| |
| |||||||
Log-Analyse und Auswertung: Verdacht auf Malware: Youtube Channel Abo, Key InputsWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.02.2023, 00:56
| #1 |
 |  Verdacht auf Malware: Youtube Channel Abo, Key Inputs Hallo zusammen, seit 2 Tagen habe ich den Verdacht, dass ich mir Malware eingefangen habe. Das äußert sich zum einen Darin, dass ich auf Youtube Kanäle in meinem Feed auftauchen, die ich sicher nicht abonniert habe, zum anderen habe ich den Eindruck, dass Key-Inputs im Hintergrund getätigt werden. Ich würde mich sehr darüber freuen, wenn mir jemand helfen könnte. Hier die Log-Files von FRST: FRST.txt FRST Logfile: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 03-02-2023
durchgeführt von Alex (Administrator) auf ALEX-PC-NEU (05-02-2023 00:44:29)
Gestartet von C:\Users\Alex\Downloads\Farbar_x86_x64
Geladene Profile: Alex
Plattform: Microsoft Windows 10 Pro Version 21H2 19044.2486 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Blish HUD) [Datei ist nicht signiert] E:\SteamLibrary\steamapps\common\Guild Wars 2\Blish.HUD.1.0.0\Blish HUD.exe
(C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe ->) (Portrait Displays, Inc. -> ) C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <8>
(C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\apps\engine\prism\SteelSeriesPrism.exe
(C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe
(C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22112.142.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22112.142.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCopyAccelerator.exe
(CMedia) [Datei ist nicht signiert] C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe
(Discord Inc. -> Discord Inc.) C:\Users\Alex\AppData\Local\Discord\app-1.0.9010\Discord.exe <6>
(explorer.exe ->) () [Datei ist nicht signiert] C:\Program Files (x86)\NetMeter\NetMeterEvo_200\NetMeterEvo.exe
(explorer.exe ->) (Logitech -> Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(explorer.exe ->) (Skutta, Kristjan -> ) C:\Program Files (x86)\Steam\SteamApps\common\wallpaper_engine\wallpaper32.exe
(explorer.exe ->) (SteelSeries ApS -> SteelSeries ApS) C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe
(explorer.exe ->) (TeamSpeak Systems GmbH -> TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(explorer.exe ->) (Vincent Burel -> VB-AUDIO Software) C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe <16>
(Nvidia Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Portrait Displays, Inc. -> ) C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
(services.exe ->) () [Datei ist nicht signiert] C:\Program Files (x86)\DSDCS\InputMapper HidGuardian\InputMapperCerberusWhitelister.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Broadcom Corporation -> Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(services.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(services.exe ->) (devolo AG -> devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(services.exe ->) (Electronic Arts, Inc. -> Electronic Arts) C:\Program Files (x86)\Origin\OriginWebHelperService.exe
(services.exe ->) (Foxit Software Incorporated -> Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(services.exe ->) (Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(services.exe ->) (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe
(services.exe ->) (Nvidia Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <2>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d1bd230cd08e7436\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Portrait Displays, Inc. -> Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
(services.exe ->) (Portrait Displays, Inc. -> Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(services.exe ->) (TechSmith Corporation) [Datei ist nicht signiert] C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(services.exe ->) (VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21314.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21314.0_x64__8wekyb3d8bbwe\HxTsr.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22112.142.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [10801944 2014-07-28] (Logitech -> Logitech Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\Syswow64\cmicnfgp.dll [12943360 2013-10-17] (C-Media Corporation) [Datei ist nicht signiert]
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] () [Datei ist nicht signiert]
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () [Datei ist nicht signiert]
HKLM\...\Run: [SteelSeriesGG] => C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe [12903296 2023-01-30] (SteelSeries ApS -> SteelSeries ApS)
HKLM\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3190384 2021-09-10] (Open Source Developer, Dominik Reichl -> Dominik Reichl)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3941528 2016-05-14] (Logitech Inc -> Logitech, Inc.)
