| |
| |||||||
Log-Analyse und Auswertung: Windows 10 PUP.Adware.HeuristicWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
| |
11.02.2025, 18:11
| #1 |
| |  Windows 10 PUP.Adware.Heuristic Servus, habe vor ein paar Wochen den PUP.Adware.Heuristic auf meinen System entdeckt nachdem ich in meiner Firefox Chronik die Seite "--newtab" gesehen habe und darauf immer die Seite "bcnexum.com" aufgerufen wurde. Hab ihn dann mit AdwCleaner in Quarantäne verschoben und dann gelöscht.Nach ein paar Tagen waren diese Seiten wieder in meinen Verlauf. Jetzt ist mir aufgefallen das die Malware nach jeden Neustart wieder in AdwCleaner gefunden. Die Seiten werden aber erst nach ein paar Tagen ohne Löschung der Malware wieder aufgerufen. Dazu kommt noch das ich mit einen Scan mit Malwarebytes diese Malware nicht finde. Wie kann ich die Malware dauerhaft loswerden? Danke FRST Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 11-02-2025
durchgeführt von krons (Administrator) auf DESKTOP-2V8PTTR (Micro-Star International Co., Ltd. MS-7C96) (11-02-2025 17:50:24)
Gestartet von C:\Users\krons\Desktop\FRST64.exe
Geladene Profile: krons
Plattform: Microsoft Windows 10 Home Version 22H2 19045.5371 (X64) Sprache: Deutsch (Deutschland)
Standard-Browser: FF
Start-Modus: Normal
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(C:\Program Files (x86)\Steam\steam.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe <7>
(C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.CpuIdRemote64.exe
(C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.DisplayAdapter.exe
(C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUE.exe ->) (Corsair Memory, Inc. -> ) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\QmlRenderer.exe
(C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_agent.exe
(C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\ProgramData\Wargaming.net\GameCenter\wgc.exe ->) (Wargaming Group Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer_host.exe <6>
(C:\ProgramData\Wargaming.net\GameCenter\wgc.exe ->) (Wargaming.net Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wargamingerrormonitor.exe
(C:\Riot Games\Riot Client\RiotClientServices.exe ->) () [Datei ist nicht signiert] C:\Riot Games\Riot Client\RiotClientCrashHandler.exe
(Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUE.exe
(explorer.exe ->) (BINARYLABS LIMITED -> Binarylabs LTD) C:\Users\krons\AppData\Roaming\BitCleaner\BitCleaner Tasker.exe
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Program Files\Riot Vanguard\vgtray.exe
(explorer.exe ->) (Riot Games, Inc. -> Riot Games, Inc.) C:\Riot Games\Riot Client\RiotClientServices.exe
(explorer.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Steam\steam.exe
(explorer.exe ->) (Wargaming Group Limited -> Wargaming.net) C:\ProgramData\Wargaming.net\GameCenter\wgc.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <5>
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <25>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair Memory, Inc.) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueLLAccessService.exe
(services.exe ->) (Corsair Memory, Inc. -> Corsair) C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUEDevicePluginHost.exe <8>
(services.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\LGHUB\lghub_updater.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.) C:\Windows\System32\CorsairGamingAudioCfgService64.exe
(services.exe ->) (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSIRegister\MSIRegisterService.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_550508a90a3c9a47\RtkAudUService64.exe <2>
(services.exe ->) (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy) C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe
(services.exe ->) (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe
(services.exe ->) (Valve Corp. -> Valve Corporation) C:\Program Files (x86)\Common Files\Steam\steamservice.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [RtkAudUService] => C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_550508a90a3c9a47\RtkAudUService64.exe [1618320 2022-11-15] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Riot Vanguard] => C:\Program Files\Riot Vanguard\vgtray.exe [4131544 2024-11-13] (Riot Games, Inc. -> Riot Games, Inc.)
HKLM\...\Run: [CORSAIR iCUE 4 Software] => C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUE Launcher.exe [185384 2022-11-02] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
HKLM-x32\...\Run: [MSIRegister] => C:\Program Files (x86)\MSI\MSIRegister\MSIRegister.exe [1266864 2019-08-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [RoccatKoneXTD] => C:\Program Files (x86)\ROCCAT\Kone XTD Mouse\KoneXTDMonitor.EXE [552960 2014-10-19] (ROCCAT GmbH) [Datei ist nicht signiert]
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiSpyware] Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Microsoft\Windows Defender: [DisableAntiVirus] Beschränkung <==== ACHTUNG
HKU\S-1-5-21-2424841526-2556149945-2766575121-1001\...\Run: [Wargaming.net Game Center] => C:\ProgramData\Wargaming.net\GameCenter\wgc.exe [2129936 2025-02-10] (Wargaming Group Limited -> Wargaming.net)
HKU\S-1-5-21-2424841526-2556149945-2766575121-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4435552 2025-01-28] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2424841526-2556149945-2766575121-1001\...\Run: [Gaijin.Net Updater] => C:\Users\krons\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe [2374376 2020-12-03] (Gaijin Network LTD -> Gaijin)
HKU\S-1-5-21-2424841526-2556149945-2766575121-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36981208 2024-12-08] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2424841526-2556149945-2766575121-1001\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1848064 2025-01-28] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-2424841526-2556149945-2766575121-1001\...\Run: [LGHUB] => C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe [22470552 2025-02-04] (Logitech Inc -> Logitech, Inc.)
