Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
PC ggf. per Remote-Verbindung gesteuert, Policies/Unsignierte Treiber auffällig im Log

PC ggf. per Remote-Verbindung gesteuert, Policies/Unsignierte Treiber auffällig im Log


Plagegeister aller Art und deren Bekämpfung: PC ggf. per Remote-Verbindung gesteuert, Policies/Unsignierte Treiber auffällig im Log

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Thema geschlossen
Alt 04.03.2024, 21:06   #1
Backslash
 
PC ggf. per Remote-Verbindung gesteuert, Policies/Unsignierte Treiber auffällig im Log - Standard

PC ggf. per Remote-Verbindung gesteuert, Policies/Unsignierte Treiber auffällig im Log


Vielen Dank für deine schnelle Antwort. Hier sind die beiden Log-Dateien:

FRST.txt:
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 11.02.2024
durchgeführt von Jscn (Administrator) auf DESKTOP-MBQM2CV (ASUS System Product Name) (04-03-2024 19:52:18)
Gestartet von C:\Users\Jscn\Desktop\FRST64.exe
Geladene Profile: Jscn
Plattform: Microsoft Windows 11 Pro Version 24H2 26058.1400 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: Brave
Start-Modus: Normal

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(C:\Program Files\Bitdefender Agent\ProductAgentService.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe
(C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdntwrk.exe
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bduserhost.exe <4>
(C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe ->) (S.C. BITDEFENDER S.R.L. -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\wsccommunicator.exe
(C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(C:\Program Files\LibreWolf\librewolf.exe ->) (DroidMonkey Apps, LLC -> ) C:\Program Files\KeePassXC\keepassxc-proxy.exe <2>
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\NVIDIA Overlay.exe <5>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA App\ShadowPlay\nvsphelper64.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.1301.260.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.59\msedgewebview2.exe <6>
(C:\Users\Jscn\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Jscn\AppData\Local\PowerToys\KeyboardManagerEngine\PowerToys.KeyboardManagerEngine.exe
(C:\Users\Jscn\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Jscn\AppData\Local\PowerToys\PowerToys.AlwaysOnTop.exe
(C:\Users\Jscn\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Jscn\AppData\Local\PowerToys\PowerToys.ColorPickerUI.exe
(C:\Users\Jscn\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Jscn\AppData\Local\PowerToys\PowerToys.CropAndLock.exe
(C:\Users\Jscn\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Jscn\AppData\Local\PowerToys\PowerToys.FancyZones.exe
(C:\Users\Jscn\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Jscn\AppData\Local\PowerToys\PowerToys.PowerLauncher.exe
(C:\Users\Jscn\AppData\Local\PowerToys\PowerToys.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Jscn\AppData\Local\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe
(C:\Users\Jscn\AppData\Local\TIDAL\app-2.36.2\TIDAL.exe ->) (TIDAL Music AS -> TIDAL Music AS) C:\Users\Jscn\AppData\Local\TIDAL\app-2.36.2\resources\app.asar.unpacked\resources\win\TIDALPlayer.exe
(explorer.exe ->) () [Datei ist nicht signiert] C:\Program Files\EqualizerAPO\Editor.exe
(explorer.exe ->) (Brave Software, Inc. -> Brave Software, Inc.) C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe <11>
(explorer.exe ->) (DroidMonkey Apps, LLC -> KeePassXC Team) C:\Program Files\KeePassXC\KeePassXC.exe
(explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <7>
(explorer.exe ->) (Nextcloud GmbH -> Nextcloud GmbH) C:\Program Files\Nextcloud\nextcloud.exe
(explorer.exe ->) (NextDNS, Inc. -> NextDNS) C:\Program Files (x86)\NextDNS\NextDNS.exe
(explorer.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\NordVPN.exe
(explorer.exe ->) (OpenSC Project) [Datei ist nicht signiert] C:\Program Files\OpenSC Project\OpenSC\tools\opensc-notify.exe
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(explorer.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(explorer.exe ->) (Signal Messenger, LLC -> Signal Messenger, LLC) C:\Users\Jscn\AppData\Local\Programs\signal-desktop\Signal.exe <5>
(Mozilla Corporation) [Datei ist nicht signiert] C:\Program Files\LibreWolf\librewolf.exe <9>
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> Asustek Computer Inc.) C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
(services.exe ->) (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AXSP\4.02.32\atkexComSvc.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender Agent\redline\bdredline.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe <3>
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
(services.exe ->) (Bitdefender SRL -> Bitdefender) C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_d0ba3dc7378fedf6\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_ab7d4ea1d12c01d4\WMIRegistrationService.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_0772df9f9e65a702\logi_lamparray_service.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpDefenderCoreService.exe
(services.exe ->) (Nextdns, Inc. -> ) C:\Program Files (x86)\NextDNS\NextDNSService.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordUpdater\NordUpdateService.exe
(services.exe ->) (nordvpn s.a. -> nordvpn S.A.) C:\Program Files\NordVPN\nordvpn-service.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_830091b3ebd4b98a\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(services.exe ->) (voidtools -> voidtools) C:\Program Files\Everything 1.5a\Everything64.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\ShellHost.exe
(svchost.exe ->) (58D26209-1D57-482C-B403-B655571B5C7B -> ) C:\Program Files\WindowsApps\DolbyLaboratories.DolbyAccess_3.20.3368.0_x64__rz1tebttyb220\DolbyAccess.exe
(svchost.exe ->) (Henry++) [Datei ist nicht signiert] C:\Program Files\simplewall\simplewall.exe
(svchost.exe ->) (Martin Malik - REALiX -> REALiX s.r.o.) C:\Program Files\HWiNFO64\HWiNFO64.EXE
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\Jscn\AppData\Local\PowerToys\PowerToys.exe
(svchost.exe ->) (Microsoft Windows -> ) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.1301.260.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\NgcIso.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\amd64\MoUsoCoreWorker.exe
(svchost.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> ) C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(svchost.exe ->) (Rémi Mercier) [Datei ist nicht signiert] C:\Users\Jscn\Downloads\FanControl_net_8_0\FanControl.exe
(TIDAL Music AS -> TIDAL Music AS) C:\Users\Jscn\AppData\Local\TIDAL\app-2.36.2\TIDAL.exe <6>