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [112424 2013-06-18] (Portrait Displays, Inc. -> )
HKLM-x32\...\Run: [DT BEN] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [122384 2013-11-12] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1027472 2015-12-23] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [235624 2015-01-09] (Canon Inc. -> CANON INC.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH -> Geek Software GmbH)
HKLM-x32\...\Run: [RoccatKoneXTDOptical] => C:\Program Files (x86)\ROCCAT\Kone XTD Optical Mouse\KoneXTDOpticalMonitor.EXE [552960 2014-04-14] (ROCCAT GmbH) [Datei ist nicht signiert]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [710264 2020-06-18] (Oracle America, Inc. -> Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
HKU\S-1-5-21-151591732-769639063-1674776794-1001\...\Run: [NetMeter Evo] => C:\Program Files (x86)\NetMeter\NetMeterEvo_200\NetMeterEvo.exe [1192448 2013-08-12] () [Datei ist nicht signiert]
HKU\S-1-5-21-151591732-769639063-1674776794-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-151591732-769639063-1674776794-1001\...\Run: [WallpaperEngine] => C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe [2982608 2022-07-03] (Skutta, Kristjan -> )
HKU\S-1-5-21-151591732-769639063-1674776794-1001\...\MountPoints2: {4df76bf4-3582-11eb-841c-d050996a1572} - "F:\HiSuiteDownLoader.exe"
HKLM\...\Windows x64\Print Processors\Canon MG5700 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDCS.DLL [30208 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Windows x64\Print Processors\Epson Inkjet: C:\Windows\System32\spool\prtprocs\x64\EP0NPP01.DLL [38912 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\...\Print\Monitors\Canon BJ Language Monitor MG5700 series: C:\Windows\system32\CNMLMCS.DLL [406528 2015-03-15] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [375296 2015-03-17] (CANON INC.) [Datei ist nicht signiert]
HKLM\...\Print\Monitors\Epson Inbox Language Monitor01: C:\Windows\system32\EP0SLM01.DLL [77824 2011-08-30] (Microsoft Windows Hardware Compatibility Publisher -> SEIKO EPSON CORPORATION)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\Installer\chrmstp.exe [2023-01-27] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{50968FF7-10C1-4fb3-98B0-CD654D6CB97E}] -> C:\Program Files\WIDCOMM\Bluetooth Software\\BtwCP.dll (Broadcom Corporation -> Broadcom Corporation.)
AppInit_DLLs: C:\PROGRA~2\GeDoSaTo\shim64.dll => Keine Datei
Startup: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Voicemeeter Banana.LNK [2018-11-05]
ShortcutTarget: Voicemeeter Banana.LNK -> C:\Program Files (x86)\VB\Voicemeeter\voicemeeterpro.exe (Vincent Burel -> VB-AUDIO Software)
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) ============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {023D4647-710B-4976-931E-EE67AB34FF7C} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [56640 2015-08-11] (TechSmith Corporation -> TechSmith Corporation)
Task: {042FEABE-DDC2-4552-B329-1E9C04D8FFE7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {06D711A9-532B-4DDA-8277-7A015F8905FB} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {16FC02B1-02E0-428A-8C14-9FB7AB49615F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {26DFC637-BB7F-4F0B-9882-7CBB036D99D0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {314F5E99-9FD3-4B2B-9355-7751BC15BAC2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {338FBDE6-FF32-4E94-A4BF-4C24CE023815} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1552376 2022-09-26] (Adobe Inc. -> Adobe Inc.)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe join (Keine Datei)
Task: {3B490F52-F286-4942-8A02-9367512D6C2E} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe (Keine Datei)
Task: {4005817E-DC6B-4EEC-B697-E4C5E3CA5047} - System32\Tasks\{15F7F456-B141-4BB9-BC75-2E1C10DDD97E} => C:\Windows\system32\pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=deDE --uid=s2_dede --displayname="StarCraft II"
Task: {501B5BF4-3020-426B-AEF4-D47CE8505838} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1003128 2022-03-17] (Nvidia Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {5055E507-7CB8-45CC-B4A4-19ED71F42CFF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-03-31] (Google Inc -> Google Inc.)