HKU\S-1-5-21-2424841526-2556149945-2766575121-1001\...\Run: [GalaxyClient] => [X]
HKU\S-1-5-21-2424841526-2556149945-2766575121-1001\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe [74279960 2025-02-06] (Riot Games, Inc. -> Riot Games, Inc.)
HKU\S-1-5-21-2424841526-2556149945-2766575121-1001\...\Run: [Opera Browser Assistant] => C:\Users\krons\AppData\Local\Programs\Opera\assistant\browser_assistant.exe [3996064 2024-03-04] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2424841526-2556149945-2766575121-1001\...\Run: [MicrosoftEdgeAutoLaunch_69136D49186DF71052653DBEA2E98395] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start [3923496 2025-01-30] (Microsoft Corporation -> Microsoft Corporation)
HKLM\Software\...\AppCompatFlags\Custom\Tomb2.exe: [{8d7d3a92-3d88-4564-baf4-8b19e1c317cc}.sdb] -> goggame
HKLM\Software\...\AppCompatFlags\InstalledSDB\{8d7d3a92-3d88-4564-baf4-8b19e1c317cc}: [DatabasePath] -> C:\Windows\AppPatch\CustomSDB\{8d7d3a92-3d88-4564-baf4-8b19e1c317cc}.sdb [2023-07-02]
Startup: C:\Users\krons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BitCleaner Tasker.lnk [2024-11-28] <==== ACHTUNG
ShortcutTarget: BitCleaner Tasker.lnk -> C:\Users\krons\AppData\Roaming\BitCleaner\BitCleaner Tasker.exe (BINARYLABS LIMITED -> Binarylabs LTD) <==== ACHTUNG
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ROCCAT Swarm Monitor.lnk [2021-09-14]
ShortcutTarget: ROCCAT Swarm Monitor.lnk -> C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_Swarm_Monitor.exe (Voyetra Turtle Beach, Inc. -> ROCCAT)
GroupPolicy: Beschränkung ? <==== ACHTUNG
Policies: C:\ProgramData\NTUSER.pol: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Google: Beschränkung <==== ACHTUNG
HKLM\SOFTWARE\Policies\Vivaldi: Beschränkung <==== ACHTUNG
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {E4A0CBE0-DFE0-41B4-BEF9-19CF905C3D4F} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22855048 2020-10-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {2CD30D7F-D242-4EB1-93A1-F20FE97E247C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [22855048 2020-10-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {EB92A8F8-9D2E-4470-9576-2ADAE129C4A7} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [117584 2021-05-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {A5056C11-36F9-41E4-8FF3-A2729C8B6C50} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\Office16\sdxhelper.exe [117584 2021-05-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {94A7CF6E-E015-4AAA-82EC-38DAC4FC6506} - System32\Tasks\Mozilla\Firefox Background Update 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [683072 2025-02-07] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {E0BD7312-D001-42C8-9165-C8E904EBD3F5} - System32\Tasks\Mozilla\Firefox Background Update S-1-5-21-2424841526-2556149945-2766575121-1001 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\firefox.exe [683072 2025-02-07] (Mozilla Corporation -> Mozilla Corporation) -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\--MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask background (Der Dateneintrag hat 6 weitere Zeichen).
