| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner oder Malware eingefangen? Gimp Updater wird als Malware erkanntWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
27.02.2024, 14:44
| #1 |
| |  Trojaner oder Malware eingefangen? Gimp Updater wird als Malware erkannt Hallo zusammen, ich glaube ich habe mir Malware eingefangen und diese sind nicht durch Malwarebytes erfolgreich gelöscht worden. Würdet ihr bitte einmal über mein System drüberschauen und mir sagen ob noch Probleme bestehen. Die Malware war wohl Gimp Updater. Ich kann bei Bedarf auch gerne noch die Logdaten von Malwarebytes posten. Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 26.02.2024 01
durchgeführt von Lil Vamp (Administrator) auf DESKTOP-M7EP8UC (Micro-Star International Co., Ltd. MS-7A38) (27-02-2024 14:09:26)
Gestartet von C:\Users\Lil Vamp\Downloads\FRST64.exe
Geladene Profile: Lil Vamp
Plattform: Microsoft Windows 10 Pro Version 22H2 19045.4046 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(5BD5593D-A41B-4F89-884E-B4F3E0FBAA75 -> Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12131.3.2010.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.) C:\Program Files (x86)\SogouInput\9.8.0.3746\SGTool.exe
(C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\SentryEye.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Users\Lil Vamp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Lil Vamp\AppData\Local\Microsoft\OneDrive\24.020.0128.0003\Microsoft.SharePoint.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wuapihost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <16>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
(services.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe
(services.exe ->) (Cisco Systems, Inc. -> Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(services.exe ->) (geek software GmbH -> geek software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2fe7c165c5dd3267\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(services.exe ->) (Windscribe Limited -> Windscribe Limited) C:\Program Files (x86)\Windscribe\WindscribeService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2401.5.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> ) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.230.1135.0_x64__zpdnekdrzrea0\XboxGameBarSpotify.exe
(svchost.exe ->) (Avira Operations GmbH -> Avira Operations GmbH) C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
(svchost.exe ->) (Google Inc -> Google LLC) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <2>
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2311.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.124.1221.0_x64__8wekyb3d8bbwe\GameBar.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_6.124.1221.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Lil Vamp\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle America, Inc. -> Oracle Corporation)
HKLM-x32\...\Run: [Genshin Impact_Launcher] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [933888 2012-08-21] (AVM Berlin) [Datei ist nicht signiert]
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [486464 2020-10-01] (geek software GmbH -> geek software GmbH)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [2008856 2021-12-08] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [com.squirrel.slack.slack] => C:\Users\Lil Vamp\AppData\Local\slack\Update.exe [1584656 2018-11-11] (Slack Technologies, Inc. -> )
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [ctfmon] => C:\WINDOWS\system32\ctfmon.exe [11264 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [90952568 2020-10-09] (Skype Software Sarl -> Skype Technologies S.A.)
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [com.squirrel.Teams.Teams] => C:\Users\Lil Vamp\AppData\Local\Microsoft\Teams\Update.exe [1789768 2019-08-18] (Microsoft 3rd Party Application Component -> Microsoft Corporation)
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [Blizz] => C:\Users\Lil Vamp\AppData\Roaming\Blizz\Blizz.exe [39442048 2020-04-08] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [] => [X]
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [Adobe Reader Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe" (Keine Datei)
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [24017528 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [MicrosoftEdgeAutoLaunch_449EB040EEE76013652793F6BD8242E1] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4067896 2024-02-23] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [70921216 2024-02-23] (Riot Games, Inc. -> Riot Games, Inc.)