Task: {51C93926-BDA6-42B8-965C-858C4A13271D} - System32\Tasks\Mozilla\Firefox Default Browser Agent E7CF176E110C211B => C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe [710560 2023-02-04] (Mozilla Corporation -> Mozilla Foundation)
Task: {5438F2DF-9317-482B-AA5C-5946F7F3BBA8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {60B68EBC-AD96-4744-9694-7EFD9D6F11AC} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114616 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {677E153F-02B7-4106-9D28-7FC269717AF5} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload => {EBF00FCB-0769-4B81-9BEC-6C05514111AA}
Task: {6807B9C7-4226-4E8B-BF4E-63CA1C420C73} - System32\Tasks\{90152AE9-2C3E-4CF9-BA2D-EAF6EF169F36} => C:\WINDOWS\system32\pcalua.exe -a F:\START.EXE -d F:\
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task => {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
Task: {749DCAB4-E9DA-4CAB-B8D5-870F66CD1608} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [7045848 2016-11-15] (Piriform Ltd -> Piriform Ltd)
Task: {7A20C760-BDE9-4CCE-8AF9-139340FB5215} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {81A62E0D-1F69-4E32-821B-E664A98361CB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [715744 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task => {1B1F472E-3221-4826-97DB-2C2324D389AE}
Task: {907D0D67-8378-49A9-BB88-C462D5F3AD9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-03-31] (Google Inc -> Google Inc.)
Task: {9EFC3276-805E-4BD2-BCC5-FFF8B3B4C1D0} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2637656 2023-01-24] (Overwolf Ltd -> Overwolf LTD)
Task: {9F97C914-31F3-4B46-9198-40D744DDB847} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {A54B212C-5735-48EB-B7B4-955DD24DF1BB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {AFBAD4DC-4581-486D-A87D-6FCD84493237} - \Microsoft\Windows\UNP\RunCampaignManager -> Keine Datei <==== ACHTUNG
Task: {BC4EED84-8A7D-4995-B347-9CF4CE6DC0F5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {C7709AB3-9AB1-44B1-809C-72AC3B0062C9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
Task: {CE2DE968-E342-40D7-9566-427D45E4A886} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {D1687917-6A0C-460D-A1B3-29E4682ACCBA} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {D76831BC-41F1-4147-B6F1-0EF11670AA6F} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1655336 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {D9E13097-0974-4C5C-8FA0-9547CFF94DDC} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26334160 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {E36F8826-0202-4F8A-922C-C090A099AB7F} - System32\Tasks\ExclusiveTool => C:\Program Files (x86)\DSDCS\InputMapper\ExclusiveModeTool.exe [19968 2016-10-04] (InputMapper) [Datei ist nicht signiert]
Task: {EC0B3A34-F27A-4C47-96D3-6CECBC455DAC} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\Windows\explorer.exe /NOUACCHECK
Task: {F1DA908B-7912-4DF3-90A0-DAB05B6B6742} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3342376 2022-12-07] (Nvidia Corporation -> NVIDIA Corporation)
Task: {F558BB01-5989-49DB-85E4-DEB8D63D4149} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [114616 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {F63D33D6-BAC0-4F74-8BEE-B5A8DD1E8434} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MpCmdRun.exe [1592184 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{aaf4c738-df63-4f39-b3bc-ca88103bcf6a}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge Profile: C:\Users\Alex\AppData\Local\Microsoft\Edge\User Data\Default [2021-11-27]
FireFox:
========
FF DefaultProfile: 2me8rye7.default-1598034875909
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\2me8rye7.default-1598034875909 [2023-02-05]
FF Notifications: Mozilla\Firefox\Profiles\2me8rye7.default-1598034875909 -> hxxps://web.whatsapp.com
FF Extension: (BetterTTV) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\2me8rye7.default-1598034875909\Extensions\firefox@betterttv.net.xpi [2023-01-30]
FF Extension: (Privacy Badger) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\2me8rye7.default-1598034875909\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2023-02-03]