Task: {DC256ED2-7D4D-4B29-9093-A400E5EF7CB5} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [34880 2025-02-07] (Mozilla Corporation -> Mozilla Foundation)
Task: {EDF4A529-6FA3-49F3-A92F-5711F6253F3E} - System32\Tasks\MSI_Toast_Server => C:\Program Files (x86)\MSI\MSI Toast Server\MSIToastServer.exe [31904 2019-03-05] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
Task: {74A86681-88FD-4205-8275-CB58CB894058} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [1277480 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {646A2D09-42C4-47B9-B54A-D1D6EA0E43A3} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3347496 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {87984FD4-033D-4C32-A1F3-4FAC68AAFAF1} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [646696 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {FD0BC87F-E7B7-4F93-A969-33E4C2E585E2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {65B76D07-82B2-4CCB-9E6E-FCDAF3597B74} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [908328 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3208CC8B-EF8C-448D-ABB6-A60323415885} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {973E04C7-9F7A-4626-962C-9A92F64C0219} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {4CE5487F-FF3D-4430-80C5-4C13CB18F53B} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CEE746F1-9F3F-4C19-9138-1506AD227FDC} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1673768 2024-06-11] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {37DD33A0-1302-4A69-966F-FACE3202A3C4} - System32\Tasks\OneDrive Startup Task-S-1-5-21-2424841526-2556149945-2766575121-1001 => C:\Users\krons\AppData\Local\Microsoft\OneDrive\25.005.0112.0003\OneDriveLauncher.exe [447032 2025-02-05] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE9156EE-E04F-4592-BB1B-D7CDDD83D8A9} - System32\Tasks\Opera scheduled assistant Autoupdate 1631992742 => C:\Users\krons\AppData\Local\Programs\Opera\launcher.exe -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\krons\AppData\Local\Programs\Opera\assistant" $(Arg0)
Task: {F47C3386-0226-4553-ABC5-9F87920046F1} - System32\Tasks\Opera scheduled Autoupdate 1631992738 => C:\Users\krons\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe [5656472 2025-01-28] (Opera Norway AS -> Opera Software)
Task: {CBCD00F1-C4AA-4FA6-9B8F-E292589BA7E9} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2397440 2025-01-28] (Overwolf Ltd -> Overwolf LTD) -> C:\Program Files (x86)\Overwolf\/RunningFrom Schedule
Task: {65069D3C-523E-4D6A-8808-B8F1F82A96E5} - System32\Tasks\ROCCAT DEVICE SERVICE => C:\Program Files (x86)\ROCCAT\ROCCAT Swarm\ROCCAT_dev_service.exe [442888 2021-04-19] (Voyetra Turtle Beach, Inc. -> ROCCAT)
Task: {4FC54773-3B48-47BB-A24F-D1A79830F195} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [121595976 2022-09-01] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) -> C:\Program Files (x86)\Samsung\Samsung Magician\\/AUTOHIDE
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{d4094481-5ed0-4df2-ae71-9bfe6b2bfbeb}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{d4094481-5ed0-4df2-ae71-9bfe6b2bfbeb}: [DhcpDomain] speedport.ip
Edge:
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\krons\AppData\Local\Microsoft\Edge\User Data\Default [2025-02-11]
Edge Extension: (Google Docs Offline) - C:\Users\krons\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2025-02-09]
Edge Extension: (Edge relevant text changes) - C:\Users\krons\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-01-28]
FireFox:
========
FF DefaultProfile: ba0ozyzv.default
FF ProfilePath: C:\Users\krons\AppData\Roaming\Mozilla\Firefox\Profiles\ba0ozyzv.default [2021-09-14]
FF ProfilePath: C:\Users\krons\AppData\Roaming\Mozilla\Firefox\Profiles\nz4i3unp.default-release [2025-02-11]
FF Extension: (AdGuard Werbeblocker) - C:\Users\krons\AppData\Roaming\Mozilla\Firefox\Profiles\nz4i3unp.default-release\Extensions\adguardadblocker@adguard.com.xpi [2025-02-10]
FF Extension: (BetterTTV) - C:\Users\krons\AppData\Roaming\Mozilla\Firefox\Profiles\nz4i3unp.default-release\Extensions\firefox@betterttv.net.xpi [2025-02-06]
FF Extension: (Privacy Badger) - C:\Users\krons\AppData\Roaming\Mozilla\Firefox\Profiles\nz4i3unp.default-release\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2025-02-10]
FF Extension: (Return YouTube Dislike) - C:\Users\krons\AppData\Roaming\Mozilla\Firefox\Profiles\nz4i3unp.default-release\Extensions\{762f9885-5a13-4abd-9c77-433dcd38b8fd}.xpi [2024-10-28]
FF Extension: (7TV) - C:\Users\krons\AppData\Roaming\Mozilla\Firefox\Profiles\nz4i3unp.default-release\Extensions\{7ef0f00c-2ebe-4626-8ed7-3185847fcfad}.xpi [2023-03-22]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2021-05-17] (Microsoft Corporation -> Microsoft Corporation)
Opera:
=======
OPR DefaultProfile: Default
==================== Dienste (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [15772456 2023-12-02] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8945512 2020-10-08] (Microsoft Corporation -> Microsoft Corporation)
R2 CMigrationService; C:\Program Files (x86)\Samsung\Samsung Magician\MigrationService\MigrationService.exe [761416 2022-09-01] (Samsung Electronics Co., Ltd. -> Clonix & CottonCandy)
R2 CorsairGamingAudioConfig; C:\Windows\system32\CorsairGamingAudioCfgService64.exe [613968 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAService; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueLLAccessService.exe [238632 2022-11-02] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
R2 CorsairService; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\Corsair.Service.exe [84008 2022-11-02] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S2 CorsairUniwillService; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CueUniwillService.exe [108072 2022-11-02] (Corsair Memory, Inc. -> Corsair Memory, Inc.)
