| |
| |||||||
Log-Analyse und Auswertung: Windows 11 - Chrome infiziertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.05.2024, 14:19
| #1 |
| |  Windows 11 - Chrome infiziert Hallo guten Tag, ich habe heute leider auf eine Umfrage von Amazon in den Mails geklickt und danach hat ein Popup den Chrome Browser blockiert. Nicht lääst sich mehr anklicken im Browser. Auch nach Neuinstallation bestht das gleiche Problem. Ich habe schon mit diversen Programmen geprüft aber leider nicht gefunden. Das einzige Programm das etwas angezeigt unf auch beseitigt hat war adw42cleaner. Auch das half nicht. Ich habe jetzt FRST ausgefürt und hier sind die Logs: Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 22.05.2024 01
durchgeführt von it (Administrator) auf ACHIM-S11ER (Gigabyte Technology Co., Ltd. B660 GAMING X DDR4) (29-05-2024 13:31:55)
Gestartet von D:\Downloads\Microsoft\FRST64.exe
Geladene Profile: it
Plattform: Microsoft Windows 11 Pro Version 23H2 22631.3593 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser nicht gefunden!
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Adobe Inc. -> Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe <2>
(Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
(C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cncmd.exe
(C:\Program Files\Corsair\Corsair iCUE5 Software\clink\Corsair.Service.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\clink\Corsair.Service.CpuIdRemote64.exe
(C:\Program Files\Corsair\Corsair iCUE5 Software\iCUE.exe ->) (Corsair Memory, Inc. -> ) C:\Program Files\Corsair\Corsair iCUE5 Software\crashpad_handler.exe
(C:\Program Files\Corsair\Corsair iCUE5 Software\iCUE.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\QmlRenderer.exe
(C:\Program Files\LGHUB\lghub_agent.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\logi_crashpad_handler.exe <2>
(C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\WindowsApps\MicrosoftTeams_24102.2309.2851.4917_x64__8wekyb3d8bbwe\msteams.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.67\msedgewebview2.exe <7>
(cmd.exe ->) (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\iCUE.exe
(DriverStore\FileRepository\u0398226.inf_amd64_c5d9587384e4b5ff\B398182\atiesrxx.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0398226.inf_amd64_c5d9587384e4b5ff\B398182\atieclxx.exe
(explorer.exe ->) (Agilebits -> 1Password) C:\Users\it\AppData\Local\1Password\app\8\1Password.exe <3>
(explorer.exe ->) (FastStone Soft) [Datei ist nicht signiert] C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(explorer.exe ->) (HP Inc. -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe
(explorer.exe ->) (MAGIX Software GmbH -> MAGIX) C:\Program Files\Common Files\MAGIX Services\Update Notifier\QMxNetworkSync.exe
(explorer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MRT.exe <2>
(explorer.exe ->) (OpenVPN Inc. -> ) C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(explorer.exe ->) (Signal Messenger, LLC -> Signal Messenger, LLC) C:\Users\it\AppData\Local\Programs\signal-desktop\Signal.exe <4>
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> ) C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
(GIGA-BYTE TECHNOLOGY CO., LTD. -> Gigabyte Technology CO.) C:\Program Files\Gigabyte\Smart Backup\RPMDaemon.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <22>
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RuntimeBroker.exe ->) (Discord Inc. -> Discord Inc.) C:\Users\it\AppData\Local\Discord\app-1.0.9147\Discord.exe <6>
(services.exe ->) () [Datei ist nicht signiert] C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Advanced Micro Devices Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository\u0398226.inf_amd64_c5d9587384e4b5ff\B398182\atiesrxx.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\clink\Corsair.Service.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairCpuIdService.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\Corsair iCUE5 Software\iCUEUpdateService.exe
(services.exe ->) (Geek Software GmbH -> geek software GmbH) C:\Program Files\PDF24\pdf24.exe <2>
(services.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\EasyTuneEngineService.exe
(services.exe ->) (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\System32\GigabyteUpdateService.exe
(services.exe ->) (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft) C:\Program Files (x86)\Gigabyte\GService\GCloud.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_670360bdb5a40a0d\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
(services.exe ->) (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_cdf3ca3c77d5f267\logi_lamparray_service.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Advanced Micro Devices, Inc.) C:\Windows\System32\amdfendrsr.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\NisSrv.exe
(services.exe ->) (OpenVPN Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(services.exe ->) (OpenVPN Inc. -> The OpenVPN project) C:\Program Files\OpenVPN\bin\openvpnserv2.exe
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_ee6fe91a35eb809c\RtkAudUService64.exe <2>
