scheinbar zufälligen Kombi aus Buchstaben und Zahlen. Ich bin jetzt auf dieses Forum gestoßen und hoffe, ihr könnt mir helfen  Habe bereits Scans mit adwCleaner und MBAM durchlaufen lassen, sowie mit FRST die gewünschten Logs erstellt.Hier schon einmal die Logs adwCleaner und MBAM, die FRST.txt und Addition.txt folgen. Danke schonmal adwCleaner: Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.0.8.0
# -------------------------------
# Build: 10-08-2020
# Database: 2020-09-29.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 11-03-2020
# Duration: 00:00:18
# OS: Windows 10 Home
# Scanned: 31837
# Detected: 10
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
No malicious registry entries found.
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
PUP.Optional.Babylon Search the web (Babylon)
PUP.Optional.Babylon Search the web (Babylon)
PUP.Optional.Legacy ICQ Search
PUP.Optional.Legacy SuchMaschine
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.HPSupportAssistant Folder C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT SOLUTIONS
Preinstalled.HPSupportAssistant Folder C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Folder C:\Users\HENNE\AppData\Roaming\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Preinstalled.HPSupportAssistant Registry HKLM\Software\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{335F9A62-FE4B-40CD-B4ED-BB4DE21DC95D}
Preinstalled.HPSupportAssistant Registry HKLM\Software\Wow6432Node\\Classes\CLSID\{C0ABBA07-B636-47B8-B9E1-BB96D7CD4831}
AdwCleaner[S00].txt - [4037 octets] - [13/10/2020 17:57:34]
AdwCleaner[C00].txt - [3253 octets] - [13/10/2020 17:58:29]
AdwCleaner[S01].txt - [2220 octets] - [13/10/2020 18:01:04]
AdwCleaner[C01].txt - [1740 octets] - [13/10/2020 18:02:02]
AdwCleaner[S02].txt - [2472 octets] - [14/10/2020 18:04:31]
AdwCleaner[C02].txt - [1937 octets] - [14/10/2020 18:04:57]
AdwCleaner[S03].txt - [2422 octets] - [14/10/2020 18:06:39]
AdwCleaner[S04].txt - [2655 octets] - [15/10/2020 11:53:44]
AdwCleaner[S05].txt - [2716 octets] - [15/10/2020 16:50:48]
AdwCleaner[C05].txt - [2181 octets] - [15/10/2020 16:50:58]
AdwCleaner[S06].txt - [2838 octets] - [28/10/2020 21:22:58]
AdwCleaner[C06].txt - [2303 octets] - [28/10/2020 21:23:12]
AdwCleaner[S07].txt - [2788 octets] - [28/10/2020 21:25:10]
AdwCleaner[S08].txt - [2849 octets] - [30/10/2020 16:36:08]
AdwCleaner[S09].txt - [2910 octets] - [30/10/2020 16:49:06]
AdwCleaner[S10].txt - [2971 octets] - [30/10/2020 16:58:12]
AdwCleaner[S11].txt - [3032 octets] - [30/10/2020 17:23:38]
AdwCleaner[S12].txt - [3265 octets] - [30/10/2020 22:57:18]
AdwCleaner[C12].txt - [2730 octets] - [30/10/2020 22:57:33]
AdwCleaner[S13].txt - [3270 octets] - [02/11/2020 15:40:04]
AdwCleaner[C13].txt - [2772 octets] - [02/11/2020 15:40:24]
AdwCleaner[S14].txt - [3337 octets] - [02/11/2020 15:46:51]
AdwCleaner[S15].txt - [3398 octets] - [02/11/2020 16:01:04]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S16].txt ##########
Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 03.11.20
Scan-Zeit: 17:22
Protokolldatei: c4799004-1df0-11eb-b921-00d861c4e09b.json
-Softwaredaten-
Version: 4.2.1.89
Komponentenversion: 1.0.1070
Version des Aktualisierungspakets: 1.0.32432
Lizenz: Kostenlos
-Systemdaten-
Betriebssystem: Windows 10 (Build 18362.1139)
CPU: x64
Dateisystem: NTFS
Benutzer: HENNES-PC\HENNE
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 402866
Erkannte Bedrohungen: 23
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 2 Min., 54 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 7
PUP.Optional.ASK, C:\USERS\HENNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Keine Aktion durch Benutzer, 281, 454827, , , , , ,
PUP.Optional.Babylon, C:\USERS\HENNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Keine Aktion durch Benutzer, 399, 455059, , , , , ,
PUP.Optional.Delta, C:\USERS\HENNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Keine Aktion durch Benutzer, 329, 455070, , , , , ,
PUP.Optional.PushNotifications.Generic, C:\USERS\HENNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Keine Aktion durch Benutzer, 201, 832955, , , , , ,
PUP.Optional.Delta, C:\USERS\HENNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Keine Aktion durch Benutzer, 329, 455070, , , , , ,