S3 EABackgroundService; C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe [11137128 2023-11-12] (Electronic Arts, Inc. -> Electronic Arts)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [811496 2022-07-09] (EasyAntiCheat Oy -> Epic Games, Inc)
S3 EasyAntiCheat_EOS; C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe [965872 2024-12-08] (EasyAntiCheat Oy -> Epic Games, Inc.)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [16029456 2022-07-09] (Epic Games Inc. -> Epic Games, Inc.)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [2348000 2023-09-28] (GOG sp. z o.o -> GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7173088 2023-09-28] (GOG sp. z o.o -> GOG.com)
R3 iCUEDevicePluginHost; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\iCUEDevicePluginHost.exe [459816 2022-11-02] (Corsair Memory, Inc. -> Corsair)
R2 LGHUBUpdaterService; C:\Program Files\LGHUB\lghub_updater.exe [15900568 2025-02-04] (Logitech Inc -> Logitech, Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9441760 2025-02-10] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [2788304 2025-02-10] (Malwarebytes Inc. -> Malwarebytes)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 MSIREGISTER_MR; C:\Program Files (x86)\MSI\MSIRegister\MSIRegisterService.exe [2019504 2019-08-28] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
R2 NVDisplay.ContainerLocalSystem; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_9425e4c3b1ac1c47\Display.NvContainer\NVDisplay.Container.exe [1275568 2024-12-04] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2397440 2025-01-28] (Overwolf Ltd -> Overwolf LTD)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [1271280 2023-11-08] (Rockstar Games, Inc. -> Rockstar Games)
R2 SamsungMagicianSVC; C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe [371784 2022-09-01] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.)
S3 VBoxSDS; C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe [746728 2022-03-22] (Oracle Corporation -> Oracle Corporation)
S3 vgc; C:\Program Files\Riot Vanguard\vgc.exe [13704304 2024-11-13] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 atvi-randgrid; C:\ProgramData\Battle.net_components\randgridauks\randgrid.sys [2786712 2023-10-14] (Activision Publishing Inc -> Activision Blizzard, Inc.)
S3 BthA2dp; C:\Windows\System32\drivers\BthA2dp.sys [280064 2022-10-14] (Microsoft Corporation) [Datei ist nicht signiert]
S3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [147968 2022-04-15] (Microsoft Corporation) [Datei ist nicht signiert]
R3 CorsairGamingAudioService; C:\Windows\system32\DRIVERS\CorsairGamingAudio64.sys [63008 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R2 CorsairLLAccessC2D033F14715AA7325305EA42FBFC65BF867CC1D; C:\Program Files\Corsair\CORSAIR iCUE 4 Software\CorsairLLAccess64.sys [21752 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Corsair Memory, Inc.)
R3 CorsairVBusDriver; C:\Windows\System32\drivers\CorsairVBusDriver.sys [47032 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\drivers\CorsairVHidDriver.sys [22968 2022-11-02] (Microsoft Windows Hardware Compatibility Publisher -> Corsair)
R3 cpuz154; C:\Windows\temp\cpuz154\cpuz154_x64.sys [40976 2025-02-11] (Microsoft Windows Hardware Compatibility Publisher -> CPUID) <==== ACHTUNG
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus2.sys [167440 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R1 dokan1; C:\Windows\System32\DRIVERS\dokan1.sys [386552 2021-11-26] (Microsoft Windows Hardware Compatibility Publisher -> Dokan Project)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [158640 2025-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S3 KOBRAKAHN; C:\Windows\System32\drivers\KOBRAKAHN.sys [3859376 2020-10-26] (Microsoft Windows Hardware Compatibility Publisher -> C-MEDIA Inc.)
R3 logi_joy_bus_enum; C:\Windows\system32\drivers\logi_joy_bus_enum.sys [44880 2024-09-13] (Logitech Inc -> Logitech)
R3 logi_joy_vir_hid; C:\Windows\system32\drivers\logi_joy_vir_hid.sys [32080 2022-12-01] (Logitech Inc -> Logitech)
R3 logi_joy_xlcore; C:\Windows\system32\drivers\logi_joy_xlcore.sys [73040 2024-09-13] (Logitech Inc -> Logitech)
S3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [66952 2018-07-29] (ManyCam (VISICOM MÉDIA INC.) -> Visicom Media Inc.)