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\MountPoints2: {cd4c5bc6-a9a0-11e9-9e1c-309c238a2d04} - "D:\pushinst.exe"
HKU\S-1-5-21-2168636311-4045087428-3637539368-1001\...\MountPoints2: {d31c1a6d-d2ed-11e8-9dd9-309c238a2d04} - "E:\LaunchU3.exe" -a
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\122.0.6261.70\Installer\chrmstp.exe [2024-02-26] (Google LLC -> Google LLC)
GroupPolicy: Beschränkung ? <==== ACHTUNG
GroupPolicy-Firefox: Beschränkung <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {394EE2A1-C6B1-404B-A2C9-9C483745E46D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {BAF21D80-2C0B-4E0D-B7DF-0444D8D280B7} - System32\Tasks\Avira_FallbackUpdater => C:\WINDOWS\system32\sc.exe [72192 2019-12-07] (Microsoft Windows -> Microsoft Corporation) -> start AviraFallbackUpdater Delayed=false
Task: {25B07876-369B-4166-8729-B1544CCED3B5} - System32\Tasks\Avira_Security_Maintenance => Command(1): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> FallbackTelemetry
Task: {25B07876-369B-4166-8729-B1544CCED3B5} - System32\Tasks\Avira_Security_Maintenance => Command(2): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> ServiceWatchdog
Task: {25B07876-369B-4166-8729-B1544CCED3B5} - System32\Tasks\Avira_Security_Maintenance => Command(3): C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe -> CrashCollector
Task: {7EFA9FB7-91D0-496F-BDF7-A3608C39CDF3} - System32\Tasks\Avira_Security_Service_SCM_Watchdog => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe [260832 2024-01-16] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {D3397E0E-6F45-4364-B82F-FC309017DE45} - System32\Tasks\Avira_Security_Systray => C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe [1825360 2024-01-16] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {1CA6C108-1B14-4955-AF05-5D406232A7CD} - System32\Tasks\Avira_Security_Update => C:\WINDOWS\system32\net.exe [59904 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
Task: {794D9557-9332-4649-84DE-BA1677E3823F} - System32\Tasks\AviraSystemSpeedupVerify => C:\Program Files (x86)\Avira\System Speedup\setup\avira_speedup_setup.exe [37097112 2023-12-15] (Avira Operations GmbH -> Avira Operations GmbH)
Task: {520C8626-A525-489A-829B-F7DA508E227A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-19] (Google Inc -> Google LLC)
Task: {19FD6700-1A0D-4C82-9711-8A186144E11A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154920 2019-07-19] (Google Inc -> Google LLC)
Task: {9AA5C09B-DC10-4EF9-852B-5D11A86151FD} - System32\Tasks\HPCustParticipation HP ColorLaserJet MFP M178-M181 => C:\Program Files\HP\HP ColorLaserJet MFP M178-M181\Bin\HPCustPartic.exe [6659488 2020-01-22] (HP Inc -> HP Inc.)
Task: {DAD5E68A-8176-4425-B5CC-A15B451CE242} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {A4E18C6C-43BF-4724-81E6-CA9E0C8DA743} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28372672 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {F7E0F84D-E243-4B4B-9756-E82F3852A3CC} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218776 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {79C67321-B852-422A-B931-91F28A2596DB} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [218776 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {3A01470B-6C6F-4E45-826A-02190C3A4081} - System32\Tasks\Microsoft\Office\Office Serviceability Manager => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe [4436272 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
Task: {2801E170-EE59-4E99-9241-4F7F3C4ACC79} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [362192 2024-02-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {389C3A98-131B-4AD3-9031-2782EA53C291} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-02-20] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {EC01A875-54B4-4303-AB2E-5F0438A3F31E} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2168636311-4045087428-3637539368-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [671136 2024-02-20] (Mozilla Corporation -> Mozilla Corporation) -> --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
Task: {A56EDA1E-65DE-47FE-B447-5E7CAC01B76C} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34720 2024-02-20] (Mozilla Corporation -> Mozilla Foundation)