PUP.Optional.ASK, C:\USERS\HENNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Keine Aktion durch Benutzer, 281, 454827, , , , , ,
PUP.Optional.Delta, C:\USERS\HENNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\LevelDB, Keine Aktion durch Benutzer, 329, 455070, , , , , ,
Datei: 16
PUP.Optional.ASK, C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000005.ldb, Keine Aktion durch Benutzer, 281, 454827, , , , , C0FAB7F75176621412E4A4CF1898B1CA, 8607989E92FCD0192FAEB0BB51555355C1F8F9B9B48C060F0296EF8F0E8E8DFC
PUP.Optional.ASK, C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000019.ldb, Keine Aktion durch Benutzer, 281, 454827, , , , , 45F86F0DB831AB61FB9887A3754CD7B6, 99A928519A76712A483BE7A50777D8CE8BFE599C3B90CB1AD62451EB763C152A
PUP.Optional.ASK, C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000021.log, Keine Aktion durch Benutzer, 281, 454827, , , , , CBA8EB6EACAF85EBCF2F6035BC548471, 42DCF8E8C4CB770240403CC1A3CBBB1083D95656CC87DDD95A8A58901909A266
PUP.Optional.ASK, C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000022.ldb, Keine Aktion durch Benutzer, 281, 454827, , , , , 40BC21DE28A455B25DA65C6A0B376C4D, E317A47477971AF9724FC10C30376DDEEBE0CD83BF2A4EA11C36A81CA7DE68B3
PUP.Optional.ASK, C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENT, Keine Aktion durch Benutzer, 281, 454827, , , , , 46295CAC801E5D4857D09837238A6394, 0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
PUP.Optional.ASK, C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCK, Keine Aktion durch Benutzer, 281, 454827, , , , , ,
PUP.Optional.ASK, C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG, Keine Aktion durch Benutzer, 281, 454827, , , , , 22D134F5FE7D229CCD0F09DA38B223D3, 14C190F08EC39BF1FA92E1D52ED640C94609F8321964C87F41584DA6A2B12D11
PUP.Optional.ASK, C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old, Keine Aktion durch Benutzer, 281, 454827, , , , , 48F57F4797BCEF71418A7296EA59C67E, CA24F7120E22A0B87B26768B93EAB5BC7237970660244D6E4D1964D6267EFF4F
PUP.Optional.ASK, C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001, Keine Aktion durch Benutzer, 281, 454827, , , , , FA656EF70DC415B93218146BB4236589, DF3BEDDA6B9439A182DCC877F4E6EB95239E7E34C759295E9F96DAF75A4E2DE0
PUP.Optional.ASK, C:\USERS\HENNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Keine Aktion durch Benutzer, 281, 454827, 1.0.32432, , ame, , 915F1FD415D34B48C00793868D12FE78, 3AAFC7613B020A2FC962C2C26E3072BA581C76B1D000ED0EEE4B0CCF2E1C8D9C
PUP.Optional.Babylon, C:\USERS\HENNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Keine Aktion durch Benutzer, 399, 455059, 1.0.32432, , ame, , 915F1FD415D34B48C00793868D12FE78, 3AAFC7613B020A2FC962C2C26E3072BA581C76B1D000ED0EEE4B0CCF2E1C8D9C
PUP.Optional.Delta, C:\USERS\HENNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Keine Aktion durch Benutzer, 329, 455070, 1.0.32432, , ame, , 915F1FD415D34B48C00793868D12FE78, 3AAFC7613B020A2FC962C2C26E3072BA581C76B1D000ED0EEE4B0CCF2E1C8D9C
PUP.Optional.PushNotifications.Generic, C:\USERS\HENNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Keine Aktion durch Benutzer, 201, 832955, 1.0.32432, , ame, , 915F1FD415D34B48C00793868D12FE78, 3AAFC7613B020A2FC962C2C26E3072BA581C76B1D000ED0EEE4B0CCF2E1C8D9C
PUP.Optional.Delta, C:\USERS\HENNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Keine Aktion durch Benutzer, 329, 455070, 1.0.32432, , ame, , 915F1FD415D34B48C00793868D12FE78, 3AAFC7613B020A2FC962C2C26E3072BA581C76B1D000ED0EEE4B0CCF2E1C8D9C
PUP.Optional.ASK, C:\USERS\HENNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Keine Aktion durch Benutzer, 281, 454827, 1.0.32432, , ame, , 915F1FD415D34B48C00793868D12FE78, 3AAFC7613B020A2FC962C2C26E3072BA581C76B1D000ED0EEE4B0CCF2E1C8D9C
PUP.Optional.Delta, C:\USERS\HENNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Keine Aktion durch Benutzer, 329, 455070, 1.0.32432, , ame, , 915F1FD415D34B48C00793868D12FE78, 3AAFC7613B020A2FC962C2C26E3072BA581C76B1D000ED0EEE4B0CCF2E1C8D9C
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2020
durchgeführt von HENNE (Administrator) auf HENNES-PC (Micro-Star International Co., Ltd MS-7B86) (03-11-2020 17:08:57)
Gestartet von C:\Users\HENNE\Desktop\FRST
Geladene Profile: HENNE
Platform: Windows 10 Home Version 1909 18363.1139 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Chrome