R2 mbamchameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [232024 2025-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2025-02-10] (Microsoft Windows Early Launch Anti-Malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\DRIVERS\farflt.sys [201280 2025-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [80448 2025-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239568 2025-02-10] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [189776 2025-02-10] (Malwarebytes Inc. -> Malwarebytes)
S3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35960 2014-12-29] (ManyCam -> Visicom Media Inc.)
R3 NvModuleTracker; C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys [47240 2024-06-02] (NVIDIA Corporation -> NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [37336 2021-03-09] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2019-11-08] (MiniTool Solution Ltd -> )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [174112 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
S3 ss_conn_usb_driver2; C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys [50720 2022-09-30] (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [240704 2022-03-22] (Oracle Corporation -> Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [250608 2022-03-22] (Oracle Corporation -> Oracle Corporation)
R1 VBoxSup; C:\Windows\system32\DRIVERS\VBoxSup.sys [1046392 2022-03-22] (Oracle Corporation -> Oracle Corporation)
S1 vgk; C:\Program Files\Riot Vanguard\vgk.sys [28900040 2024-11-12] (Riot Games, Inc. -> Riot Games, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\wd\WdBoot.sys [22104 2024-10-30] (Microsoft Windows Early Launch Anti-Malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\wd\WdFilter.sys [606624 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
S3 HWiNFO_163; \??\C:\Users\krons\AppData\Local\Temp\HWiNFO64A_163.SYS [X] <==== ACHTUNG
S3 wtbt; \??\d:\steamlibrary\steamapps\common\super people playtest\engine\binaries\thirdparty\wondertrust\wtdrv64.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat (erstellte) (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-02-11 17:46 - 2025-02-11 17:50 - 000030013 _____ C:\Users\krons\Desktop\FRST.txt
2025-02-11 17:46 - 2025-02-11 17:46 - 000002377 _____ C:\Users\krons\Desktop\AdwCleaner[S09].txt
2025-02-11 17:45 - 2025-02-11 17:45 - 000001427 _____ C:\Users\krons\Desktop\Malwarebytes Scan-Bericht 2025-02-11 164426.txt
2025-02-11 17:37 - 2025-02-11 17:50 - 000000000 ____D C:\FRST
2025-02-11 17:35 - 2025-02-11 17:37 - 002403328 _____ (Farbar) C:\Users\krons\Desktop\FRST64.exe
2025-02-10 23:09 - 2025-02-10 23:09 - 000189776 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2025-02-10 23:03 - 2025-02-11 17:50 - 000000000 ____D C:\Users\krons\AppData\Local\Malwarebytes
2025-02-10 23:03 - 2025-02-10 23:03 - 000002100 _____ C:\Users\krons\Desktop\Malwarebytes.lnk
2025-02-10 23:03 - 2025-02-10 23:03 - 000002088 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2025-02-10 23:02 - 2025-02-10 23:02 - 002833136 _____ (Malwarebytes) C:\Users\krons\Downloads\MBSetup.exe
2025-02-10 23:02 - 2025-02-10 23:02 - 000000000 ____D C:\ProgramData\Malwarebytes
2025-02-10 23:02 - 2025-02-10 23:02 - 000000000 ____D C:\Program Files\Malwarebytes
2025-02-09 22:28 - 2025-02-01 20:04 - 001862022 _____ C:\Users\krons\Desktop\20250201_1955_uk-GB148_FV227_Conceiver_34_redshire.wotreplay
2025-02-06 00:52 - 2025-02-06 00:52 - 000000000 ____D C:\Users\krons\AppData\Local\UniCompactView
2025-02-06 00:50 - 2025-02-06 00:52 - 000000000 ____D C:\Users\krons\AppData\Roaming\Netease
2025-02-06 00:50 - 2025-02-06 00:50 - 000000048 ____R C:\Users\krons\AppData\Local\F6561A1F62FA8E4EC38FB7CDF885E29D
2025-02-06 00:50 - 2025-02-06 00:50 - 000000000 ____D C:\Users\krons\AppData\Local\UniSDK_FirstOpen
2025-02-06 00:50 - 2025-02-06 00:50 - 000000000 ____D C:\Users\krons\AppData\Local\NgConsentManager
2025-02-06 00:48 - 2025-02-06 00:52 - 000000000 ____D C:\Users\krons\AppData\Local\Netease
2025-02-06 00:48 - 2025-02-06 00:48 - 000000000 ____D C:\Users\krons\AppData\Roaming\MarvelRivals_Launcher
2025-02-06 00:48 - 2025-02-06 00:48 - 000000000 ____D C:\Users\krons\AppData\Local\UniSDK
2025-02-06 00:48 - 2025-02-06 00:48 - 000000000 ____D C:\Users\krons\AppData\Local\MarvelRivals_Launcher
2025-02-06 00:48 - 2025-02-06 00:48 - 000000000 ____D C:\Users\krons\AppData\Local\Marvel
2025-02-05 23:22 - 2025-02-05 23:22 - 000003576 _____ C:\Windows\system32\Tasks\OneDrive Startup Task-S-1-5-21-2424841526-2556149945-2766575121-1001
2025-02-04 13:07 - 2025-02-04 13:07 - 000000856 _____ C:\Users\Public\Desktop\Logitech G HUB.lnk
2025-02-04 13:07 - 2025-02-04 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logi