==================== Registry (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender Security App\bdagent.exe [1067296 2024-02-21] (Bitdefender SRL -> Bitdefender)
HKLM\...\Run: [BraveVpnWireguardService] => C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.165\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [10880024 2024-02-28] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\...\Run: [pkcs11-register.exe] => C:\Program Files\OpenSC Project\OpenSC\tools\pkcs11-register.exe [168960 2023-12-13] (OpenSC Project) [Datei ist nicht signiert]
HKLM\...\Run: [opensc-notify.exe] => C:\Program Files\OpenSC Project\OpenSC\tools\opensc-notify.exe [176128 2023-12-13] (OpenSC Project) [Datei ist nicht signiert]
HKLM\...\Run: [NextDNS] => C:\Program Files (x86)\NextDNS\NextDNS.exe [359016 2022-12-07] (NextDNS, Inc. -> NextDNS)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [11859680 2023-11-30] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
HKLM-x32\...\Run: [Discord] => C:\ProgramData\SquirrelMachineInstalls\Discord.exe [96194336 2024-02-02] (Discord Inc. -> Discord Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [1131488 2024-02-03] (Adobe Inc. -> Adobe Inc.)
HKLM-x32\...\Run: [Adobe CCXProcess] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [129288 2024-02-03] (Adobe Inc. -> )
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Beschränkung <==== ACHTUNG
HKLM\Software\Policies\...\system: [EnableActivityFeed] 0
HKLM\Software\Policies\...\system: [PublishUserActivities] 0
HKLM\Software\Policies\...\system: [UploadUserActivities] 0
HKLM\Software\Policies\...\system: [AllowClipboardHistory] 0
HKLM\Software\Policies\...\system: [AllowCrossDeviceClipboard] 0
HKU\S-1-5-21-2252719920-710989956-444148845-1001\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2600352 2024-03-02] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2252719920-710989956-444148845-1001\...\Run: [Discord] => C:\Users\Jscn\AppData\Local\Discord\Update.exe [1525024 2024-01-29] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2252719920-710989956-444148845-1001\...\Run: [org.whispersystems.signal-desktop] => C:\Users\Jscn\AppData\Local\Programs\signal-desktop\Signal.exe [177137600 2024-02-14] (Signal Messenger, LLC -> Signal Messenger, LLC)
HKU\S-1-5-21-2252719920-710989956-444148845-1001\...\Run: [Battle.net] => C:\Program Files (x86)\Battle.net\Battle.net.exe [981640 2024-02-23] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
HKU\S-1-5-21-2252719920-710989956-444148845-1001\...\Run: [SignalRgb] => C:\Users\Jscn\AppData\Local\VortxEngine\SignalRgbLauncher.exe [498688 2024-02-08] () [Datei ist nicht signiert]
HKU\S-1-5-21-2252719920-710989956-444148845-1001\...\Run: [simplewall] => C:\Program Files\simplewall\simplewall.exe [841728 2024-02-03] (Henry++) [Datei ist nicht signiert]
HKU\S-1-5-21-2252719920-710989956-444148845-1001\...\Run: [Nextcloud] => C:\Program Files\Nextcloud\nextcloud.exe [5317328 2024-02-13] (Nextcloud GmbH -> Nextcloud GmbH)
HKU\S-1-5-21-2252719920-710989956-444148845-1001\...\Run: [NordVPN] => C:\Program Files\NordVPN\NordVPN.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
HKU\S-1-5-21-2252719920-710989956-444148845-1001\...\Run: [MicrosoftEdgeAutoLaunch_7D156541D2D30087B8A1090113ED92B2] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4056616 2024-02-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2252719920-710989956-444148845-500\...\Run: [MicrosoftEdgeAutoLaunch_98769996E24836F99EC8617644423B4C] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [4056616 2024-02-29] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2252719920-710989956-444148845-500\...\Run: [OneDrive] => C:\Program Files\Microsoft OneDrive\OneDrive.exe [2600352 2024-03-02] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Print\Monitors\Virtual Port Monitor: C:\Windows\system32\VirtualMon.dll [184320 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}] -> C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.165\Installer\chrmstp.exe [2024-02-29] (Brave Software, Inc. -> Brave Software, Inc.)
HKLM\Software\...\Winlogon\GPExtensions: [{9F02E2F5-5A41-4D1A-B473-4617E84BC957}] -> C:\WINDOWS\system32\WindowsProtectedPrintConfiguration.dll [2024-02-10] (Microsoft Windows -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Syncthing.lnk [2024-02-08]
ShortcutTarget: Syncthing.lnk -> C:\Tools\syncthing-windows-amd64-v1.27.3\syncthing.exe (Stiftelsen Syncthing -> The Syncthing Authors)
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Microsoft\Edge: Beschränkung <==== ACHTUNG