FF Extension: (Tree Style Tab) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\2me8rye7.default-1598034875909\Extensions\treestyletab@piro.sakura.ne.jp.xpi [2023-01-23]
FF Extension: (uBlock Origin) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\2me8rye7.default-1598034875909\Extensions\uBlock0@raymondhill.net.xpi [2022-12-25]
FF Extension: (7TV) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\2me8rye7.default-1598034875909\Extensions\{7ef0f00c-2ebe-4626-8ed7-3185847fcfad}.xpi [2022-08-20]
FF Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\2me8rye7.default-1598034875909\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2022-12-05]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: (Citavi Picker) - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2015-03-25] [] [ist nicht signiert]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-03-20] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-03-20] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\dtplugin\npDeployJava1.dll [2020-07-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.261.2 -> C:\Program Files (x86)\Java\jre1.8.0_261\bin\plugin2\npjp2.dll [2020-07-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2022-11-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2022-11-11] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2023-01-21] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-151591732-769639063-1674776794-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2020-04-20] (Ubisoft Entertainment Sweden AB -> )
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default [2023-01-03]
CHR StartupUrls: Default -> "hxxps://play.spotify.com/browse"
CHR Extension: (Google Docs Offline) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2022-12-27]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-11]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [173040 2022-09-26] (Adobe Inc. -> Adobe Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [9712432 2022-12-19] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [12553648 2023-02-02] (Microsoft Corporation -> Microsoft Corporation)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3755976 2015-07-01] (devolo AG -> devolo AG)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [138768 2013-11-12] (Portrait Displays, Inc. -> Portrait Displays, Inc.)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-04-17] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [584680 2022-03-26] (EasyAntiCheat Oy -> Epic Games, Inc.)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659592 2016-10-13] (Foxit Software Incorporated -> Foxit Software Inc.)
R2 InputMapper Cerberus Whitelister; C:\Program Files (x86)\DSDCS\InputMapper HidGuardian\InputMapperCerberusWhitelister.exe [14848 2017-04-21] () [Datei ist nicht signiert]
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel(R) Update Manager -> Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [8966256 2023-02-04] (Malwarebytes Inc. -> Malwarebytes)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2579264 2023-02-02] (Electronic Arts, Inc. -> Electronic Arts)
R2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3497800 2023-02-02] (Electronic Arts, Inc. -> Electronic Arts)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2637656 2023-01-24] (Overwolf Ltd -> Overwolf LTD)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [224184 2022-12-19] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 SteelSeriesUpdateService; C:\Program Files\SteelSeries\GG\SteelSeriesUpdateService.exe [35200 2023-01-30] (SteelSeries ApS -> )
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [Datei ist nicht signiert]
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [Datei ist nicht signiert]
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\NisSrv.exe [3191264 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2211.5-0\MsMpEng.exe [133592 2022-12-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d1bd230cd08e7436\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f %ProgramData%\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d1bd230cd08e7436\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 AppleLowerFilter; C:\WINDOWS\System32\drivers\AppleLowerFilter.sys [35560 2018-05-10] (WDKTestCert build,131474841775766162 -> Apple Inc.)