2025-02-04 13:07 - 2025-02-04 13:07 - 000000000 ____D C:\Program Files\LGHUB
2025-02-02 16:42 - 2025-01-26 16:39 - 001502194 _____ C:\Users\krons\Desktop\20250126_1633_japan-J35_Ho_Ri_3_37_caucasus.wotreplay
2025-02-02 13:36 - 2025-02-02 13:36 - 001396589 _____ C:\Users\krons\Downloads\Tickets_9568-8923-3966.pdf
2025-02-02 13:36 - 2025-02-02 13:36 - 000141947 _____ C:\Users\krons\Downloads\RG.pdf
2025-01-30 15:17 - 2025-01-30 15:17 - 000000000 ____D C:\Windows\LastGood.Tmp
2025-01-30 15:13 - 2024-12-04 19:05 - 002060664 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2025-01-30 15:13 - 2024-12-04 19:05 - 002060664 _____ C:\Windows\system32\vulkaninfo.exe
2025-01-30 15:13 - 2024-12-04 19:05 - 001600376 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2025-01-30 15:13 - 2024-12-04 19:05 - 001600376 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2025-01-30 15:13 - 2024-12-04 19:05 - 001452432 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2025-01-30 15:13 - 2024-12-04 19:05 - 001452432 _____ C:\Windows\system32\vulkan-1.dll
2025-01-30 15:13 - 2024-12-04 19:05 - 001301880 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2025-01-30 15:13 - 2024-12-04 19:05 - 001301880 _____ C:\Windows\SysWOW64\vulkan-1.dll
2025-01-30 15:13 - 2024-12-04 19:05 - 000478384 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2025-01-30 15:13 - 2024-12-04 19:05 - 000374432 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2025-01-30 15:13 - 2024-12-04 19:02 - 001114792 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2025-01-30 15:13 - 2024-12-04 19:02 - 000670352 _____ (NVIDIA Corporation) C:\Windows\system32\nvofapi64.dll
2025-01-30 15:13 - 2024-12-04 19:02 - 000505504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvofapi.dll
2025-01-30 15:13 - 2024-12-04 19:01 - 025450120 _____ C:\Windows\system32\nvidia-pcc.exe
2025-01-30 15:13 - 2024-12-04 19:01 - 001554608 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2025-01-30 15:13 - 2024-12-04 19:01 - 001208992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2025-01-30 15:13 - 2024-12-04 19:01 - 000863888 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2025-01-30 15:13 - 2024-12-04 19:00 - 016811696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2025-01-30 15:13 - 2024-12-04 19:00 - 002185360 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2025-01-30 15:13 - 2024-12-04 19:00 - 001634464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2025-01-30 15:13 - 2024-12-04 19:00 - 001042072 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2025-01-30 15:13 - 2024-12-04 19:00 - 000801432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2025-01-30 15:13 - 2024-12-04 19:00 - 000462480 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2025-01-30 15:13 - 2024-12-04 18:59 - 017736840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2025-01-30 15:13 - 2024-12-04 18:59 - 006953104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2025-01-30 15:13 - 2024-12-04 18:59 - 005909664 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2025-01-30 15:13 - 2024-12-04 18:59 - 005435544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcudadebugger.dll
2025-01-30 15:13 - 2024-12-04 18:59 - 003807888 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2025-01-30 15:13 - 2024-12-04 18:59 - 000853680 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2025-01-30 15:13 - 2024-12-04 18:58 - 007158560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2025-01-30 15:13 - 2024-12-04 18:58 - 006236264 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2025-01-30 15:13 - 2024-12-04 02:11 - 000132703 _____ C:\Windows\system32\nvinfo.pb
2025-01-30 15:13 - 2024-12-04 02:11 - 000125048 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2025-01-23 01:39 - 2025-01-23 01:39 - 011908993 _____ C:\Users\krons\Downloads\mxu150-m.pdf
2025-01-22 13:06 - 2025-02-09 16:59 - 000000000 ____D C:\Program Files\Mozilla Firefox
2025-01-17 13:25 - 2025-01-17 13:25 - 000060917 _____ C:\Users\krons\Downloads\2024-03-18 133505.pdf
2025-01-16 15:19 - 2025-01-16 15:19 - 000000000 ___HD C:\$WinREAgent
==================== Ein Monat (geänderte) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2025-02-11 17:43 - 2019-12-07 10:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2025-02-11 17:37 - 2021-09-14 17:35 - 000000000 ____D C:\Program Files (x86)\Steam
2025-02-11 17:37 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\AppReadiness
2025-02-11 17:29 - 2021-05-17 06:45 - 000005810 _____ C:\Windows\system32\PerfStringBackup.INI
2025-02-11 17:29 - 2019-12-07 15:50 - 004116628 _____ C:\Windows\system32\perfh007.dat
2025-02-11 17:29 - 2019-12-07 15:50 - 001121500 _____ C:\Windows\system32\perfc007.dat