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {648EC11E-D1D5-42DE-B928-AFF90618902C} - System32\Tasks\ASUS\NoiseCancelingEngine => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe  (Keine Datei)
Task: {0E1CBC86-9AE4-474B-940C-7EE5B3ED372E} - System32\Tasks\ASUS\P508PowerAgent_sdk => C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe  (Keine Datei)
Task: {5A58955C-A9CD-450D-A380-5C2421F3B1ED} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe [1111184 2023-12-12] (Bitdefender SRL -> Bitdefender)
Task: {DAAA4F17-404C-4FC9-B1DB-162B0C2160B5} - System32\Tasks\BraveSoftwareUpdateTaskMachineCore => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2024-02-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {EFE38490-A9D5-4DCC-AD94-662999AC8E2A} - System32\Tasks\BraveSoftwareUpdateTaskMachineUA => C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2024-02-02] (Brave Software, Inc. -> BraveSoftware Inc.)
Task: {CD2D4FF3-EB2D-494A-93A0-E4694F48E9F0} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe [4103360 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {D1864B10-4883-4FF9-86BB-803E9A16C374} - System32\Tasks\FanControl => C:\Users\Jscn\Downloads\FanControl_net_8_0\\FanControl.exe [708608 2024-02-22] (Rémi Mercier) [Datei ist nicht signiert]
Task: {E0CD28FB-62E3-489B-A03A-A649A6ABEC05} - System32\Tasks\HWiNFO => C:\Program Files\HWiNFO64\HWiNFO64.EXE [8873952 2024-02-05] (Martin Malik - REALiX -> REALiX s.r.o.)
Task: {FCDD0D5E-E823-42D0-892F-40941CF84C60} - System32\Tasks\Launch Adobe CCXProcess => C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe [194056 2024-03-01] (Adobe Inc. -> Adobe Inc.)
Task: {44699256-D3A1-4D4F-96F6-672D4291BC36} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {4E8273D2-C7F6-42FA-90EC-072B4607A233} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26513416 2023-05-04] (Microsoft Corporation -> Microsoft Corporation)
Task: {60911F73-909C-4810-AB96-4885C3687C86} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157576 2024-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {50C4E2C8-A837-4BAC-BD00-A07F57E06E60} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [157576 2024-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {88FB391A-8EEB-4F2B-A5AF-1E0772A7680F} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe [190816 2024-02-06] (Microsoft Corporation -> Microsoft Corporation)
Task: {3FFD48C7-EB3E-4C5A-A21B-B458354B2989} - System32\Tasks\Microsoft\Windows\Containers\CmCleanup => {F50E9363-6BC8-4DC5-8CAB-7D9F8C1B81B4}
Task: {8964B037-71D6-4642-96C2-02AEB5795DE9} - System32\Tasks\Microsoft\Windows\Diagnosis\UnexpectedCodepath => C:\WINDOWS\system32\UCConfigTask.exe [57344 2024-02-10] (Microsoft Windows -> )
Task: {077BA067-7C15-40F0-B22E-C9DC2A54B4A2} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe  (Keine Datei)
Task: {C40D0523-33F0-460E-BD3A-701A6D6F0282} - System32\Tasks\Microsoft\Windows\ReFsDedupSvc\Initialization => {DCFF735B-64F7-45F3-B39C-6C66BBE2120F} C:\WINDOWS\System32\ReFsDedupSvc.exe [2113536 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {1A81275E-94EF-4E42-A26E-784775CDAFA0} - System32\Tasks\Microsoft\Windows\SharedPC\Account Cleanup => {7750564D-D61C-4557-8A9D-7DF56BDCFF96} C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll [245760 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {A17C8D0B-BF82-4D36-ABFE-3DDEBCB9BD00} - System32\Tasks\Microsoft\Windows\Sustainability\PowerGridForecastTask => {251E5B1F-E370-4E12-B5BD-B7AD2A8EE810} C:\WINDOWS\system32\PowerGridForecastTask.dll [331776 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {F5CEB054-06E1-4F30-A6E9-B508BBEC5635} - System32\Tasks\Microsoft\Windows\Sustainability\SustainabilityTelemetry => {6EE41D75-D091-4FB7-9AD5-018760DD25D4} C:\WINDOWS\system32\EcoScoreTask.dll [90112 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {E8DB7256-ADD5-434E-A897-9FB7E6CF29E8} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (Keine Datei)
Task: {AECE9DCD-D3AD-4893-A499-329CE670BC03} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UUS Failover Task => C:\WINDOWS\System32\MLEngineStub.exe [86016 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
Task: {EBBE92F0-7EA5-4884-8593-71D4123748A9} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [804312 2023-04-11] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
Task: {F7DB45B6-CA31-45DB-96D9-63D6A0E78376} - System32\Tasks\npcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [815 2022-11-22] () [Datei ist nicht signiert]
Task: {994F0B76-4A69-40D0-998E-D5C526665EA6} - System32\Tasks\NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\NVIDIA App.exe [3867176 2024-02-19] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {1EE41794-737E-4390-B513-463CD9EEC7C6} - System32\Tasks\OneDrive Per-Machine Standalone Update Task => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4206000 2024-03-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {80407592-D560-4AAC-BD60-3128AD633375} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2252719920-710989956-444148845-1001 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4206000 2024-03-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {0C1EEBC2-87C7-4AB4-9CB5-6C4FE5FDBC93} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2252719920-710989956-444148845-500 => C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe [4206000 2024-03-02] (Microsoft Corporation -> Microsoft Corporation)
Task: {4F5853B9-AEA6-4B55-83A4-195038F310C2} - System32\Tasks\PowerToys\Autorun for Jscn => C:\Users\Jscn\AppData\Local\PowerToys\PowerToys.exe [1224112 2024-01-29] (Microsoft Corporation -> Microsoft Corporation)
Task: {67935007-4865-4B2F-AC2B-11599AE86E68} - System32\Tasks\simplewallTask => C:\Program Files\simplewall\simplewall.exe [841728 2024-02-03] (Henry++) [Datei ist nicht signiert]