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Acronis International GmbH -> ) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Agent\aakore.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Agent\bin\bckp_amgr.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Agent\bin\monitoring-mini.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Acronis\Agent\bin\task-manager.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis International GmbH -> Acronis International GmbH) C:\Program Files\Acronis\CyberProtect\cyber-protect-service.exe
(Acronis International GmbH -> Acronis International GmbH.) C:\Program Files (x86)\Acronis\Agent\bin\adp-agent.exe
(Acronis International GmbH -> Acronis International GmbH.) C:\Program Files (x86)\Acronis\Agent\bin\updater.exe
(Adobe Inc. -> Adobe Inc) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0355311.inf_amd64_815d26f2163260da\B355199\atieclxx.exe
(Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\c0355311.inf_amd64_815d26f2163260da\B355199\atiesrxx.exe
(Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc. -> ) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
(ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Electronic Arts, Inc. -> Electronic Arts) S:\Programme (x86)\Origin\OriginWebHelperService.exe
(EnigmaSoft Limited -> EnigmaSoft Limited) C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
(Geek Software GmbH -> Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe <2>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.32\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <9>
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicatorCom.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP Inc. -> HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Logitech -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Logitech Inc -> Logitech) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOverlay.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\LogiOptions\LogiOptions.exe
(Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech Inc -> Logitech, Inc.) C:\ProgramData\Logishrd\LogiOptions\Software\Current\LogiOptionsMgr.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2009.4.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsMaps_10.2009.2.0_x64__8wekyb3d8bbwe\Maps.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdlogsr.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\APP Manager\AppManager.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\EyeRest.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\TriggerModeMonitor.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\VideoCardMonitorII.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI X Boost\X_Boost.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\APP Manager\AppManager_Service.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MICRO-STAR INTERNATIONAL CO., LTD. -> MSI) C:\Windows\SysWOW64\muachost.exe <3>
(Node.js Foundation -> Node.js) C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
(Oracle America, Inc. -> Oracle Corporation) S:\Program Files (x86)\PowerFolder.com\PowerFolder\jre\launch4j-tmp\PowerFolder.exe
(PACE Anti-Piracy, Inc. -> PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
(QNAP Systems, Inc. -> ) S:\Programme (x86)\QNAP\Qfinder\iSCSIAgent.exe
(Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\RtkAudUService64.exe <2>
(Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
(Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S:\Programme (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Spotify AB -> Spotify Ltd) C:\Users\HENNE\AppData\Roaming\Spotify\Spotify.exe <5>
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Wondershare software CO., LIMITED -> Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe
(ZF Electronics GmbH) [Datei ist nicht signiert] [Datei wird verwendet] C:\Program Files (x86)\Cherry\CDI\cdi.exe
(ZF Electronics GmbH) [Datei ist nicht signiert] C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe
(ZF Electronics GmbH) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\Cherry\Common\kbdhook64.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\RtkAudUService64.exe [956920 2019-12-12] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [Ashampoo Backup PB] => "S:\Program Files\Ashampoo\Ashampoo Backup Pro 14\bin\backupClient-abpb.exe" --hidden