2025-02-11 17:25 - 2021-05-17 06:51 - 000000000 ____D C:\ProgramData\NVIDIA
2025-02-11 17:25 - 2019-12-07 10:14 - 000000000 ___HD C:\Program Files\WindowsApps
2025-02-11 17:23 - 2022-02-09 23:15 - 000000000 ____D C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38
2025-02-11 17:22 - 2022-12-01 12:43 - 000000000 ____D C:\Users\krons\AppData\Local\LGHUB
2025-02-11 17:22 - 2021-05-17 06:39 - 000008192 ___SH C:\DumpStack.log.tmp
2025-02-11 17:22 - 2021-05-17 06:39 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2025-02-11 17:22 - 2021-05-17 06:39 - 000000000 ____D C:\Windows\system32\SleepStudy
2025-02-10 23:14 - 2021-09-14 19:06 - 000000000 ____D C:\Users\krons\AppData\Roaming\ProMod
2025-02-10 23:03 - 2019-12-07 10:14 - 000000000 ___HD C:\Windows\ELAMBKUP
2025-02-10 23:03 - 2019-12-07 10:13 - 000000000 ____D C:\Windows\INF
2025-02-10 22:02 - 2021-10-02 18:01 - 000000000 ____D C:\Program Files (x86)\Overwolf
2025-02-10 21:35 - 2021-12-30 16:59 - 000000000 ____D C:\Users\krons\AppData\Roaming\TS3Client
2025-02-09 16:59 - 2021-09-14 18:06 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2025-02-07 18:28 - 2021-10-09 22:07 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2025-02-07 18:28 - 2021-09-14 18:06 - 000001072 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2025-02-07 00:51 - 2021-09-14 17:25 - 000000000 ____D C:\Users\krons\AppData\Local\D3DSCache
2025-02-06 00:48 - 2021-05-17 06:43 - 000000000 ____D C:\ProgramData\Package Cache
2025-02-05 23:22 - 2021-12-12 22:29 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2424841526-2556149945-2766575121-1001
2025-02-05 23:22 - 2021-09-14 17:26 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2424841526-2556149945-2766575121-1001
2025-02-05 23:22 - 2021-09-14 17:26 - 000002406 _____ C:\Users\krons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2025-02-04 23:18 - 2021-09-14 18:24 - 000000000 ____D C:\Users\krons\AppData\Local\CrashDumps
2025-02-04 23:13 - 2021-12-17 01:19 - 000000000 ____D C:\Windows\SystemTemp
2025-02-04 13:22 - 2023-09-01 11:38 - 000000000 ____D C:\Users\krons\AppData\Roaming\G HUB
2025-02-04 13:10 - 2023-01-17 14:47 - 000002281 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk
2025-02-04 13:10 - 2021-05-17 06:39 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2025-02-04 13:07 - 2024-04-23 13:52 - 000000000 ____D C:\Program Files\Logi
2025-02-04 13:07 - 2022-12-01 12:43 - 000000000 ____D C:\Users\krons\AppData\Roaming\LGHUB
2025-02-02 19:23 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\LiveKernelReports
2025-01-31 12:57 - 2021-09-18 20:19 - 000004288 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1631992738
2025-01-31 12:57 - 2021-09-18 20:18 - 000001397 _____ C:\Users\krons\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera-Browser.lnk
2025-01-30 22:47 - 2019-12-07 10:03 - 000786432 _____ C:\Windows\system32\config\BBI
2025-01-30 15:17 - 2021-09-14 17:25 - 000000000 ____D C:\Users\krons\AppData\Local\NVIDIA
2025-01-30 15:13 - 2021-05-17 06:51 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2025-01-25 20:13 - 2021-09-14 17:37 - 000000000 ____D C:\Users\krons\AppData\Local\Steam
2025-01-16 20:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\SystemResources
2025-01-16 20:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates
2025-01-16 20:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\system32\appraiser
2025-01-16 20:25 - 2019-12-07 10:14 - 000000000 ____D C:\Windows\bcastdvr
2025-01-16 15:25 - 2019-12-07 10:03 - 000000000 ____D C:\Windows\CbsTemp
2025-01-16 15:24 - 2021-05-17 06:42 - 003016192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2025-01-16 15:19 - 2021-09-16 12:03 - 000000000 ____D C:\Windows\system32\MRT
2025-01-16 15:18 - 2021-09-16 12:03 - 206927936 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2025-01-15 23:29 - 2021-09-14 17:23 - 000000000 ____D C:\Users\krons
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ========
2025-02-06 00:50 - 2025-02-06 00:50 - 000000048 ____R () C:\Users\krons\AppData\Local\F6561A1F62FA8E4EC38FB7CDF885E29D
2022-08-13 02:33 - 2022-12-03 03:58 - 000007614 _____ () C:\Users\krons\AppData\Local\Resmon.ResmonCfg
==================== SigCheck ============================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
==================== Ende von FRST.txt ========================
Code:
ATTFilter # -------------------------------
# Malwarebytes AdwCleaner 8.4.2.0
# -------------------------------
# Build: 03-04-2024
# Database: 2024-10-23.4 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 02-11-2025
# Duration: 00:00:08
# OS: Windows 10 (Build 19045.5371)
# Scanned: 32107
# Detected: 1
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
No malicious folders found.