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{7f1b8621-7225-41fa-9936-59ed6e29fa07}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{7f1b8621-7225-41fa-9936-59ed6e29fa07}: [DhcpDomain] fritz.box

Edge: 
=======
Edge Profile: C:\Users\Jscn\AppData\Local\Microsoft\Edge\User Data\Default [2024-03-04]
Edge Extension: (Bitdefender Anti-tracker) - C:\Users\Jscn\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\dbconhplchnbippmjabbcedokimacfjl [2024-02-02]
Edge Extension: (Google Docs Offline) - C:\Users\Jscn\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-02-22]
Edge Extension: (Edge relevant text changes) - C:\Users\Jscn\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-22]
Edge HKLM-x32\...\Edge\Extension: [dbconhplchnbippmjabbcedokimacfjl]

FireFox:
========
FF DefaultProfile: 703c06rp.default
FF ProfilePath: C:\Users\Jscn\AppData\Roaming\librewolf\Profiles\703c06rp.default [2024-02-06]
FF ProfilePath: C:\Users\Jscn\AppData\Roaming\librewolf\Profiles\pmk41g1w.default-default [2024-03-04]
FF Extension: (Dark Reader) - C:\Users\Jscn\AppData\Roaming\librewolf\Profiles\pmk41g1w.default-default\Extensions\addon@darkreader.org.xpi [2024-02-26]
FF Extension: (KeePassXC-Browser) - C:\Users\Jscn\AppData\Roaming\librewolf\Profiles\pmk41g1w.default-default\Extensions\keepassxc-browser@keepassxc.org.xpi [2024-02-26]
FF Extension: (uBlock Origin) - C:\Users\Jscn\AppData\Roaming\librewolf\Profiles\pmk41g1w.default-default\Extensions\uBlock0@raymondhill.net.xpi [2024-02-26]
FF Extension: (Sidebery) - C:\Users\Jscn\AppData\Roaming\librewolf\Profiles\pmk41g1w.default-default\Extensions\{3c078156-979c-498b-8990-85f7987dd929}.xpi [2024-02-26]
FF Extension: (Gesturefy) - C:\Users\Jscn\AppData\Roaming\librewolf\Profiles\pmk41g1w.default-default\Extensions\{506e023c-7f2b-40a3-8066-bc5deb40aebe}.xpi [2024-02-26]
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext
FF Extension: (Bitdefender Antispam Toolbar) - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext [2024-01-30] [] [ist nicht signiert]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender Security App\bdtbext
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2024-02-03] (Adobe Inc. -> Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-02-06] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2024-02-03] (Adobe Inc. -> Adobe Systems)

Chrome: 
=======
CHR HKLM-x32\...\Chrome\Extension: [khndhdhbebhaddchcgnalcjlaekbbeof]