(services.exe ->) (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy) C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe
(services.exe ->) (Star Finanz-Software Entwicklung und Vertriebs GmbH -> Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 14 Basic\ouservice\StarMoneyOnlineUpdate.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(sihost.exe ->) (Skype Software Sarl -> Skype Technologies S.A.) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.119.3201.0_x64__kzf8qxf38zg5c\Skype\Skype.exe <6>
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2419.11.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> ) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.238.720.0_x64__zpdnekdrzrea0\SpotifyWidgetProvider.exe
(svchost.exe ->) (HP Inc. -> Hewlett-Packard Development Company, LP) C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPNetworkCommunicatorCom.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\SDXHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\it\AppData\Local\Microsoft\OneDrive\24.091.0505.0003\FileCoAuth.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.10.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe <4>
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_ee6fe91a35eb809c\RtkAudUService64.exe [3450728 2022-02-16] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [PDF24] => C:\Program Files\PDF24\pdf24.exe [645976 2024-03-05] (Geek Software GmbH -> geek software GmbH)
HKLM\...\Run: [Corsair iCUE5 Software] => C:\Program Files\Corsair\Corsair iCUE5 Software\iCUE Launcher.exe [184872 2024-05-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [750672 2024-03-13] (Oracle America, Inc. -> Oracle Corporation)
HKLM\...\RunOnce: [RPMKickstart] => C:\Program Files\Gigabyte\Smart Backup\RPMKickstartEx.exe [2320384 2014-04-01] (TODO: <Company name>) [Datei ist nicht signiert]
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [14632 2016-02-26] (GIGA-BYTE TECHNOLOGY CO., LTD. -> )
HKU\S-1-5-21-1900216663-882022052-1018590342-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe [45945088 2023-10-26] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-1900216663-882022052-1018590342-1001\...\Run: [1Password] => C:\Users\it\AppData\Local\1Password\app\8\1Password.exe [176331144 2024-05-22] (Agilebits -> 1Password)
HKU\S-1-5-21-1900216663-882022052-1018590342-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4382056 2024-05-24] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-1900216663-882022052-1018590342-1001\...\Run: [org.whispersystems.signal-desktop] => C:\Users\it\AppData\Local\Programs\signal-desktop\Signal.exe [176662464 2024-05-22] (Signal Messenger, LLC -> Signal Messenger, LLC)
HKU\S-1-5-21-1900216663-882022052-1018590342-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3494560 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-1900216663-882022052-1018590342-1001\...\Run: [Discord] => C:\Users\it\AppData\Local\Discord\Update.exe [1525016 2023-04-26] (Discord Inc. -> GitHub)
HKU\S-1-5-21-1900216663-882022052-1018590342-1001\...\Run: [OpenVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [896288 2023-05-11] (OpenVPN Inc. -> )
HKU\S-1-5-21-1900216663-882022052-1018590342-1001\...\Run: [QMxNetworkSync] => C:\Program Files\Common Files\MAGIX Services\Update Notifier\QMxNetworkSync.exe [1024336 2022-12-20] (MAGIX Software GmbH -> MAGIX)
HKU\S-1-5-21-1900216663-882022052-1018590342-1001\...\Run: [AMDNoiseSuppression] => C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe [145336 2023-08-10] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
HKU\S-1-5-21-1900216663-882022052-1018590342-1001\...\MountPoints2: {61d30554-d93d-11ed-8429-95db1c515535} - "F:\setup.exe" /AUTORUN
HKLM\...\Windows x64\Print Processors\Canon iP7200 series Print Processor: C:\Windows\System32\spool\prtprocs\x64\CNMPDBA.DLL [30208 2012-04-16] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJ Language Monitor iP7200 series: C:\Windows\system32\CNMLMBA.DLL [389120 2012-04-16] (Microsoft Windows Hardware Compatibility Publisher -> CANON INC.)
HKLM\...\Print\Monitors\Canon BJNP Port: C:\Windows\system32\CNMN6PPM.DLL [359936 2012-06-14] (CANON INC.) [Datei ist nicht signiert]
HKLM\...\Print\Monitors\HP 7212 Status Monitor: C:\Windows\system32\hpinksts7212LM.dll [336904 2014-06-21] (Hewlett Packard -> Hewlett-Packard Development Company, LP)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP Officejet Pro 6830): C:\Windows\system32\HPDiscoPM7212.dll [764576 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)
HKLM\Software\Microsoft\Active Setup\Installed Components: [>OpenVPN_UserSetup] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe"
Startup: C:\Users\it\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk [2023-04-12]
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe (FastStone Soft) [Datei ist nicht signiert]
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {E27F980E-5ADC-4BA1-A608-A9DB25532E8F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1547208 2024-01-31] (Adobe Inc. -> Adobe Inc.)