***** [ Files ] *****
No malicious files found.
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
No malicious tasks found.
***** [ Registry ] *****
PUP.Adware.Heuristic HKCU\SOFTWARE\438f84b93ab73e6e9ccd233d1abe724b
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
No Preinstalled Software found.
AdwCleaner[S00].txt - [1542 octets] - [29/12/2024 16:35:29]
AdwCleaner[C00].txt - [1694 octets] - [29/12/2024 16:36:55]
AdwCleaner[S01].txt - [1542 octets] - [29/12/2024 16:38:15]
AdwCleaner[S02].txt - [1645 octets] - [17/01/2025 13:23:56]
AdwCleaner[C02].txt - [1815 octets] - [17/01/2025 13:26:23]
AdwCleaner[S03].txt - [1767 octets] - [26/01/2025 19:38:57]
AdwCleaner[C03].txt - [1937 octets] - [26/01/2025 19:39:02]
AdwCleaner[S04].txt - [1889 octets] - [02/02/2025 23:37:38]
AdwCleaner[C04].txt - [2059 octets] - [02/02/2025 23:37:41]
AdwCleaner[S05].txt - [2011 octets] - [09/02/2025 22:31:45]
AdwCleaner[C05].txt - [2181 octets] - [09/02/2025 22:31:52]
AdwCleaner[S06].txt - [2133 octets] - [10/02/2025 22:45:38]
AdwCleaner[C06].txt - [2303 octets] - [10/02/2025 22:45:51]
AdwCleaner[S07].txt - [2213 octets] - [10/02/2025 22:47:25]
AdwCleaner[S08].txt - [2316 octets] - [11/02/2025 17:24:44]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S09].txt ##########
Code:
ATTFilter Malwarebytes
www.malwarebytes.com
-Protokolldetails-
Scan-Datum: 11.02.2025
Scan-Zeit: 17:44
Protokolldatei: 748754fc-e897-11ef-9924-2cf05de4929e.json
-Softwaredaten-
Version: 5.2.5.158
Komponentenversion: 1.0.5135
Version des Aktualisierungspakets: 1.0.95736
Lizenz: Testversion
-Systemdaten-
Betriebssystem: Windows 10 (Build 19045.5371)
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-2V8PTTR\krons
-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Scan gestartet von: Manuell
Ergebnis: Abgeschlossen
Gescannte Objekte: 227138
Erkannte Bedrohungen: 0
In die Quarantäne verschobene Bedrohungen: 0
Abgelaufene Zeit: 0 Min., 43 Sek.
-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Erkennung
PUM: Erkennung
-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)
Modul: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 0
(keine bösartigen Elemente erkannt)
Registrierungswert: 0
(keine bösartigen Elemente erkannt)
Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)
Daten-Stream: 0
(keine bösartigen Elemente erkannt)
Ordner: 0
(keine bösartigen Elemente erkannt)
Datei: 0
(keine bösartigen Elemente erkannt)
Physischer Sektor: 0
(keine bösartigen Elemente erkannt)
WMI: 0
(keine bösartigen Elemente erkannt)
(end)
|
| Themen zu Windows 10 PUP.Adware.Heuristic |
| administrator, defender, firefox, google, home, internet, loswerden, malware, mozilla, neustart, prozesse, realtek, registry, scan, seiten, server, services.exe, software, svchost.exe, system, temp, updates, usb, windows, wmi |
Baum-Darstellung