Brave: 
=======
BRA Profile: C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default [2024-03-04]
BRA StartupUrls: Default -> "hxxps://www.g2g.com/categories/diablo-4-item/offer/group?fa=9870fe77%3Af6b9fb70%7C33821c26%3A0a926d8a%7C59dd7f4c%3Af6477539&sort=lowest_price"
BRA DefaultSearchKeyword: Default -> :g
BRA Session Restore: Default -> ist aktiviert.
BRA Extension: ( Temp Business Email Address ) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\ednjmeomfcmonkgaogcgmfeelgegkpma [2024-02-02]
BRA Extension: (Twitch ™ Adblock Plus) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\efdkmejbldmccndljocbkmpankbjhaao [2024-02-02]
BRA Extension: (Dark Reader) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\eimadpbcbfnmbkopoojfekhnkhdbieeh [2024-03-01]
BRA Extension: (NordVPN - VPN proxy for privacy and security) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\fjoaledfpmneenckfbpdfhkmimnjocfa [2024-02-21]
BRA Extension: (Twitch VOD Downloader) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\gaabmdjigfcnkgeommfpnoinpdmpfhaj [2024-02-02]
BRA Extension: (Shoop Cashback & Gutscheine) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\hacngjmphfcjdfpmfmlngemhddjdncpe [2024-02-14]
BRA Extension: (Perplexity - AI Companion) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\hlgbcneanomplepojfcnclggenpcoldo [2024-02-02]
BRA Extension: (CLEAN crxMouse Gestures) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\mjidkpedjlfnanainpdfnedkdlacidla [2024-02-02]
BRA Extension: (Tab Manager Auto) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\mplpoddifhoaicmpbjgpfnbljcabibak [2024-02-02]
BRA Extension: (YouTube Summary with ChatGPT & Claude) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nmmicjeknamkfloonkhhcjmomieiodli [2024-02-02]
BRA Extension: (Bitwarden - Kostenloser Passwortmanager) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\nngceckbapebfimnlniiiahkandclblb [2024-02-14]
BRA Extension: (KeePassXC-Browser) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\oboonakemofpalcgghocfoadofidjkkk [2024-02-02]
BRA Extension: (Material Theme Dark [blue-grey]) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\Default\Extensions\paoafodbgcjnmijjepmpgnlhnogaahme [2024-02-02]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block First Party Filters (plaintext))) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\adcocjohghhfpidemphmcmlmhnfgikei [2024-03-03]
BRA Extension: (Brave Local Data Files Updater) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\afalakplffnnnlkncjhbmahjfjhmlkal [2024-03-04]
BRA Extension: (Brave NTP background images) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\aoojcmojmmcbpfgoecoadbdpnagfchel [2024-02-02]
BRA Extension: (Brave Ad Block Updater (Fanboy's Mobile Notifications (plaintext))) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\bfpgedeaaibpoidldhjcknekahbikncb [2024-03-04]
BRA Extension: (Brave Ad Block Updater (EasyList Cookie (plaintext))) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\cdbbhgbmjhfnhnmgeddbliobbofkgdhe [2024-03-04]
BRA Extension: (Brave Ad Block Updater (Regional Catalog)) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\gkboaolpopklhgplhaaiboijnklogmbc [2024-03-01]
BRA Extension: (Brave NTP Super Referrer mapping table) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\heplpbhjcbmiibdlchlanmdenffpiibo [2024-02-02]
BRA Extension: (Brave Ad Block Updater (Brave Ad Block Updater (plaintext))) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\iodkpdagapdfkphljnddpjlldadblomo [2024-03-04]
BRA Extension: (Brave Ads Resources) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\jcncoheihebhhiemmbmpfhkceomfipbj [2024-03-01]
BRA Extension: (Brave Ad Block Updater (EasyList Germany (plaintext))) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\lfmefmifdjlfneapckmpkinmlofjehbp [2024-03-04]
BRA Extension: (Brave Ad Block Updater (Resources)) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\mfddibmblmbccpadfndgakiopmmhebop [2024-02-02]
BRA Extension: (Brave NTP sponsored images) - C:\Users\Jscn\AppData\Local\BraveSoftware\Brave-Browser\User Data\obbokncgfcbepeipkhpdepjjoncelefj [2024-03-04]