Task: {8B70E5F4-C069-4327-9F49-FCA133C942A1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1005096 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation) -> -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {7467276E-B594-42CA-B89D-3CB83B33F3AA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3345448 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {09E6DFAA-DC8D-44CF-949E-7C26E3CE0478} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [649256 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DEE5ED77-B0A6-4D5A-A92B-E61860898523} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A0920731-367A-4F7D-AE3C-DD5A599C0ACE} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [910888 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A7A7D487-EFDE-43B0-9571-C1538F85C3F9} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6E2130CB-6228-45FD-A7A0-ED9DC851E6BD} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {DA042E0E-783E-4A39-9E26-AF1B67C47F62} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {145D5E10-471F-47BC-890D-AB8EF5F73528} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1665064 2023-11-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {85AC4649-8BE3-4665-B185-5B287B96A590} - System32\Tasks\SogouImeMgr => C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe [412568 2020-06-26] (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.) -> "C:\Program Files (x86)\SogouInput\9.8.0.3746\SGTool.exe" --appid=pinyinrepair /t /v
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3: <==== ACHTUNG (Beschränkung - Zones)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2ffe0d0b-5d73-435a-982e-76bce369bc6c}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2ffe0d0b-5d73-435a-982e-76bce369bc6c}\64259445A51224F68702733363230235C4: [DhcpNameServer] 192.168.188.1
Tcpip\..\Interfaces\{2ffe0d0b-5d73-435a-982e-76bce369bc6c}\64259445A51224F68702733363230235C4: [DhcpDomain] fritz.box
Tcpip\..\Interfaces\{31fbf6cc-82fa-4fae-ae6d-7f563f36c899}: [DhcpNameServer] 8.8.8.8 208.67.222.222
Tcpip\..\Interfaces\{5b3bc9bb-799c-4fd9-ad7e-d516cfda8258}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{b7251a39-74b2-41c7-8037-7d0df0f6e85e}: [DhcpNameServer] 192.168.0.1
Edge:
=======
Edge Profile: C:\Users\Lil Vamp\AppData\Local\Microsoft\Edge\User Data\Default [2024-02-27]
Edge Extension: (Google Docs Offline) - C:\Users\Lil Vamp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-22]
Edge Extension: (Edge relevant text changes) - C:\Users\Lil Vamp\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
FireFox:
========
FF DefaultProfile: esnoyytm.default
FF ProfilePath: C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default [2024-02-27]
FF Notifications: Mozilla\Firefox\Profiles\esnoyytm.default -> hxxps://tinder.com
FF Extension: (Windscribe - Free Proxy and Ad Blocker) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\@windscribeff.xpi [2023-11-10]
FF Extension: (Avira Browserschutz) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\abs@avira.com.xpi [2019-01-08] [UpdateUrl:hxxps://download.avira.com/package/absnooffers/firefox/update_webext_no_offers.rdf]
FF Extension: (BetterTTV) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\firefox@betterttv.net.xpi [2024-02-19]
FF Extension: (FrankerFaceZ) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\frankerfacez@frankerfacez.com.xpi [2019-06-22] [UpdateUrl:hxxps://cdn.frankerfacez.com/script/firefox-updates.json]
FF Extension: (MyJDownloader Browser Erweiterung) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\jid1-OY8Xu5BsKZQa6A@jetpack.xpi [2021-10-15] [UpdateUrl:hxxps://my.jdownloader.org/extensions/firefox.json]
FF Extension: (uBlock Origin) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\uBlock0@raymondhill.net.xpi [2024-02-23]
FF Extension: (MetaMask) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\webextension@metamask.io.xpi [2024-02-09]
FF Extension: (10ten Japanese Reader (Rikaichamp)) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\{59812185-ea92-4cca-8ab7-cfcacee81281}.xpi [2024-01-08]
FF Extension: (Perapera Chinese Popup Dictionary) - C:\Users\Lil Vamp\AppData\Roaming\Mozilla\Firefox\Profiles\esnoyytm.default\Extensions\{90089c2c-9ab9-4d7b-a612-47c04c85c90e}.xpi [2021-02-26]