Task: {5A74977D-7DE5-40AF-946E-F8E2B39DFB72} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-11-29] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {5FC88C0B-5EF7-4747-80A0-C06C69A32E24} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-11-29] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {E95AEF00-DF27-4250-9BA1-FA75ED939B8D} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem127.0.6490.0{FF651F07-6F94-4D95-9781-17CE8008DF6B} => C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
Task: {E6B62290-9735-4E10-B358-740CC2450F5D} - System32\Tasks\HPCustPartic.exe_{A078B90D-F9E4-41EB-90BD-5E3DE39FA3B3} => C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPCustPartic.exe [5815456 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)
Task: {53DE3CF6-909C-4B5E-BBEE-7141DB5DAF23} - System32\Tasks\HPCustParticipation HP Officejet Pro 6830 => C:\Program Files\HP\HP Officejet Pro 6830\Bin\HPCustPartic.exe [5815456 2021-11-30] (HP Inc. -> Hewlett-Packard Development Company, LP)
Task: {A1B95F65-367A-44F8-ACCE-D94FB60BF9A6} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28435936 2024-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {86847170-E740-48E7-BD9E-7735A755E9F3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28435936 2024-05-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {A8C932ED-3867-44C2-ACDE-8937A7B78F49} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [220608 2024-05-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {C8DC588D-8FFB-4B06-BF3B-A2359C2F004A} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [220608 2024-05-22] (Microsoft Corporation -> Microsoft Corporation)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (Keine Datei)
Task: {2F4311AD-A278-4FE3-8482-473A52C6358C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {4C9EAFFC-F25A-4DC0-B287-CA6A292C87E5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {76AFA262-CB86-4520-8F6A-1CE88DF8753D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {7DC5A222-78E3-4EA4-934D-F04650A7A7C8} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpCmdRun.exe [1658408 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {31A3EFAF-B7BE-4C05-9176-DCBAF0BD6CFF} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [1030584 2023-11-29] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {7F31ABFD-70A6-4E89-A58C-295CE4B42782} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-05-29] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {FDCA1A4B-649C-4702-91D1-B618176CC93E} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-1900216663-882022052-1018590342-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [673696 2024-05-29] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {C795D371-7B09-4C2E-834A-DDBCC6B7FBC1} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [33696 2024-05-29] (Mozilla Corporation -> Mozilla Foundation)
Task: {6C4CA262-5332-4211-9B79-E4550166EA19} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [140405056 2024-03-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) -> C:\Program Files (x86)\Samsung\Samsung Magician\\--disable-gpu-sandbox /AUTOHIDE
Task: {708E35C6-BA74-4B31-B090-3F279D9A779F} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [60344 2023-11-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
Task: {E113DE62-6CB0-43EE-AE07-2E3032A42BE4} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [324024 2023-11-28] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.210
Tcpip\..\Interfaces\{65398f7e-f22b-4576-8110-75121838a9d4}: [NameServer] 192.168.2.1
Tcpip\..\Interfaces\{e4014a02-4a79-4a16-b118-33d7b1d53b80}: [DhcpNameServer] 192.168.178.210
Tcpip\..\Interfaces\{e4014a02-4a79-4a16-b118-33d7b1d53b80}: [DhcpDomain] fritz.box
HKLM\System\...\Parameters\PersistentRoutes: [169.254.0.0,255.255.0.0,192.168.178.177,1]
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\it\AppData\Local\Microsoft\Edge\User Data\Default [2024-05-29]
Edge HomePage: Default -> hxxp://www.google.de/firefox?client=firefox-a&rls=org.mozilla:de:official
Edge StartupUrls: Default -> "hxxps://plus.google.com/u/0/","hxxp://fritz.box/","hxxps://www.youtube.com/watch?v=INzdMJvKg-k","hxxps://www.youtube.com/channel/UC3PCSf8gzYLVBdqs1-SMmRA","hxxps://www.amazon.de/gp/buy/thankyou/handlers/display.html?ie=UTF8&asins=B079DNZP4T&isRefresh=1&orderId=303-1675944-4275545&purchaseId=304-4025755-6978721&viewId=ThankYouCart","hxxp://www.preispiraten.de/katalog/baumarkt/elektroinstallation/meross+mss425eeu+smart+steckdosenleiste+intelligente+wlan+mehrfachsteckdose+mit+0606015785903-pv-8081389.shtml","hxxps://smile.amazon.de/Steckdosenleiste-Mehrfachsteckdose-%C3%9Cberspannungsschutz-Intelligenten-USB-Anschl%C3%BCsse/dp/B079DNZP4T/ref=smi_www_rco2_go_smi_4315534973?_encoding=UTF8&ie=UTF8&linkCode=sl1&linkId=01cf0d517d1cf6f74508e792ec083d3a&tag=httpswwwy084c-21","hxxps://www.armaturen-was.de/de/wp-admin/options-general.php?page=wp-maintenance-mode","hxxps://www.armaturen-was.de/de/datenschutz/"