==================== Dienste (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [944096 2024-02-03] (Adobe Inc. -> Adobe Inc.)
S3 ApxSvc; C:\WINDOWS\System32\ApxSvc.dll [69632 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\4.02.32\atkexComSvc.exe [907112 2024-01-11] (ASUSTeK COMPUTER INC. -> ASUSTeK Computer Inc.)
R2 AsusCertService; C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe [502120 2023-11-22] (ASUSTeK COMPUTER INC. -> Asustek Computer Inc.)
S2 AsusUpdateCheck; C:\WINDOWS\System32\AsusUpdateCheck.exe [1157088 2024-03-04] (ASUSTeK COMPUTER INC. -> )
S3 battlenet_helpersvc; C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe [2530440 2024-02-21] (Blizzard Entertainment, Inc. -> Blizzard Entertainment)
R2 BDAppSrv; C:\Program Files\Bitdefender\Bitdefender Security App\bdservicehost.exe [849328 2024-02-21] (Bitdefender SRL -> Bitdefender)
R2 BDAuxSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [849328 2024-02-21] (Bitdefender SRL -> Bitdefender)
R2 BDProtSrv; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [849328 2024-02-21] (Bitdefender SRL -> Bitdefender)
R2 bdredline; C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe [2963856 2023-07-20] (Bitdefender SRL -> Bitdefender)
R2 bdredline_agent; C:\Program Files\Bitdefender Agent\redline\bdredline.exe [2574864 2023-07-20] (Bitdefender SRL -> Bitdefender)
R2 BDSafepaySrv; C:\Program Files\Bitdefender\Bitdefender Security App\Safepay\bdservicehost.exe [849328 2024-02-21] (Bitdefender SRL -> Bitdefender)
S2 brave; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2024-02-02] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 bravem; C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe [162456 2024-02-02] (Brave Software, Inc. -> BraveSoftware Inc.)
S3 BraveVpnService; C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.165\brave_vpn_helper.exe [2730008 2024-02-28] (Brave Software, Inc. -> Brave Software, Inc.)
S3 BraveVpnWireguardService; C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.165\BraveVpnWireguardService\brave_vpn_wireguard_service.exe [10880024 2024-02-28] (Brave Software, Inc. -> Brave Software, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11749256 2023-05-04] (Microsoft Corporation -> Microsoft Corporation)
R2 Everything (1.5a); C:\Program Files\Everything 1.5a\Everything64.exe [5093392 2024-01-09] (voidtools -> voidtools)
S3 FileSyncHelper; C:\Program Files\Microsoft OneDrive\24.037.0220.0001\FileSyncHelper.exe [3516848 2024-03-02] (Microsoft Corporation -> Microsoft Corporation)
S2 Intel(R) Platform License Manager Service; C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_9783a0a827c7c2a2\lib\PlatformLicenseManagerService.exe [741488 2023-09-04] (Intel Corporation -> Intel(R) Corporation)
S3 LocalKdc; C:\WINDOWS\system32\localkdcsvc.dll [761856 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
R2 logi_lamparray_service; C:\WINDOWS\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_0772df9f9e65a702\logi_lamparray_service.exe [9887216 2024-02-08] (Logitech Inc -> Logitech, Inc.)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [13004248 2023-11-30] (PARAMOUNT SOFTWARE UK LIMITED -> Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9410296 2024-02-15] (Malwarebytes Inc. -> Malwarebytes)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpDefenderCoreService.exe [1418736 2024-02-02] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NextDNSService; C:\Program Files (x86)\NextDNS\NextDNSService.exe [8394080 2024-03-01] (Nextdns, Inc. -> )
R2 NordUpdaterService; C:\Program Files\NordUpdater\NordUpdateService.exe [297848 2022-12-21] (nordvpn s.a. -> nordvpn S.A.)
R2 nordvpn-service; C:\Program Files\NordVPN\nordvpn-service.exe [263256 2023-09-25] (nordvpn s.a. -> nordvpn S.A.)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_830091b3ebd4b98a\Display.NvContainer\NVDisplay.Container.exe [1274992 2024-02-17] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OneDrive Updater Service; C:\Program Files\Microsoft OneDrive\24.037.0220.0001\OneDriveUpdaterService.exe [3856288 2024-03-02] (Microsoft Corporation -> Microsoft Corporation)
S3 PrintDeviceConfigurationService; C:\WINDOWS\System32\PrintDeviceConfigurationService.dll [159744 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
S3 PrintScanBrokerService; C:\WINDOWS\System32\PrintScanBrokerService.dll [126976 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [686032 2023-12-12] (Bitdefender SRL -> Bitdefender)
S3 refsdedupsvc; C:\WINDOWS\System32\ReFsDedupSvc.exe [2113536 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [516808 2024-02-09] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe [282728 2024-02-21] (Bitdefender SRL -> Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe [849328 2024-02-21] (Bitdefender SRL -> Bitdefender)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\NisSrv.exe [3174840 2024-02-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe [133592 2024-02-02] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 BraveElevationService; "C:\Program Files\BraveSoftware\Brave-Browser\Application\122.1.63.165\elevation_service.exe" [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 acpipagr; C:\WINDOWS\System32\DriverStore\FileRepository\acpipagr.inf_amd64_7bed937245aacc5a\acpipagr.sys [49152 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
S3 AcpiPmi; C:\WINDOWS\System32\DriverStore\FileRepository\acpipmi.inf_amd64_c6f800e15e2a710a\acpipmi.sys [53248 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
R0 amdwps; C:\WINDOWS\System32\drivers\amdwps.sys [61704 2024-02-10] (Microsoft Windows Hardware Abstraction Layer Publisher -> Microsoft Corporation)
R1 Asusgio3; C:\WINDOWS\system32\drivers\AsIO3.sys [59344 2023-11-22] (ASUSTeK COMPUTER INC. -> Asustek Computer Inc.)
R1 atc; C:\WINDOWS\System32\DRIVERS\atc.sys [6611008 2023-12-12] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender S.R.L. Bucharest, ROMANIA)
R2 BdDci; C:\WINDOWS\system32\DRIVERS\bddci.sys [800168 2023-07-17] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S0 bdelam; C:\WINDOWS\System32\drivers\bdelam.sys [24568 2023-05-07] (Microsoft Windows Early Launch Anti-Malware Publisher -> Bitdefender)