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-02-22] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2019-01-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-03] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR Profile: C:\Users\Lil Vamp\AppData\Local\Google\Chrome\User Data\Default [2024-02-05]
CHR Notifications: Default -> hxxps://www.youtube.com
CHR Extension: (Adblock Plus - kostenloser Adblocker) - C:\Users\Lil Vamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2024-01-30]
CHR Extension: (Rajiko) - C:\Users\Lil Vamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejcfdikabeebbgbopoagpabbdokepnff [2023-09-29]
CHR Extension: (Avira Browserschutz) - C:\Users\Lil Vamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2022-11-06]
CHR Extension: (Google Docs Offline) - C:\Users\Lil Vamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-01-30]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Lil Vamp\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-17]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
S2 AviraFallbackUpdater; C:\Program Files (x86)\Avira\Fallback Updater\Avira.Spotlight.FallbackUpdater.exe [6782232 2024-01-16] (Avira Operations GmbH -> Avira Operations GmbH)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [3004688 2022-07-22] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [389096 2023-09-06] (Avira Operations GmbH -> Avira Operations GmbH & Co. KG)
R2 AviraSecurity; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe [268600 2024-01-16] (Avira Operations GmbH -> Avira Operations GmbH)
S2 AviraSecurityUpdater; C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe [298400 2024-01-16] (Avira Operations GmbH -> Avira Operations GmbH)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [8473200 2019-04-21] (BattlEye Innovations e.K. -> )
S3 brlapi; C:\WINDOWS\brltty\bin\brltty.exe [847886 2019-10-15] (Microsoft Windows -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14048768 2024-02-10] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [1134624 2023-06-26] (EasyAntiCheat Oy -> Epic Games, Inc)
R2 EndpointProtectionService; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [11364008 2024-02-26] (Avira Operations GmbH -> Avira Operations GmbH)
S3 EndpointProtectionService2; C:\Program Files\Avira\Endpoint Protection SDK\endpointprotection.exe [11364008 2024-02-26] (Avira Operations GmbH -> Avira Operations GmbH)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029472 2021-10-18] (Epic Games Inc. -> Epic Games, Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [230360 2024-01-22] (HP Inc. -> HP Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-26] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-02-26] (Malwarebytes Inc. -> Malwarebytes)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2fe7c165c5dd3267\Display.NvContainer\NVDisplay.Container.exe [1275528 2024-01-19] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OfficeSvcManagerAddons; C:\WINDOWS\system32\dllhost.exe /Processid:{2CA2E202-932F-4BA2-8771-195BB86398F5} [22384 2023-11-16] (Microsoft Windows -> Microsoft Corporation)
R2 PDF24; C:\Program Files (x86)\PDF24\pdf24.exe [486464 2020-10-01] (geek software GmbH -> geek software GmbH)
S3 ProtonVPN Service; C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe [403048 2023-07-05] (Proton Technologies AG -> ProtonVPN)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [534472 2023-12-13] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SogouSvc; C:\Program Files (x86)\SogouInput\SogouExe\SogouSvc.exe [469912 2020-06-26] (Beijing Sogou Technology Development Co., Ltd. -> Sogou.com Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11660528 2018-12-07] (TeamViewer GmbH -> TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\NisSrv.exe [3224328 2023-04-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe [133544 2023-04-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WindscribeService; C:\Program Files (x86)\Windscribe\WindscribeService.exe [1337216 2022-04-12] (Windscribe Limited -> Windscribe Limited)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 acsock; C:\WINDOWS\system32\DRIVERS\acsock64.sys [293264 2021-12-08] (Microsoft Windows Hardware Compatibility Publisher -> Cisco Systems, Inc.)