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [827200 2020-10-06] (Acronis International GmbH -> Acronis International GmbH)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [LogiOptions] => C:\Program Files\Logitech\LogiOptions\LogiOptions.exe [1667208 2020-10-21] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [CherryKeyMan] => C:\Program Files (x86)\Cherry\KeyMan\KeyMan.exe [254004 2010-09-28] (ZF Electronics GmbH) [Datei ist nicht signiert]
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2095672 2020-10-24] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1319936 2018-03-17] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [QfinderPro] => S:\Programme (x86)\QNAP\Qfinder\QfinderPro.exe [10129720 2018-08-20] (QNAP Systems, Inc. -> )
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [487048 2019-08-07] (Geek Software GmbH -> Geek Software GmbH)
HKLM-x32\...\Run: [X_Boost] => C:\Program Files (x86)\MSI\MSI X Boost\X_Boost.exe [4260000 2018-08-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [APP Manager] => C:\Program Files (x86)\MSI\APP Manager\AppManager.exe [3705520 2019-07-03] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [835760 2019-11-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [Datei ist nicht signiert]
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26310800 2020-05-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [114824 2020-10-24] (Adobe Inc. -> )
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [704720 2020-10-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-12-16] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5806664 2020-10-07] (Acronis International GmbH -> )
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe [443424 2020-08-20] (Acronis International GmbH -> Acronis International GmbH)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-2392793851-1610194889-164482322-1002\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [48786912 2020-10-14] (Google LLC -> )
HKU\S-1-5-21-2392793851-1610194889-164482322-1002\...\Run: [HP Deskjet 3070 B611 series (NET)] => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKU\S-1-5-21-2392793851-1610194889-164482322-1002\...\Run: [Steam] => S:\Programme (x86)\Steam\steam.exe [3395360 2020-09-03] (Valve -> Valve Corporation)
HKU\S-1-5-21-2392793851-1610194889-164482322-1002\...\Run: [CCXProcess] => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [677512 2020-10-24] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\S-1-5-21-2392793851-1610194889-164482322-1002\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2392793851-1610194889-164482322-1002\...\Run: [] => [X]
HKU\S-1-5-21-2392793851-1610194889-164482322-1002\...\MountPoints2: {b565beb4-b421-11e5-abd2-806e6f6e6963} - "F:\autorun6e.exe"
HKLM\...\Print\Monitors\HP a211 Status Monitor: C:\WINDOWS\system32\hpinkstsa211LM.dll [331664 2012-06-13] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Deskjet 3070 B611 series): C:\WINDOWS\system32\HPDiscoPMa211.dll [741480 2012-10-17] (Hewlett Packard -> Hewlett-Packard Co.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\86.0.4240.183\Installer\chrmstp.exe [2020-11-03] (Google LLC -> Google LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\phase-6 Reminder.lnk [2016-01-06]
ShortcutTarget: phase-6 Reminder.lnk -> C:\Program Files (x86)\phase-6\phase-6\reminder\reminder.exe (phase-6) [Datei ist nicht signiert]
Startup: C:\Users\HENNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerFolder Pro Generic.lnk [2020-04-30]
ShortcutTarget: PowerFolder Pro Generic.lnk -> S:\Program Files (x86)\PowerFolder.com\PowerFolder\PowerFolder.exe (dal33t GmbH -> PowerFolder.com) [Datei ist nicht signiert]
Startup: C:\Users\HENNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk [2020-11-03]
ShortcutAndArgument: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk -> C:\WINDOWS\system32\RunDll32.exe => "C:\Program Files\HP\HP Deskjet 3070 B611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN24G633BT05MQ;CONNECTION=NW;MONITOR=1;
BootExecute: autocheck autochk * sdnclean64.exe