Edge Extension: (1Password-Erweiterung (App benötigt)) - C:\Users\it\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2023-04-12]
Edge Extension: (Web Developer) - C:\Users\it\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\bfbameneiokkgbdmiekhjnmfkcnldhhm [2023-08-26]
Edge Extension: (User-Agent Switcher for Chrome) - C:\Users\it\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\djflhoibgkdhkhhcedjiklpkjnoahfmg [2023-04-12]
Edge Extension: (Google Docs Offline) - C:\Users\it\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-03-07]
Edge Extension: (Edge relevant text changes) - C:\Users\it\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-24]
Edge Extension: (Google Docs Viewer für PDF/PowerPoint (von Google)) - C:\Users\it\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2023-04-12]
Edge Extension: (uBlock Origin) - C:\Users\it\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\odfafepnkmbhccpbejgmiehpchacaeak [2024-05-29]
Edge Extension: (ChromeHue for Philips Hue) - C:\Users\it\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ofhimkkaomaoilmnmfhmdoekoaeclkoa [2023-04-12]
FireFox:
========
FF DefaultProfile: 1b6qzuni.default
FF ProfilePath: C:\Users\it\AppData\Roaming\Mozilla\Firefox\Profiles\1b6qzuni.default [2023-11-13]
FF ProfilePath: C:\Users\it\AppData\Roaming\Mozilla\Firefox\Profiles\8147kqyj.default-release [2024-05-29]
FF Extension: (uBlock Origin) - C:\Users\it\AppData\Roaming\Mozilla\Firefox\Profiles\8147kqyj.default-release\Extensions\uBlock0@raymondhill.net.xpi [2024-05-25]
FF Plugin: @videolan.org/vlc,version=3.0.20 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2023-10-30] (VideoLAN -> VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2024-05-12] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.411.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\dtplugin\npDeployJava1.dll [2024-03-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.411.2 -> C:\Program Files (x86)\Java\jre-1.8\bin\plugin2\npjp2.dll [2024-03-13] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-04-05] (Microsoft Corporation -> Microsoft Corporation)
Chrome:
=======
CHR HKU\S-1-5-21-1900216663-882022052-1018590342-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [172992 2024-01-31] (Adobe Inc. -> Adobe Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [14248016 2024-05-09] (Microsoft Corporation -> Microsoft Corporation)
R2 CMigrationService; C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe [761664 2024-03-14] (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy)
R3 CorsairCpuIdService; C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairCpuIdService.exe [240680 2024-05-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 CorsairDeviceListerService; C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairDeviceListerService.exe [155688 2024-05-05] (Corsair Memory, Inc. -> )
R2 CorsairService; C:\Program Files\Corsair\Corsair iCUE5 Software\clink\Corsair.Service.exe [84008 2024-05-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe [43784 2024-05-02] (Intel Corporation -> Intel)
R3 DSAUpdateService; C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe [290568 2024-05-02] (Intel Corporation -> Intel)
R2 EasyTuneEngineService; C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\EasyTuneEngineService.exe [147824 2022-06-14] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
S2 GoogleUpdaterInternalService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
S2 GoogleUpdaterService127.0.6490.0; C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe [4785440 2024-05-20] (Google LLC -> Google LLC)
R2 Gservice; C:\Program Files (x86)\GIGABYTE\GService\GCloud.exe [19888 2016-12-02] (GIGA-BYTE TECHNOLOGY CO., LTD. -> Microsoft)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [241104 2024-05-14] (HP Inc. -> HP Inc.)
R2 HPSLPSVC; C:\Users\it\AppData\Local\Temp\7zS00D1\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [Datei ist nicht signiert] <==== ACHTUNG
R3 iCUEUpdateService; C:\Program Files\Corsair\Corsair iCUE5 Software\iCUEUpdateService.exe [381480 2024-05-05] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [10738432 2023-10-26] (Logitech Inc -> Logitech, Inc.)
R2 logi_lamparray_service; C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_cdf3ca3c77d5f267\logi_lamparray_service.exe [9903656 2024-04-18] (Logitech Inc -> Logitech, Inc.)