R1 AsrAppCharger; C:\WINDOWS\system32\DRIVERS\AsrAppCharger.sys [17192 2011-11-07] (ASROCK Incorporation -> Windows (R) Win 7 DDK provider)
R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2735616 2013-12-11] (C-MEDIA ELECTRONICS INC. -> C-Media Inc)
S3 dc3d; C:\WINDOWS\System32\drivers\dc3d.sys [47616 2011-05-18] (Hardware Group Test Cert -> Microsoft Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 HidGuardian; C:\WINDOWS\System32\drivers\HidGuardian.sys [26736 2017-04-17] (Microsoft Windows Hardware Compatibility Publisher -> Benjamin Höglinger-Stelzer)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2023-02-04] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239544 2023-02-04] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MpKsl66149b15; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA6B21D2-59EC-4DC9-9541-763C36FFB7CE}\MpKslDrv.sys [214280 2023-02-04] (Microsoft Windows -> Microsoft Corporation)
R2 NPF_devolo; C:\WINDOWS\sysWOW64\drivers\npf_devolo.sys [34048 2015-07-01] (devolo AG -> CACE Technologies)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-05] (Bruce James -> Scarlet.Crush Productions)
R2 speedfan; C:\WINDOWS\SysWoW64\speedfan.sys [28664 2012-12-29] (SOKNO S.R.L. -> Almico Software)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [48848 2020-09-25] (SteelSeries ApS -> SteelSeries ApS)
R3 sshid; C:\WINDOWS\system32\DRIVERS\sshid.sys [43960 2022-08-18] (Microsoft Windows Hardware Compatibility Publisher -> SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU CO LTD -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 SteelSeries_Sonar_VAD; C:\WINDOWS\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_6979b8a94c20d77f\SteelSeries-Sonar-VAD.sys [93872 2023-01-10] (SteelSeries ApS -> Windows (R) Win 7 DDK provider)
R1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [102576 2015-08-26] (Paragon Software GmbH -> )
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [25904 2015-08-26] (Paragon Software GmbH -> )
R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [701232 2015-08-26] (Paragon Software GmbH -> )
R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2016-03-16] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMAUXVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmauxvaio64_win7.sys [41192 2018-11-05] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R3 VBAudioVMVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win7.sys [41192 2017-03-04] (Vincent Burel -> Windows (R) Win 7 DDK provider)
R1 vmkbd3; C:\WINDOWS\system32\DRIVERS\vmkbd.sys [52288 2020-03-07] (VMware, Inc. -> VMware, Inc.)
R2 VMnetBridge; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [66368 2020-06-04] (VMware, Inc. -> VMware, Inc.)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52592 2014-10-16] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
R0 vsock; C:\WINDOWS\System32\DRIVERS\vsock.sys [103224 2019-08-14] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49568 2022-12-09] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [473376 2022-12-09] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99616 2022-12-09] (Microsoft Windows -> Microsoft Corporation)
R2 WinI2C-DDC; C:\Windows\system32\drivers\DDCDrv.sys [20832 2014-11-05] (PC Micro Systems Inc. -> Nicomsoft Ltd.)