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {055BA33C-EF76-4C7B-A9D1-EF3C4CB39DA2} - System32\Tasks\AdobeAAMUpdater-1.0-HENNES-PC-HENNE => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {0ED72D4A-CD45-46A8-AD43-9396E3D919F9} - System32\Tasks\SamsungMagician => S:\Programme (x86)\Samsung\Samsung Magician\SamsungMagician.exe [3047944 2020-10-12] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
Task: {1A69B4C7-7210-48DA-A168-FC6B957F1587} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [667856 2020-10-28] (Mozilla Corporation -> Mozilla Foundation)
Task: {1F23B1EF-2E32-4722-AA8A-277B364CACF1} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144736 2020-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {2B6E3FF3-1AD3-468C-A727-C6BA15ADAD5A} - System32\Tasks\iSCSIAgentAutoStartup => S:\Programme (x86)\QNAP\Qfinder\iSCSIAgent.exe [1740088 2018-08-20] (QNAP Systems, Inc. -> )
Task: {47F22594-65A9-42BD-96BE-6C8B4C67A91F} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [144736 2020-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E207F5D-95CF-43AE-A87F-8D875C71F569} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)
Task: {52EDA8D4-85D8-40A1-A9A7-2A5133EBA1C6} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
Task: {5925A31A-2C15-4623-B39F-32F120852F7D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-13] (Google LLC -> Google LLC)
Task: {5AD512BD-4C3A-4963-8C1A-8A74583AA97F} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [1271096 2014-08-04] (ASUSTeK Computer Inc. -> )
Task: {5E098D16-9D23-413F-895F-A63689C18CFB} - \AnwendungsinformationenSmartlocker-FiltertreiberApp-Vorbereitung -> Keine Datei <==== ACHTUNG
Task: {6D8CA8E3-345C-45AF-9311-BA8207AD5DC0} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2020-05-15] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {74E09B19-913F-47D1-8325-B3866960E5FA} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-05-15] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
Task: {7AA9FB18-043B-43EC-8CC1-E9960DF15974} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [1628160 2020-05-15] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
Task: {81365C13-BFEE-4BEB-AC10-2842EA83FEBB} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3402832 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {8BB2DB6F-08DD-4D2B-8D15-DEE832DE34B5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {933DC55E-D652-4FFD-88CA-5A3BCB3BF0F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [156104 2020-10-13] (Google LLC -> Google LLC)
Task: {95CAAF12-4DC4-4568-9E9D-BA2342BEB3F9} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineCore => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {9862F255-AD1E-4132-9BCF-D6F0E68A01AE} - System32\Tasks\MonitorMysticLight => C:\Program Files\GamingOSD\MysticLight\MysticLightController.exe
Task: {9A1A73B9-8671-4183-A005-939A6E43AB56} - System32\Tasks\Clientlizenzdienst Infrastrukturdienst Konfigurationsdienst => C:\Program Files (x86)\nodejs\node.exe [15017624 2017-05-02] (Node.js Foundation -> Node.js) -> "C:\ProgramData\Package Cache\{8B871373-69A7-4D19-9B2B-87B2F6A86ABF}\{149A2DA8-E3E3-4B0C-B975-22CABD5A6B06}" <==== ACHTUNG
Task: {A4328678-10F8-4261-9CAA-EF43F0C611C7} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2649200 2020-09-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {A521AC16-AFB7-4A4E-AE38-0BFC00FF29A5} - System32\Tasks\MATLAB R2018b Startup Accelerator => S:\Programme\MATLAB\bin\win64\MATLABStartupAccelerator.exe [57344 2018-07-10] () [Datei ist nicht signiert]
Task: {A69F3875-5302-4E36-82F0-582C9443B2EF} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [31904 2019-03-05] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {B0C24B5E-FBF5-4AC7-B4C4-2655549AC2F5} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [1430328 2014-03-27] (ASUSTeK Computer Inc. -> )
Task: {B44A125C-A4CD-42A4-859E-4A4586FBBE58} - System32\Tasks\ASUS\Push Notice Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe [3646264 2014-05-28] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {B5157449-791A-4A05-91B7-A0AC5219FCC3} - System32\Tasks\Avira_Security_Update => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [230120 2020-10-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {B6AAAB28-67C4-4CD9-B454-B4A89D232A4E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater – Install HPSA => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [665944 2020-08-07] (HP Inc. -> HP Inc.)