R3 bdprivmon; C:\WINDOWS\system32\DRIVERS\bdprivmon.sys [49200 2023-08-09] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender SRL)
S3 bduefiscan; C:\WINDOWS\system32\DRIVERS\bduefiscan.sys [39840 2022-08-12] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R3 CDD; C:\WINDOWS\System32\cdd.dll [331776 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
S3 devmap; C:\WINDOWS\System32\DriverStore\FileRepository\devmap.inf_amd64_2fc09d601f34d1e3\devmap.sys [53248 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
S3 DisplayMux; C:\WINDOWS\System32\DriverStore\FileRepository\displaymux.inf_amd64_a411104f67da552a\DisplayMux.sys [57344 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
S3 e2f68; C:\WINDOWS\System32\drivers\e2f68.sys [507904 2024-02-08] (Microsoft Windows -> Intel Corporation)
R3 e2fexpress; C:\WINDOWS\System32\DriverStore\FileRepository\e2f.inf_amd64_b0343b02ae8bdfed\e2f.sys [530048 2024-02-25] (Intel Corporation -> Intel Corporation)
R1 Gemma; C:\WINDOWS\System32\DRIVERS\gemma.sys [1347496 2023-07-12] (Microsoft Windows Hardware Compatibility Publisher -> BitDefender S.R.L. Bucharest, ROMANIA)
R3 HWiNFO_191; C:\Users\Jscn\AppData\Local\Temp\HWiNFO64A_191.SYS [57936 2024-03-04] (Microsoft Windows Hardware Compatibility Publisher -> REALiX) <==== ACHTUNG
S3 I3CHost; C:\WINDOWS\System32\DriverStore\FileRepository\i3chost.inf_amd64_5729b0fbe50b3bb8\I3CHost.sys [270560 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
R3 iaLPSS2_GPIO2_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys [150616 2022-10-17] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_ADL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys [220224 2022-10-17] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1606816 2023-07-24] (Intel Corporation -> Intel Corporation)
R2 Ignisv2; C:\WINDOWS\system32\DRIVERS\ignisv2.sys [165312 2023-08-07] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 kdnic_legacy; C:\WINDOWS\System32\drivers\kdnic_legacy.sys [65760 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
S3 logi_audio_surround; C:\WINDOWS\system32\drivers\logi_audio_surround.sys [52672 2024-02-02] (Logitech Inc -> Logitech)
R3 logi_lamparray; C:\WINDOWS\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_0772df9f9e65a702\logi_lamparray.sys [89072 2024-02-08] (Logitech Inc -> Logitech, Inc.)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [223296 2024-03-03] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-02-15] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239576 2024-02-15] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R1 MSIO; C:\WINDOWS\system32\drivers\MsIo64.sys [19672 2023-12-10] (Microsoft Windows Hardware Compatibility Publisher -> MICSYS Technology Co., LTd)
R2 NDivert; C:\Program Files\NordVPN\7.19.4.0\Drivers\NDivert.sys [131472 2024-01-10] (nordvpn s.a. -> Nordvpn S.A.)
S2 NetworkPrivacyPolicy; C:\WINDOWS\System32\DriverStore\FileRepository\networkprivacypolicy.inf_amd64_5217328619294abb\NetworkPrivacyPolicy.sys [106496 2024-02-10] (Microsoft Windows -> )
R2 NextDNSEngine; C:\WINDOWS\system32\DRIVERS\NextDNSEngine.sys [55432 2024-02-27] (NextDNS, Inc. -> Initex)
R1 nordlwf; C:\WINDOWS\system32\DRIVERS\nordlwf.sys [44928 2024-01-18] (nordvpn s.a. -> TEFINCOM S.A.)
R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [69984 2024-01-18] (WDKTestCert Nmap,133147429230506937 -> Insecure.Com LLC.)
S3 PlutonHeci; C:\WINDOWS\System32\DriverStore\FileRepository\pluton-heci.inf_amd64_945598254532dc90\pluton-heci.sys [53472 2024-02-10] (Microsoft Windows -> )
S3 PlutonHsp2; C:\WINDOWS\System32\DriverStore\FileRepository\plutonhsp2.inf_amd64_5df3c416cef85d72\PlutonHsp2.sys [53472 2024-02-10] (Microsoft Windows -> )
R3 R0FanControl; C:\Users\Jscn\Downloads\FanControl_net_8_0\FanControl.sys [14544 2024-03-04] (Noriyuki MIYAZAKI -> OpenLibSys.org)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [36824 2020-07-13] (MICRO-STAR INTERNATIONAL CO., LTD. -> )
R2 SignalRgbDriver; C:\WINDOWS\System32\Drivers\SignalRgbDriver.sys [19984 2024-02-02] (Microsoft Windows Hardware Compatibility Publisher -> )
S3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [49744 2024-01-29] (nordvpn s.a. -> The OpenVPN Project)
R2 trufos; C:\WINDOWS\System32\DRIVERS\trufos.sys [629184 2023-07-20] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
R1 uiomap; C:\WINDOWS\System32\DriverStore\FileRepository\uiomap.inf_amd64_7b4a4cbd6ed0736b\uiomap.sys [69632 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
R3 UmPass; C:\WINDOWS\System32\DriverStore\FileRepository\umpass.inf_amd64_f054aad019c95251\umpass.sys [53248 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
R2 UnionFS; C:\WINDOWS\system32\drivers\UnionFS.sys [487648 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [813112 2024-02-08] (Microsoft Windows Hardware Compatibility Publisher -> IDRIX)
R0 vlflt; C:\WINDOWS\System32\DRIVERS\vlflt.sys [520144 2023-11-22] (Microsoft Windows Hardware Compatibility Publisher -> Bitdefender)
S3 vwifibus; C:\WINDOWS\System32\DriverStore\FileRepository\netvwifibus.inf_amd64_b5db3138c451ae9f\vwifibus.sys [65536 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [55856 2024-02-02] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [594304 2024-02-02] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105856 2024-02-02] (Microsoft Windows -> Microsoft Corporation)
S3 WinAccelCx0101; C:\WINDOWS\System32\drivers\WinAccelCx.sys [139488 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
S3 WinI3C; C:\WINDOWS\System32\DriverStore\FileRepository\wini3c.inf_amd64_cdc0c616f87b5a6e\WinI3C.sys [69856 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2024-03-01] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 ZTDNS; C:\WINDOWS\System32\drivers\ztdns.sys [98528 2024-02-10] (Microsoft Windows -> Microsoft Corporation)
S3 cpuz154; \??\C:\WINDOWS\temp\cpuz154\cpuz154_x64.sys [X] <==== ACHTUNG
S3 cpuz158; \??\C:\WINDOWS\temp\cpuz158\cpuz158_x64.sys [X] <==== ACHTUNG
S0 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