S3 XBCD; C:\WINDOWS\System32\drivers\XBCD.sys [25728 2009-11-12] (NGO -> XBCD Project) [Datei ist nicht signiert]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2023-02-05 00:41 - 2023-02-05 00:44 - 000000000 ____D C:\Users\Alex\Downloads\Farbar_x86_x64
2023-02-05 00:41 - 2023-02-05 00:44 - 000000000 ____D C:\FRST
2023-02-05 00:41 - 2023-02-05 00:41 - 003481013 _____ C:\Users\Alex\Downloads\Farbar_x86_x64.zip
2023-02-05 00:32 - 2023-02-05 00:32 - 000002274 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firefox Private Browsing.lnk
2023-02-05 00:32 - 2023-02-05 00:32 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2023-02-04 22:46 - 2023-02-05 00:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2023-02-04 21:01 - 2023-02-04 21:02 - 000000000 ____D C:\Users\Alex\Desktop\Neuer Ordner (2)
2023-02-04 03:58 - 2023-02-04 04:12 - 000000000 ____D C:\Users\Alex\AppData\LocalLow\IGDump
2023-02-04 03:52 - 2023-02-04 03:52 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2023-02-04 03:52 - 2023-02-04 03:52 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2023-02-04 03:52 - 2023-02-04 03:52 - 000000000 ____D C:\Users\Alex\AppData\Local\mbam
2023-01-29 01:30 - 2023-01-29 01:30 - 000000000 ____D C:\Users\Alex\AppData\Roaming\NVIDIA
2023-01-28 03:13 - 2023-01-28 03:13 - 000000000 ____D C:\WINDOWS\system32\lxss
2023-01-28 03:13 - 2023-01-28 03:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2023-01-28 03:11 - 2022-08-23 23:22 - 000139248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2023-01-28 03:10 - 2023-01-18 06:53 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2023-01-28 03:10 - 2023-01-18 06:53 - 002236992 _____ C:\WINDOWS\system32\vulkaninfo.exe
2023-01-28 03:10 - 2023-01-18 06:53 - 001642560 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2023-01-28 03:10 - 2023-01-18 06:53 - 001642560 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2023-01-28 03:10 - 2023-01-18 06:53 - 001487376 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2023-01-28 03:10 - 2023-01-18 06:53 - 001444416 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2023-01-28 03:10 - 2023-01-18 06:53 - 001444416 _____ C:\WINDOWS\system32\vulkan-1.dll
2023-01-28 03:10 - 2023-01-18 06:53 - 001226776 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2023-01-28 03:10 - 2023-01-18 06:53 - 001168952 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2023-01-28 03:10 - 2023-01-18 06:53 - 001168952 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2023-01-28 03:10 - 2023-01-18 06:49 - 000865256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2023-01-28 03:10 - 2023-01-18 06:49 - 000672296 _____ C:\WINDOWS\system32\nvofapi64.dll
2023-01-28 03:10 - 2023-01-18 06:49 - 000506856 _____ C:\WINDOWS\SysWOW64\nvofapi.dll
2023-01-28 03:10 - 2023-01-18 06:48 - 002163736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2023-01-28 03:10 - 2023-01-18 06:48 - 001619968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2023-01-28 03:10 - 2023-01-18 06:48 - 001532432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2023-01-28 03:10 - 2023-01-18 06:48 - 001192968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2023-01-28 03:10 - 2023-01-18 06:48 - 000949736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2023-01-28 03:10 - 2023-01-18 06:48 - 000743976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2023-01-28 03:10 - 2023-01-18 06:48 - 000734232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2023-01-28 03:10 - 2023-01-18 06:47 - 012453352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2023-01-28 03:10 - 2023-01-18 06:47 - 010220536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2023-01-28 03:10 - 2023-01-18 06:47 - 005890552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2023-01-28 03:10 - 2023-01-18 06:47 - 005865976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2023-01-28 03:10 - 2023-01-18 