S3 avmeject; C:\WINDOWS\System32\drivers\avmeject.sys [14120 2018-08-22] (AVM Computersysteme Vertriebs GmbH -> AVM Berlin)
R0 BdNet; C:\WINDOWS\System32\DRIVERS\BdNet.sys [190712 2023-03-16] (Avira Operations GmbH -> Avira Operations GmbH)
R1 BdSentry; C:\WINDOWS\System32\DRIVERS\BdSentry.sys [233560 2023-05-26] (Avira Operations GmbH -> Avira Operations GmbH)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\WINDOWS\System32\drivers\bthhfenum.sys [144896 2019-12-07] (Microsoft Corporation) [Datei ist nicht signiert]
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 fwlanusb6_nv2; C:\WINDOWS\system32\DRIVERS\fwlanusb6_nv2.sys [2235152 2018-08-22] (WDKTestCert rstolz,131417395005862431 -> AVM GmbH)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-02-26] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [200104 2024-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [78400 2024-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-26] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [188784 2024-02-27] (Malwarebytes Inc. -> Malwarebytes)
R1 netprotection_network_filter; C:\WINDOWS\System32\drivers\netprotection_network_filter.sys [100128 2022-05-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R3 NvModuleTracker; C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys [45656 2022-07-14] (Nvidia Corporation -> NVIDIA Corporation)
S3 ProtonVPNCallout; C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.CalloutDriver.sys [34176 2023-07-05] (Microsoft Windows Hardware Compatibility Publisher -> Proton Technologies AG)
S0 rtp_elam; C:\WINDOWS\System32\DRIVERS\rtp_elam.sys [28784 2023-11-10] (Microsoft Windows Early Launch Anti-Malware Publisher -> Avira Operations GmbH)
U5 rtp_filesystem_filter; C:\Windows\System32\Drivers\rtp_filesystem_filter.sys [219448 2023-07-11] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_filter; C:\WINDOWS\System32\DRIVERS\rtp_filter.sys [379264 2024-02-26] (Avira Operations GmbH -> Avira Operations GmbH)
U5 rtp_process_monitor; C:\Windows\System32\Drivers\rtp_process_monitor.sys [199992 2023-07-11] (Avira Operations GmbH -> Avira Operations GmbH)
R1 rtp_traverse; C:\WINDOWS\system32\DRIVERS\rtp_traverse.sys [41984 2023-11-10] (Avira Operations GmbH -> Avira Operations GmbH)
S3 sonics_WaveExtensible; C:\WINDOWS\system32\drivers\vrtaupipe.sys [28976 2018-05-09] (CLOSED LOOP LABS LTD -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R3 tapprotonvpn; C:\WINDOWS\System32\drivers\tapprotonvpn.sys [49024 2021-05-28] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R3 tapwindscribe0901; C:\WINDOWS\System32\drivers\tapwindscribe0901.sys [57768 2022-04-12] (Windscribe Limited -> The OpenVPN Project)
R3 VBAudioVACMME; C:\WINDOWS\System32\drivers\vbaudio_cable64_win7.sys [41192 2014-09-02] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 VBAudioVMAUXVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmauxvaio64_win10.sys [71920 2019-05-25] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 VBAudioVMVAIOMME; C:\WINDOWS\System32\drivers\vbaudio_vmvaio64_win10.sys [71712 2019-02-09] (Vincent Burel -> Windows (R) Win 7 DDK provider)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [74064 2021-12-08] (Cisco Systems, Inc. -> Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [49608 2023-04-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [495896 2023-04-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [99624 2023-04-02] (Microsoft Windows -> Microsoft Corporation)
S3 WindscribeSplitTunnel; C:\WINDOWS\system32\DRIVERS\WindscribeSplitTunnel.sys [35752 2022-04-12] (Windscribe Limited -> )
R3 windtun420; C:\WINDOWS\System32\drivers\windtun420.sys [47544 2022-04-12] (Windscribe Limited -> WireGuard LLC)
R3 wintun; C:\WINDOWS\system32\DRIVERS\wintun.sys [29680 2021-11-30] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2022-05-28] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R1 YSDrv; C:\Program Files (x86)\Bignox\BigNoxVM\RT\YSDrv.sys [312776 2021-03-21] (Microsoft Windows Hardware Compatibility Publisher -> Nox Limited Corporation)