R2 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MpDefenderCoreService.exe [1489000 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MyService1; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [18944 2021-04-08] () [Datei ist nicht signiert]
S2 OCButtonService; C:\Program Files (x86)\Gigabyte\EasyTuneEngineService\OcButtonService.exe [127360 2021-04-13] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R2 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24504 2023-05-11] (OpenVPN Inc. -> The OpenVPN project)
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [63768 2023-05-11] (OpenVPN Inc. -> The OpenVPN Project)
R2 PDF24; C:\Program Files\PDF24\pdf24.exe [645976 2024-03-05] (Geek Software GmbH -> geek software GmbH)
R2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [445760 2024-03-14] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [522184 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 StarMoney 14 Basic OnlineUpdate; C:\Program Files (x86)\StarMoney 14 Basic\ouservice\StarMoneyOnlineUpdate.exe [767392 2024-04-11] (Star Finanz-Software Entwicklung und Vertriebs GmbH -> Star Finanz-Software Entwicklung und Vertriebs GmbH)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\NisSrv.exe [3236840 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24040.4-0\MsMpEng.exe [133704 2024-05-17] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 GigabyteUpdateService; C:\Windows\system32\GigabyteUpdateService.exe [869032 2024-05-29] (GIGA-BYTE Technology Co., Ltd. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R3 amdfendrmgr; C:\Windows\System32\drivers\amdfendrmgr.sys [36744 2023-07-17] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDSAFD; C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_54807f69fe156f14\amdsafd.sys [113088 2023-04-13] (Advanced Micro Devices Inc. -> Advanced Micro Devices)
R3 AmdTools64; C:\Windows\System32\drivers\AmdTools64.sys [63392 2020-06-16] (Microsoft Windows Hardware Compatibility Publisher -> )
R3 amduw23g; C:\Windows\System32\DriverStore\FileRepository\u0398226.inf_amd64_c5d9587384e4b5ff\B398182\amdkmdag.sys [105550880 2023-12-05] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
R3 AMDXE; C:\Windows\System32\drivers\amdxe.sys [61888 2023-05-24] (Advanced Micro Devices Inc. -> Advanced Micro Devices, Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [544768 2023-08-11] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [188416 2023-09-16] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [106496 2023-04-12] (Microsoft Corporation) [Datei ist nicht signiert]
S3 CorsairGamingAudioService; C:\Windows\System32\drivers\CorsairGamingAudio64.sys [63008 2022-11-11] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
S3 cpuz157; C:\Windows\temp\cpuz157\cpuz157_x64.sys [43016 2023-12-04] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ACHTUNG
R3 cpuz158; C:\Windows\temp\cpuz158\cpuz158_x64.sys [44592 2024-05-29] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ACHTUNG
R1 CTIIO; C:\Windows\system32\drivers\CtiIo64.sys [32296 2023-04-12] (Microsoft Windows Hardware Compatibility Publisher -> Creative Technology Innovation Co., LTd.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 gdrv3; C:\Windows\System32\drivers\gdrv3.sys [52016 2024-03-01] (GIGA-BYTE TECHNOLOGY CO., LTD. -> GIGA-BYTE TECHNOLOGY CO., LTD.)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [44880 2023-04-12] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [32080 2023-04-12] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [73040 2023-04-12] (Logitech Inc -> Logitech)
R3 logi_lamparray; C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_cdf3ca3c77d5f267\logi_lamparray.sys [98864 2024-04-18] (Logitech Inc -> Logitech, Inc.)
R3 MpKsl907ebe8f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1459F7EA-49FD-4348-BF9F-2090B8BC7F22}\MpKslDrv.sys [271648 2024-05-29] (Microsoft Windows -> Microsoft Corporation)
R3 ovpn-dco; C:\Windows\System32\drivers\ovpn-dco.sys [91560 2023-03-31] (WDKTestCert lev,132435948852968539 -> OpenVPN, Inc)
R3 rt25cx21; C:\Windows\System32\DriverStore\FileRepository\rt25cx21x64.inf_amd64_447a9570dbb12464\rt25cx21x64.sys [620456 2022-03-25] (Realtek Semiconductor Corp. -> Realtek)
S3 rtcx21; C:\Windows\System32\DriverStore\FileRepository\rtcx21x64.inf_amd64_516e5c9b75c49dc2\rtcx21x64.sys [539648 2022-05-06] (Microsoft Windows -> Realtek)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [40448 2023-05-25] (Microsoft Windows Hardware Compatibility Publisher -> The OpenVPN Project)