06:47 - 003334664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2023-01-28 03:10 - 2023-01-18 06:47 - 000457712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2023-01-28 03:10 - 2023-01-18 06:46 - 005818872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2023-01-28 03:10 - 2023-01-18 06:46 - 000853016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2023-01-28 03:10 - 2023-01-18 06:44 - 007648024 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2023-01-28 03:10 - 2023-01-18 06:44 - 006517008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2023-01-28 03:10 - 2023-01-15 23:41 - 000101010 _____ C:\WINDOWS\system32\nvinfo.pb
2023-01-26 23:11 - 2023-01-26 23:11 - 000001706 _____ C:\Users\Alex\Desktop\Blish HUD.lnk
2023-01-25 19:18 - 2023-01-25 19:18 - 000000000 ___HD C:\$WinREAgent
2023-01-24 20:57 - 2023-01-24 20:57 - 000000000 ____D C:\Users\Alex\Downloads\Blish.HUD.1.0.0
2023-01-24 20:57 - 2023-01-24 20:57 - 000000000 ____D C:\ProgramData\Blish HUD
2023-01-24 20:56 - 2023-01-24 20:56 - 015192302 _____ C:\Users\Alex\Downloads\Blish.HUD.1.0.0.zip
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2023-02-05 00:43 - 2014-08-15 16:46 - 000000000 ____D C:\Program Files (x86)\Steam
2023-02-05 00:41 - 2016-03-31 00:37 - 000000000 ____D C:\Program Files (x86)\Google
2023-02-05 00:33 - 2022-03-13 22:27 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2023-02-05 00:33 - 2020-06-07 23:03 - 000000000 ____D C:\Users\Alex\AppData\Roaming\discord
2023-02-05 00:33 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2023-02-05 00:33 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2023-02-05 00:32 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2023-02-05 00:32 - 2016-11-17 12:37 - 000000000 ____D C:\Users\Alex\AppData\LocalLow\Mozilla
2023-02-05 00:32 - 2014-04-29 00:39 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2023-02-05 00:32 - 2014-04-29 00:39 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2023-02-05 00:24 - 2014-08-15 17:49 - 000000000 ____D C:\Users\Alex\AppData\Roaming\TS3Client
2023-02-05 00:16 - 2020-06-07 23:03 - 000000000 ____D C:\Users\Alex\AppData\Local\Discord
2023-02-04 22:52 - 2016-07-28 16:14 - 000000000 ____D C:\Users\Alex\Documents\Programme
2023-02-04 21:05 - 2014-08-28 15:41 - 000000000 ____D C:\Users\Alex\AppData\Roaming\vlc
2023-02-04 20:55 - 2020-10-26 01:13 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2023-02-04 20:35 - 2017-08-23 22:28 - 000000000 ____D C:\ProgramData\NVIDIA
2023-02-04 20:33 - 2014-08-15 17:12 - 000000000 ___RD C:\Users\Alex\OneDrive
2023-02-04 07:20 - 2018-11-06 00:44 - 000034189 _____ C:\Users\Alex\AppData\Roaming\VoiceMeeterBananaDefault.xml
2023-02-04 04:04 - 2020-10-26 01:22 - 001727150 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2023-02-04 04:04 - 2019-12-07 15:51 - 000743714 _____ C:\WINDOWS\system32\perfh007.dat
2023-02-04 04:04 - 2019-12-07 15:51 - 000150136 _____ C:\WINDOWS\system32\perfc007.dat
2023-02-04 04:04 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2023-02-04 03:58 - 2020-10-26 01:20 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2023-02-04 03:58 - 2020-10-26 01:13 - 000008192 ___SH C:\DumpStack.log.tmp
2023-02-04 03:58 - 2014-10-14 22:32 - 000000000 ____D C:\ProgramData\VMware
2023-02-04 03:57 - 2019-12-07 10:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2023-02-04 03:52 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2023-02-04 03:50 - 2018-01-25 21:12 - 000158640 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2023-02-04 03:50 - 2018-01-25 21:12 - 000000000 ____D C:\Program Files\Malwarebytes
2023-02-04 03:50 - 2016-01-06 15:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2023-02-03 18:21 - 2020-03-01 18:47 - 000000000 ____D C:\Users\Alex\AppData\Roaming\KeePass
2023-02-03 18:00 - 2018-11-24 16:54 - 000000000 ____D C:\Program Files (x86)\Origin