Task: {BD23DF62-B855-427C-9851-3DC5DAFAC771} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [30106496 2020-10-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {BEBFF528-0B2E-4446-AEB7-33D6FB9114B6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939512 2020-10-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {C3CD041C-3717-4B92-884E-B432EB3E7594} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2020-05-15] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {CAD4325B-2D83-41B4-82B0-7E235C91A07B} - System32\Tasks\MSISW_Host => C:\WINDOWS\SysWOW64\muachost.exe [1692840 2015-08-18] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
Task: {CB5BDE1D-B49D-4A31-BBFA-6E8FC9968C2F} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [4331288 2014-08-04] (ASUSTeK Computer Inc. -> TODO: <Company name>)
Task: {CBAAF28A-D0D7-4275-886D-5243BA4D4461} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [238392 2013-07-24] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {D244034E-B7E8-48AA-8F05-749DC9C38173} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1628160 2020-05-15] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
Task: {D442D7A3-2421-4AEE-983F-94CBD7E67653} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\OLicenseHeartbeat.exe [1526680 2020-11-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {D6E97578-AB66-4011-9791-9D8904A4B1DC} - System32\Tasks\MicrosoftEdgeUpdateTaskMachineUA => C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
Task: {D8236202-DD98-41F6-8CE4-B864E2DE8177} - System32\Tasks\MSILEDKeeper_Host => C:\Program Files (x86)\MSI\MysticLight\LEDKeeper.exe [1065104 2019-07-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
Task: {DAD30004-7BC7-47C3-B5F8-32DC22749626} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22939512 2020-10-24] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3CF2846-1AA5-47AD-A7CE-85BA383C6A9A} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [1839896 2014-09-11] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
Task: {E66DAE61-DCAB-400B-8FC4-DE2F3F543C86} - System32\Tasks\AMDAutoUpdate => C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe [677624 2019-11-21] (Advanced Micro Devices INC. -> )
Task: {EC537CF4-81FE-4724-8408-BD47322082D8} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_445_Plugin.exe [1502264 2020-10-19] (Adobe Inc. -> Adobe)
Task: {FBC960F3-123F-4EA6-BA4A-4538F07EC94A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [135000 2020-06-22] (HP Inc. -> HP Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\MATLAB R2018b Startup Accelerator.job => S:\Programme\MATLAB\bin\win64\MATLABStartupAccelerator.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{0472572d-6791-4a34-be8f-87d55c13fe7b}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3be42676-7dae-4724-8805-c7a189a9e04b}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{bdc41a80-5349-455e-95b9-52e9b93fc1fc}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{ffcaa400-0987-429a-b017-4f72d543ae24}: [DhcpNameServer] 192.168.0.1
Edge:
======
Edge Profile: C:\Users\HENNE\AppData\Local\Microsoft\Edge\User Data\Default [2020-10-30]
Edge Extension: ( ) - C:\Users\HENNE\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\gdejhlidenaoolojicehknaclilfdono [2020-10-13]
FireFox:
========
FF DefaultProfile: pejaet52.default
FF ProfilePath: C:\Users\HENNE\AppData\Roaming\Mozilla\Firefox\Profiles\pejaet52.default [2020-10-30]
FF ProfilePath: C:\Users\HENNE\AppData\Roaming\Mozilla\Firefox\Profiles\72s3e5s6.default-release [2020-11-03]
FF Extension: (Video DownloadHelper) - C:\Users\HENNE\AppData\Roaming\Mozilla\Firefox\Profiles\72s3e5s6.default-release\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2020-10-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_32_0_0_445.dll [2020-10-19] (Adobe Inc. -> )
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [Keine Datei]
FF Plugin: @videolan.org/vlc,version=3.0.10 -> S:\Programme\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.11 -> S:\Programme\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.3 -> S:\Programme\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.4 -> S:\Programme\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> S:\Programme\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.7.1 -> S:\Programme\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> S:\Programme\VideoLAN\VLC\npvlc.dll [2020-06-04] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2020-10-24] (Adobe Inc. -> Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> S:\Programme\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_445.dll [2020-10-19] (Adobe Inc. -> )
FF Plugin-x32: @java.com/DTPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\dtplugin\npDeployJava1.dll [2020-10-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.201.2 -> C:\Program Files (x86)\Java\jre1.8.0_201\bin\plugin2\npjp2.dll [2020-10-14] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2020-09-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2020-10-24] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> S:\Programme\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems Incorporated -> Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Users\HENNE\AppData\Roaming\mozilla\plugins\npatgpc.dll [2020-05-05]
Chrome:
=======
CHR Profile: C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default [2020-11-03]
CHR Notifications: Default -> hxxps://www.instagram.com; hxxps://www.mb-bs.info; hxxps://www.youtube.com
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.de/","hxxp://www.google.com"
CHR DefaultSearchURL: Default -> hxxps://www.gstatic.com/youtube/media/ytm/images/applauncher/music_icon_48x48.png
CHR Extension: (Präsentationen) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-30]
CHR Extension: (Docs) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2020-10-30]
CHR Extension: (Google Drive) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-30]
CHR Extension: (YouTube) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2020-10-30]
CHR Extension: (Avira Safe Shopping) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccbpbkebodcjkknkfkpmfeciinhidaeh [2020-10-30]
CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2020-10-30]
CHR Extension: (YouTube Music) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\cinhimbnkkaeohfgghhklpknlkffjgod [2020-11-02]
CHR Extension: (Adobe Acrobat) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2020-10-30]