R0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [21056 2024-05-17] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [601496 2024-05-17] (Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105880 2024-05-17] (Microsoft Windows -> Microsoft Corporation)
R3 wintun; C:\Windows\System32\drivers\wintun.sys [38176 2023-05-25] (WireGuard LLC -> WireGuard LLC)
S3 ALSysIO; \??\C:\Users\it\AppData\Local\Temp\ALSysIO64.sys [X] <==== ACHTUNG
S3 SIUSBXP; \??\C:\Windows\system32\drivers\SiUSBXp.sys [X]
S4 SymEvnt; \??\C:\Program Files\Norton Security\NortonData\22.19.8.65\SymPlatform\SymEvnt.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-05-29 13:31 - 2024-05-29 13:32 - 000000000 ____D C:\FRST
2024-05-29 13:13 - 2024-05-29 13:13 - 000000000 ____D C:\Users\it\AppData\Local\NPE
2024-05-29 11:57 - 2024-05-29 11:57 - 000000000 ____D C:\Users\it\AppData\Roaming\MOBackup
2024-05-29 11:46 - 2024-05-29 11:46 - 000724624 _____ C:\Windows\system32\perfh007.dat
2024-05-29 11:46 - 2024-05-29 11:46 - 000150160 _____ C:\Windows\system32\perfc007.dat
2024-05-29 11:23 - 2024-05-29 11:24 - 000000000 ____D C:\AdwCleaner
2024-05-29 11:16 - 2024-05-29 11:41 - 000000000 ____D C:\Program Files\Mozilla Firefox
2024-05-22 18:24 - 2024-05-22 18:24 - 000000128 _____ C:\Users\it\AppData\Roaming\PUTTY.RND
2024-05-21 12:45 - 2024-05-21 12:45 - 000000781 _____ C:\Users\it\Desktop\calendar.ics
2024-05-21 12:39 - 2024-05-21 12:39 - 000349102 _____ C:\Users\it\Desktop\2024-05-21_123901.pdf
2024-05-21 12:38 - 2024-05-21 12:38 - 000306485 _____ C:\Users\it\Desktop\finkel_240521-123604-a639.pdf
2024-05-17 10:48 - 2024-05-17 10:51 - 000000000 ___HD C:\$WinREAgent
2024-05-08 11:23 - 2024-05-08 11:23 - 000000000 ___HD C:\OneDriveTemp
2024-05-06 20:31 - 2024-05-06 20:31 - 000000000 ____D C:\Users\it\Tracing
2024-05-06 10:51 - 2024-05-06 10:51 - 000000878 _____ C:\Users\Public\Desktop\iCUE.lnk
2024-05-06 10:51 - 2024-05-06 10:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair
2024-05-01 19:50 - 2024-05-01 19:50 - 000000000 ____D C:\Windows\system32\Tasks\GoogleSystem
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2024-05-29 13:19 - 2023-04-12 18:19 - 000000000 ____D C:\Program Files (x86)\Steam
2024-05-29 13:13 - 2023-04-12 16:16 - 000000000 ____D C:\ProgramData\Norton
2024-05-29 13:13 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SystemTemp
2024-05-29 12:58 - 2023-11-13 16:27 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2024-05-29 12:56 - 2023-05-25 23:00 - 000000000 ____D C:\Users\it\AppData\Roaming\FreeFileSync
2024-05-29 12:53 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-05-29 12:51 - 2023-05-15 19:38 - 000000000 ____D C:\Users\it\AppData\Local\Discord
2024-05-29 11:58 - 2023-04-12 18:47 - 000000000 ____D C:\Windows\system32\MRT
2024-05-29 11:52 - 2023-05-15 19:38 - 000000000 ____D C:\Users\it\AppData\Roaming\discord
2024-05-29 11:51 - 2023-04-13 14:42 - 000000000 ____D C:\Users\it\AppData\Roaming\Signal
2024-05-29 11:51 - 2023-04-12 17:48 - 000000000 ____D C:\Users\it\AppData\Roaming\Samsung Magician
2024-05-29 11:51 - 2023-04-12 16:39 - 000000000 ____D C:\Users\it\AppData\Roaming\1Password
2024-05-29 11:50 - 2024-01-11 15:41 - 000003104 _____ C:\Windows\system32\Tasks\AMDInstallLauncher
2024-05-29 11:50 - 2024-01-11 15:36 - 000003096 _____ C:\Windows\system32\Tasks\AMDLinkUpdate
2024-05-29 11:50 - 2023-04-12 16:17 - 000000000 ____D C:\Users\it\AppData\Local\LGHUB
2024-05-29 11:50 - 2023-04-12 15:55 - 000000000 ___RD C:\Users\it\OneDrive
2024-05-29 11:50 - 2023-04-12 15:53 - 000091304 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\system32\GigabyteDownloadAssistant.exe
2024-05-29 11:50 - 2023-04-12 15:43 - 000882856 _____ C:\Windows\system32\wpbbin.exe
2024-05-29 11:50 - 2023-04-12 15:43 - 000869032 _____ (GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Windows\system32\GigabyteUpdateService.exe
2024-05-29 11:50 - 2023-04-12 15:43 - 000012288 ___SH C:\DumpStack.log.tmp
2024-05-29 11:50 - 2023-04-12 15:43 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2024-05-29 11:50 - 2023-04-12 15:43 - 000000000 ____D C:\Windows\system32\SleepStudy
2024-05-29 11:50 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\ServiceState
2024-05-29 11:50 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\AppReadiness
2024-05-29 11:50 - 2022-05-07 07:17 - 000786432 _____ C:\Windows\system32\config\BBI