2023-02-03 18:00 - 2018-11-24 16:53 - 000000000 ____D C:\ProgramData\Origin
2023-02-03 14:29 - 2015-12-29 20:35 - 000000000 ____D C:\Users\Alex\AppData\Local\CrashDumps
2023-02-02 23:52 - 2022-12-09 23:07 - 000000000 ____D C:\Users\Alex\AppData\Roaming\steelseries-gg-client
2023-02-02 23:52 - 2018-06-18 17:46 - 000000000 ____D C:\Users\Alex\AppData\Local\D3DSCache
2023-02-02 23:49 - 2021-05-16 16:50 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2023-02-02 01:23 - 2020-10-26 01:14 - 000000000 ____D C:\Users\Alex
2023-02-02 01:10 - 2014-09-03 14:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2023-01-30 22:10 - 2015-01-12 22:09 - 000000000 ____D C:\Program Files (x86)\Overwolf
2023-01-30 17:54 - 2021-12-11 23:10 - 000003584 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-151591732-769639063-1674776794-1001
2023-01-30 17:54 - 2020-10-26 01:20 - 000003366 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-151591732-769639063-1674776794-1001
2023-01-30 17:54 - 2020-10-26 01:14 - 000002433 _____ C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2023-01-29 01:31 - 2020-09-30 17:27 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2023-01-28 03:13 - 2017-08-23 22:28 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2023-01-28 03:11 - 2014-04-29 00:53 - 000000000 ____D C:\Users\Alex\AppData\Local\NVIDIA
2023-01-27 01:41 - 2016-03-31 00:37 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2023-01-26 20:42 - 2022-11-11 21:00 - 000002136 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader.lnk
2023-01-26 00:03 - 2020-10-26 01:13 - 000443072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2023-01-26 00:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2023-01-26 00:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2023-01-26 00:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2023-01-26 00:03 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2023-01-25 19:25 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2023-01-25 19:24 - 2020-10-26 01:14 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2023-01-25 19:18 - 2014-09-03 14:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2023-01-25 19:17 - 2014-04-29 00:45 - 000000000 ____D C:\WINDOWS\system32\MRT
2023-01-25 19:10 - 2014-04-29 00:45 - 150199536 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2023-01-24 21:41 - 2014-11-01 13:06 - 000000000 ____D C:\Users\Alex\AppData\Local\ElevatedDiagnostics
2023-01-24 20:57 - 2022-12-20 21:40 - 000000000 ____D C:\Users\Alex\Documents\Guild Wars 2
2023-01-24 18:44 - 2020-06-21 20:02 - 000000000 ____D C:\ProgramData\SteelSeries
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2015-06-29 14:32 - 2017-06-17 22:29 - 000000302 _____ () C:\Users\Alex\AppData\Roaming\BreakingPoint_Login.ini
2015-06-29 15:40 - 2017-06-18 00:30 - 000001431 _____ () C:\Users\Alex\AppData\Roaming\BreakingPoint_Options.ini
2018-05-31 21:14 - 2018-05-31 21:14 - 000038480 _____ () C:\Users\Alex\AppData\Roaming\Durch Trennzeichen getrennte Werte.ADR
2014-09-03 15:27 - 2014-09-03 15:27 - 000012102 _____ () C:\Users\Alex\AppData\Roaming\Durch Trennzeichen getrennte Werte.CAL
2018-11-06 00:44 - 2023-02-04 07:20 - 000034189 _____ () C:\Users\Alex\AppData\Roaming\VoiceMeeterBananaDefault.xml
2017-03-05 00:01 - 2018-11-05 22:12 - 000004655 _____ () C:\Users\Alex\AppData\Roaming\VoiceMeeterDefault.xml
2022-01-08 22:57 - 2022-01-08 22:57 - 000001559 _____ () C:\Users\Alex\AppData\Local\recently-used.xbel
2015-01-26 14:47 - 2020-12-29 19:38 - 000007600 _____ () C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Danke im Voraus! |
| Themen zu Verdacht auf Malware: Youtube Channel Abo, Key Inputs |
| administrator, adobe, asus, defender, desktop, firefox, geforce, google, internet, malware, malwarebytes, microsoft, mozilla, nvidia, ordner, prozesse, registry, scan, secure, services.exe, software, svchost.exe, teamspeak, usb, windows |
Baum-Darstellung