CHR Extension: (Google Play Musik) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2020-10-30]
CHR Extension: (Tabellen) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2020-10-30]
CHR Extension: (Avira Browserschutz) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2020-10-30]
CHR Extension: (Google Docs Offline) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-10-30]
CHR Extension: (Google Notizen – Notizen & Listen) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2020-10-30]
CHR Extension: (Google Play Music) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2020-10-30]
CHR Extension: (Cisco Webex Extension) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2020-10-30]
CHR Extension: (Little Alchemy) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2020-10-30]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2020-10-30]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-10-30]
CHR Extension: (Google Docs Viewer für PDF/PowerPoint (von Google)) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2020-10-30]
CHR Extension: (Google Mail) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-30]
CHR Extension: (Chrome Media Router) - C:\Users\HENNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-10-30]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKU\S-1-5-21-2392793851-1610194889-164482322-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh]
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll]
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh]
CHR HKLM-x32\...\Chrome\Extension: [eedgghdcpmmmilkmfpnklknlenbiolec]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 aakore; C:\Program Files (x86)\Acronis\Agent\aakore.exe [15749536 2020-08-20] (Acronis International GmbH -> Acronis International GmbH)
S2 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [10369952 2020-10-06] (Acronis International GmbH -> )
R2 AcronisCyberProtectionService; C:\Program Files\Acronis\CyberProtect\cyber-protect-service.exe [1412984 2020-10-06] (Acronis International GmbH -> Acronis International GmbH)
R2 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1264400 2020-10-06] (Acronis International GmbH -> Acronis International GmbH)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [852024 2020-10-24] (Adobe Inc. -> Adobe Inc.)
S2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6388072 2020-10-23] (Acronis International GmbH -> )
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3739728 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3511376 2020-09-23] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2016-08-11] (Advanced Micro Devices) [Datei ist nicht signiert]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1205960 2020-09-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537472 2020-09-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [483432 2020-09-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [483432 2020-09-24] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [573960 2020-10-15] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-28] (ASUSTeK Computer Inc. -> )
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-09-09] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.13\AsusFanControlService.exe [384000 2014-08-04] (ASUSTeK Computer Inc.) [Datei ist nicht signiert]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [636080 2020-10-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [384544 2020-10-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [245904 2020-10-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161376 2020-08-25] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R3 Cherry Device Interface; C:\Program Files (x86)\Cherry\CDI\cdi.exe [577582 2010-08-25] (ZF Electronics GmbH) [Datei ist nicht signiert] [Datei wird verwendet]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9057136 2020-10-24] (Microsoft Corporation -> Microsoft Corporation)
S2 EsgShKernel; C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe [12555320 2020-10-30] (EnigmaSoft Limited -> EnigmaSoft Limited)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [81280 2019-12-27] (Mixbyte Inc -> Freemake)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2020-08-11] (FUTUREMARK INC -> Futuremark)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [379736 2020-08-20] (HP Inc. -> HP Inc.)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [7185288 2020-10-15] (Malwarebytes Inc -> Malwarebytes)
S2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4808088 2020-08-20] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [3004128 2020-08-20] (Acronis International GmbH -> Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [2093376 2020-10-07] (Acronis International GmbH -> )
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService_x64.exe [2669240 2018-01-12] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2343600 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService_x64.exe [2725048 2017-12-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2255544 2018-11-19] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2507952 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2136248 2018-03-29] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [2740912 2019-10-22] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [86688 2018-07-25] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MSI_AppManager_Service; C:\Program Files (x86)\MSI\APP Manager\AppManager_Service.exe [2055352 2019-01-04] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2333328 2020-05-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 MysticLight2_Service; C:\Program Files (x86)\MSI\MysticLight\MysticLight2_Service.exe [34976 2018-12-20] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star Int'l Co., Ltd.)
S3 Origin Client Service; S:\Programme (x86)\Origin\OriginClientService.exe [2522424 2020-10-26] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; S:\Programme (x86)\Origin\OriginWebHelperService.exe [3476288 2020-10-26] (Electronic Arts, Inc. -> Electronic Arts)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [487048 2019-08-07] (Geek Software GmbH -> Geek Software GmbH)
S3 Rockstar Service; S:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1453184 2020-08-26] (Rockstar Games, Inc. -> Rockstar Games)
R2 ShMonitor; C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe [526904 2020-10-30] (EnigmaSoft Limited -> EnigmaSoft Limited)
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2020-06-26] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.)