2024-05-29 11:49 - 2023-04-12 16:05 - 000000000 ____D C:\Users\it\AppData\Local\Google
2024-05-29 11:46 - 2023-04-12 15:49 - 001671672 _____ C:\Windows\system32\PerfStringBackup.INI
2024-05-29 11:46 - 2022-05-07 07:22 - 000000000 ____D C:\Windows\INF
2024-05-29 11:41 - 2023-11-13 16:27 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2024-05-29 11:30 - 2023-11-13 16:27 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2024-05-29 11:05 - 2022-05-07 07:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-05-28 19:30 - 2023-04-24 14:25 - 000000000 ____D C:\Users\it\AppData\Roaming\.minecraft
2024-05-27 10:49 - 2023-04-12 15:53 - 000000000 ____D C:\Users\it\AppData\Local\D3DSCache
2024-05-25 22:12 - 2023-04-12 15:43 - 000002396 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-05-25 14:36 - 2023-04-13 11:21 - 000000000 ____D C:\Program Files (x86)\StarMoney 14 Basic
2024-05-25 12:19 - 2023-12-09 19:00 - 000000000 ____D C:\Users\it\AppData\Roaming\vlc
2024-05-25 12:07 - 2023-04-12 15:43 - 000003756 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-05-25 12:07 - 2023-04-12 15:43 - 000003632 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-05-24 12:27 - 2023-04-12 16:26 - 000000000 ____D C:\Users\it\AppData\Local\1Password
2024-05-24 12:06 - 2023-04-12 15:53 - 000000000 ____D C:\Users\it\AppData\Local\Packages
2024-05-24 11:31 - 2023-04-12 17:58 - 000000000 ____D C:\Users\it\AppData\Roaming\Microsoft\Excel
2024-05-24 11:31 - 2023-04-12 16:59 - 000000000 ____D C:\Users\it\AppData\Roaming\Microsoft\Word
2024-05-24 11:30 - 2024-02-16 15:16 - 000267768 _____ (Microsoft Corporation) C:\Windows\system32\gamingservicesproxy_4.dll
2024-05-24 11:30 - 2023-04-24 14:24 - 002729464 _____ (Microsoft Corporation) C:\Windows\system32\xgameruntime.dll
2024-05-24 11:30 - 2023-04-24 14:24 - 000722424 _____ (Microsoft Corporation) C:\Windows\system32\gameplatformservices.dll
2024-05-24 11:30 - 2023-04-24 14:24 - 000218616 _____ (Microsoft Corporation) C:\Windows\system32\gameconfighelper.dll
2024-05-24 11:30 - 2023-04-24 14:24 - 000206328 _____ (Microsoft Corporation) C:\Windows\system32\gamelaunchhelper.dll
2024-05-24 11:30 - 2023-04-24 14:24 - 000144888 _____ (Microsoft Corporation) C:\Windows\system32\gamingtcuihelpers.dll
2024-05-24 11:30 - 2023-04-24 14:24 - 000108024 _____ (Microsoft Corporation) C:\Windows\system32\xgamehelper.exe
2024-05-24 11:30 - 2023-04-24 14:24 - 000075256 _____ (Microsoft Corporation) C:\Windows\system32\xgamecontrol.exe
2024-05-24 11:24 - 2023-04-13 13:45 - 000000000 ____D C:\ProgramData\Goodix
2024-05-24 01:18 - 2023-04-12 15:48 - 000000000 ____D C:\Users\it
2024-05-23 11:58 - 2023-04-12 15:55 - 000003588 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1900216663-882022052-1018590342-1001
2024-05-23 11:58 - 2023-04-12 15:55 - 000003364 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1900216663-882022052-1018590342-1001
2024-05-23 11:58 - 2023-04-12 15:55 - 000002386 _____ C:\Users\it\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-05-23 10:52 - 2023-04-12 16:57 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2024-05-22 19:13 - 2023-07-18 17:58 - 000000000 ____D C:\Users\it\AppData\Roaming\FileZilla
2024-05-22 19:06 - 2023-10-18 13:17 - 000000128 _____ C:\Users\it\AppData\Local\PUTTY.RND
2024-05-22 11:52 - 2023-04-12 16:26 - 000001349 _____ C:\Users\it\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1Password.lnk
2024-05-18 10:44 - 2023-04-13 19:37 - 000001623 _____ C:\Windows\system32\config\VSMIDK
2024-05-17 12:17 - 2022-05-07 07:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-05-17 12:01 - 2023-04-12 15:43 - 003377080 _____ C:\Windows\system32\FNTCACHE.DAT
2024-05-17 12:00 - 2023-10-13 14:43 - 000000000 ____D C:\Windows\system32\Microsoft-Edge-WebView
2024-05-17 12:00 - 2022-05-07 12:39 - 000000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2024-05-17 12:00 - 2022-05-07 12:39 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\SysWOW64\F12
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\system32\UNP
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\system32\F12
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ___SD C:\Windows\system32\DiagSvcs
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ___RD C:\Windows\PrintDialog
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\UUS
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SysWOW64\PerceptionSimulation
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SysWOW64\Dism