Thema geschlossen

Themen zu PC ggf. per Remote-Verbindung gesteuert, Policies/Unsignierte Treiber auffällig im Log
100%, adobe, anti, bitdefender, c:\windows, defender, desktop, explorer.exe, frage, fragen, gleichzeitig, hallo zusammen, keylogger, log, malwarebytes, microsoft, nichts, registry, remote, screen, software, system, system32, treiber, windows


« Windows 11: Möglicherweise einen Keylogger eingefangen | Trojaner oder Malware eingefangen? Gimp Updater wird als Malware erkannt »


Ähnliche Themen: PC ggf. per Remote-Verbindung gesteuert, Policies/Unsignierte Treiber auffällig im Log


  1. Unsignierte OS-X-Malware kann Kamera auslesen
    Nachrichten - 07.07.2016 (0)
  2. Fernzugriffssymbol? ggf. Trojaner?
    Smartphone, Tablet & Handy Security - 10.02.2016 (5)
  3. Firefox 43 blockiert unsignierte Erweiterungen
    Nachrichten - 16.12.2015 (0)
  4. Virus? PC wird von anderer Person gesteuert
    Log-Analyse und Auswertung - 14.09.2015 (36)
  5. Remote-Schadsoftware kontrolliert gesamtes Heimnetzwerk: Manipulation des Windows-Remote-Systems
    Log-Analyse und Auswertung - 10.09.2015 (5)
  6. Win 7 Mediaplayer wird von extern gesteuert/ Befehle werden nicht angenommen
    Log-Analyse und Auswertung - 25.04.2014 (3)
  7. Win7: Computer wird remote gesteuert
    Log-Analyse und Auswertung - 30.03.2014 (13)
  8. Firefox keine Rückmeldung | Infizierter Registrierungswert \CurrentVersion\Policies\Explorer\Run|10639
    Log-Analyse und Auswertung - 26.06.2013 (11)
  9. Mein PC wurde am 07.11.2012 fremd gesteuert
    Plagegeister aller Art und deren Bekämpfung - 21.11.2012 (26)
  10. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|12843 (Trojan.Agent) lässt sich nicht entfernen :(
    Plagegeister aller Art und deren Bekämpfung - 16.10.2012 (9)
  11. HKML\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run/14328 (Trojan.Agent) läßt sich nicht entfernen!
    Log-Analyse und Auswertung - 11.10.2012 (27)
  12. Lüfter im Notebook defekt oder falsch gesteuert!?
    Netzwerk und Hardware - 24.07.2012 (14)
  13. Jemand anders hat meinen PC gesteuert!
    Log-Analyse und Auswertung - 21.07.2011 (4)
  14. PC geht auffällig langsam :(
    Log-Analyse und Auswertung - 09.11.2008 (2)
  15. Irgend etwas auffällig?
    Mülltonne - 25.06.2008 (0)
  16. Ist hier was auffällig?
    Log-Analyse und Auswertung - 02.02.2006 (3)
  17. 06 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    Log-Analyse und Auswertung - 30.12.2005 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema PC ggf. per Remote-Verbindung gesteuert, Policies/Unsignierte Treiber auffällig im Log - Vielen Dank für deine schnelle Antwort. Hier sind die beiden Log-Dateien: FRST.txt: Code: Alles auswählen Aufklappen ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 11.02.2024 durchgeführt von Jscn - PC ggf. per Remote-Verbindung gesteuert, Policies/Unsignierte Treiber auffällig im Log...
Archiv
Du betrachtest: PC ggf. per Remote-Verbindung gesteuert, Policies/Unsignierte Treiber auffällig im Log auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132