R2 ss_conn_service2; C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe [935352 2020-06-26] (Samsung Electronics Co., Ltd. -> DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Test Signing Certificate -> Adobe Systems Incorporated) [Datei ist nicht signiert]
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7388888 2020-10-06] (Acronis International GmbH -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH -> TeamViewer GmbH)
S3 Tib Mounter Service; C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe [5871520 2020-08-20] (Acronis International GmbH -> Acronis International GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\NisSrv.exe [2372048 2020-10-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2009.7-0\MsMpEng.exe [128376 2020-10-13] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe [437392 2016-10-10] (Wondershare software CO., LIMITED -> Wondershare)
S4 edgeupdate; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc [X]
S4 edgeupdatem; "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /medsvc [X]
R2 PaceLicenseDServices; "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u hxxps://activation.paceap.com/InitiateActivation
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-09-09] (ASUSTeK Computer Inc. -> )
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] (ASUSTeK Computer Inc. -> )
S3 ASUSstpt; C:\WINDOWS\System32\drivers\ASUSstpt.sys [27392 2013-03-28] (MCCI Corporation -> MCCI Corporation)
S3 ASUSumsc; C:\WINDOWS\System32\drivers\ASUSumsc.sys [151808 2013-03-28] (MCCI Corporation -> MCCI Corporation)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2019-06-07] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2019-03-20] (Microsoft Windows Early Launch Anti-Malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [208024 2020-06-09] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199752 2020-04-30] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2019-03-20] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [367096 2020-08-20] (Bitdefender SRL -> Bitdefender)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [231936 2019-09-16] (Microsoft Corporation) [Datei ist nicht signiert]
R1 EneIo; C:\WINDOWS\system32\drivers\ene.sys [16320 2018-03-20] (Ptolemy Tech Co., Ltd -> )
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [694408 2020-10-23] (Acronis International GmbH -> Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [386688 2020-10-23] (Acronis International GmbH -> Acronis International GmbH)
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2014-08-04] (ASUSTeK Computer Inc. -> ASUSTeK Computer Inc.)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [19912 2020-10-15] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [248968 2020-11-03] (Malwarebytes Inc -> Malwarebytes)
R1 ngscan; C:\WINDOWS\System32\DRIVERS\ngscan.sys [167728 2020-10-06] (Acronis International GmbH -> Acronis International GmbH)
R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [34048 2012-08-07] (devolo AG -> CACE Technologies)
R3 NTIOLib_MysticLight; C:\Program Files (x86)\MSI\MysticLight\Lib\NTIOLib_X64.sys [14288 2017-07-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> MSI)
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [12464 2019-10-06] (Macrovision Europe Ltd) [Datei ist nicht signiert]
S3 tib; C:\WINDOWS\system32\DRIVERS\tib.sys [887024 2020-10-23] (Acronis International GmbH -> Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [175744 2020-10-23] (Acronis International GmbH -> Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [694904 2020-10-23] (Acronis International GmbH -> Acronis International GmbH)
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2015-06-17] (Apple, Inc.) [Datei ist nicht signiert]
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [334968 2020-10-23] (Acronis International GmbH -> Acronis International GmbH)
R0 volume_tracker; C:\WINDOWS\System32\DRIVERS\volume_tracker.sys [251016 2020-10-23] (Acronis International GmbH -> Acronis International GmbH)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74120 2018-03-17] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [48536 2020-10-13] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [35584 2018-02-26] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [428264 2020-10-13] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [69864 2020-10-13] (Microsoft Windows -> Microsoft Corporation)
S2 amdacpksd; \??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]
U1 aswbdisk; kein ImagePath
S3 RtlWlanu; \SystemRoot\System32\drivers\rtwlanu.sys [X]
U3 TrueSight; \??\C:\Windows\System32\drivers\truesight.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Geändert von ItsMeHenne (03.11.2020 um 17:45 Uhr) |
| Themen zu Windows 10: TR/AD.firehooker.BU |
| antivir, appdata, c:\windows, code, detected, dll, firefox, folge, forum, geblockt, google, icq, malwarebytes, ordner, quarantäne, registry, roaming, services, software, systemstart, temp, trojaner, web, windows, wmi |
Baum-Darstellung