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SystemResources
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\SystemApps
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\WinMetadata
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\SystemResetPlatform
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\ShellExperiences
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\Sgrm
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\PerceptionSimulation
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\oobe
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\migwiz
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\HealthAttestationClient
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\Dism
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\system32\appraiser
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\ShellExperiences
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\ShellComponents
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\PolicyDefinitions
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\BrowserCore
2024-05-17 12:00 - 2022-05-07 07:24 - 000000000 ____D C:\Windows\bcastdvr
2024-05-17 12:00 - 2022-05-07 07:17 - 000000000 ____D C:\Windows\servicing
2024-05-17 10:57 - 2022-05-07 07:17 - 000000000 ____D C:\Windows\CbsTemp
2024-05-17 10:54 - 2023-04-12 15:45 - 003214336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2024-05-17 10:52 - 2023-04-12 15:43 - 000000000 ____D C:\Windows\system32\Drivers\wd
2024-05-17 10:44 - 2023-04-12 18:46 - 196465576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2024-05-16 16:08 - 2023-04-12 18:26 - 000000000 ____D C:\Users\it\AppData\Local\AMD_Common
2024-05-16 11:00 - 2023-04-12 18:01 - 000004562 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2024-05-16 11:00 - 2023-04-12 18:01 - 000002073 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat.lnk
2024-05-15 18:17 - 2023-06-01 21:01 - 000000000 ____D C:\Users\it\AppData\Local\CrashDumps
2024-05-14 20:16 - 2023-04-13 19:31 - 000000000 ____D C:\Windows\system32\Tasks\HP
2024-05-14 20:16 - 2023-04-13 19:31 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2024-05-10 01:41 - 2023-04-15 15:04 - 000000000 ____D C:\Users\it\AppData\Roaming\reolink
2024-05-08 11:49 - 2023-12-14 19:53 - 000001470 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver & Support Assistant.lnk
2024-05-08 11:49 - 2023-04-12 15:55 - 000000000 ____D C:\ProgramData\Package Cache
2024-05-08 11:24 - 2023-04-12 18:19 - 000000000 ____D C:\Users\it\AppData\Local\Steam
2024-05-07 17:37 - 2023-09-01 17:27 - 000000000 ____D C:\Users\it\AppData\Roaming\G HUB
2024-05-07 17:15 - 2023-04-12 16:17 - 000000000 ____D C:\Users\it\AppData\Roaming\lghub
2024-05-06 20:31 - 2023-04-12 15:48 - 000000000 ___SD C:\Users\it\AppData\Roaming\Microsoft\Credentials
2024-05-06 20:30 - 2023-04-12 15:45 - 000000000 ____D C:\ProgramData\Packages
2024-05-01 19:55 - 2023-04-12 16:05 - 000000000 ____D C:\Program Files (x86)\Google
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2024-02-29 18:14 - 2024-02-29 18:14 - 000000211 _____ () C:\Users\it\AppData\Roaming\com.reolink.app.client
2024-05-22 18:24 - 2024-05-22 18:24 - 000000128 _____ () C:\Users\it\AppData\Roaming\PUTTY.RND
2023-10-18 13:17 - 2024-05-22 19:06 - 000000128 _____ () C:\Users\it\AppData\Local\PUTTY.RND
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
|
|
29.05.2024, 17:45
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows 11 - Chrome infiziert Hier fehlt ja mehr als die Hälfte: Logs von adwcleaner und das andere Log von FRST.
__________________Und was bitte sind "diverse Programme"? Wenn dann musst du das schon richtig beschreiben, aber so unkonkret ist das schon sehr sinnfrei.
__________________ |
|
02.06.2024, 10:28
| #3 |
| /// TB-Ausbilder | Windows 11 - Chrome infiziert Fehlende Rückmeldung
__________________Dieses Thema wurde aus unseren Abos gelöscht. Somit bekommen wir keine Benachrichtigung über neue Antworten. Solltest Du das Thema erneut brauchen, schicke uns bitte eine Erinnerung inklusive Link zum Thema. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Alle anderen bitte hier klicken und ein eigenes Thema erstellen! |
|
| Themen zu Windows 11 - Chrome infiziert |
| administrator, adobe, browser, chrome, defender, diverse, firefox, homepage, infiziert, internet, microsoft, mozilla, ordner, pdf, popup, programme, prozesse, realtek, registry, scan, security, services.exe, svchost.exe, temp, windows, windows 11, wlan |
Linear-Darstellung