S3 netprotection_network_filter2; System32\drivers\netprotection_network_filter2.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-02-27 14:09 - 2024-02-27 14:10 - 000035073 _____ C:\Users\Lil Vamp\Downloads\FRST.txt
2024-02-27 14:09 - 2024-02-27 14:10 - 000000000 ____D C:\FRST
2024-02-27 14:08 - 2024-02-27 14:08 - 002386944 _____ (Farbar) C:\Users\Lil Vamp\Downloads\FRST64.exe
2024-02-27 14:06 - 2024-02-27 14:06 - 000188784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-02-26 15:35 - 2024-02-27 01:15 - 000000000 ____D C:\Users\Lil Vamp\AppData\Local\Malwarebytes
2024-02-26 15:35 - 2024-02-26 15:35 - 000002093 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-02-26 15:35 - 2024-02-26 15:35 - 000002081 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-02-26 15:35 - 2024-02-26 15:35 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-02-26 15:35 - 2024-02-26 15:35 - 000000000 ____D C:\Program Files\Malwarebytes
2024-02-26 15:22 - 2024-02-26 15:23 - 000000000 ____D C:\Users\Lil Vamp\Desktop\Bilder von kaputten Staubsauger
2024-02-26 15:16 - 2024-02-26 15:16 - 002585496 _____ (Malwarebytes) C:\Users\Lil Vamp\Downloads\MBSetup.exe
2024-02-26 15:16 - 2024-02-26 15:16 - 002585496 _____ (Malwarebytes) C:\Users\Lil Vamp\Downloads\MBSetup(2).exe
2024-02-26 15:16 - 2024-02-26 15:16 - 002585496 _____ (Malwarebytes) C:\Users\Lil Vamp\Downloads\MBSetup(1).exe
2024-02-24 10:26 - 2024-02-24 10:26 - 000246526 _____ C:\Users\Lil Vamp\Documents\Aufnahmeantrag.pdf
2024-02-24 03:20 - 2024-02-24 03:20 - 000073133 _____ C:\Users\Lil Vamp\Downloads\65d7d947aadd7931306ed2ed_AIXCSC Aufnahmeantrag+Satzung 0224 1e.pdf
2024-02-20 15:18 - 2024-02-20 15:18 - 001138687 _____ C:\Users\Lil Vamp\Documents\Bewilligungsbescheid_2024.pdf
2024-02-20 15:11 - 2024-02-20 19:17 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-02-18 14:20 - 2024-02-18 14:23 - 000000000 ___HD C:\$WinREAgent
2024-02-17 14:37 - 2024-02-17 14:37 - 000000051 _____ C:\Users\Lil Vamp\Desktop\NZBgeek.txt
2024-02-17 14:29 - 2024-02-17 14:29 - 000019697 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-02-17 14:29 - 2024-02-17 14:29 - 000019697 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-02-15 18:37 - 2024-02-15 18:37 - 000740652 _____ C:\Users\Lil Vamp\Documents\STAWAG_Schlussrechnung.pdf
2024-02-15 13:01 - 2024-02-15 13:01 - 000104715 _____ C:\Users\Lil Vamp\Downloads\Paketschein_244046527024_Brandstätter_150224.pdf
2024-02-07 18:09 - 2024-02-07 18:09 - 000001230 _____ C:\Users\Public\Desktop\Proton VPN.lnk
2024-02-07 18:09 - 2024-02-07 18:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProtonVPN
2024-02-04 18:45 - 2024-02-04 18:45 - 000000448 __RSH C:\ProgramData\ntuser.pol
2024-02-04 18:42 - 2024-02-04 18:42 - 3033710592 _____ C:\Users\Lil Vamp\Downloads\linuxmint-21.3-xfce-64bit.iso
2024-02-01 17:51 - 2024-01-19 00:25 - 002095360 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2024-02-01 17:51 - 2024-01-19 00:25 - 002095360 _____ C:\WINDOWS\system32\vulkaninfo.exe
2024-02-01 17:51 - 2024-01-19 00:25 - 001655656 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2024-02-01 17:51 - 2024-01-19 00:25 - 001655656 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2024-02-01 17:51 - 2024-01-19 00:25 - 001487376 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2024-02-01 17:51 - 2024-01-19 00:25 - 001434480 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2024-02-01 17:51 - 2024-01-19 00:25 - 001434480 _____ C:\WINDOWS\system32\vulkan-1.dll
2024-02-01 17:51 - 2024-01-19 00:25 - 001278720 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2024-02-01 17:51 - 2024-01-19 00:25 - 001278720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2024-02-01 17:51 - 2024-01-19 00:25 - 001226872 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2024-02-01 17:51 - 2024-01-19 00:22 - 001040400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvml.dll
2024-02-01 17:51 - 2024-01-19 00:22 - 000670240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvofapi64.dll
2024-02-01 17:51 - 2024-01-19 00:22 - 000505992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvofapi.dll
2024-02-01 17:51 - 2024-01-19 00:21 - 002173984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2024-02-01 17:51 - 2024-01-19 00:21 - 001625632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2024-02-01 17:51 - 2024-01-19 00:21 - 001542280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2024-02-01 17:51 - 2024-01-19 00:21 - 001199112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2024-02-01 17:51 - 2024-01-19 00:21 - 000841848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvidia-smi.exe
2024-02-01 17:51 - 2024-01-19 00:20 - 016032888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2024-02-01 17:51 - 2024-01-19 00:20 - 012928120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2024-02-01 17:51 - 2024-01-19 00:20 - 006780960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2024-02-01 17:51 - 2024-01-19 00:20 - 003721224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2024-02-01 17:51 - 2024-01-19 00:20 - 001023608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2024-02-01 17:51 - 2024-01-19 00:20 - 000787064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2024-02-01 17:51 - 2024-01-19 00:20 - 000459912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdebugdump.exe
2024-02-01 17:51 - 2024-01-19 00:19 - 005907464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2024-02-01 17:51 - 2024-01-19 00:19 - 005772816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcudadebugger.dll
2024-02-01 17:51 - 2024-01-19 00:18 - 000853000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\MCU.exe
2024-02-01 17:51 - 2024-01-18 12:32 - 000120271 _____ C:\WINDOWS\system32\nvinfo.pb
2024-02-01 15:13 - 2024-02-01 15:13 - 000259665 _____ C:\Users\Lil Vamp\Downloads\47_262331321_000000001_47LM202400000363ER_20240131.pdf
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-02-27 14:10 - 2021-12-19 11:45 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-02-27 14:10 - 2019-07-19 14:16 - 000000000 ____D C:\Program Files (x86)\Google
2024-02-27 14:09 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-02-27 14:09 - 2018-08-19 21:24 - 000000000 ____D C:\ProgramData\NVIDIA
2024-02-27 14:08 - 2022-02-12 19:02 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-02-27 14:07 - 2018-12-24 01:20 - 000000000 ____D C:\Users\Lil Vamp\AppData\LocalLow\SogouPY
2024-02-27 14:06 - 2020-08-13 22:46 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-02-27 14:06 - 2020-08-13 22:39 - 000008192 ___SH C:\DumpStack.log.tmp
2024-02-27 14:06 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-02-27 14:06 - 2018-12-21 23:33 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2024-02-27 01:25 - 2023-02-15 09:25 - 005780576 _____ C:\WINDOWS\system32\rtp.db
2024-02-27 01:25 - 2019-12-07 10:03 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2024-02-27 01:17 - 2020-08-13 22:39 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-02-26 22:41 - 2019-07-19 14:16 - 000002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2024-02-26 22:41 - 2019-07-19 14:16 - 000002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2024-02-26 16:19 - 2018-08-19 21:32 - 000000000 ____D C:\Users\Lil Vamp\AppData\Local\D3DSCache
2024-02-26 15:35 - 2019-12-07 10:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-02-26 15:35 - 2019-12-07 10:13 - 000000000 ____D C:\WINDOWS\INF
2024-02-26 15:20 - 2020-08-13 23:22 - 000475978 _____ C:\WINDOWS\system32\perfh011.dat
2024-02-26 15:20 - 2020-08-13 23:22 - 000131662 _____ C:\WINDOWS\system32\perfc011.dat
2024-02-26 15:20 - 2020-08-13 22:44 - 002321176 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-02-26 15:20 - 2019-12-07 15:51 - 000739414 _____ C:\WINDOWS\system32\perfh007.dat
2024-02-26 15:20 - 2019-12-07 15:51 - 000149046 _____ C:\WINDOWS\system32\perfc007.dat
2024-02-26 15:13 - 2018-09-14 16:40 - 000000000 ____D C:\Users\Lil Vamp\AppData\Local\CrashDumps
2024-02-26 12:27 - 2023-04-24 15:38 - 000379264 _____ (Avira Operations GmbH) C:\WINDOWS\system32\Drivers\rtp_filter.sys
2024-02-25 23:37 - 2018-08-23 19:50 - 000000000 ____D C:\ProgramData\Riot Games
2024-02-25 23:24 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2024-02-25 19:34 - 2020-06-19 17:39 - 000002436 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-02-25 19:34 - 2020-06-19 17:39 - 000002274 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2024-02-24 19:37 - 2022-10-13 23:21 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-02-24 19:37 - 2022-10-13 23:21 - 000002061 _____ C:\Users\Public\Desktop\Adobe Acrobat.lnk
2024-02-24 19:37 - 2020-08-13 22:46 - 000004562 _____ C:\WINDOWS\system32\Tasks\Adobe Acrobat Update Task
2024-02-23 20:58 - 2018-09-07 18:44 - 000000000 ____D C:\Users\Lil Vamp\AppData\Local\JDownloader 2.0
2024-02-21 17:51 - 2020-08-13 22:46 - 000003756 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-02-21 17:51 - 2020-08-13 22:46 - 000003632 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-02-20 19:17 - 2018-08-23 19:23 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-02-20 17:01 - 2018-09-02 23:07 - 000000000 ____D C:\Users\Lil Vamp\AppData\Roaming\vlc
2024-02-20 16:27 - 2021-10-11 10:40 - 000000000 ____D C:\WINDOWS\system32\Tasks\Mozilla
2024-02-20 16:27 - 2018-08-23 19:23 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-02-17 18:40 - 2020-08-13 22:39 - 000515336 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-02-17 18:39 - 2019-12-07 15:54 - 000000000 ___SD C:\WINDOWS\system32\AppV
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\SystemResources
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\setup
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-02-17 18:39 - 2019-12-07 10:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-02-17 14:32 - 2019-12-07 10:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-02-17 14:29 - 2020-08-13 22:41 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2024-02-17 14:26 - 2021-12-12 18:20 - 000003592 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2168636311-4045087428-3637539368-1001
2024-02-17 14:26 - 2020-08-13 22:46 - 000003386 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2168636311-4045087428-3637539368-1001
2024-02-17 14:26 - 2020-08-13 22:40 - 000002408 _____ C:\Users\Lil Vamp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-02-17 14:26 - 2018-08-23 21:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-02-17 14:17 - 2018-08-23 19:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-02-17 14:14 - 2018-08-23 19:23 - 191155960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-02-07 18:09 - 2021-11-30 17:18 - 000000000 ____D C:\Users\Lil Vamp\AppData\Roaming\Proton Technologies AG
2024-02-07 18:09 - 2021-11-30 17:18 - 000000000 ____D C:\Users\Lil Vamp\AppData\Local\ProtonVPN
2024-02-07 18:09 - 2021-11-30 17:18 - 000000000 ____D C:\Program Files (x86)\Proton Technologies
2024-02-01 17:55 - 2018-08-23 19:40 - 000000000 ____D C:\Users\Lil Vamp\AppData\Local\NVIDIA
2024-01-31 17:41 - 2020-08-13 22:40 - 000000000 ____D C:\Users\Lil Vamp
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2023-11-01 12:49 - 2023-11-01 12:49 - 000000211 _____ () C:\Users\Lil Vamp\AppData\Roaming\com.reolink.app.client
2018-08-30 20:22 - 2019-02-10 19:53 - 000007662 _____ () C:\Users\Lil Vamp\AppData\Roaming\SpeedRunnersLog.txt
2019-02-09 20:20 - 2019-05-25 23:02 - 000004694 _____ () C:\Users\Lil Vamp\AppData\Roaming\VoiceMeeterDefault.xml
2023-06-03 16:25 - 2023-06-03 16:25 - 000006441 _____ () C:\Users\Lil Vamp\AppData\Local\recently-used.xbel
2018-08-19 21:33 - 2018-08-29 16:27 - 000007602 _____ () C:\Users\Lil Vamp\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
|
| Themen zu Trojaner oder Malware eingefangen? Gimp Updater wird als Malware erkannt |
| .dll, adobe, avira, defender, firefox, google, internet, malware, monitor, mozilla, popup, proxy, prozesse, registry, rundll, scan, security, services.exe, software, stick, svchost.exe, system, trojaner, usb, windows |
Baum-Darstellung